I've faced the following problem: when I switch the default subzone authentication setting on the local VCS Control to "treat as authenticated", the presence of the Movi clients are displayed and published correctly, but the phonebook search does not work at all. Vice versa when I switch to "Do not check credentials" the phonebook searches work as sugar, but the presence status goes wrong, and if I change it manually I get a 403 - Forbidden policyresponse from the VCS.
The deployment consits:
VCS Control X7.0.2
MOVI 4.2 (10318)
I've searched through te forum but found no working solution for this. AD integration is not an option yet...Should I enable authentication based on Local database in the VCS? When I done that the TMS Agent diagnostic raised a ticket.
Thanks for your kind answers in advance!
phonebook searches should work regardless of the request being authenticated or not, while presence requests (PUBLISH sent by Movi) do need to be authenticated as they are sent to the presence server. Configuring the default subzone to 'Treat as authenticated' should indeed result in both a working phonebook and working presence.
How exactly are you testing phonebook searches? Are you using a single PC/Mac, switching between Movi users, or are you using multiple PC's/Mac's?
Are you searching for other Movi users when testing the phonebook, or are you searching for other types of entries, e.g room systems or personal endpoints?
I'm registering with different users using the same PC. The Provisioning phonebook consists a manual list which contains all the created Movi users and will be extended if any new rooms or endpoints are added to the system. It is strange that the presence works fine and the phonebook isn't..Accordig to your letter both presence and phonebook requests are treated same at the VCS.
the 'Provisioning phonebook' normally uses the source 'Provisioning source', and this source normally contains the provisioned devices which have logged in at least once.
As far as I remember, if you log in with Movi user A on a purticular PC/Mac, user A will have a device created in the provisioning backend which is associated with that purticular PC/Mac. This will make user A searchable in the phone book via the provisioning source.
If you log out user A and log in Movi user B on the same PC/Mac however, the device which previously was created for user A will be removed/replaced with a device for user B, which means that user A will no longer be searchable in the provisioning phonebook until user A logs on again from the same or a different PC/Mac. (This is at least how I remember that the behaviour has been earlier, it's been a while since I tested this).
It is therefore advisable to use at least two PC's/Mac's when testing the provisioning phonebook/provisioning source, to ensure that you have at least two searchable devices/users.
Phonebook searches should however work just fine from Movi for regular endpoints (For example the 'All systems' phonebook), assuming that access control for the phonebook has been set up correctly.
If you are unable to get this working properly I suggest you get a TAC case opened up for further troubleshooting.
Hope this helps,
Yes, I'm aware of the provisioning source, but in our setup it was necessary to use "manual list" type source for the movi users as well. It worked fine with versions X5.x.x.
When I traced the SIP conversation between the Movi client and the VCS it showed that the phonebook requests were challenged to authentication and failed, but don't know why. The default subzone and the default zone are both set to "treath as authenticated".
Thanks for the advice. I'll contact the TAC with the situation.
a phonebook search initiated by Movi would be seen as a SIP INFO request sent from Movi to the VCS Movi is currently registered with. In your case, is the Movi user registered to the VCS which is doing TMS Agent replication with TMS, or on a different VCS?
If on a different VCS, the neighbor/traversal zone with this other VCS on the VCS doing TMS Agent replication is most likely set to 'Check credentials'.
It would be helpful if you could describe in more detail which VCS's are involved, what type of zones exist between them and how authentication has been configured on both of them.
The Movi registers directly to the VCS on which the TMS replication is enabled. There is also a VCS Expressway installed in the setup, but at the moment it is not connected to this particular VCS Control we're talking about with any links.
Only the default zone and subzone are active on the Control.
with those settings and circumstances I wouldn't expect the VCS to challenge an INFO request from Movi.
To understand the problem better, logs would have to be taken, and in that case the best way to move forward would be to open a TAC case which it seems you are planning.