Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1893
Views
0
Helpful
5
Replies

Jabber Windows Can not Login from internet via MRA

Ovindo Prastyo Utomo
Level 1
Level 1

‎12-02-2014 03:11 AM - edited ‎03-19-2019 08:54 AM

Hi everyone,

 

As my subject above,

My Jabber can not login from outside (internet), the error message on Jabber client is "Your username or password are no correct".

From Expressway Core's event log I got :

2014-12-02T18:07:31+07:00edgeconfigprovisioning: Level="INFO" Detail="Failed to find home cluster for user" Username="user1@kayreach.com". UTCTime="2014-12-02 11:07:31,833"
2014-12-02T18:07:31+07:00edgeconfigprovisioning: Level="INFO" Detail="All attempts to authenticate user failed" Username="user1" UTCTime="2014-12-02 11:07:31,765"
2014-12-02T18:07:31+07:00edgeconfigprovisioning: Level="INFO" Detail="Failed to authenticate user against server" Username="user1" Server="('https', '192.168.8.247', 8443)" Reason="<twisted.python.failure.Failure <type 'exceptions.Exception'>>" UTCTime="2014-12-02 11:07:31,764"
2014-12-02T18:07:31+07:00edgeconfigprovisioning: Level="INFO" Detail="Failed to find home cluster for user" Username="user1@kayreach.com". UTCTime="2014-12-02 11:07:31,696"
2014-12-02T18:07:31+07:00edgeconfigprovisioning: Level="INFO" Detail="All attempts to authenticate user failed" Username="user1" UTCTime="2014-12-02 11:07:31,616"
2014-12-02T18:07:31+07:00edgeconfigprovisioning: Level="INFO" Detail="Failed to authenticate user against server" Username="user1" Server="('https', '192.168.8.247', 8443)" Reason="<twisted.python.failure.Failure <type 'exceptions.Exception'>>" UTCTime="2014-12-02 11:07:31,616"

 

call log attached from expressway core and expressway edge.

Please advise.

regards,

 

Ovindo

Labels:
Preview file
21 KB
Preview file
10 KB
0 Helpful
5 Replies 5

Daniel Isham
Level 4
Level 4

‎12-06-2014 02:08 PM

Here are a few questions:

1. Are you using single or dual NICs on the Expressway Edge?

2. Is Jabber currently working for your environment internally?

3. How is your certificate configured for the Expressway Edge?

     a. Does certificate support client and server authentication?

     b. When you generated the CSR, did you configured the Unified CM registrations

         domain appropriately as a SAN?

4. How are you pointing to the traversal server from the Expressway Core? DNS?

0 Helpful

Ovindo Prastyo Utomo
Level 1
Level 1
In response to Daniel Isham

‎12-07-2014 06:31 PM

Hi Daniel,

 

Q : 1. Are you using single or dual NICs on the Expressway Edge?

A : I'm using dual NIC, 1st NIC local IP and 2nd NIC direct public (I'm not using NAT), External interface in 2nd NIC.

 

Q : 2. Is Jabber currently working for your environment internally?

A : yes, my jabber work fine in my internal network.

 

Q : 3. How is your certificate configured for the Expressway Edge?

     a. Does certificate support client and server authentication?

     b. When you generated the CSR, did you configured the Unified CM registrations

         domain appropriately as a SAN?

A : I'm using self signed certificate (using OpenSSL from my PC), All the certificate (exp-c, exp-e, ucm, im&p) is using IP address.

     What do you mean about SAN (Storage Attached Network)?

 

Q : 4. How are you pointing to the traversal server from the Expressway Core? DNS?

A : I'm using "UC Traversal Zone" in both Expressway Core and Edge,

      I'm using IP address in 1st NIC in Expressway Edge. And the UC Traversal Zone is "Active",

      UCM and IM&P is active too from Expressway Core.

 

 

Please Advise.

Ovindo

0 Helpful

Ovindo Prastyo Utomo
Level 1
Level 1
In response to Ovindo Prastyo Utomo

‎12-07-2014 08:38 PM

Dear Daniel,

 

Below are the screen capture from :

SRV from public

 

Unified Communication Traversal Zone

 

Unified Communication Manager and IM Presence Server in Expressway Core

 

Unified Communication in Expressway Edge

 

Another question : Is it mandatory to use DNS in my internal network? because my CUCM and IM&P not using DNS Server.

Please advise,

Thanks,

 

Ovindo

0 Helpful

Daniel Isham
Level 4
Level 4
In response to Ovindo Prastyo Utomo

‎12-08-2014 10:02 AM

First off, I highly recommend you use a publicly signed certificate for your Expressway Edge.

SAN - Subject Alternate Name. 

Also I recommend using DNS names and enabling TLS verification on the traversal zones for the Core and Edge. 

Please see the two guides below which explain all of this in detail.

http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-2/Mobile-Remote-Access-via-Expressway-Deployment-Guide-X8-2.pdf

http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-1/Cisco-Expressway-Certificate-Creation-and-Use-Deployment-Guide-X8-1.pdf

 

0 Helpful

CONNECT-PS Technical
Level 1
Level 1

‎03-25-2015 02:41 AM

Hi Ovindo,

I've the same issue, did you resolve it?

thanks

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents