VCSE Jabber presence does not

Hello

I have some problems with the presence, through the VCSE for a jabber client registered to one subarea other than failing the VCSE subzone.  In addition the environment uses AD for authentication of the client so the VCSE has the default area, sub-area by default and traversal area set to "do not check references" for auth policy.  When the customer registers to the subarea of default, presence works properly.  When I create a subzone to isolate a specific group of jabber clients, register of customers using their credentials of the AD (checked this incorrect password causes failures) but I get an error 403 policy updates to presence.  I need to create this subarea, so I can use a search rule that matches the subfield as source and then replaces the alias with a non routable target so this client group can only receive calls.  I tried to use the local list of CPL to do this, but once again because the VCSE does not all identifications CPL rules do not apply.  If it is a bug in X7.2?

Jarrod Hey,.

You can do so by implementing the following:

The information below should help you get Jabber to authenticate correctly on the highway even if you push the control. Jabber must authenticate properly for the presence at work. After this is implemented your search rule should work as you wish as well as the presence and authentication.

In a secure design, the VCS (control and Highway) would require identification for registration information. Here is a drawing that is not described in the guides of the admin, but has been used successfully.

The Control of VCS would have Active Directory Service active and joins the Active Directory domain. For VCS authenticate the credentials of Movi/Jabber on Active Directory before the SUBSCRIPTION for the supply is sent to the service of commissioning, the default Zone would be set to verify the credentials. For requests for SUBSCRIPTION from the highway, the area on the VCS control would also to verify the credentials. It handles authentication for the provision.

The next part is the record of the Movi/Jabber client. The subzone to which the customer will register must also be set to verify the credentials. Here's everything you need for internal records (registration to the VCS control).

For the Highway, things get a little more complicated. For commissioning subscription, the SUBSCRIPTION is forwarded to the VCS control. With the area on the VCS game to check the credentials, you're all set. Now on registration to the highway. The subzone to which the customer will register to must be defined to check credentials. From the motorway VCS don't have direct access to Active Directory, we use local credentials on the highway. A set of credentials should be configured in VCS Configuration > authentication > devices > local database. You will create a single name and password all Movi/Jabber clients will use. The end user has NO need to know these credentials. The username and password is provided to the Movi/Jabber client via configuration data it has received. To set up these data, MSDS, you must configure a SIP of authentication user name and password for SIP authentication in the configuration of the commissioning. For these options to be available, you must ensure that you have downloaded the configuration template xml for the Movi/Jabber version you are using. The xml file is included in the zip package full of the client which can be downloaded on www.cisco.com. So, who will be recording from the highway. Now, this creates an interesting situation with VCS control. The internal Movi/Jabber client will receive the same provisioning configuration and will attempt to use those same credentials when you register for the control of VCS. The VCS control is already set to authenticate against Active Directory and Active Directory ONLY registration.

You will need to create an account in Active Directory corresponding to these credentials. The Active Directory account didn't need special access. It is used only for authentication purposes. A few things to keep in mind: SIP authentication user name and password for SIP authentication are stored in clear text configuration configuration. This means that the data is sent in clear text. To be sure that these data are not compromised on the wire, do not forget that you are using for your communication SIP Movi/Jabber TLS.

Thank you, Adam

Tags: Cisco Support

Similar Questions

  • Jabber comments does not work with Expressway 8.7.2

    Hello

    the last Highway requires Diffie-Hellman keys at least 1024 bits in size.

    Unfortunately comments Jabber always uses 768bits as the 'server Temp key' on tomcat. This is why you cannot use Jabber comments (any version; I tried 10.6.9 and 10.6.10) with Expressway 8.7.2.

    I also checked the Tomcat settings and there is the appropriate setting in/opt/cisco/jabber/conf/mss-sip-stack-properties (which, I guess that's the relevant file):

    # 2048-bit support for the Diffie-Hellman key ephemeral
    jdk.tls.ephemeralDHKeySize = 2048

    Unfortunately, this does not work, or at least the results are not as expected.

    Try to connect with openssl (openssl s_client-connect : 5061) shows:

    -snip-

    Types of client certificate: RSA sign, DSA
    Required Signature algorithms: ECDSA + SHA512: RSA + SHA512: ECDSA + SHA384: RSA + SHA384: ECDSA + SHA256: RSA + SHA256: ECDSA + SHA224 RSA: + SHA224: ECDSA + SHA1: SHA1 + RSA: DSA + SHA1: RSA + MD5
    Required Signature shared algorithms: ECDSA + SHA512: RSA + SHA512: ECDSA + SHA384: RSA + SHA384: ECDSA + SHA256: RSA + SHA256: ECDSA + SHA224 RSA: + SHA224: ECDSA + SHA1: SHA1 + RSA: DSA + SHA1
    Peer signature digest: SHA512
    Temp server key: DH, 768 bits
    ---
    SSL handshake has read 3205 bytes and written 210 bytes
    ---
    New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA256
    The server public key is 4096 bit
    Secure renegotiation IS supported
    Compression: NONE
    Expansion: NO
    No ALPN negotiated

    -snip-

    Expressway present "key too small dh" in the log file and the 'TLS negotiation failure' when checking the status of the area.

    It works perfectly with Expressway 8.6.1 (have not tried far 8.7.1).

    Log files / dumps / snapshots are available on request, but I think the problem is pretty clear and I hope that it will be easy to solve.

    Thank you and best regards

    Wolfgang

    It's really weird, the first official Jabber client version is 10.0, I check the version of java on Jabber client 10.0, the version is "1.7.0_55".

    Where do you find the original installation image? -What have you never install any external rpm on the comment Jabber server?

    Comments of Jabber, connect with us: Administration of Cisco Jabber Guest-> marbles-> download all the

    BTW, run the command "rpm - qa' on terminal server Jabber comments and send us the list.

    Thank you

  • Port SSL messages to jabber/gtalk does not stick

    Hi-

    It is not purely associated with Sierra, as happening on El Cap.  The port default to Google talk is 5223, which is blocked in my company.  I had previously configured messages to use 443, which is not blocked (and supports gtalk).  But at some point during the last couple months, gtalk stopped linking to work.  When I looked at it, she returned to 5223.  When I try to set it to 443 (disable the account, change the port, re - enable the account) everything looks good, but at the time when I try to connect, it turns to 5223.  I tried to delete the account completely re - create, both as a right has Jabber (port 443 from the beginning of setting) or as a gmail e-mail account and then change the port later.  Nothing does.

    Thinking perhaps it was corrupted prefs, I deleted all the * prefs to iChat and everything that seemed related to google or jabber.  No change in behavior.

    Anyone seen this before?  Help to solve if possible of love.

    Thank you!

    Hello

    Currently I use port 5222 and without SSL and my account settings Google is for applications that are less secure.

    I can't use 5223 or even443 with SSL on.

    21:01 Tuesday; October 4, 2016

     iMac 2.5 Ghz i5 2011 (El Capitan)
     G4/1GhzDual MDD (Leopard 10.5.8)
     MacBookPro (Snow Leopard 10.6.8) 2 GB
     Mac OS X (10.6.8).
     iPhone and iPad (2)

  • Jabber presence doesn't work not between VCSe and Express, but works if you are registered to the same VCS...

    Hello

    I have a problem where the presence does not work between users registered on the VCSC and the VCSe.

    If a user on the VCSe registers, they cannot see the presence of VCSe registered users, and even, registered on the VCSC users see only the presence of records on the VCSC.

    TMS is running 14.1.1 with TMSPE

    VCSC and VCSe run every two X7.2.

    Both the VCSC and and VCSe each with authentication Active Directory (direct)

    Wouldn't be better to have control of VCS and VCS Expressway with authentication Active Directory (directly) on the control of VCS?

    Thank you very much

    Rob

    Hello

    in most cases, you want the VCS control to contain the presence information and VCS Highway to simply forward requests for control of VCS.
    Should be set to the 'on' presence User Agent and server on your control and only the User Agent of the presence on the highway in position 'on '.

    You can find more details in the VCS Administrator's guide.

    Sent by Cisco Support technique iPhone App

  • Is it possible to publish for Jabber presence information in the tourist complex?

    Hello

    We run TMS 14.2.1, TMSPE v1, VCS x7.1

    We organize several controls of VCS for several organizations, including the couple with potentially different motorways VCS. While the appeal of one domain to another is very well, adding that the contact for the alien to you field Jabber list does not have the ability to view their presence information, as it does when you add a contact to your own domain name. Is this possible?

    Chris

    What are the parameters of your presence on the highway VCS? You must enable the user agent of presence and clear the presence server, so applications of presence will be sent and nothandled by the highway.

  • PRESENCE = "hidden" does not work!

    Hello

    I develop an interactive form and the back-end is a SAP ERP software (where in the INITIAL screen will grow) and BSE data is Oracle, very well.

    The my_form has 4 pages.

    The first 2 pages (1 & 2) are intended to go into the details of family head.

    And the last 2 pages (3 & 4) are intended for the details of children.

    As soon as the user opens the application, the user will receive 3 boxes as below,

    • You want to fill in the details (4 pages) the whole family (in this case my applicatuion must make all 4 pages to user).
    • You love would fill ONLY family HEAD details (1st and 2nd page) [in this case my applicatuion should make first 2 pages of user]
    • You love would fill ONLY children (3rd and 4th page) for details [in this case, my applicatuion should make the LAST 2 pages of user]


    {code}
    So, I kept the code below in the event my_form.docReady

    If (allFamily == 'X') {;}
    do nothing
    }

    If (head == 'X') {;}
    xfa.resolveNode "(MY_FORM. Page3') .its presence = "hidden".
    xfa.resolveNode "(MY_FORM. Page4') .its presence = "hidden".
    }


    If (children == 'X') {;}
    xfa.resolveNode "(MY_FORM. Page1") .its presence ="hidden ".
    xfa.resolveNode "(MY_FORM. Page2') .its presence = "hidden".
    }
    {code}

    His does not.

    1 - pls tell me whts is missing, why his does not work?

    2 - How can they make my requirement, any snippet of code and pls event. ?

    Thank you

    Srinivas,

    If I understand your position that radio buttons are not part of the PDF file... In this case, the only way PDF form will know radio button has been selected from data in the rendering.

    Currently, you know what radio button has been selected by being on a screen that is not a PDF form. You must pass this value to the PDF by returning the form with the data.

    I don't know how the SAP is pass the data to the PDF document, but if you use a Workbench process / Forms Server API to make the Adobe PDF file, you can pass the data with the data file.

    If you do the above, initialize / DocReady / FormReady event should work. Because the radio button has been selected before the PDF has been made. Thus, the value will be available at previous events.

    In my previous post, I'm assuming you were selecting the radio button on the PDF itself. But this isn't the case.

    Thank you

    Srini

  • Messages does not connect to the Yahoo IM account?

    Messages app v9.2, currently works very well with my Google account and iMessage, also worked with my Yahoo Messenger account, but recently (today?) does not connect to it.

    I know that Yahoo has made changes to their Instant Messaging System. This change affected only Messages?

    Hello

    I can't connect either (I didn't realize that I do not use)

    However going on the Yahoo Site and change the password does nothing.

    With the help of their option 'insecure Apps' does nothing no more (there was an email saying I was using access to messaging through an unsafe application - but I have not used their messaging service for a very long time.)

    It does say read more suggests, is not Mail (after OS X 10.9 is OK)

    He does not on access to their e-mail service.

    There is no option in Messages to try to activate disable SSL you can with AIM or Jabber accounts

    I have looked in the help (a little) but still found nothing.

    20:49 Tuesday. October 4, 2016

     iMac 2.5 Ghz i5 2011 (El Capitan)
     G4/1GhzDual MDD (Leopard 10.5.8)
     MacBookPro (Snow Leopard 10.6.8) 2 GB
     Mac OS X (10.6.8).
     iPhone and iPad (2)

  • Firefox does not recognize the certificates of all permitted https sites. Any ideas how to fix?

    I downloaded firefox, checked for malicious and verified software for viruses. Firefox allows to work in this environment. At some malware - corrected and now does not open any trusted site. Rpet certificate is not good. I checked several site certificates and they are good. Help?

    I guess that you install Fiddler, which is used by web developers...

    The presence of this certificate may indicate malware named backup browser.

    In Control Panel, uninstall a program, I suggest that once the list is loaded, you click on the column heading "installed on" to group infections, I mean additions by date. See if you can find BrowserSafe/browser backup or similar and remove.

  • IMAP does not download the Images Inline in Gmail

    To summarize: my client sends to my gmail address a lot of emails with inline images. When I read the email in Thunderbird, the images are not there.

    Here's what I see...

    The customer uses a solution Exchange/Outlook (not sure if it's relevant). They send emails to my account gmail with inline images. I run Thunderbird/Imap on my pc to manage my email.

    If you look at the email in Gmail via a browser, the inline image does not show inline. Instead, I see inline tag the CID (e.g. [cid:[email protected]]). The image is there, but it is available as an attachment.

    When Thunderbird/Imap lowers the enamel, the fixing of the image does not come down. I see the CID tag in the body of the e-mail; That's all.

    Here's my best guess as to what is happening...

    Th original email has "Content-Type: multipart/mixed" and the CID tag.
    When the message is received by Gmail, Gmail retrieves the image inline content and makes an attachment.
    When Thunderbird/Imap Gets the email, it does not recognize the presence of the image as an attachment. If the multipart/related content Type, maybe it would be, don't know. When I read in Thunderbird, there is no image attachment.
    By extracting the inline images, gmail had to also change the content type? don't know

    It seems that the original email sent by Exchange/Outlook is valid.
    Gmail is obviously to get the image online, I see it as an attachment.
    I checked the recommended by Gmail Thunderbird/Imap settings.
    I have Thunderbird set up to display inline images.
    I been through various forums/Thunderbird issues and updated the config on the extraction by pieces, as recommended. I posted the question of aid there as well.

    My analysis of what is happening can be 'average', so, if it is, it is just to ignore it. The key is that the inline images are not making it through gmail to thunderbird via imap.

    Thank you

    Thanks for the reply. Good and bad news.

    - bad news, that did not help.
- good news, I got a reply from the gmail support forums that resolved things, as follows.

    With Outlook/Exchange shippers, it is very common for messages to be sent to the owner of Microsoft ("winmail.dat") TNEF. Web interface of Gmail can extract the BLOB TNEF attachments, but Thunderbird cannot, unless you install an extension like Lookout.

    So, I installed the Thunderbird Lookout extension and restarted. Low' not behold, when I check emails, the original inline images are now visible attachments.

  • Parent lock does not remove on the release 25

    With the new update, Version 25, the Parent.Lock file does not during the release of Firefox. This problem never happened before. I use Windows 7 Home 64 bit on a gateway SX2800. When Parent.Lock precipitates, Firefox opens normally but if closed, there will be error that they always run if you try to open another session (and no, he is not running in the Task Manager). Disconnect, reconnect, remove Parent.Lock. Firefox works again. Seems we need a fix for the Version 25 already.

    The presence of a parent.lock file shouldn't stop Firefox start.

    Firefox uses the timestamp of the file and compare it with the toolkit.startup.last_success pref to check startup problems (Bug 294260).

    You can check for problems with preferences.

    Rename or remove the file prefs.js and numbered possible prefs-# .js and the file user.js to reset all default prefs.

  • HP Compaq dc5800 microtour format: Audio does not work after Windows 10

    I've updated from WIndows 7 to Windows 10 in March; on board his system worked right here. Since updates this summer (July 12, I think, although it could be later), the internal speakers don't work. the computer does not detect the presence of the internal speakers (only external speakers and microphone).

    I tried using the Device Manager to update the drivers: controllers audio and audio - HD Audio device - runs the update and says my drivers are up to date (but only registers external speakers). I tried the HP site you are looking for the driver that is compatible with my setup - no luck.

    You can either help me get the driver link or to suggest another solution? Is it possible to retrieve and use (for example) the driver I had for Windows 7? or an earlier operating system?

    Thank you!

    Hello:

    See if it works...

    I used the W7 ADI soundmax audio driver on my dc7800, which uses the same audio chip.

    It's the support dc5800 page...

    This package contains the driver for the ADI Audio CODEC high definition (HD) in desktop models and operating systems supported.

    FTP://ftp.HP.com/pub/SoftPaq/sp45501-46000/sp45615.exe

    Then, you need to enable playback in the soundmax Control Panel, restart the PC and select the speaker in the management section of audio devices in the control panel (hardware and sound).

  • Tecra 9100 does not start

    Hello
    I have this laptop from my desktop without CD/DVD and HD and without battery (but with external power supply). I put a memory inside and when I start it there is 1 and on 2nd and 4th.
    I don't hear any fan, and he seems to be dead.
    My questions are:
    1 need the CD/DVD or HD to start (or run the fan)? Would be - this SD card enough to start the fan (I just want to know it works before you buy the rest). How to check?
    2. why 4 led is on - there seems to be a HD led (from the image beside him)?
    I rather expect an answer if it is normal in this type of configuration to have on (although it seems odd that no current HD).
    3. is it 5th conduit (which is disabled) indicate the presence of cd (I have no manual)
    4. is it question which Bank is my game of memory dead (I have a chip)
    5. why my 6th led is off - does it mean at this point already wireless does not work (or it is turned off because it does not work yet as it can come later in the boot sequence)

    see you soon

    There is a website where you can check if the memory purchased modules u was compatible. internal battery lithium (not the laptop battery) can also be on its way? I could be wrong, but I think it should be to check the basics first.

    Lisa

  • Clsing Firfox 4. -for Yahoo does not save the tabs when closing like the previous versions. Your help says settings but does not tell me what setting...

    In all previous versions of Firefox, when I close Firefox, asked me if I wanted to save my tabs. The latest version does not have this option. Why not and what adjustment will bring back this feature. I don't have to pull down the menu history and ask the previous Session, I should be able to start with my previous session if I exit and not to close tabs.

    Updates should increase the functionality and NOT completely change the appearance of the program.

    Thank you

    "I asked also originally where the setting was to open Firefox with my previous tabs."

    I do not see that in your original question, above. I have provided an answer to this question in my second reply:

    • You can set this option in the Options > general change, "when Firefox opens:" to "show my windows and tabs from last time '.

    "If you receive a number of issues, I think that you and your partners might inform Mozilla user base concerns."

    1. It is not our function in his presence.
    2. You can send comments (comment box very limited; ( there will be no response to you to submit your comments) : help > submit your comments
    3. You can also make comments to the following address (there is no answer to you from the following link, more space of commentary available on this link): http://hendrix.mozilla.org/

    If the foregoing has answered your questions, please take a few minutes to return to the forum, connect and click 'Resolved' next to the answer that solves your problem of Firefox support, so that other users can find answers that have worked to solve problems. Thank you.

  • Pavilion 23-b320: Port SD does not

    When I insert one of my SD cards in the SD port, the computer does not meet the presence of the SD card.  When I open file Explorer, the SD card does not appear.

    All USB ports work.

    How to solve this problem.

    Note: this computer is my wife, and he sat on his desk for 2 years unused.  We got married recently and am now trying to get to the top and running.  I have done all the necessary updates for all programs.

    I don't have a recovery disk.

    Interesting...

    See if this driver works instead.

    The W8 driver for your model page shows it has a Realtek card reader.

    http://h20564.www2.HP.com/hpsc/SWD/public/detail?swItemId=ob_155234_1

  • Save for precedent: the "Attachment" object does not exist in the previous version

    I'm trying to save a very simple VI from LabVIEW 2013 SP1 to LabVIEW 2009 but I get this strange error.  The VI contains only basic ex that are available in all versions of LabVIEW (shift logical AND Select,<=, u8). ="" when="" i="" try="" to="" save="" it="" for="" labview="" 2009,="" it="" gives="" me="" the="" following="">

    Missing object.  The "Attachment" object does not exist in the previous version.

    I thought first of all it had to do with being possessed by a lvclass, but even after that I removed the class (and unplugged from the lvclass) it always gives me this warning.

    When I try to open it with 2009, it will fail to load the schema-block (error 6).

    The next thing I tried was to copy the block diagram for a new VI and re - create the connector pane, but that doesn't change anything.

    Any ideas?

    Maybe "attachment" made reference to an attached comment (the arrow of a free label for an object on the diagram). I don't expect the presence of attached comments to cause a SFPed VI to not open, but it's the only thing I can think of. Try to remove any comment attached to your diagram and SFPing and see if that solved the problem.

Maybe you are looking for