[cisco-voip] Jabber IM service Issue

Florian Kroessbacher florian.kroessbacher at gmail.com
Thu Dec 21 16:01:33 EST 2017


Hy out there
Have u configured Revers DNS
Important!
>From version X8.8 onward, you must create forward and reverse DNS entries
for all Expressway-E systems, so that systems making TLS connections to
them can resolve their FQDNs and validate their certificates.

Page 19
https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-9/Mobile-Remote-Access-via-Expressway-Deployment-Guide-X8-9.pdf

--

Florian Krößbacher
florian.kroessbacher at gmail.com

<https://twitter.com/flohATinnsbruck>
<https://plus.google.com/+FlorianKroessbacher>
<https://www.linkedin.com/in/florian-kroessbacher-5a29a832?>

2017-12-21 17:15 GMT+01:00 Ahmed Abd EL-Rahman <Ahmed.Rahman at bmbgroup.com>:

> Hi Brian,
>
>
>
> Under presence there is only one domain and all my servers are in the same
> domain which is the same internally and externally, we just have some users
> accounts on a different domain that’s why I added that domain just to EXP-E
> and added it’s related SRV records.
>
>
>
> Please have a look on the attached logs taken from both Expressway C and E
> for a client which works fine from internal network then connected
> successfully from outside but the IM service is not working from outside.
>
>
>
> I really do appreciate if you can hint me about possible reasons that make
> IM service not working from outside company network.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> Best Regards
>
>
>
> Ahmed Abd EL-Rahman
>
> Senior Network Engineer
>
>
>
> *From:* bmeade90 at gmail.com [mailto:bmeade90 at gmail.com] *On Behalf Of *Brian
> Meade
> *Sent:* Tuesday, December 19, 2017 1:01 AM
> *To:* Ahmed Abd EL-Rahman <Ahmed.Rahman at bmbgroup.com>
> *Cc:* cisco-voip at puck.nether.net
> *Subject:* Re: [cisco-voip] Jabber IM service Issue
>
>
>
> In IM&Presence under Presence->Domains, do you have multiple domains
> listed?  Do you have something other than default under Presence Advanced
> configuration for setting domain names?  Setting the voice services domain
> is one of the few reasons you need to login internally first.
>
>
>
> If you are using UserID at Default Domain then you shouldn't need to login
> internally first.  You may just need to remove the domain portion from the
> username on the username/password page when logging in the first time.
>
>
>
> On Mon, Dec 18, 2017 at 4:06 PM, Ahmed Abd EL-Rahman <
> Ahmed.Rahman at bmbgroup.com> wrote:
>
> What’s the flexible Jabber ID? Also I have local users created on CUCM
> with no LDAP integration.
>
>
>
> For the domain portion it’s not removed if the first login is through MRA
> and the login failed but as mentioned if I logged in thought inside network
> before the login through MRA goes smooth and login successfully but with
> one exception that IM service is not available.
>
>
>
>
>
>
>
>
>
>
>
>
>
> Best Regards
>
>
>
> Ahmed Abd EL-Rahman
>
> Senior Network Engineer
>
>
>
> *From:* bmeade90 at gmail.com [mailto:bmeade90 at gmail.com] *On Behalf Of *Brian
> Meade
> *Sent:* Monday, December 18, 2017 11:50 PM
>
>
> *To:* Ahmed Abd EL-Rahman <Ahmed.Rahman at bmbgroup.com>
> *Cc:* cisco-voip at puck.nether.net
> *Subject:* Re: [cisco-voip] Jabber IM service Issue
>
>
>
> Are you using flexible Jabber ID?
>
>
>
> One thing to make sure is that first time MRA login gets rid of the domain
> portion in the username on the username/password form after entering
> username at domain in the service discovery window.
>
>
>
> On Mon, Dec 18, 2017 at 3:43 PM, Ahmed Abd EL-Rahman <
> Ahmed.Rahman at bmbgroup.com> wrote:
>
> Hi Brian,
>
>
>
> Will try what you suggested, but other than this issue I have another
> symptom, the user must use Jabber for first time from inside the network
> then afterwards he can use it from outside but if he tries the first time
> from outside the network it won’t register as all, even the login stage is
> not passed.
>
>
>
> Does this point to anything ?
>
>
>
>
>
>
>
>
>
>
>
>
>
> Best Regards
>
>
>
> Ahmed Abd EL-Rahman
>
> Senior Network Engineer
>
>
>
> *From:* bmeade90 at gmail.com [mailto:bmeade90 at gmail.com] *On Behalf Of *Brian
> Meade
> *Sent:* Monday, December 18, 2017 11:27 PM
>
>
> *To:* Ahmed Abd EL-Rahman <Ahmed.Rahman at bmbgroup.com>
> *Cc:* cisco-voip at puck.nether.net
> *Subject:* Re: [cisco-voip] Jabber IM service Issue
>
>
>
> Try removing "inspect sip" from the global policy.  You don't want that in
> there with Expressway.  Not sure if XMPP traffic hits that as well or not.
>
>
>
> You can also try refreshing the IM&P Servers on the Expressway-C Unified
> Communications configuration.
>
>
>
> Enabling diagnostic logging on the Expressway-E and Expressway-C then
> trying to connect should help show what is going on as well.
>
>
>
> On Mon, Dec 18, 2017 at 3:16 PM, Ahmed Abd EL-Rahman <
> Ahmed.Rahman at bmbgroup.com> wrote:
>
> Hi Brian,
>
>
>
> Currently I’m opening all IP traffic to Expressway public IP on our Cisco
> ASA FW
>
>
>
> Regarding the inspection configured here it is :
>
> policy-map global_policy
>
> class inspection_default
>
>   inspect dns maximum-length 512
>
>   inspect ftp
>
>   inspect h323 h225
>
>   inspect h323 ras
>
>   inspect rsh
>
>   inspect rtsp
>
>   inspect esmtp
>
>   inspect sqlnet
>
>   inspect skinny
>
>   inspect sunrpc
>
>   inspect xdmcp
>
>   inspect sip
>
>   inspect netbios
>
>   inspect tftp
>
>
>
> which one could cause this issue ?
>
>
>
>
>
>
>
>
>
>
>
>
>
> Best Regards
>
>
>
> Ahmed Abd EL-Rahman
>
> Senior Network Engineer
>
>
>
> *From:* bmeade90 at gmail.com [mailto:bmeade90 at gmail.com] *On Behalf Of *Brian
> Meade
> *Sent:* Monday, December 18, 2017 10:43 PM
> *To:* Ahmed Abd EL-Rahman <Ahmed.Rahman at bmbgroup.com>
> *Cc:* cisco-voip at puck.nether.net
> *Subject:* Re: [cisco-voip] Jabber IM service Issue
>
>
>
> Looks like possible XMPP/TCP 5222 connection issues from the logs.  It
> just keeps reconnecting over and over again but the port is open on the
> Expressway and through the firewall.
>
>
>
> What model firewall are you using?  You may need to disable some XMPP
> inspection/application filtering.
>
>
>
>
>
> On Mon, Dec 18, 2017 at 2:25 PM, Ahmed Abd EL-Rahman <
> Ahmed.Rahman at bmbgroup.com> wrote:
>
> Dear Gents,
>
>
>
> I have a question regarding Jabber setup, I have Jabber client working
> fine from internal network but externally it’s able to login and both phone
> and voice mail services are connected but IM service is not working while
> IM service works just fine from inside network.
>
>
>
> Attached is Jabber client logs for this case.
>
>
>
> So any ideas ?
>
>
>
> Best Regards
>
>
>
> Ahmed Abd EL-Rahman
>
> Senior Network Engineer
>
>
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
>
>
>
>
>
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20171221/636e1723/attachment.html>


More information about the cisco-voip mailing list