03-21-2015 06:22 PM - edited 03-17-2019 02:24 AM
Hi,
I have recently deployed MRA for Jabber.
I am new with MRA and this is first deployment I am doing.
With help of great posts on community I am able to complete the configuration.
Current setup
CUCM 10.5.2 (Recently upgraded )
Expressway 8.5
Jabber for Windows 10.6
Both traversal zone are active and no errors on expressway C and E.
I am using only _cuplogin._tcp.xyz.com SRV record for internal service discovery.
When I use _cisco-uds._tcp.xyz.com , I am not able to connect internally as well, I get "error can not communicate with server"
With CUP srv everything works very fine.
My external collab-edge record works fine and Jabber ask for username and password, however when I enter password I get error "Login username and password incorrect".
Same username and password works internally.
I know when coming from Internet Jabber uses only UDS for authentication and inside it an be anything.
I have attached Jabber log file.
Please let me know your suggestions.
Thanks and Regards,
Deval Tetar
03-21-2015 08:23 PM
This may not be the case, but give it a try with Jabber Client 10.5.5. I have some issues using 10.6.1, it looks like Jabber always get the user domain logged in the machine even if you redefine or delete the jabber folder.
09-28-2015 10:59 AM
hi,
what was your problem ?? still have the same prob right now
Thanks for Information
Br Josef
03-22-2015 07:27 PM
I know when coming from Internet Jabber uses only UDS for authentication and inside it an be anything.
That's completely wrong, you can use whatever you want for authentication, they can be local users, or LDAP users, that makes no difference.
What DOES change, is that when logged via MRA you switch automatically to UDS directory, independently of whatever you have configured internally.
03-23-2015 01:23 AM
Are you sure your internal DNS records are pointing at the right servers? _cuplogin would point at your IM&P servers, whereas _cisco-uds points at CUCM.
_cuplogin is the deprecated way to find servers, so you need to work out sooner or later why _cisco-uds isn't working.
Have you tried looking at the CUCM Tomcat traces?
GTG
03-23-2015 04:49 AM
Hi Deval.
On both Expressway E and C please check on "Status" ---> "unified Communications" if all is ok.
Have you any other type of jabber device that is able to login remotely (jabber for IOS/android or Jabber for mac)?
Please let me know
Regards
Carlo
03-23-2015 07:46 AM
Hi,
first thank you for suggestions, please find responses below
@ Martin Bauer
I have tried with Jabber 10.5.5, no luck still same issue.
@ Jaime Valencia
Please correct me if I am wrong
User authentication can be anything; however user search will be limited to UDS.
@ Gordon Ross
Yes, services are pointing to right servers
_cuplogin point at IM&P Publisher
for me _cisco-uds doesn't work, I am not sure which logs I have to check in CUCM.
CUCM Tomcat or CUCM Callmamager
As already mentioned when I try _cisco-uds, I get "error cannot communicate with server"
I am not very sure exactly where to look in this case.
Kindky suggest
@ Carlo Poggiarelli
Yes, ALL OK at "Status" ---> "unified Communications" on both C and E
I have tried with android and similar error "Username password is invalid, or account is inactive"
I can see on expressway C every time I try to connect the connection count increase,
Somehow authentication is not working.
Thanks and Regards,
Deval Tetar
03-23-2015 08:19 AM
Hi Deval.
What kind of deployment of CUCM and IM&P are you running (single or multiple cluster)
Can you please activate Diagnostic Logging (Network) on both E and C during a login from outside and post the result here?
Can you also please send me the login/logout logs of Jabber for android?
Please let me know
Regards
Carlo
03-23-2015 08:43 AM
Hi Carlo,
I will visit client place tomorrow for expressway E and C logs.
I am using single cluster deployment
4 CUCM -- 1 Pub, 3 Sub
2 IMnP -- 1 Pub, 1 Sub
Please find attached android sign in and out logs.
I just want to add one thing, I am not sure this will help or not...
external srv points to "edge.abc.com"
I have A record pointing edge.abc.com to E public IP X.X.X.X
However my FQDN of "E" is edgeserever.ineternal.abc.com.
and in certificate on "E" I have edgeserever.ineternal.abc.com
Deval
03-25-2015 07:47 AM
Hi Guys,
Issue is resolved after esxternal SRV pointing to expressway E FQDN.
so conclusion is _colla-edge._tls.example.com should point to expressway E FQDN.
and then there should be A record for expressway E FQDN pointing to expressway E Plubic IP.
This can cause serious issue...
:)
03-26-2015 04:54 AM
Hehehe, very good you have founded Deval.
Sometimes there's some details that you miss or forget that can cause this headaches.
09-25-2015 09:54 PM
If _colla-edge._tls.example.com doesn't point to the expressway E public IP, you would not get the Login username and password incorrect, rather, you would be prompted no automatic find service.I double it a conclusion.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide