Event="Inbound TLS Negotiation Error" Service="SIP" Src-ip="x.x.x.x" Src-port="yyyy" Dst-ip="z.z.z.z" Dst-port="s.s.s.s" Detail="No SSL error available, probably remote disconnect"

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-28-2013 06:55 AM - edited 03-18-2019 12:50 AM
When I try to connect from outside of the LAN I can connect my laptop to Jabber Video and the message error on the log of VCS Expressway is
Event="
" Service="
" Src-ip="
" Src-port="
" Dst-ip="
" Dst-port="
" Detail="
No SSL error available, probably remote disconnect
"
- Labels:
-
Room Endpoints
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-29-2013 11:13 PM
Can you connect or does it fail? When do you see this error, directly when connecting the first time
or after some time?
Maybe its just a lost connection or a firewall with a maximum tcp connection timeout?
Is the source ip the one from your computer/router? There are also a lot of port/serivce scans
which will show up differently in your logs, ...
Please remember to rate helpful responses and identify

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-02-2013 05:29 AM
I can't connect from the Internet, only inside of the LAN. I never did a connection from outside.
I don't think that is a lost connection or firewall problems.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-01-2013 11:28 AM
can you post the output of your DNS lookup for your domain?
there is possibility that DNS SRV record for TLS is not configured correctly
_sips._tcp.yourdomain.com 5061
please check that. if you want a reference point, just lookup for SRV record
of cisco.com.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-02-2013 06:10 AM
Microsoft Windows [Versión 6.2.9200]
(c) 2012 Microsoft Corporation. Todos los derechos reservados.
C:\Users\hvivar>nslookup sipvcs.finning.cl
Servidor: UnKnown
Address: 172.18.236.99
Respuesta no autoritativa:
Nombre: sipvcs.finning.cl
Address: 200.11.66.41
C:\Users\hvivar>nslookup vcs.finning.cl
Servidor: UnKnown
Address: 172.18.236.99
Respuesta no autoritativa:
Nombre: vcs.finning.cl
Address: 200.11.66.41
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-02-2013 06:29 AM
as you can see your SRV record is not configured correctly on your DNS server. a correct SRV record would look something like this:
A | cisco.com. | 5405 | IN | A | 72.163.4.161 |
AAAA | cisco.com. | 4505 | IN | AAAA | 2001:420:1101:1::a |
SRV | _h323ls._udp.cisco.com. | 3600 | IN | SRV | 1 0 1719 vcsgw.cisco.com. |
SRV | _h323cs._tcp.cisco.com. | 3600 | IN | SRV | 1 0 1720 vcsgw.cisco.com. |
SRV | _sips._tcp.cisco.com. | 2701 | IN | SRV | 1 0 5061 vcsgw.cisco.com. |
SRV | _sip._tcp.cisco.com. | 3600 | IN | SRV | 1 0 5060 vcsgw.cisco.com. |

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-03-2013 05:19 AM
Can you tell me what command I must execute by to give these answer?
This is the answer today
C:\Users\hvivar>nslookup -querytype=srv sipvcs.finning.cl
Servidor: UnKnown
Address: 172.18.236.99
finning.cl
primary name server = polux.entelchile.net
responsible mail addr = hostmaster-serv.entelchile.net
serial = 470
refresh = 10800 (3 hours)
retry = 3600 (1 hour)
expire = 604800 (7 days)
default TTL = 86400 (1 day)
C:\Users\hvivar>nslookup -querytype=srv vcs.finning.cl
Servidor: UnKnown
Address: 172.18.236.99
Respuesta no autoritativa:
vcs.finning.cl SRV service location:
priority = 10
weight = 10
port = 5061
svr hostname = sipvcs.finning.cl
This is correct or the problem is the same?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-03-2013 06:10 AM
either login to your vcs and navigate to Maintenance > Tools > Network utilies > Nslookup and type in there you domain name or use this site:
http://www.olark.com/gtalk/check_srv
//Ahmad

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-08-2013 06:07 AM
Ahmad,
I did the correction and the answer is this:
> _sips._tcp.finning.cl
Servidor: UnKnown
Address: 172.18.236.99
Respuesta no autoritativa:
_sips._tcp.finning.cl SRV service location:
priority = 10
weight = 10
port = 5061
svr hostname = sipvcs.finning.cl
_sips._tcp.finning.cl SRV service location:
priority = 10
weight = 10
port = 5061
svr hostname = vcs.finning.cl
From inside the VCS Expressway it doesn't work because is inside the network and is not responding. When I try to connect it doesn't allow.
I checked the logs inside the VCS and this new connection is not registered.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-08-2013 07:29 AM
Hi Hugo,
but what you said at the beginning was that your jabber client cannot register from internet and you have no issue with the LAN registration. SRV record on DNS was now corrected for external jabber client and nothing to do with internal users.
Prehaps you want to restate the problem again and please do not skip any details.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-08-2013 07:57 AM
Ahmad,
May be my answer wasn't right. I try to say that from the Internet still don't register the jabber client and the DNS SRV was created and is working. I don't see logs when I trying to connect my client. What I have to do now?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-08-2013 08:26 AM
please enable DEBUG mode on VCSs (Maintenance > Diagnostics > Diagnostic log and change the options to DEBUG).
and then try to register your jabber clients, check the System > logs > event logs as well as Network logs adn see whether you see the subscribe request comes to VCSE at all? if yes, then post the error message you see there. if not, then you need to collect wireshark on Jabber client machine and possibly on your extrernal interface of your firewall to track the packets where get routed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-26-2013 12:35 AM
Hi All,
I have similiar issue with Hugo,
but in my case I just use local DNS server for internal jabber client and use etc host for external jabber client in laptop.
Login and call from internal jabber works fine, but I can't login use jabber from external ( internet).
There is no firewall in my LAB topology,
just :
-> MCU 5310
public -> router -> switch -> VCS-E (static NAT 1:1)
-> VCS-C
-> TMS
VCS-E use single NIC and it NATed 1:1 to public.
and here is screen capture DNS lookup from my VCS-E and VCS-C.
Please advise..
thanks
Ovindo
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-27-2013 07:27 PM
I would recommend that you open a new thread for it.
If you use 1:1 NAT the Dual interface opinion is a requirement, is this in place?
The external ip needs to be configured and all communication (also for the traversal zone)
need to be done to the external ip.
Besides that, please check the deployment guides.
Please remember to rate helpful responses and identify helpful or correct answers.
Please remember to rate helpful responses and identify
