Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2390
Views
0
Helpful
14
Replies

Jabber Video(Movi) always shown "Search failed: Server Error"

Go to solution
startryst
Level 1
Level 1

‎11-23-2012 02:58 AM - edited ‎03-18-2019 12:11 AM

Hi, Experts

I've setup VCS X7.2, TMSPE 13.2, I've setup the "Provisioning Phone Book" with "Provisioning Source" and marked the group from the access control, but the Jabber video(Movi) client always shown "search failed: server error" when I searching for the contact.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
awinter2
Level 7
Level 7
In response to startryst

‎11-23-2012 05:01 AM

That's because your Default Subzone is configured with authentication setting 'Do not check credentials'.

For presence and phonebooks to work correctly, the Default Subzone must be configured either as 'Check credentials' (Which is the most secure) or 'Treat as authenticated'.

Please see

http://www.cisco.com/en/US/docs/telepresence/infrastructure/vcs/config_guide/Cisco_VCS_Authenticating_Devices_Deployment_Guide_X7-2.pdf for further information about device authentication and authentication policies for zones.

- Andreas

View solution in original post

0 Helpful
14 Replies 14

Go to solution
Magnus Ohm
Cisco Employee
Cisco Employee

‎11-23-2012 03:13 AM

Hi

What would be interesting to know is how your configuration template looks like which is set on this user.

Maybe this will help you

https://supportforums.cisco.com/thread/2183749?tstart=30

/Magnus

0 Helpful

Go to solution
startryst
Level 1
Level 1
In response to Magnus Ohm

‎11-23-2012 03:31 AM

Below is the configuration template for the users:

Phone Book Server URIphonebook@xxx.com
Presence Server URIpresence@xxx.com
SIP Server Address172.16.50.3
0 Helpful

Go to solution
startryst
Level 1
Level 1
In response to Magnus Ohm

‎11-23-2012 03:32 AM

I read the post, and it's not helpful for me as I've marked the necessary group in the access control of the phone book...

0 Helpful

Go to solution
Magnus Ohm
Cisco Employee
Cisco Employee
In response to startryst

‎11-23-2012 03:59 AM

Hi Are you using Jabber for MAC or Windows?

/Magnus

0 Helpful

Go to solution
startryst
Level 1
Level 1
In response to Magnus Ohm

‎11-23-2012 04:38 AM

Jabber video for MAC

0 Helpful

Go to solution
Magnus Ohm
Cisco Employee
Cisco Employee
In response to startryst

‎11-23-2012 04:12 AM

Hi

How does it look in the TMSPE diagnostics, or is the phonebooks synched at all to the VCS? Do you see the phonebooks in the VCS and that the specific users have access to it? You could try to do a diagnostics log on network level debug on the VCS while doing a phonebook search and see what is happening.

What is the phonebook source activity status say, is there any errors?

/Magnus

0 Helpful

Go to solution
startryst
Level 1
Level 1
In response to Magnus Ohm

‎11-23-2012 04:39 AM

0 Helpful

Go to solution
startryst
Level 1
Level 1
In response to Magnus Ohm

‎11-23-2012 04:56 AM

I did an network diagnostics, see below for the debug, I input "g" in the search box; I found it get back with 403 Fobbiden, why?

SIPMSG:

|INFO sip:phonebook@ewellsoft.com SIP/2.0

Via: SIP/2.0/TLS 172.17.0.10:50973;branch=z9hG4bKafffbeb5975bfaae1aa69b13a59359e7.1;received=172.17.0.10;rport=50973

Call-ID: 42cee03b4ce4de7c@172.17.0.10

CSeq: 100 INFO

Contact: <>lianzhao@ewellsoft.com;gr=urn:uuid:b4513904-c8a6-5417-8ac1-d3059765f767>

From: <>lianzhao@ewellsoft.com>;tag=a6e8dce1cd42afa7

To: <>phonebook@ewellsoft.com>

Max-Forwards: 70

Route: <172.16.50.3:5061>

User-Agent: TANDBERG/774 (MCX 4.5.7.16762) - Mac OS X

Expires: 10

Content-Type: application/tandberg-phonebook+xml

Content-Length: 259

   g

   DisplayName,ContactMethodGroups

  

   10

   0

|

2012-11-23T20:40:16+08:00 vcsc tvcs: UTCTime="2012-11-23 12:40:16,667" Module="network.sip" Level="INFO":  Dst-ip="172.17.0.10"  Dst-port="50973"   Detail="Sending Response Code=403, Method=INFO, To=sip:phonebook@ewellsoft.com, Call-ID=42cee03b4ce4de7c@172.17.0.10"

2012-11-23T20:40:16+08:00 vcsc tvcs: UTCTime="2012-11-23 12:40:16,667" Module="network.sip" Level="DEBUG":  Dst-ip="172.17.0.10"  Dst-port="50973"

SIPMSG:

|SIP/2.0 403 Forbidden

Via: SIP/2.0/TLS 172.17.0.10:50973;branch=z9hG4bKafffbeb5975bfaae1aa69b13a59359e7.1;received=172.17.0.10;rport=50973;ingress-zone=DefaultSubZone

Call-ID: 42cee03b4ce4de7c@172.17.0.10

CSeq: 100 INFO

From: <>lianzhao@ewellsoft.com>;tag=a6e8dce1cd42afa7

To: <>phonebook@ewellsoft.com>;tag=8d7a50cba8b91065

Server: TANDBERG/4120 (X7.2)

Warning: 399 172.16.50.3:5061 "Policy Response"

Content-Length: 0

0 Helpful

Go to solution
awinter2
Level 7
Level 7
In response to startryst

‎11-23-2012 05:01 AM

That's because your Default Subzone is configured with authentication setting 'Do not check credentials'.

For presence and phonebooks to work correctly, the Default Subzone must be configured either as 'Check credentials' (Which is the most secure) or 'Treat as authenticated'.

Please see

http://www.cisco.com/en/US/docs/telepresence/infrastructure/vcs/config_guide/Cisco_VCS_Authenticating_Devices_Deployment_Guide_X7-2.pdf for further information about device authentication and authentication policies for zones.

- Andreas

0 Helpful

Go to solution
startryst
Level 1
Level 1
In response to awinter2

‎11-23-2012 05:05 AM

What's default Subzone used for? why that linked to the phonebook and presence status?

0 Helpful

Go to solution
awinter2
Level 7
Level 7
In response to startryst

‎11-23-2012 05:09 AM

The default subzone is the default location for all locally registered H323 and SIP devices on your VCS, and all presence and phonebook requests arrive on this zone on the VCS when sent by your Jabber Video client, unless you've manually created another subzone and associated subzone membership rule(s).

This is described in further detail in the document I linked in the previous post, there is also quite extensive information regarding the Default Subzone and other zone types in the VCS Administrator's guide, which you can find at

http://www.cisco.com/en/US/products/ps11337/products_installation_and_configuration_guides_list.html.

0 Helpful

Go to solution
Tomonori Taniguchi
Cisco Employee
Cisco Employee
In response to awinter2

‎11-23-2012 05:32 AM

Default zone is handling incoming signal from unregistered devices (include subscribe request from Jabber Video for provisioning/registration).

Default Subzone is handling incoming signal from locally registered devices.

As Andreas explained, presence information handle between registered endpoint therefore authentication is based on default subzone configuration.

0 Helpful

Go to solution
startryst
Level 1
Level 1
In response to Tomonori Taniguchi

‎11-23-2012 05:36 AM

Hi, Tomonori

Thanks for explaination, got the point.

0 Helpful

Go to solution
Bill Ruhnke
Level 1
Level 1

‎12-03-2012 12:36 PM

Movi clients seek provisioning only at the point they are challenged for credentials.  For internal Movi users, the VCS-C default zone must be set to "check credentials".  Before they are registered and recognized, Movi registration requests will enter through the default zone, unless they also meet a subzone test, such as IP subnet, in which case they present through that subzone, so you have to make the default subzone "check credentials".  Movi clients registering from outside must be challenged on the VCS-E default zone, or proxied to the VCS-C where they should be challenged in the VCS-C's traversal zone.  If you challenge on the VCS-E, make sure the VCS-E has AD connection for the domain controller and has a route to TMS to get the provisioning template.  This often requires a static route be entered by command line on the VCS-E, because the VCS-E default gateway would send traffic out to the Internet instead.

0 Helpful
Customers Also Viewed These Support Documents