We are having trouble getting MRA working in our environment and would like some help to identify why it is not working.
We are currently running
CUCM : System version: 220.127.116.1100-18 Unrestricted
Cisco VCS Control: Version: X8.11.4
Cisco VCS Expressway: Version: X8.11.4
Everything seems to be configured correctly but I am not able to work out where this is falling over.
On the VCS Control I can see the user is authenticated:
edgeconfigprovisioning: Level="INFO" Detail="Authenticated user successfully" Username="8130" ClientId="18.104.22.168" UTCTime="2019-03-20 09:48:04,482"
But the Expressway gives the error:
traffic_server: Event="get_edge_sso" Detail="Access denied" Reason="Only legacy auth supported" Domain="global.com" Src-ip="22.214.171.124" Src-port="17712" UTCTime="2019-03-20 09:47:50,907
I've tried to find more information on the Reason="Only legacy auth supported" but cannot find any further information.
Solved! Go to Solution.
I was curious if you were able to resolve this issue as I ran into this as well. In my case I'm running "Authorize by user credential" on the Expressway C and I have no issues with users logging into Jabber on the inside. I get the same errors where it shows Authenticated Successfully on the Core but get's "Access Denied" with "Only legacy auth supported" on the Edge.
im having the same issue with a x12.5 deployment, this was usually related to authentication policy set for MRA on the C but i made sure it is set to UCM Basic LDAP/Auth
There are three ways to fix this:
- Change the FQDN configured on VCS/Expressway-E to match the FQDN returned by the _collab-edge SRV record.
- Change the FQDN returned by the _collab-edge SRV record to match the FQDN configured on VCS/Expressway-E.
- Change the FQDN returned by the _collab-edge SRV record to an alias of the FQDN configured on VCS/Expressway-E, with the requirement that the alias has to be in the same domain as the FQDN