<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 13px; font-family: Arial, sans-serif;">
<div>
<div>
<div>Is this talking about when configuring the Unity Connection servers on the Expressway-C under Unified Communications? I changed that and it made no difference. However, I did get the following in the logs on the Expressway-C (names and IP’s changed to
protect the innocent):</div>
<div><br>
</div>
<blockquote style="margin:0 0 0 40px; border:none; padding:0px;">
<div><!--StartFragment--><span class="evtLogBad">edgeconfigprovisioning: Level="<a href="https://10.137.3.25/eventlog?all_text=TGV2ZWw9IkVSUk9SIg==" title="Filter by this item">ERROR</a>" Detail="<a href="https://10.137.3.25/eventlog?all_text=RGV0YWlsPSJDZXJ0aWZpY2F0ZSB2ZXJpZnkgZmFpbHVyZSI=" title="Filter by this item">Certificate
verify failure</a>" Server=“X.X.X.X" Reason="<a href="https://10.137.3.25/eventlog?all_text=UmVhc29uPSJOZWl0aGVyIGNvbW1vbiBuYW1lIG5vciBzdWJqZWN0IGFsdGVybmF0ZSBuYW1lIG1hdGNoIg==" title="Filter by this item">Neither common name nor subject alternate name match</a>"
CN=“hostname.corp.domain.com" SAN=“set([‘www.hostname.corp.domain.com’,’corp.domain.com’,’hostname.corp.hostname.com’])" UTCTime="<a href="https://10.137.3.25/eventlog?all_text=VVRDVGltZT0iMjAxNi0wMS0xOCAyMjowNTozNSw5OTMi" title="Filter by this item">2016-01-18
22:05:35,993</a>” </span></div>
</blockquote>
</div>
</div>
<div><span class="evtLogBad"><br>
</span></div>
<div><span class="evtLogBad">I’ve checked and double checked that the certificate is correct on the Unity Connection server and we don’t have any issues anywhere but here. I’m not completely confident that the certs are good but this is the first time we’ve
seen an issue (if it’s even related) but I don’t know a great deal about certs, et al. These were issued using Entrust (for both internal and external certs) and all root and intermediate CA certs have been uploaded of course.</span></div>
<div><span class="evtLogBad"><br>
</span></div>
<div><span class="evtLogBad">Thanks!</span></div>
<div><span class="evtLogBad">Hank</span></div>
<div><span class="evtLogBad"><br>
</span></div>
<div><br>
</div>
<span id="OLK_SRC_BODY_SECTION">
<div style="font-family:Calibri; font-size:12pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<span style="font-weight:bold">From: </span><<a href="mailto:bmeade90@gmail.com">bmeade90@gmail.com</a>> on behalf of Brian Meade <<a href="mailto:bmeade90@vt.edu">bmeade90@vt.edu</a>><br>
<span style="font-weight:bold">Date: </span>Monday, January 18, 2016 at 17:01<br>
<span style="font-weight:bold">To: </span>"Hank.Keleher" <<a href="mailto:hank.keleher@us.didata.com">hank.keleher@us.didata.com</a>><br>
<span style="font-weight:bold">Cc: </span>"<a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a>" <<a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a>><br>
<span style="font-weight:bold">Subject: </span>Re: [cisco-voip] Voicemail failing over MRA when using SSO<br>
</div>
<div><br>
</div>
<div>
<div><br>
<br>
<div dir="ltr">Sounds like this bug- <a href="https://tools.cisco.com/bugsearch/bug/CSCux52984">https://tools.cisco.com/bugsearch/bug/CSCux52984</a></div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Jan 18, 2016 at 4:51 PM, Hank Keleher (AM) <span dir="ltr">
<<a href="mailto:hank.keleher@dimensiondata.com" target="_blank">hank.keleher@dimensiondata.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="word-wrap:break-word;color:rgb(0,0,0);font-size:13px;font-family:Arial,sans-serif">
<div>
<div>
<div>I’ve searched far and wide for an answer to this and so far only found one Cisco supportforums post with no answer, hopefully someone here has experienced this and can provide some direction.</div>
</div>
</div>
<div><br>
</div>
<div>I currently have 10.5.2 CUCM, CUC and IM&P configured with 8.7 Expressway with MRA and 11.1.2 Windows Jabber. All are configured with SSO against ADFS and this works across the board, except the voicemail account when logging in externally through the
Expressway with an SSO enabled account. Under Connection Status is shows the voicemail is not connected. Everything else is fine, phone services as well as IM and presence.</div>
<div><br>
</div>
<div>However, the client works fine on the internal network as well if I use a CUCM/CUC local account on an external Jabber client I’m able to provide my CUC credentials and voicemail works, this at least confirms to me that the Expressway is configured to
allow Unity Connection to work externally (though why didn’t it use the same login for phone service and IM like it does internally, I’m not sure?) We’re using FQDN with all devices and services and everything is working with the exception of the Unity Connection
on external Jabber clients (I’m seeing the issue on Windows, Mac and iPhone external clients.)</div>
<div><br>
</div>
<div>On the Expressway-C under SSO statistics I see that all Unity Connection Server Proxy Authorizations failed and there are 0 OAuth tokens (whereas there are many for Unified CM.) Nothing is really standing out in the logs as far as I can see either. I have
the Unity Connection server configured under Unified Communications on the Expressway-C with TLS verify on and it’s connected and in the Auto-configured allow list with FQDN and IP address. Just to make sure I even added the server to the HTTP server allow
list manually even though that shouldn’t be necessary on this version.</div>
<div><br>
</div>
<div>Any thoughts or ideas?</div>
<div><br>
</div>
<div>Thanks!</div>
<span class="HOEnZb"><font color="#888888">
<div>Hank</div>
</font></span></div>
<br>
_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" rel="noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<br>
<font color="white">itevomcid</font></div>
</div>
</span>
</body>
</html>