[cisco-voip] Voicemail failing over MRA when using SSO

Hank Keleher (AM) hank.keleher at dimensiondata.com
Mon Jan 18 17:21:48 EST 2016


Is this talking about when configuring the Unity Connection servers on the Expressway-C under Unified Communications? I changed that and it made no difference. However, I did get the following in the logs on the Expressway-C (names and IP’s changed to protect the innocent):

edgeconfigprovisioning: Level="ERROR<https://10.137.3.25/eventlog?all_text=TGV2ZWw9IkVSUk9SIg==>" Detail="Certificate verify failure<https://10.137.3.25/eventlog?all_text=RGV0YWlsPSJDZXJ0aWZpY2F0ZSB2ZXJpZnkgZmFpbHVyZSI=>" Server=“X.X.X.X" Reason="Neither common name nor subject alternate name match<https://10.137.3.25/eventlog?all_text=UmVhc29uPSJOZWl0aGVyIGNvbW1vbiBuYW1lIG5vciBzdWJqZWN0IGFsdGVybmF0ZSBuYW1lIG1hdGNoIg==>" CN=“hostname.corp.domain.com" SAN=“set([‘www.hostname.corp.domain.com’,’corp.domain.com’,’hostname.corp.hostname.com’])" UTCTime="2016-01-18 22:05:35,993<https://10.137.3.25/eventlog?all_text=VVRDVGltZT0iMjAxNi0wMS0xOCAyMjowNTozNSw5OTMi>”

I’ve checked and double checked that the certificate is correct on the Unity Connection server and we don’t have any issues anywhere but here. I’m not completely confident that the certs are good but this is the first time we’ve seen an issue (if it’s even related) but I don’t know a great deal about certs, et al. These were issued using Entrust (for both internal and external certs) and all root and intermediate CA certs have been uploaded of course.

Thanks!
Hank


From: <bmeade90 at gmail.com<mailto:bmeade90 at gmail.com>> on behalf of Brian Meade <bmeade90 at vt.edu<mailto:bmeade90 at vt.edu>>
Date: Monday, January 18, 2016 at 17:01
To: "Hank.Keleher" <hank.keleher at us.didata.com<mailto:hank.keleher at us.didata.com>>
Cc: "cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>" <cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>>
Subject: Re: [cisco-voip] Voicemail failing over MRA when using SSO



Sounds like this bug- https://tools.cisco.com/bugsearch/bug/CSCux52984

On Mon, Jan 18, 2016 at 4:51 PM, Hank Keleher (AM) <hank.keleher at dimensiondata.com<mailto:hank.keleher at dimensiondata.com>> wrote:
I’ve searched far and wide for an answer to this and so far only found one Cisco supportforums post with no answer, hopefully someone here has experienced this and can provide some direction.

I currently have 10.5.2 CUCM, CUC and IM&P configured with 8.7 Expressway with MRA and 11.1.2 Windows Jabber. All are configured with SSO against ADFS and this works across the board, except the voicemail account when logging in externally through the Expressway with an SSO enabled account. Under Connection Status is shows the voicemail is not connected. Everything else is fine, phone services as well as IM and presence.

However, the client works fine on the internal network as well if I use a CUCM/CUC local account on an external Jabber client I’m able to provide my CUC credentials and voicemail works, this at least confirms to me that the Expressway is configured to allow Unity Connection to work externally (though why didn’t it use the same login for phone service and IM like it does internally, I’m not sure?) We’re using FQDN with all devices and services and everything is working with the exception of the Unity Connection on external Jabber clients (I’m seeing the issue on Windows, Mac and iPhone external clients.)

On the Expressway-C under SSO statistics I see that all Unity Connection Server Proxy Authorizations failed and there are 0 OAuth tokens (whereas there are many for Unified CM.) Nothing is really standing out in the logs as far as I can see either. I have the Unity Connection server configured under Unified Communications on the Expressway-C with TLS verify on and it’s connected and in the Auto-configured allow list with FQDN and IP address. Just to make sure I even added the server to the HTTP server allow list manually even though that shouldn’t be necessary on this version.

Any thoughts or ideas?

Thanks!
Hank

_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip




itevomcid
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20160118/57be744c/attachment.html>


More information about the cisco-voip mailing list