cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6151
Views
5
Helpful
8
Replies

CMS XMPP SERVER

Chet Cronin
Enthusiast
Enthusiast

Any ideas please.

CMS 2.2.5 version X-Series appliance.

Getting the following XMPP Info in logs

XMPP component connection disconnected due to failure reason:  "authentication failure"

XMPP handshake failed for reason 7

XMPP thread state failure 1

???? 

The configuration on the webpage I have is

Call Bridge Name:  cms02

Domain:  FQDN

Server Address is the address of "A" interface

Chet Cronin
8 Replies 8

Patrick Sparkman
VIP Alumni
VIP Alumni

Is the domain entered in Web Admin match what is configured in the XMPP server?

Is the Call Bridge added to the XMPP server, is the shared secret entered in Web Admin correct?

I have two domains

cms01-admin.afghan.swa.army.mil

cms01-a.afghan.swa.army.mil 

The key and crt for the webadmin is one and the xmpp is cms01-a 

The IP for webadmin is .XX1  and the IP for int a is .XX2 

I don't use a bundle CA. 

The CA key and .pem public cert is used.

Chet Cronin

Please disregard everything above and go with this ... here is what I have done with my x-series server.

1.  I have two A records created

Admin INT:   10.10.10.5 = cms01-admin.example.com

A INT: 10.10.10.6 = cms01-a.example.com

2. SRV records:

_xmpp-client._tcp.vtc.example.com  = cms01-a.example.com

_xmpp-server._.vtc.exampl.com = cms01-a.example.com

join1.example.com  "CNAME"

So I created a self signed cert for the webadmin  =  cms01-admin.example.com

.key and .crt

I created a CSR for the cms01-a.example.com  and got a public CA  with file name .pem

Put that one on the XMPP and Call Bridge and Web Bridge. 

any recomendations ??? 

Chet Cronin

Patrick,

I think I have confused myself.  

OK CMS has WEBADMIN, XMPP, CALLBRIDGE, WEBBRIDGE, and Recording. 

CA Certs.  

Can I use the same CA Certs for all functions i.e.   and create the CSR to get the public cert.

.key

.crt

.pem

Example:

CN: cms01-a.afghan.swa.army.mil  

Can I use the same .key  .crt and .pem for all services ??? 

Chet Cronin

You can use the same certificate, and I have done so myself using a wildcard certificate.  There is a note about it in the certificate creation guide regarding using the same certificate across multiple components:

If you plan to use the same certificate across multiple components, for example the Web Bridge, XMPP Server, Call Bridge and TURN server, then specify your domain name (DN) in the CN field, and in the SAN field specify your domain name (DN) and the FQDN for each of the components that will use the certificate.

Regarding the XMPP authentication -

As you have vtc.example.com configured for you XMPP SRV records.  Were you able to verify that this domain is configured as your XMPP domain, and that it's entered correct in Web Admin?

Did you verify that you have the correct shared secret entered in Web Admin for the Call Bridge that is added to your XMPP server?  Use xmpp callbridge list to see the Call Bridges that are added to the XMPP server.

Thank you..

Where do I set the shared secret ??  Don't see that anywhere ...

Where do I set the xmpp domain in the web admin ???   I am confused ... How about some real examples please ...

I am using only one x-series server ... 

I didn't add a SAN entry so that might be my issue. 

I also not sure how to set up the bundle CA ..

Thanks again for the help and patience .

Chet Cronin

Check to see if you already have a Call Bridge added to the XMPP server.  If a Call Bridge is already added, take a note of the name and it's secret.

xmpp callbridge list

If you don't, add your call bridge.  Once added, just as before, take a note of the name and it's secret.

xmpp callbridge add <unique Call Bridge name>

Check configured XMPP domain, and take a note what is it.

xmpp status

Configure Call Bridge to use XMPP server via Web Admin under Configuration > General > XMPP server settings.  Use the Call Bridge name, secret and domain you've gathered previously.

The CMS Certificate Guidelines Deployment Guide has steps on how to configure a Budnle CA, snippet from guide:

You can create a certificate bundle by using a plain text editor such as notepad. All of the characters including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- tags need to be inserted into the document. There should be no space between the certificates, for example no spaces or extra lines between -----END CERTIFICATE----- of certificate 1 and -----BEGIN CERTIFICATE----- of certificate 2. At the end of the file there should be 1 extra line. Save the file with an extension of .pem, .cer, or .crt.  

Prasad Paradkar
Beginner
Beginner

Hi Chet,

As Patrick suggested this could also happend because of the wrong domain configuration.

There is a similler discussion which can help u to resolve your issue, please check the link below.

https://supportforums.cisco.com/discussion/13180411/cisco-meeting-server-xmpp-authentication-service-failure

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: