[cisco-voip] Jabber IM service Issue

Brian Meade bmeade90 at vt.edu
Tue Jan 2 23:40:58 EST 2018


Ahmed,

Can you let the list know what the issue was in case someone sees something
similar and the thread can be archived?

Thanks,
Brian

On Sun, Dec 31, 2017 at 11:50 AM, Ahmed Abd EL-Rahman <
Ahmed.Rahman at bmbgroup.com> wrote:

> Many thanks Brian, the mentioned tool pointed to my issue and the fix in 5
> minutes, it’s really a great tool.
>
>
>
> Really appreciated.
>
>
>
>
>
>
>
>
>
>
>
> Best Regards
>
>
>
> Ahmed Abd EL-Rahman
>
> Senior Network Engineer
>
>
>
> *From:* bmeade90 at gmail.com [mailto:bmeade90 at gmail.com] *On Behalf Of *Brian
> Meade
> *Sent:* Friday, December 22, 2017 7:18 PM
>
> *To:* Ahmed Abd EL-Rahman <Ahmed.Rahman at bmbgroup.com>
> *Cc:* cisco-voip at puck.nether.net
> *Subject:* Re: [cisco-voip] Jabber IM service Issue
>
>
>
> I don't see any connection attempts on port 5222 in the logs.  Might want
> to enable tcpdump on the Diagnostic Logging page and try again.
>
>
>
> Also try https://cway.cisco.com/tools/CollaborationSolutionsAnalyzer/ and
> go to CollabEdge validator.  It will test against your domain with a
> username/password.  You can also put the logs in there and it may show you
> what is going on as well.
>
>
>
> On Thu, Dec 21, 2017 at 11:15 AM, Ahmed Abd EL-Rahman <
> Ahmed.Rahman at bmbgroup.com> wrote:
>
> Hi Brian,
>
>
>
> Under presence there is only one domain and all my servers are in the same
> domain which is the same internally and externally, we just have some users
> accounts on a different domain that’s why I added that domain just to EXP-E
> and added it’s related SRV records.
>
>
>
> Please have a look on the attached logs taken from both Expressway C and E
> for a client which works fine from internal network then connected
> successfully from outside but the IM service is not working from outside.
>
>
>
> I really do appreciate if you can hint me about possible reasons that make
> IM service not working from outside company network.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> Best Regards
>
>
>
> Ahmed Abd EL-Rahman
>
> Senior Network Engineer
>
>
>
> *From:* bmeade90 at gmail.com [mailto:bmeade90 at gmail.com] *On Behalf Of *Brian
> Meade
> *Sent:* Tuesday, December 19, 2017 1:01 AM
>
>
> *To:* Ahmed Abd EL-Rahman <Ahmed.Rahman at bmbgroup.com>
> *Cc:* cisco-voip at puck.nether.net
> *Subject:* Re: [cisco-voip] Jabber IM service Issue
>
>
>
> In IM&Presence under Presence->Domains, do you have multiple domains
> listed?  Do you have something other than default under Presence Advanced
> configuration for setting domain names?  Setting the voice services domain
> is one of the few reasons you need to login internally first.
>
>
>
> If you are using UserID at Default Domain then you shouldn't need to login
> internally first.  You may just need to remove the domain portion from the
> username on the username/password page when logging in the first time.
>
>
>
> On Mon, Dec 18, 2017 at 4:06 PM, Ahmed Abd EL-Rahman <
> Ahmed.Rahman at bmbgroup.com> wrote:
>
> What’s the flexible Jabber ID? Also I have local users created on CUCM
> with no LDAP integration.
>
>
>
> For the domain portion it’s not removed if the first login is through MRA
> and the login failed but as mentioned if I logged in thought inside network
> before the login through MRA goes smooth and login successfully but with
> one exception that IM service is not available.
>
>
>
>
>
>
>
>
>
>
>
>
>
> Best Regards
>
>
>
> Ahmed Abd EL-Rahman
>
> Senior Network Engineer
>
>
>
> *From:* bmeade90 at gmail.com [mailto:bmeade90 at gmail.com] *On Behalf Of *Brian
> Meade
> *Sent:* Monday, December 18, 2017 11:50 PM
>
>
> *To:* Ahmed Abd EL-Rahman <Ahmed.Rahman at bmbgroup.com>
> *Cc:* cisco-voip at puck.nether.net
> *Subject:* Re: [cisco-voip] Jabber IM service Issue
>
>
>
> Are you using flexible Jabber ID?
>
>
>
> One thing to make sure is that first time MRA login gets rid of the domain
> portion in the username on the username/password form after entering
> username at domain in the service discovery window.
>
>
>
> On Mon, Dec 18, 2017 at 3:43 PM, Ahmed Abd EL-Rahman <
> Ahmed.Rahman at bmbgroup.com> wrote:
>
> Hi Brian,
>
>
>
> Will try what you suggested, but other than this issue I have another
> symptom, the user must use Jabber for first time from inside the network
> then afterwards he can use it from outside but if he tries the first time
> from outside the network it won’t register as all, even the login stage is
> not passed.
>
>
>
> Does this point to anything ?
>
>
>
>
>
>
>
>
>
>
>
>
>
> Best Regards
>
>
>
> Ahmed Abd EL-Rahman
>
> Senior Network Engineer
>
>
>
> *From:* bmeade90 at gmail.com [mailto:bmeade90 at gmail.com] *On Behalf Of *Brian
> Meade
> *Sent:* Monday, December 18, 2017 11:27 PM
>
>
> *To:* Ahmed Abd EL-Rahman <Ahmed.Rahman at bmbgroup.com>
> *Cc:* cisco-voip at puck.nether.net
> *Subject:* Re: [cisco-voip] Jabber IM service Issue
>
>
>
> Try removing "inspect sip" from the global policy.  You don't want that in
> there with Expressway.  Not sure if XMPP traffic hits that as well or not.
>
>
>
> You can also try refreshing the IM&P Servers on the Expressway-C Unified
> Communications configuration.
>
>
>
> Enabling diagnostic logging on the Expressway-E and Expressway-C then
> trying to connect should help show what is going on as well.
>
>
>
> On Mon, Dec 18, 2017 at 3:16 PM, Ahmed Abd EL-Rahman <
> Ahmed.Rahman at bmbgroup.com> wrote:
>
> Hi Brian,
>
>
>
> Currently I’m opening all IP traffic to Expressway public IP on our Cisco
> ASA FW
>
>
>
> Regarding the inspection configured here it is :
>
> policy-map global_policy
>
> class inspection_default
>
>   inspect dns maximum-length 512
>
>   inspect ftp
>
>   inspect h323 h225
>
>   inspect h323 ras
>
>   inspect rsh
>
>   inspect rtsp
>
>   inspect esmtp
>
>   inspect sqlnet
>
>   inspect skinny
>
>   inspect sunrpc
>
>   inspect xdmcp
>
>   inspect sip
>
>   inspect netbios
>
>   inspect tftp
>
>
>
> which one could cause this issue ?
>
>
>
>
>
>
>
>
>
>
>
>
>
> Best Regards
>
>
>
> Ahmed Abd EL-Rahman
>
> Senior Network Engineer
>
>
>
> *From:* bmeade90 at gmail.com [mailto:bmeade90 at gmail.com] *On Behalf Of *Brian
> Meade
> *Sent:* Monday, December 18, 2017 10:43 PM
> *To:* Ahmed Abd EL-Rahman <Ahmed.Rahman at bmbgroup.com>
> *Cc:* cisco-voip at puck.nether.net
> *Subject:* Re: [cisco-voip] Jabber IM service Issue
>
>
>
> Looks like possible XMPP/TCP 5222 connection issues from the logs.  It
> just keeps reconnecting over and over again but the port is open on the
> Expressway and through the firewall.
>
>
>
> What model firewall are you using?  You may need to disable some XMPP
> inspection/application filtering.
>
>
>
>
>
> On Mon, Dec 18, 2017 at 2:25 PM, Ahmed Abd EL-Rahman <
> Ahmed.Rahman at bmbgroup.com> wrote:
>
> Dear Gents,
>
>
>
> I have a question regarding Jabber setup, I have Jabber client working
> fine from internal network but externally it’s able to login and both phone
> and voice mail services are connected but IM service is not working while
> IM service works just fine from inside network.
>
>
>
> Attached is Jabber client logs for this case.
>
>
>
> So any ideas ?
>
>
>
> Best Regards
>
>
>
> Ahmed Abd EL-Rahman
>
> Senior Network Engineer
>
>
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
>
>
>
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20180102/91daee10/attachment.html>


More information about the cisco-voip mailing list