Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2849
Views
0
Helpful
4
Replies

Jabber video for TelePresence, VCS-E connection issue

Go to solution
Simon Battye
Level 2
Level 2

‎02-12-2013 03:00 AM - edited ‎03-18-2019 12:34 AM

Hi,

I have recently configured VCS-Control, VCS-Expressway and TMS. Both VCS servers are on X7.2 software and TMS is on 14.1.1, provisioning is configured between the VCS-Control and TMS, everything internally works OK and users can log into their Jabber video for TelePresence client.

When attempting to connect via the VCS-Expressway i am recieving the following issue: "Connection rejected by server. Try logging in again later"

Zone authentication is configured like this:

VCS-Expressway

Default Subzone: Do not check credentials

Sefault Zone: Do not check credentials

Traversal Zone: Do not check credentials

VCS-Control

Default Subzone: Treat as Authenticated

Default Zone: Check Credentials

Subzone: Check Credentials {zone which movi users register to based on regex}

Traversal Zone: Do not check credentials

Search rules between the two VCS's match {username}.{device.model}@domain OK.

The only port restrictions in place here are between the VCS-Control and VCS-Expressway, outbound ports opened towards expressway for ASSENT.

It appears to me that this is a connection issue, as opposed to an authentication issue. also, do i need to configure a local SIP domain on the VCS-Expressway even though i am attempting to proxy the registrations to the VCS-Control.

Would be appreciated if someone can check my zone authentication also...

Thanks,

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
awinter2
Level 7
Level 7

‎02-12-2013 03:04 AM

Simon,

for this to work, you would normally configure the traversal zone on VCS-C as 'Check credentials'.

If you are looking to proxy registrations from VCS-E to VCS-C, you should not add the SIP domain to the VCS-E.

'Connection rejected by server' sounds strange in this case however, would you mind sharing what SIP domain you are using for this deployment, so that we can verify that your DNS SRV records are looking good?

- Andreas

View solution in original post

0 Helpful
4 Replies 4

Go to solution
awinter2
Level 7
Level 7

‎02-12-2013 03:04 AM

Simon,

for this to work, you would normally configure the traversal zone on VCS-C as 'Check credentials'.

If you are looking to proxy registrations from VCS-E to VCS-C, you should not add the SIP domain to the VCS-E.

'Connection rejected by server' sounds strange in this case however, would you mind sharing what SIP domain you are using for this deployment, so that we can verify that your DNS SRV records are looking good?

- Andreas

0 Helpful

Go to solution
Simon Battye
Level 2
Level 2
In response to awinter2

‎02-12-2013 03:15 AM

Andreas,

Please see records below:

SRV_h323cs._tcp.domain.com.21599INSRV1 0 1720 vcs-expressway IP.
SRV_sips._tcp.domain.com.21599INSRV1 0 5061 vcs-expressway IP.
SRV_sip._tcp.domain.com.21599INSRV1 0 5060 vcs-expressway IP.
SRV_sip._udp.domain.com.21599INSRV1 0 5060 vcs-expressway IP.


I've blanked the actual domain and hostname/IP address but i can confirm they are resolving to the correct location.

It looks like im missing:

_h323ls.

_h323rs.

_sips._tls.

_sip.tls.

Thanks,

0 Helpful

Go to solution
awinter2
Level 7
Level 7
In response to Simon Battye

‎02-12-2013 03:57 AM

You strictly only need _sips._tcp and _sip._tcp for SIP, _sips._tls and _sip._tls is not used by anything which will potentially communicate with the VCS Expressway.

The next step for troubleshooting this now that you have verified that your SRV records are in place (Plus that your Traversal Client zone on VCS-C is set for 'Check credentials') would be to capture a diagnostics log on both VCS-E and VCS-C (With Network log level set to DEBUG) while attempting to sign in with Jabber Video.

In the diagnostics log from VCS-E, you should see the Jabber Video client connecting to port 5061 of the VCS-E and send a SIP SUBSCRIBE request, which the VCS-E should proxy to VCS-C, which in turn shall respond to this SUBSCRIBE with '407 Proxy authentication required'. Depending on whether or not you use NTLM authentication for this client, Jabber Video should then send one or two new SUBSCRIBE request(s) followed by another 407 response, upon the SUBSCRIBE should ultimately get a 200 OK response followed by a SIP NOTIFY request being sent from the VCS-C to VCS-E and finally to your Jabber Video client. This NOTIFY should then contain the provisioning configuration for this JV client.

- Andreas

0 Helpful

Go to solution
Simon Battye
Level 2
Level 2
In response to awinter2

‎02-13-2013 01:52 AM

Andreas,

Thanks for your assistance - took the logs and couldn't see any of the SIP messages hitting the VCS-Expressway, turns out the ISP was ports for some reason.

All resolved now.

Thanks, Simon

0 Helpful
Customers Also Viewed These Support Documents