Solved: You should configure your - Page 2

kozooh147 · ‎05-17-2014

Hello everybody,

I'm during a configuration of Mobile and Remote Access via Cisco VCS. Even though a status of my configuration on both VCSs in "Status->Unified Communications" looks OK, I still can't log in successfully using Jabber 9.7.1 client. I've checked logs on my VCS expressway and I probably localized a problem.

Event Log:

2014-05-17T17:12:58+02:00	traffic_server[1282]: Event="Sending HTTP error response" Status="400" Reason="Bad Request" Dst-ip="Jabber_IP_Address" Dst-port="59415" UTCTime="2014-05-17 15:12:58,695"
2014-05-17T17:12:36+02:00	sshdpfwd[7425]: Received disconnect from NAT_router_IP: 11: disconnected by user
2014-05-17T17:12:36+02:00	sshdpfwd[7423]: Event="sshd" Module="openssh" Level="INFO" Detail="User child is on pid 7425" UTCTime="2014-05-17 15:12:36"
2014-05-17T17:12:36+02:00	sshdpfwd[7423]: Event="sshd" Module="openssh" Level="INFO" Detail="Accepted publickey for pfwd from NAT_router_IP port 40968 ssh2" UTCTime="2014-05-17 15:12:36"
2014-05-17T17:12:36+02:00	sshdpfwd[7423]: Event="sshd" Module="openssh" Level="INFO" Detail="Authorized by X509(rsa) : CN=...,OU=...O=...,L=...,ST=...,C=..." UTCTime="2014-05-17 15:12:36"
2014-05-17T17:12:36+02:00	sshdpfwd[7423]: Event="sshd" Module="openssh" Level="INFO" Detail="Connection from NAT_router_IP port 40968" UTCTime="2014-05-17 15:12:36"
2014-05-17T17:12:36+02:00	sshdpfwd: Event="sshd" Module="openssh" Level="INFO" Detail="sshdpfwd run in non-FIPS mode" UTCTime="2014-05-17 15:12:36"
2014-05-17T17:12:36+02:00	sshdpfwd[7423]: Event="sshd" Module="openssh" Level="INFO" Detail="Set /proc/self/oom_score_adj to 0" UTCTime="2014-05-17 15:12:36"
2014-05-17T17:12:18+02:00	traffic_server[1282]: Event="Sending HTTP error response" Status="400" Reason="Bad Request" Dst-ip="Jabber_IP_Address" Dst-port="59391" UTCTime="2014-05-17 15:12:18,449"

Network log:

2014-05-17T17:12:58+02:00	traffic_server[1282]: UTCTime="2014-05-17 15:12:58,695" Module="network.http.trafficserver" Level="INFO": Detail="Sending Response" Txn-id="439" Dst-ip="Jabber_IP_Address" Dst-port="59415" Msg="HTTP/1.1 400 Bad Request"
2014-05-17T17:12:58+02:00	traffic_server[1282]: UTCTime="2014-05-17 15:12:58,695" Module="network.http.trafficserver" Level="INFO": Detail="Receive Request" Txn-id="439" Src-ip="Jabber_IP_Address" Src-port="59415" Msg="POST https:///EPASSoap/service/v80 HTTP/1.1"

It seems to me as there's a missed CUPS IP address in POST request (POST https:///EPASSoap/service/v80 HTTP/1.1).

Thanks for any help!

kozooh

P.S. Confidential content is replaced by Jabber_IP_address and NAT_router_IP.

Geo Gon · ‎08-04-2015

It's only a single domain deployment.

I will try again later today and will let you know.

Thanks for the help so far..

Amine Majdi · ‎06-27-2014

Hi,

I have a same problem but I don't underground very well the DNS record must I put in DNS interne and externe, can you please write an exemple with exactaly record h _collab-edge._tls _cisco-uds._tcp and _cuplogin._tcp.

Thank you very match for your help

kozooh147 · ‎06-27-2014

You should configure your internal DNS server with _cisco-uds._tcp and _cuplogin._tcp records. That's what Jabber looks for at the beginning (cisco-uds record) to find out if it's outside or inside a corporate's network.

Here's an example of both records:
_cisco-uds._tcp.example.com. SRV 10 10 8443 cucm.example.com.
_cuplogin._tcp.example.com. SRV 10 10 8443 cups.example.com.

You should configure your public DNS server with _collab-edge._tls record. That's what Jabber looks for if it doesn't find aforementioned records. If found collab-edge record then it knows it's outside a corporate's network.

Here's an example of the record:
_collab-edge._tls.example.com. SRV 10 10 8443 vcs-e.example.com.

You also need _sips._tcp record on your public DNS server which is used for general deployment (you probably have configured one yet).

Here's an example of the record:
_sips._tcp.example.com. SRV 10 10 5061 vcs-e.example.com.

Should you have any problems, please refer to Unified Communications Mobile and Remote Access via Cisco VCS Deployment Guide and don't hesitate to ask.

Regards, kozooh
Please rate useful posts.

Amine Majdi · ‎06-27-2014

Thank you very much kozooh147

it exactly what I want. I try and I will make a return

Amine

Amine Majdi · ‎06-27-2014

Hi kozooh147,

I know is a very basic thing for a DNS admin, but I am not

Can you please check and validat the exemple in my Attachment picture

Thank you very much kozooh147,

Amine

kozooh147 · ‎06-27-2014

Looks OK, be sure you are able to resolve Expresswat.lab.local to an IP address.

Amine Majdi · ‎06-27-2014

Thank you a lot kozooh147

I tested in internal nework, it work fine I am very happy

Matt McAuley · ‎07-04-2014

Hi,

Can you please advise if you have to use an Email address as the user name?

I have a customer who is using login names to sign into Jabber for windows on the internal network however, if this is like lync where by you must using a sip URI/email address to login then do I need to update the login id?

If I use an email address then I assume the @domain.com would provide the lookup for the _collab... record.

Any assistance would be great as I cannot login with the user ID externally using VCS-C and E with UC enabled records and firewall ports.

Thanks

Jaime Valencia · ‎07-04-2014

You need to log in with your JID, userID@domain, so the RHS is used to lookup the SRVs for _collab-edge and _sips.

Once they're found and stored, for that particular user, you only use the userID.

If you try to log with other user, even from the same domain, JID is required again.

HTH

java

if this helps, please rate

Mobile and Remote Access via Cisco VCS - Jabber can't log in