cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4428
Views
5
Helpful
4
Replies
Highlighted
Beginner

Jabber idbroker.webex.com certificate request during the first start

Hello, dear support community.
I have CUCM, IMP 10.5 installed. SSO is configured.

A couple of users complain that for some reason their jabber clients pop-up a notification about certificate for idbroker.webex.com with possible actions, - accept, decline and show the certificate (as it is usual when a certificate is untrusted). It is issued by HydrantID SSL ICA G2.

Just too accept this cert and forget about this for the next logins is not a big deal.

 

However, I didn't configure any external connections to webex or other cloud services.
That is why my concerns are why some of jabber clients try to connect idbroker.webex.com ?

and how do prevent/disable it ?

Service Profile is configured only with local services (CTI, IMP, Directory) but it is not assigned to any users.

jabber-config file is almost empty:

<config version="1.0">
<Client>
<Persistent_Chat_Enabled>true</Persistent_Chat_Enabled>
</Client>
<Directory>
<DirectoryServerType>UDS</DirectoryServerType>
</Directory>
<Policies>
<Disallowed_File_Transfer_Types>.exe;.msi</Disallowed_File_Transfer_Types>
<EnableSIPURIDialling>true</EnableSIPURIDialling>
</Policies>
</config>

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

As part of Service Discovery Jabber checks WebEx Messenger (the SaaS alternative to IM&P) to see if the domain is provisioned in the cloud. If not it then looks for DNS SRV records for on-premises gear.

You can disable that check using the installer flag EXCLUDED_SERVICES=WEBEX
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/11_9/cjab_b_on-premises-deployment-for-cisco-jabber/cjab_b_on-premises-deployment-for-cisco-jabber_chapter_010000.html

Assuming they haven’t deprecated it, Jabber used to also check for a DNS TXT record to see if a domain had a non-standard Service Discovery configuration. I haven’t seen this mentioned in the last few years though.
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/iPad/9_x/JABP_BK_J3C828CB_00_jabber-for-ipad-admin_chapter_01000.html#JABP_TK_C2E228F0_00

PS- Jabber also sends Usage telemetry to Cisco so they know which features users are/aren’t using. You might be tempted to say they don’t need that; however, I have seen them pull features out of Jabber multiple times over the years claiming that telemetry shows no one is using it. I suggest leaving it enabled. If you’re really set on cutting Jabber off from “the cloud”:
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/10_5/CJAB_BK_D6497E98_00_deployment-installation-guide-ciscojabber/CJAB_BK_D6497E98_00_deployment-installation-guide-ciscojabber_chapter_01.html#CJAB_RF_C87CBDFA_00

View solution in original post

4 REPLIES 4
Highlighted

As part of Service Discovery Jabber checks WebEx Messenger (the SaaS alternative to IM&P) to see if the domain is provisioned in the cloud. If not it then looks for DNS SRV records for on-premises gear.

You can disable that check using the installer flag EXCLUDED_SERVICES=WEBEX
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/11_9/cjab_b_on-premises-deployment-for-cisco-jabber/cjab_b_on-premises-deployment-for-cisco-jabber_chapter_010000.html

Assuming they haven’t deprecated it, Jabber used to also check for a DNS TXT record to see if a domain had a non-standard Service Discovery configuration. I haven’t seen this mentioned in the last few years though.
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/iPad/9_x/JABP_BK_J3C828CB_00_jabber-for-ipad-admin_chapter_01000.html#JABP_TK_C2E228F0_00

PS- Jabber also sends Usage telemetry to Cisco so they know which features users are/aren’t using. You might be tempted to say they don’t need that; however, I have seen them pull features out of Jabber multiple times over the years claiming that telemetry shows no one is using it. I suggest leaving it enabled. If you’re really set on cutting Jabber off from “the cloud”:
https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/10_5/CJAB_BK_D6497E98_00_deployment-installation-guide-ciscojabber/CJAB_BK_D6497E98_00_deployment-installation-guide-ciscojabber_chapter_01.html#CJAB_RF_C87CBDFA_00

View solution in original post

Highlighted

Hello, Jonathan.
You are right - I have already disabled EXCLUDED_SERVICES=WEBEX and it helped.
However, it is odd a little bit, because only several jabber clients faced this exactly request during jabber initiation. DNS and version of jabber are the same for any working stations within a company.
Why do you think others didn't experience the same behavior ?

Highlighted

My only guess is those clients’ operating system (ie Windows, macOS, etc) did not trust the issuing Certificate Authority for some reason.

Highlighted

Yes, it looks like this is a problem.
I guess the question why some work stations don't accept certificates is to MS Admins.
Thank you.
Content for Community-Ad