Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1829
Views
5
Helpful
26
Replies

Unity 12.5 SU(5) and Office 365 Unified Messaging

Garrett Hensley
Level 1
Level 1

‎07-24-2024 05:17 AM

I've been working all week to get unified messaging working again. We had is setup with our on-premise exchange server 2013. We migrated to Office365 and I created a new Unified Messaging service and followed the documentation to set it up. I created an application, created a new user in the cloud and gave that user application impersonation role and assigned that user to the application. Following the guide I applied appropriate API permissions. I can't see that I missed a step, but I'm still getting errors. I followed troubleshooting steps and can see SSL communication between Unity Connection and Microsoft. It ends with the Unity Connection server sending an Encrypted Alert (21). To the best of my research, that's just a simple error message that is of course encrypted. I have wiresharked and looked at logs and cannot determine the issue. Attached is a screenshot of the test and a snippet of the logs i've pulled.

I am really starting to think there is a bug in 12.5 (SU6) or maybe it just isn't supported.

GarrettHensley_0-1721823167974.png

14:38:38.356 |18255,,,CuESD,0,Thread=http-nio-81-exec-8 autodiscover testEmailAddress=false extsvcObjectId= clientid=7aa01437-xxxx-xxxx-xxxx-c00e7exxxx45
14:38:38.361 |18255,,,CsExMbxLocator,10,[CsExMbxLocator/CCsDbHelper.cpp:403]: Error access token is not found in database for uid: 7aa01437-xxxx-xxxx-xxxx-c00e7exxxx45
14:38:38.402 |18255,,,CsExMbxLocator,10,[CsExMbxLocator/CCsDNSResolver.cpp:190] failed to get dns results for _ldap._tcp.mygeatn.onmicrosoft.com._sites.dc._msdcs.outlook.office365.com question type 33
14:38:38.402 |18255,,,CsExMbxLocator,11,[CsExMbxLocator/CsExMbxLocator.cpp:458]: DNS query for: _ldap._tcp.mygeatn.onmicrosoft.com._sites.dc._msdcs.outlook.office365.com didn't return results
14:38:38.551 |18255,,,CsExMbxLocator,10,[CsExMbxLocator/CsExMbxLocator.cpp:1420]: HTTP request failed with error: 80004005, HTTP status code: 401, for Autodiscovery URL: https://outlook.office365.com/autodiscover/autodiscover.xml, verb: GET, query:


14:38:38.551 |18255,,,CsExMbxLocator,10,[CsExMbxLocator/CsExMbxLocator.cpp:1476]: HTTP request failed with error: Bad response from server, HTTP code returned: 401, HTTP status code: 401, for Autodiscovery URL: https://outlook.office365.com/autodiscover/autodiscover.xml, verb: GET, query:
14:38:38.577 |18255,,,CsExMbxLocator,10,[CsExMbxLocator/CsExMbxLocator.cpp:1420]: HTTP request failed with error: 80004005, HTTP status code: 0, for Autodiscovery URL: https://autodiscover.outlook.office365.com/autodiscover/autodiscover.xml, verb: GET, query:


14:38:38.577 |18255,,,CsExMbxLocator,10,[CsExMbxLocator/CsExMbxLocator.cpp:1476]: HTTP request failed with error: Couldn't resolve host name -- Could not resolve: autodiscover.outlook.office365.com (Domain name not found), HTTP status code: 0, for Autodiscovery URL: https://autodiscover.outlook.office365.com/autodiscover/autodiscover.xml, verb: GET, query:
14:38:38.752 |18255,,,CsExMbxLocator,10,[CsExMbxLocator/CsExMbxLocator.cpp:1420]: HTTP request failed with error: 80004005, HTTP status code: 401, for Autodiscovery URL: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml, verb: GET, query:


14:38:38.753 |18255,,,CsExMbxLocator,10,[CsExMbxLocator/CsExMbxLocator.cpp:1476]: HTTP request failed with error: Bad response from server, HTTP code returned: 401, HTTP status code: 401, for Autodiscovery URL: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml, verb: GET, query:
14:38:38.754 |18255,,,CsExMbxLocator,10,[CsExMbxLocator/CsExMbxLocator.cpp:1420]: HTTP request failed with error: 80004005, HTTP status code: 0, for Autodiscovery URL: http://autodiscover.outlook.office365.com/autodiscover/autodiscover.xml, verb: GET, query:


14:38:38.754 |18255,,,CsExMbxLocator,10,[CsExMbxLocator/CsExMbxLocator.cpp:1476]: HTTP request failed with error: Couldn't resolve host name -- Could not resolve: autodiscover.outlook.office365.com (Domain name not found), HTTP status code: 0, for Autodiscovery URL: http://autodiscover.outlook.office365.com/autodiscover/autodiscover.xml, verb: GET, query:
14:38:38.793 |18255,,,CsExMbxLocator,10,[CsExMbxLocator/CCsDNSResolver.cpp:190] failed to get dns results for _autodiscover._tcp.outlook.office365.com question type 33
14:38:38.793 |18255,,,CsExMbxLocator,11,[CsExMbxLocator/CsExMbxLocator.cpp:741]: DNS query for: _autodiscover._tcp.outlook.office365.com didn't return results

1 person had this problem
0 Helpful
26 Replies 26

Roger Kallberg
VIP
VIP

‎07-24-2024 05:58 AM

Looks like the name lookup is failing with these errors.

14:38:38.754 |18255,,,CsExMbxLocator,10,[CsExMbxLocator/CsExMbxLocator.cpp:1476]: HTTP request failed with error: Couldn't resolve host name -- Could not resolve: autodiscover.outlook.office365.com (Domain name not found)

14:38:38.793 |18255,,,CsExMbxLocator,10,[CsExMbxLocator/CCsDNSResolver.cpp:190] failed to get dns results for _autodiscover._tcp.outlook.office365.com

14:38:38.793 |18255,,,CsExMbxLocator,11,[CsExMbxLocator/CsExMbxLocator.cpp:741]: DNS query for: _autodiscover._tcp.outlook.office365.com didn't return results

Have you verified that the CUC system can resolve DNS records for the MS O365 services?

 



Response Signature


Garrett Hensley
Level 1
Level 1

‎07-24-2024 06:34 AM

Well, that's one of my points of confusion. The documentation says to use outlook.office365.com however, autodiscover.outlook.office365.com never resolves, anywhere. autodiscover.outlook.com and autodiscover-s.outlook.com both do resolve and you can see they do in the log. Which leads me to have low confidence in the config, however, even putting outlook.office365.com eventually results in a successful query to autodiscover-s.outlook.com.

So, to answer your question. It does not resolve on the unity server, but it doesn't resolve at all.

0 Helpful

Shalid Kurunnan Chalil
Spotlight
Spotlight
In response to Garrett Hensley

‎07-24-2024 07:09 AM

Hi @Garrett Hensley 

Could you please verify the settings again 

ShalidKurunnanChalil_0-1721829746895.png

I encountered a similar issue in the past, which was primarily due to an incorrect secret being shared (often the secret ID instead of the actual password value).

They may not be able to retrieve the password again, so it might be necessary to generate a new one and request them to copy the value.

ShalidKurunnanChalil_1-1721830110451.png

Regards,

Shalid

Disclaimer:

Responses are based on personal knowledge and experience. Consider them as guidance. Other members may offer different perspectives or better approaches. No responsibility is assumed for outcomes; discretion is advised.

 

 

Garrett Hensley
Level 1
Level 1
In response to Shalid Kurunnan Chalil

‎07-24-2024 07:15 AM

I actually did the same thing, and it wasn't until I went back and verified the secret that i realized i copied the secret id and not the value. Fortunately, I had copied both down. I wasn't confident in my settings so I went ahead and created a new secret, just in case. I then used the value from this secret and still get the same results.

0 Helpful

Shalid Kurunnan Chalil
Spotlight
Spotlight
In response to Garrett Hensley

‎07-24-2024 07:45 AM - edited ‎07-24-2024 07:46 AM

Hi,

Please verify the following settings:

  • Ensure the UM account does not have a mailbox.
  • Confirm that the password does not contain any special characters such as ! [ ] } {  bug https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvt29541 
  • Verify that the user has the “Application Impersonation” role in the Exchange admin panel.
  • Check that the application has the following API permissions under Microsoft Graph permissions
    Calendars.ReadWrite
    Contacs.ReadWrite
    EWS.AccessAsUser.All
    Mail.ReadWrite
    Mail.Send
  • According to another bug (see details https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvt30599 ) make sure the newly generated client secret does not contain ! or ] for successful authentication.
  • Ensure the user is assigned to the Unity application in the Azure portal.
    You can verify under:
    All services -> App Registrations -> Select the application name -> API permissions.
  • Additionally, check if you can reach outlook.office365.com and resolve it by using the following commands from the CUC CLI:
  • utils network ping outlook.office365.com
    utils network host outlook.office365.com

If everything checks out, please collect the Tomcat logs from the Unity Connection and review them for any errors. Please share the logs here further.

Regards

Shalid 

 

Garrett Hensley
Level 1
Level 1
In response to Shalid Kurunnan Chalil

‎07-24-2024 07:54 AM

I have a questions about this part. I added the user to the application by going to the application under Enterprise Applications -> Selecting my application and going to users and groups. I added the user there. Nothing shows in the API Permissions for the user, just the delegated permissions.

  • Ensure the user is assigned to the Unity application in the Azure portal.
    You can verify under:
    All services -> App Registrations -> Select the application name -> API permissions.
0 Helpful

Shalid Kurunnan Chalil
Spotlight
Spotlight
In response to Garrett Hensley

‎07-24-2024 08:59 AM

Hi ,

I am pasting a few screenshots from the document which I referred to originally and from my working solution.

It looks like (App registration) 

ShalidKurunnanChalil_0-1721836048378.png 

Once you have delegated it, you must grant permission as follows

on the Azure /Entra portal, Enterprise Application >> Select the app that you created

choose Permissions and click on "Grant admin consent for security"

ShalidKurunnanChalil_2-1721836278064.png

I checked my configuration and it looks like the below; (App Registration)

ShalidKurunnanChalil_1-1721836219823.png

Enterprise Application: 

ShalidKurunnanChalil_3-1721836691502.png

Regards,

Shalid

Disclaimer:

Responses are based on personal knowledge and experience. Consider them as guidance. Other members may offer different perspectives or better approaches. No responsibility is assumed for outcomes; discretion is advised.

 

Garrett Hensley
Level 1
Level 1
In response to Shalid Kurunnan Chalil

‎07-24-2024 09:49 AM

Thank you for the screenshots. I've went through and checked and mine matches. I went through the sign-in logs and i can see on monday i had some failed connections (due to the secret key issue i had). However, since then i see not even a failed attempt. I even went as far as deleting my application and starting over. 

This is becoming very frustrating. What version of Cisco Unity are you on in this example?

0 Helpful

Shalid Kurunnan Chalil
Spotlight
Spotlight
In response to Garrett Hensley

‎07-24-2024 09:54 AM

Originally configured it on 12.5, and later upgraded to 14. So the current version is 14

0 Helpful

Garrett Hensley
Level 1
Level 1
In response to Shalid Kurunnan Chalil

‎07-24-2024 10:05 AM

Ok, thanks. Would you mind sharing a screenshot of the unified messaging services screen. Does it match exactly with the same you shared (minus your actual domain of course)?

0 Helpful

Shalid Kurunnan Chalil
Spotlight
Spotlight
In response to Garrett Hensley

‎07-24-2024 10:26 AM

ShalidKurunnanChalil_0-1721841996420.png

 

0 Helpful

Garrett Hensley
Level 1
Level 1
In response to Shalid Kurunnan Chalil

‎07-24-2024 10:34 AM

Thanks again, matches mine. Again, very frustrating. I assume you get a successful test when you click the button.

0 Helpful

Garrett Hensley
Level 1
Level 1
In response to Shalid Kurunnan Chalil

‎07-24-2024 11:30 AM

Can someone post what a successful test should look like?

0 Helpful

Roger Kallberg
VIP
VIP
In response to Garrett Hensley

‎07-24-2024 12:19 PM - edited ‎07-24-2024 12:22 PM

This is from our CUC v15SU1a system.

IMG_5105.jpeg

If memory serves this would look differently in the version you’re on as there was a change in the authentication process in v14SU3 and onwards. 



Response Signature


0 Helpful
Customers Also Viewed These Support Documents