cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3233
Views
50
Helpful
14
Replies

error msg in CMS:"WB3Cmgr: Could not find connection to update webbrid

goranpilat
Level 3
Level 3

Hi,

 

I have upgraded to CMS 3.3 and while trying to set webbridge3 to work I get the following message in status-> general:

 

"WB3Cmgr: Could not find connection to update webbridge3 info"

 

I have certs setup properly, both with client and server authentication, c2w set in API, certs are chained. Both webbridge and callbridge show all SUCCESSes when started. Any idea how to proceed with troubleshooting? I followed couple of guides and alway end up in the same place...

 

Thanks a lot

 

Goran Pilat

3 Accepted Solutions

Accepted Solutions

b.winter
VIP
VIP

Hello Goran,

 

could you question or issue be resolved?

 

If yes, please mark a reply as valid solution.

View solution in original post

Hello,

 

yes, you are correct.

I have found an old entry in our internal documentation:

The IP / FQDN that you see when you "copy" the link (Join Link --> Copy) depends on via which IP / FQDN you entered the conference (entered in the browser).

 

Means:

If you browse to the IP (e.g. https://10.0.0.10/) of the web app, then the link in the meeting contains the IP (e.g. https://10.0.0.10/meeting/1000?secret=...).

If you browse to the FQDN (e.g. the internal FQDN of the CMS https://cms.company.internal/), then the link in the meeting contains the FQDN (e.g. https://cms.company.internal/meeting/1000?secret=...).

The same also applies to all other FQDNs associated with this node.

 

But I have no idea, how to change that behaviour.

Because, like you said, if somebody enters via the IP, it's no usable. The link has to be changed before sending it to other people.

I think, that would be a good question for TAC.

 

View solution in original post

Hi B!

 

That is the answer! Thanx so much. So basically Join Link is made of the link which you joined the session via. Once I put real DNS entries this shouldn't be a problem. I would accept your solution if the system hasn't done this already two times automatically (???), which pi**es me off, but anyway, what you gonna do

 

anyway thanks a lot once more

 

Goran

View solution in original post

14 Replies 14

b.winter
VIP
VIP

Hello Goran,

 

can you please post the output of the commands "callbridge" and "webbridge3"?

What is the URL, that you added via the API?

Is the IP / DNS name of the API command in the cert of the webbridge as CN or as a SAN?

 

You can also turn on the detail logging via the GUI for the webbridge connection (Logs --> Detailed tracing --> Web Bridge connection tracing). And then post the output from the CLI command "syslog follow"

Hi b!

 

callbridge
Listening interfaces : a
Preferred interface : none
Key file : cmsn1.key
Certificate file : cmsn1ent.cer
Address : none
C2W trusted certs : cmsn1bundle.cer

Callbridge cluster trusted certs : none

 

 

webbridge3
Enabled : true
HTTPS listening ports and interfaces : a:443
HTTPS Key file : cmsn1.key
HTTPS Full chain certificate file : cmsn1bundle.cer
HTTPS Frame-Ancestors : none
HTTP redirect : Enabled, Port:80
C2W listening ports and interfaces : a:9999
C2W Key file : cmsn1.key
C2W Full chain certificate file : cmsn1bundle.cer
C2W Trust bundle : cmsn1bundle.cer
Beta options : none

API (/api/v1/webBridges/fffe15c4-36bb-45f7-9f9f-3b9a71769d32):

url: c2w://cisco-cmsn1.example.local:9999

 

both webbridge and callbridge use the same cert, and "cisco-cmsn1.example.local" is CN and SAN in this cert.

 

Log is in attachment (Nov 8 13:57:07.801 user.err cisco-cmsn1 host:server: ERROR : WB3Cmgr: Could not find connection to update webbridge3 info)

 

Thanks a lot

Tough Nut.

Configuration looks good at first sight.

Going through some points:

  • cmsn1bundle.cer probably contains the cmsn1ent.cer and the CA-cert.
  • I guess, the CMS can resolve the A-record "cisco-cmsn1.example.local"

 

Logs look the same like in my CMS.

 

The only difference I have is th "CA Bundle file" point in the callbridge config:

Listening interfaces : a
Preferred interface : none
Key file : cms.key
Certificate file : cms.cer
Address : none
CA Bundle file : ca.cer
C2W trusted certs : cert-bundle.cer
Callbridge cluster trusted certs : none

 

Are you maybe missing the CA-cert in the callbridge config? (command like "callbridge certs cms.key cms.cer ca.cer")

Hi, unfortunately it didn't help. same error that will not go away (it is in recent errors and warnings, not in fault conditions, but still wondering if ti will cause some malfunction)

If you see the error in the GUI, section "Recent errors and warnings", then it's not an active error.

I was a recent error and it won't go away, until you clear the logs under "logs" --> "event logs" --> "clear"

So, it's not an error.

 

As long as you don't see any entries in the section "fault condition", the server has no errors and is in "normal" condition.

Hi B.Winter!

 

Seems this problem might be only side effect of the deeper problem. I also noticed that in WebRTC room I have two different session links, under Join Link->Copy and in email invitation. In email invitation it is as it should be, what I setup in API -> Webbridgerpofiles -> WebBridgeAddress, but in Join Link->Copy, I get link with FQDN of my CMS, which is not usable to be sent as invitation since it is not routable. You know maybe where Join Link->Copy is populated from?

 

Thanks again for your useful help

Hi,

 

the top most rule from the "incoming calls" table is used for that.

So, you have to change the priority of the rules, so that the "webrtc" url (e.g. meeting.company.com) is the highest in the table.

Hi B,

I tried as you suggested, but no change. Sending the screenshot of my incomin tables. I put call** to the top (priority 30), otherwise it was without it. However Join Link is still cisco-cmsn1.example.local, even after reboot

 

Yeah, you are right. My mistake.

That was in <=2.9.

 

In >= 3.0 it has changed to the following:

  1. Via the API add a new webBridgeProfile and give it a name (it's just a name)
  2. Under this profile create a new webBridgeAddress
  3. There you can assign a label and and address.
  4. The label here is only a label (should be something describing, since you can use it in customized email invites)
  5. The address has to have the format "https://meet.company.com/ => this one is used as the url for the email-invites
  6. Assign the webBridgeProfile from step 1 to the webBridge (where you entered the connection url "c2w://...")

That should do it and you should immediately see it in the email invite

B,

 

I never had problem with email invitation from webrtc room (little envelop icon). I have problem with Join Link-> Copy, which keeps servers FQDN.

(C/P:In email invitation it is as it should be, what I set up in API -> Webbridgerprofiles -> WebBridgeAddress. But in Join Link->Copy, I get link with FQDN of my CMS, which is not usable to be sent as invitation since it is not routable)

So there are two places where you can see your meeting link in webrtc, but one is not correct

Interestingly, Phone number, which is defined also in same webbridgeprofile-> IVRNumbers gets updated immediatelly. As well as email invitation (envelope). However Join Link doesnt get updated

Hello,

 

yes, you are correct.

I have found an old entry in our internal documentation:

The IP / FQDN that you see when you "copy" the link (Join Link --> Copy) depends on via which IP / FQDN you entered the conference (entered in the browser).

 

Means:

If you browse to the IP (e.g. https://10.0.0.10/) of the web app, then the link in the meeting contains the IP (e.g. https://10.0.0.10/meeting/1000?secret=...).

If you browse to the FQDN (e.g. the internal FQDN of the CMS https://cms.company.internal/), then the link in the meeting contains the FQDN (e.g. https://cms.company.internal/meeting/1000?secret=...).

The same also applies to all other FQDNs associated with this node.

 

But I have no idea, how to change that behaviour.

Because, like you said, if somebody enters via the IP, it's no usable. The link has to be changed before sending it to other people.

I think, that would be a good question for TAC.

 

Hi B!

 

That is the answer! Thanx so much. So basically Join Link is made of the link which you joined the session via. Once I put real DNS entries this shouldn't be a problem. I would accept your solution if the system hasn't done this already two times automatically (???), which pi**es me off, but anyway, what you gonna do

 

anyway thanks a lot once more

 

Goran

B.winter,

just wanted to let you know that your response was the answer I was looking for; I thought this stale entry was a problem until I cleared the logs.  For whatever reason, when I configured the callbridge under "API ---> Webbridges," I FORGOT to add the new bridge in DNS to finalize the accessibility to webRTC.

All is good now (thanks).

Jay

Certified: CCNA (R/S, Security, Voice), CCDA, CCNP (R/S)

b.winter
VIP
VIP

Hello Goran,

 

could you question or issue be resolved?

 

If yes, please mark a reply as valid solution.