cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2059
Views
0
Helpful
24
Replies

Login failed through VCS-e, VCS-c is ok

Hello All.

I have now read so many threads about this issue and i have tried all that I could find.

But still i get:

"Wrong username,domain,and/or Password"

When i try to login to Movi thourgh VCS-e.

Some of the things done:

-Traversal zone with Check credentials

-Sip Proxy enabled on VCS-e

-removed Provisoning key from VCS-e

-Added Public SIP server address to TMS config template.

-Tried several tips on search rules from VCS-e to VCS-c.

What am I missing?

Any advice would be greatly appricated.

Thank you,

Alexander

2 Accepted Solutions

Accepted Solutions

Alok Jaiswal
Cisco Employee
Cisco Employee

Hi Alex,

collect the diagnostic logs and check for subscribe message. see what is happening on VCS-E when it receives the intial reply.

Thanks

Alok

View solution in original post

If your idea is to register the jabber to VCS-C and not VCS-E, then the local zone match you created is not required. you can simply delete this. and proxy setting is proper.

Please can you modify the traversal search rule on VCS-E from regex to something like any to any alias and test again.

it should works after this as per my udnerstanding

Rgds

Alok

View solution in original post

24 Replies 24

Jens Didriksen
Level 9
Level 9

Did you study the Authenticating Devices Deployment Guide?

http://www.cisco.com/en/US/docs/telepresence/infrastructure/vcs/config_guide/Cisco_VCS_Authenticating_Devices_Deployment_Guide_X7-2.pdf

It would also help the community if you included VCS software version and a brief overview of your deployment, TMS version, provisioning type; TMSPE or Legacy Agent and how are you trying to authenticate; local database, towards AD etc etc.

/jens

Please rate replies and mark question(s) as "answered" if applicable.

Please rate replies and mark question(s) as "answered" if applicable.

Thank you.

I will look at this guide also and see if it helps me.

My enviroment as of today:

-Legacy Agent

-TMS 13.1.2

-VCS-c X7.1

-VCS-e X7.2.1

Authenteication is done to TMS.

I have Public IP on my VCS-e DNS a reccord for this both inernal and external

Traversal Zone is Active and good.

Just be aware even though you may allow your users to register to VCS-E when external to your local network, i.e. at home etc, authentication should be done on the VCS-C for both internal and external users, not the VCS-E.

/jens

Please rate replies and mark question(s) as "answered" if applicable.

Please rate replies and mark question(s) as "answered" if applicable.

Hello again.

That is what i am trying to do.

however, when i try to log in to movi while on my inetrnal network it is OK.

As soon as I try externally i get the "wrong username" message.

...and that's where  the Authenticating Devices Deployment Guide comes into the picture.

/jens 

Please rate replies and mark question(s) as "answered" if applicable.

Please rate replies and mark question(s) as "answered" if applicable.

Alok Jaiswal
Cisco Employee
Cisco Employee

Hi Alex,

collect the diagnostic logs and check for subscribe message. see what is happening on VCS-E when it receives the intial reply.

Thanks

Alok

Hello.

That solved the wrong username issue.

When I looked at the logs i finnaly understood that the login request was not getting to the VCS-c.

Then i found in the logs that it did not match any of my search patterns.

I identified it to be a smal typo in one of my regex statements.

However.

Now i do get a "Login failed due to registration failure. If the problem presist contact IT support."

When i look at the local jabber logs on my computer i see the following:

Signaling User notification: Failed to register - If the problem persist, contact IT support.   (404 Not found) Check your provisioning configuration, make sure the SIP domain on the VCS and in Movi is configured correctly and that the VCS is accessible over TLS and/or TCP.

SIP domain is correct on VCS-c, TMS and in Jabber.

VCS-e is connected directly to the internet with a public IP. no NAT.

As soon as i swithc to my internal network i can login trhough the VCS-c.

Anyone of you that can point me in a direction of where to look?

Thank you again.

-Alex

From the VCSe Debug I was able to identify the following message:

SIPMSG:

|SIP/2.0 404 Not found

Via: SIP/2.0/TLS 10.0.1.46:52243;branch=z9hG4bK4d7b1efe9394977fdb4c7a9245250532.1;received=62.92.90.10;rport=38115;ingress-zone=DefaultZone

Call-ID: 7163f6823ac7f26d@10.0.1.46

CSeq: 9001 REGISTER

From: <>username.movi@domain.com>;tag=314e3758d09ddab7

To: <>username.movi@domain.com>;tag=a8808c3b0eef1efd

Server: TANDBERG/4120 (X7.2.1)

Warning: 399 193.90.120.31:5061 "Policy Response"

Content-Length: 0

Before this I see the SIP Subscribe, SIP OK messages.

The SIP message before this is the REGISTER.

Don't know if this helps...

The "Policy Response" indicates you have an incorrect zone authentication and/or registration policy.

This is what I'm using on my VCS-E and VC-C - and it works.

(I'm authentication towards AD on the VCS-C, provisioning is TMSPE)

DefaultZone:

Authentication policy: Do not check credentials

Default SubZone:

Registration policy: Allow

Authentication policy: Do not check credentials

Traversal SubZone:

Authentication policy: Do not check credentials

On VCS-C:

Default SubZone:

Registration policy: Allow

Authentication policy: Check Credentials

DefaultZone:

Authentication policy: Check Credentials

Traversal SubZone:

Authentication policy: Check Credentials

Accept proxied registrations: Allow

/jens

Please rate replies and mark question(s) as "answered" if applicable.

Please rate replies and mark question(s) as "answered" if applicable.

Hello.

I tried with your settings but get the same issue.

And registraion policy is set to None.

Any other ideas?

I just updated with my VCS-C settings. Compare and try, I guess

/jens

Please rate replies and mark question(s) as "answered" if applicable.

Please rate replies and mark question(s) as "answered" if applicable.

Alexander,

what is your setup? single nic, dual nic ?

what are this ip-addresses?

193.90.120.31

62.92.90.10

10.0.1.46

i think you need to check the forum. search for jabber issues in telepresence forum you will see lot of replies.

Rgds

alok

193.90.120.31 - VCSe

62.92.90.10 - PC where Jabber is logging in from.

10.0.1.46 - This i acutally don't know.

you said before 404 message there is a REGISTER message . can you paste that message here?

Also what kind of search rules you have on VCS-E an VCS-C

Rgds

Alok

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: