Services discovered due to an untrusted certificate from the server

KY_ · ‎08-10-2021

Hi Team

ım trying to register webex app on CUCM as a mobile device using with CSF and TCT device I can able to login but phone services are not connected so I'm getting following error.

"services discovered due to an untrusted certificate from the server error 1000:1008"

I have try to login with internal network and we can able to login with jabber users.

I have another question for this deployment we have same user that is configured CUCM and ControlHub

we also configured mail id on the local enduser page.

my question is which username and passwordk we will use to login ? CUCM or Controlhub ?

Regards

Tim Warner · ‎03-03-2022

Turns out the issue was that the CUCM PUB/SUB were setup with IP addresses. I followed the steps to set them up as FQDN: https://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/211393-Change-CUCM-Server-Definition-from-IP-Ad.html

Tim Warner · ‎03-02-2022

I also have the same problem with setting this up. I have imported the self signed certificates into my Windows 10 Client in both Enterprise Trust and Trusted Root Certification Authorities. Jabba works with no certificate prompt.

csrlima · ‎11-26-2021

Hi , im having some issues and problems as you are here , so im doing a POC to move from Jabber to Webex app , and i will try to configure minimum to get it work , so i already configured UB manager profile in COntrol HUb , but i dont have directory or calendar connector. So im using user and password from CH. Must this user and pasword must match with Cisco CUCM to get telephony services working? i have also the error "no services discovered due to untrusted server certificate : error 1000:1008" , and my CUCM tomcat certificates are selfsigned. How do you get this working? Best Regards

Shalid Kurunnan Chalil · ‎08-11-2021

Hi.

The username should be the jabber id defined in the call manager.

The Webex app doesnt prompt to accept the untrusted certification (Jabber prompt to trust the certificate to the users if you have any untrusted cert).

If you are accessing from internet via the expressway, then your MRA should be configured correctly. do you have the Public signed CA uploaded in the expressway E and the root CA (used to sign the call manager / IM&P, expressway C) in both the expressway servers?

if you are not using MRA, then your Call manager should be configured with certificates that Webex Teams can validate,
preferably a CA root that signed the tomcat certificate (which is known to the operating system that Webex Teams is on, Windows or MacOS by default), or a self-signed trusted certificate (this must be deployed in your personal computer in advance.

Regards,

KY_ · ‎08-11-2021

First of all Im trying local network as you said that we are getting this error how can I trust cucm and webex team certificate what should I do and where ?

CUCM tomcat certificate are using Self signed certificate.

Firts of all we are testing local network instead of MRA.

Can you please advice me steps

Thanks

Shalid Kurunnan Chalil · ‎08-11-2021

hi there,

you should install the self signed call manager tomcat certificates on your PC that you are launching the Webex app.

google may provide you better step to install a self signed certificates on your PC. i found following

Open the Microsoft Management Console (Start > MMC);
Provide the self-signed certificate:
1. Choose File > Add/Remove Snap-in;
2. in the standalone tab, choose Add;
3. choose the Certificates snap-in > Add;
4. in the wizard, choose the Computer Account > Local Computer;
5. press Finish to end the wizard;
6. close the Add/Remove Snap-in dialog;
7. Navigate to Certificates (Local Computer);
  1. choose the Trusted Root Certification Authorities store to import the certificate;
  2. right click the store and choose All Tasks > Import ;
  3. Follow the wizard and provide the certificate file you have.

Please test it now.

Regards,

KY_ · ‎08-11-2021

Thanks

For the password question When I use CUCM password its not accepting and It says incorrecr username and password if i user controlhub user password i can able to login but phone services is not connecing with this error.

I will install tomcat self signed certificate on the pc and let you know.

csrlima · ‎11-26-2021

Hi , im having some issues and problems as you are here , so im doing a POC to move from Jabber to Webex app , and i will try to configure minimum to get it work , so i already configured UB manager profile in COntrol HUb , but i dont have directory or calendar connector. So im using user and password from CH. Must this user and pasword must match with Cisco CUCM to get telephony services working?

Shalid Kurunnan Chalil · ‎08-11-2021

i hope you have done the UC Manager Profile configuration in the control hub. It is required for Calling using CM deployment,

Regards

KY_ · ‎08-11-2021

I dont configure it , I will do it also.

Thanks

KY_ · ‎08-11-2021

While UC Profile configuration As I understand here,

I will type CUCM sip domain for voice services domain for the uds server address should be CUCM private address Is it correct ?

Shalid Kurunnan Chalil · ‎08-11-2021

Hi there,

not exactly, you should be having the UC services and profile in call manager, also you should define your call manager cluster in your control. Please do read the following deployment guide and it is very well explained step by step process. please let us know if you are stuck anywhere.

Deploy Calling in Webex (Unified CM)

Regards,

KY_ · ‎08-11-2021

Thanks Im following this guide, for the uc profile should Type here CUCM publisher and subsriber ip on the control hub ?

For the CUCM configuration we already have these uc services and profile that we are using jabber now.

Shalid Kurunnan Chalil · ‎08-11-2021

Hi,

If you have dns srv records for your jabber service domain, you can enter your service domain here or you can enter the UDS server details (call manager publisher and subscriber server)

From the doc: Enter a Voice Services Domain if you have SRV records but the login email domain is not used for service discovery. It's required for Mobile Remote Access (MRA), as well. You can also enter a UDS server if the Webex account user ID does not match the Unified CM user ID or ILS is not enabled in a multiple Unified CM cluster deployment. With both values entered, Webex uses UDS first for the premises and Voice Services for MRA.

Regards,

KY_ · ‎08-11-2021

Hi

Can We use this deployment without SSO or does SSO mendotary ?

I have another question for the login problem, when we login local network do we need Expressway ? I mean does expressway join call when the login local network ?

Shalid Kurunnan Chalil · ‎08-11-2021

No, it is not,

You just need to sign in to the phone service separately from Webex app.

No you don't need expressway to register webex app with in your local network. If you are connecting with in the enterprise network, the Webex app look for UDS either by srv record or the UDS server mentioned in your UC Manager profile in the control hub.

You need expressway if you are registering your webex app or jabber from outside your company network.

May i ask, do your Jabber works internally?