cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1147
Views
0
Helpful
6
Replies

UCCX Script using REST API - Client response status 412

Hi,


Wondering if someone can assist here. I am trying to make REST API call using UCCX script to third party application.

 

I was successful in making API call to Test environment but when I tried to do the same with Prod, I am getting following exception.
"java.io.IOException: Connection reset" "Client response status: 412"

 

UCCX > REST API > Third Party Application ( Test Environment) - Works

UCCX > REST API > Third Party Application ( Prod Environment) - Response 412

 

However if I do the same with either postman or chrome browser it works as expected.

 

So kind of lost here what could be the reason.

 

I have imported the certs in UCCX already so that's not an issue.

Checked the firewall side and that is also out of equation.

 

What else should I be looking?

@Anthony Holloway  hoping you could give us some pointers

 

Regards

Taha

6 Replies 6

Anthony Holloway
Cisco Employee
Cisco Employee

Hey thanks for the mention, but unfortunately, I don't have a great answer for you.  Not only have I never encountered a 412 response, I think your testing shows that the problem is definitely with how the UCCX is communicating with the Prod API.  There's not much in the way of HTTP request troubleshooting in UCCX, so I would turn the attend on the Prod API and see what the logs there can tell you.  E.g., I would think that UCCX sends the exact same request to Test and to Prod, therefore, the Prod API might reveal an extra error pointing a configuration requirement in Prod which does not exist in Test.  Speaking of which, I would place my bet on the actual problem being in Prod API configuration, and not in UCCX scripting; although, at this moment it could literally be anywhere, and how you choose to solve it is up in the air as well.  E.g., If the API requires a header, you could add that header in UCCX or you could drop the requirement for the header in the API itself.  Good luck.  Do post your solution once you find it.

begineer_dev
Level 1
Level 1

@Anthony Holloway  I need to make rest call from uccx script in , that call is for Oauth .
I need to make a post call , in that call need to pass body as 'x-www-form-urlencoded' in headers and in body the credentials details
i did the same in uccx script but it is not working , getting error : Client response status: 412
First I created the string and all parameters and added that parameter in body .
Attached the screenshot for reference , take a look and help me out here.
Thanks in advance.

mparra.fusionet
Level 1
Level 1

I had the same problem (UCCX REST Call Step showing a response of 412 and an java.io.IOException: Connection reset) and it turned out to to be that the external application didn't support the TLS Ciphers UCCX was sending, if you get a packet capture from UCCX you can see that you get a TCP RST from the application right after UCCX sends the TLS Client Hello.

I am going to open a TAC case to see if maybe with an upgrade will be able to get the TLS Ciphers that the external application is supporting, love how security keeps us employed

Another reason for this to happen is the bug below, some applications demand that within the TLS Client Hello we (UCCX) send to the application an Extension named SNI, which has the url of the hostname you are calling via API and ironically UCCX doesn't support sending this, which is quite bad.

https://bst.cisco.com/bugsearch/bug/CSCwb74848

mparra.fusionet
Level 1
Level 1

Another update, this bug DOES have a workaround, the bug itself is misleading, the workaround is a Patch file, I ended up opening up a TAC case inquiring and turns out that TAC provides the Patch/COP file once they confirm that you are not sending the SNI, if you run into this, don't give up there is hope with a TAC case!

Finally I was able to get TAC to do the workaround on the Linux OS root and it is working!, It is key to be at 12.5.1 SU3 minimum to apply this workaround otherwise it won't work,  at some point they will have a patch but if anybody runs into this issue, please contact TAC and ask for the manual workaround (jar file that needs to be copied via the UCCX Linux root).

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: