Jabber video does not login

juan_cye_ccna · ‎11-17-2012

HI everyone,

i have a VCS expressway (X6.1) and VCS control (X6.1), i have followed a cisco document to configure those devices. I am trying to get access through jabber video 4.4 but i always getting login failed, wrong user or password

Nov 17 23:29:56 tvcs: Event="Response Received" Service="SIP" Src-ip="127.0.0.1" Src-port="22400" Dst-ip="127.0.0.1" Dst-port="25014" Protocol="TCP" Method="SUBSCRIBE" To="sip:provisioning@mycompany.com" Response-code="401" Level="3" UTCTime="2012-11-18 04:29:56,719"

Nov 17 23:29:56 tvcs: Event="Message Received" Service="SIP" Src-ip="127.0.0.1" Src-port="22400" Dst-ip="127.0.0.1" Dst-port="25014" Protocol="TCP" Num-bytes="843" Level="4" UTCTime="2012-11-18 04:29:56,719"

Nov 17 23:29:56 tvcs: Event="Message Sent" Service="SIP" Src-ip="127.0.0.1" Src-port="25014" Dst-ip="127.0.0.1" Dst-port="22400" Protocol="TCP" Num-bytes="1138" Level="4" UTCTime="2012-11-18 04:29:56,702"

Nov 17 23:29:56 tvcs: Event="Request Sent" Service="SIP" Src-ip="127.0.0.1" Src-port="25014" Dst-ip="127.0.0.1" Dst-port="22400" Protocol="TCP" Method="SUBSCRIBE" To="sip:testuser1@mycompany.com" Level="3" UTCTime="2012-11-18 04:29:56,702"

I don´t understand why both source and destination ip addresses are 127.0.0.1. How can i solve this auth problem?

Thanks in advance.

Jens Didriksen · ‎11-17-2012

You're getting an 401 error which is "unauthorized" which is an authentication error.

Following information would be useful for the forum to know;

How are JabberVideo clients being authenticated?

Did you follow the steps in the Authenticating Devices Deployment Guide?

http://www.cisco.com/en/US/docs/telepresence/infrastructure/vcs/config_guide/Cisco_VCS_Authenticating_Devices_Deployment_Guide_X6-1.pdf

Does the 4.4 provisioning template contain correct details?

Also see the 4.4 admin guide (provisioning section in particular):

http://www.cisco.com/en/US/docs/telepresence/endpoint/movi/admin_guide/JabberVideo_Admin_Guide_4-4.pdf

Is the Provisioning key installed on the VCS-C ?

Which version of TMS are you running? I take it you're using the legacy TMS Agent since your VCS is on x6.1, it's highly recommended upgrading to x7.x with TMS 13.2.x and TMSPE.

/jens

Please rate replies and mark question(s) as "answered" if applicable.

juan_cye_ccna · ‎11-18-2012

Hi Jens,

Jabber clients are being authenticated via VCS local database. I have red cisco document about auth devices in VCS and provisioning, VCS control has provisioning key installed not VCSe. The version of TMS is 13.0. Can VCS be upgraded to 7.X and i don´t have to buy a VCS platform release key?

I appreciate your help.

Tomonori Taniguchi · ‎11-18-2012

What is configuration of “Authentication policy” for Default Zone and Default SubZone?
Are you setting to CheckCredential for VCS to challenge account credential with local DB?

juan_cye_ccna · ‎11-19-2012

Hi Tomori,

value configured for Default Zone and Default SubZone is "do not check credentials".

currently i have configured in traversal zones auth field as "do not check credentials", but i have tested with other options and i end up getting same results.

Tomonori Taniguchi · ‎11-22-2012

Default Zone on VCS Control should configure as “Check Credentials” to VCS to challenge user authentication by using provisioning DB replicate from TMS.

Default Subzone on VCS Control should configure as either “Check Credentials” or “Treat as Authenticated”.

For VCS Expressway, both Default Zone and Default Subzone should configured as “Do not check credentials” if provisioning DB sync between VCS Control and TMS (VCS-E forward subscribe request to VCS-C and VCS-C to handle provisioning process).

What happen if you change Default Zone configuration on VCS Control to “Treat as Authenticated”?

Does user able to login?

Changing this parameter to “Treat as Authenticated” will skip user credential authentication and proceed subscribe request, transmitting notify message with provisioning information, then proceed registration request from client.

If you have properly configured VCS and TMS provisioning and have valid account (but have an issue with user authentication), Jabber Video client should register.

If Jabber Client doesn’t register even Default Zone set to “Treat as Authenticated”, then highly suspect there is other misconfiguration on provisioning setting.

juan_cye_ccna · ‎11-22-2012

Hi Tomonori,

I have followed your suggestions but i get same error wrong user, password or domain, yesterday TMS was upgraded to 13.2.2 version, i tried to upgrade VCS control too but a due to a mistake related with license did not let me, i thought that i could upgrade this device without any license or permission, is not it ?

Tomonori Taniguchi · ‎11-22-2012

Login failed with wrong username, domain, and/or password message, you should check following point.

Check Audit.log and make sure that the username and domain used for the login attempt are correct.
In Cisco TMS, go to Systems > Provisioning > Directory and verify that the user exists and has been provided with the correct username and password.
In Cisco TMS, go to Administrative Tools > TMS Agent Diagnostics and verify that replication between the Cisco TMS and Cisco VCS works by running Verifies that users created on the Local TMS Agent replicates to all the TMS Agent LDAP databases in the cluster.
If connecting through a Cisco VCS Expressway:
- Go to VCS configuration > Registration > Deny List and check whether the Deny list is enabled.
- If so, go to VCS configuration > Registration > Allow List and verify that the user has been added to the Allow list.
Check whether the Cisco VCS is in maintenance mode and therefore new calls and registrations are disallowed, and existing registrations are allowed to expire.

Tomonori Taniguchi · ‎11-22-2012

Regarding to VCS software upgrade, upgrading VCS Control software only require release key (if you are upgrading VCS from X6.1 to X7.x software version) and no additional option key will be required.

However you must disable TMS provisioning replication setting on TMS first before attempting software upgrade for VCS.

juan_cye_ccna · ‎11-22-2012

Tomonori, what is the option key in VCS to upgrade it? in my device i have installed:

Device Provisioning, H323-SIP Interworking Gateway, 100 Traversal Calls, 20 Non-traversal Calls and FindMe, Are these enough?

Danny Meyer · ‎11-22-2012

Hi.

I would realyl like to know about your findings. I am in the exact same situation (TMS 13.1).

Looking forward to hear.

Regards

Danny

Magnus Ohm · ‎11-22-2012

Hi in order to upgrade you need a releasekey which you can obtain from cisco licensing if you have a service contract that is valid for the vcs.

/magnus

Sent from Cisco Technical Support iPhone App

Magnus Ohm · ‎11-22-2012

Tomo said this in the previous post :)

Sent from Cisco Technical Support iPhone App

Tomonori Taniguchi · ‎11-22-2012

> what is the option key in VCS to upgrade it? in my device i have installed:

VCS software upgrade only require release key.
Assume you are planning to upgrade your VCS from current X6.1 to X7.2.1, then you will need X7 release key which is different from X6 release that currently configured on your VCS (release key which is 16 digits of number).
New release key can be get from either…,

Contact Cisco License Team (license@cisco.com) with your Endpoint Serial Number and service contract information.
Check license from on-line tool, http://www.cisco.com/go/license,

juan_cye_ccna · ‎11-23-2012

Hi all,

thanks for your help about VCS upgrade. I am watching the event log and i would like to know if when some user tries to get authenticated to VCS and this attempt is succes i should see something like:

sip:username@vcsname.mydomain.com or just sip:username@mydomain.com

what these traces are right information in event log of VCS?