Showing results for 
Search instead for 
Did you mean: 


Chet Cronin

Any ideas please.

CMS 2.2.5 version X-Series appliance.

Getting the following XMPP Info in logs

XMPP component connection disconnected due to failure reason:  "authentication failure"

XMPP handshake failed for reason 7

XMPP thread state failure 1


The configuration on the webpage I have is

Call Bridge Name:  cms02

Domain:  FQDN

Server Address is the address of "A" interface

Chet Cronin
8 Replies 8

Patrick Sparkman
VIP Alumni
VIP Alumni

Is the domain entered in Web Admin match what is configured in the XMPP server?

Is the Call Bridge added to the XMPP server, is the shared secret entered in Web Admin correct?

I have two domains 

The key and crt for the webadmin is one and the xmpp is cms01-a 

The IP for webadmin is .XX1  and the IP for int a is .XX2 

I don't use a bundle CA. 

The CA key and .pem public cert is used.

Chet Cronin

Please disregard everything above and go with this ... here is what I have done with my x-series server.

1.  I have two A records created

Admin INT: =

A INT: =

2. SRV records:  = =  "CNAME"

So I created a self signed cert for the webadmin  =

.key and .crt

I created a CSR for the  and got a public CA  with file name .pem

Put that one on the XMPP and Call Bridge and Web Bridge. 

any recomendations ??? 

Chet Cronin


I think I have confused myself.  


CA Certs.  

Can I use the same CA Certs for all functions i.e.   and create the CSR to get the public cert.






Can I use the same .key  .crt and .pem for all services ??? 

Chet Cronin

You can use the same certificate, and I have done so myself using a wildcard certificate.  There is a note about it in the certificate creation guide regarding using the same certificate across multiple components:

If you plan to use the same certificate across multiple components, for example the Web Bridge, XMPP Server, Call Bridge and TURN server, then specify your domain name (DN) in the CN field, and in the SAN field specify your domain name (DN) and the FQDN for each of the components that will use the certificate.

Regarding the XMPP authentication -

As you have configured for you XMPP SRV records.  Were you able to verify that this domain is configured as your XMPP domain, and that it's entered correct in Web Admin?

Did you verify that you have the correct shared secret entered in Web Admin for the Call Bridge that is added to your XMPP server?  Use xmpp callbridge list to see the Call Bridges that are added to the XMPP server.

Thank you..

Where do I set the shared secret ??  Don't see that anywhere ...

Where do I set the xmpp domain in the web admin ???   I am confused ... How about some real examples please ...

I am using only one x-series server ... 

I didn't add a SAN entry so that might be my issue. 

I also not sure how to set up the bundle CA ..

Thanks again for the help and patience .

Chet Cronin

Check to see if you already have a Call Bridge added to the XMPP server.  If a Call Bridge is already added, take a note of the name and it's secret.

xmpp callbridge list

If you don't, add your call bridge.  Once added, just as before, take a note of the name and it's secret.

xmpp callbridge add <unique Call Bridge name>

Check configured XMPP domain, and take a note what is it.

xmpp status

Configure Call Bridge to use XMPP server via Web Admin under Configuration > General > XMPP server settings.  Use the Call Bridge name, secret and domain you've gathered previously.

The CMS Certificate Guidelines Deployment Guide has steps on how to configure a Budnle CA, snippet from guide:

You can create a certificate bundle by using a plain text editor such as notepad. All of the characters including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- tags need to be inserted into the document. There should be no space between the certificates, for example no spaces or extra lines between -----END CERTIFICATE----- of certificate 1 and -----BEGIN CERTIFICATE----- of certificate 2. At the end of the file there should be 1 extra line. Save the file with an extension of .pem, .cer, or .crt.  

Prasad Paradkar

Hi Chet,

As Patrick suggested this could also happend because of the wrong domain configuration.

There is a similler discussion which can help u to resolve your issue, please check the link below.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: