[cisco-voip] Jabber, MRA, and Free Public WiFi
All, Just a heads up to my fellow techs, I am at Caribou Coffee today and my Jabber will not sign in. The user experience is as follows: Jabber discovers MRA successfully, but when trying to authenticate it sends an auth request to: https://collab-edge.company.com:8443/oauthcb The logs show that an HTTP timeout occurs: (Found in C:\Users\you\AppData\Local\Cisco\Unified Communications\Jabber\CSF\Logs\csf-unified.log) 2015-02-27 09:14:40,081 INFO [0x0af0] [etutils\src\http\CurlHttpUtils.cpp(1163)] [csf.httpclient] [http::CurlHttpUtils::configureEasyRequest] - *-* Making HTTP request to: https://collab-edge.company.com:8443/oauthcb [3] 2015-02-27 09:14:40,081 INFO [0x0af0] [etutils\src\http\CurlHttpUtils.cpp(1738)] [csf.httpclient] [http::CurlHeaders::CurlHeaders] - Number of Request Headers : 1 2015-02-27 09:14:40,081 DEBUG [0x0af0] [etutils\src\http\CurlHttpUtils.cpp(1345)] [csf.httpclient] [http::CurlHttpUtils::configureEasyRequest] - Checking for proxy information for request [3] ... 2015-02-27 09:14:40,081 DEBUG [0x0af0] [ts\csf-netutils\src\http\Request.cpp(83)] [csf.httpclient] [http::Request::getProxy] - No Proxy will be used per configuration of this request 2015-02-27 09:14:40,081 DEBUG [0x0af0] [etutils\src\http\CurlHttpUtils.cpp(1429)] [csf.httpclient] [http::CurlHttpUtils::configureEasyRequest] - No proxy information available [3]. 2015-02-27 09:14:40,081 DEBUG [0x0af0] [etutils\src\http\CurlHttpUtils.cpp(1502)] [csf.httpclient] [http::CurlHttpUtils::configureEasyRequest] - Setting connect timeout value in milliseconds to : 1 2015-02-27 09:14:40,081 DEBUG [0x0af0] [etutils\src\http\CurlHttpUtils.cpp(1511)] [csf.httpclient] [http::CurlHttpUtils::configureEasyRequest] - Setting transfer timeout value in milliseconds to : 3 2015-02-27 09:14:40,081 DEBUG [0x0af0] [etutils\src\http\CurlHttpUtils.cpp(1514)] [csf.httpclient] [http::CurlHttpUtils::configureEasyRequest] - HTTP Request Configured. 2015-02-27 09:14:40,081 DEBUG [0x0af0] [ls\src\http\BasicHttpClientImpl.cpp(482)] [csf.httpclient] [http::performCurlRequest] - About to perform curl connection request... 2015-02-27 09:14:40,096 DEBUG [0x0af0] [netutils\src\http\CurlHttpUtils.cpp(307)] [csf.httpclient] [http::CurlHttpUtils::logPhaseData] - Pre connect phase. Resolved IP: 23.23.23.23 2015-02-27 09:14:50,079 DEBUG [0x0af0] [etutils\src\http\CurlHttpUtils.cpp(1679)] [csf.httpclient] [http::CurlHttpUtils::logOperationTiming] - Network IO timestamps: [name lookup = 0.016 ; connect = 0 ; ssl connect = 0 ; pre-transfer = 0 ; start-transfer = 0 ; total = 10 ; redirect = 0] 2015-02-27 09:14:50,079 INFO [0x0af0] [ls\src\http\CurlAnswerEvaluator.cpp(117)] [csf.httpclient] [http::CurlAnswerEvaluator::curlCodeToResult] - curlCode=[28] error message=[Connection timed out after 1 milliseconds] result=[CONNECTION_TIMEOUT_ERROR] fips enabled=[false] 2015-02-27 09:14:50,079 INFO [0x0af0] [ls\src\http\BasicHttpClientImpl.cpp(410)] [csf.httpclient] [http::executeImpl] - *-* HTTP response from: https://collab-edge.company.com:8443/oauthcb [3] - 0. 2015-02-27 09:14:50,079 ERROR [0x0af0] [ls\src\http\BasicHttpClientImpl.cpp(414)] [csf.httpclient] [http::executeImpl] - There was an issue performing the call to curl_easy_perform: CONNECTION_TIMEOUT_ERROR 2015-02-27 09:14:50,079 DEBUG [0x0af0] [etutils\src\http\HttpRequestData.cpp(90)] [csf.httpclient] [http::HttpRequestData::returnEasyCURLConnection] - Returning borrowed EasyCURLConnection from request : 3 2015-02-27 09:14:50,079 DEBUG [0x0af0] [utils\adapters\EdgeUtilsAdapter.cpp(255)] [csf.netutils.adapters] [netutils::adapters::EdgeUtilsAdapter::isRequestTransformed] - isRequestTransformed: result:0. originalPath: '/oauthcb' pathFromUrlUsed: '/oauthcb'. 2015-02-27 09:14:50,079 DEBUG [0x0af0] [tutils\src\http\HttpRequestData.cpp(105)] [csf.httpclient] [http::HttpRequestData::~HttpRequestData] - Destroying instance of Request data, with request: 3 And then I get the message in Jabber which says Cannot Communicate with the Server [image: Inline image 1] It turns out that if I try to telnet to collab-edge.company.com on port 8443, it fails: [image: Inline image 2] And a Wireshark reveals that the TCP three way handshake never happens, with two TCP SYN re-transmits, before finally timing out. [image: Inline image 3] Interestingly, this free WiFi network does not prevent me from accessing the standard HTTPS port of 443, and I can actually login to the collab-edge.company.com web interface and login. So, it would seem like they are treating non-standard ports differently here. If I knew of a non standard HTTP port (E.g., 8080, 8088, etc.) to attempt to connect to on the public internet...wait a minute: http://portquiz.net/ Yes! This site was setup for exactly what I need: validating my theory, and I was right. You cannot hit this website on any port other than the standard HTTP/HTTPS ports from here at Caribou
Re: [cisco-voip] Jabber, MRA, and Free Public WiFi
good write up. I wonder what would happen if the _collab-edge._tls SRV returned port 443 with an internet firewall in front of Expressway translating 443 to 8443. I wonder whether the Jabber clients read the port from the SRV or whether they have 8443 hardcoded. I'll try to test that on my next deployment. On Fri, Feb 27, 2015 at 2:02 PM, Anthony Holloway avholloway+cisco-v...@gmail.com wrote: All, Just a heads up to my fellow techs, I am at Caribou Coffee today and my Jabber will not sign in. The user experience is as follows: Jabber discovers MRA successfully, but when trying to authenticate it sends an auth request to: https://collab-edge.company.com:8443/oauthcb The logs show that an HTTP timeout occurs: (Found in C:\Users\you\AppData\Local\Cisco\Unified Communications\Jabber\CSF\Logs\csf-unified.log) 2015-02-27 09:14:40,081 INFO [0x0af0] [etutils\src\http\CurlHttpUtils.cpp(1163)] [csf.httpclient] [http::CurlHttpUtils::configureEasyRequest] - *-* Making HTTP request to: https://collab-edge.company.com:8443/oauthcb [3] 2015-02-27 09:14:40,081 INFO [0x0af0] [etutils\src\http\CurlHttpUtils.cpp(1738)] [csf.httpclient] [http::CurlHeaders::CurlHeaders] - Number of Request Headers : 1 2015-02-27 09:14:40,081 DEBUG [0x0af0] [etutils\src\http\CurlHttpUtils.cpp(1345)] [csf.httpclient] [http::CurlHttpUtils::configureEasyRequest] - Checking for proxy information for request [3] ... 2015-02-27 09:14:40,081 DEBUG [0x0af0] [ts\csf-netutils\src\http\Request.cpp(83)] [csf.httpclient] [http::Request::getProxy] - No Proxy will be used per configuration of this request 2015-02-27 09:14:40,081 DEBUG [0x0af0] [etutils\src\http\CurlHttpUtils.cpp(1429)] [csf.httpclient] [http::CurlHttpUtils::configureEasyRequest] - No proxy information available [3]. 2015-02-27 09:14:40,081 DEBUG [0x0af0] [etutils\src\http\CurlHttpUtils.cpp(1502)] [csf.httpclient] [http::CurlHttpUtils::configureEasyRequest] - Setting connect timeout value in milliseconds to : 1 2015-02-27 09:14:40,081 DEBUG [0x0af0] [etutils\src\http\CurlHttpUtils.cpp(1511)] [csf.httpclient] [http::CurlHttpUtils::configureEasyRequest] - Setting transfer timeout value in milliseconds to : 3 2015-02-27 09:14:40,081 DEBUG [0x0af0] [etutils\src\http\CurlHttpUtils.cpp(1514)] [csf.httpclient] [http::CurlHttpUtils::configureEasyRequest] - HTTP Request Configured. 2015-02-27 09:14:40,081 DEBUG [0x0af0] [ls\src\http\BasicHttpClientImpl.cpp(482)] [csf.httpclient] [http::performCurlRequest] - About to perform curl connection request... 2015-02-27 09:14:40,096 DEBUG [0x0af0] [netutils\src\http\CurlHttpUtils.cpp(307)] [csf.httpclient] [http::CurlHttpUtils::logPhaseData] - Pre connect phase. Resolved IP: 23.23.23.23 2015-02-27 09:14:50,079 DEBUG [0x0af0] [etutils\src\http\CurlHttpUtils.cpp(1679)] [csf.httpclient] [http::CurlHttpUtils::logOperationTiming] - Network IO timestamps: [name lookup = 0.016 ; connect = 0 ; ssl connect = 0 ; pre-transfer = 0 ; start-transfer = 0 ; total = 10 ; redirect = 0] 2015-02-27 09:14:50,079 INFO [0x0af0] [ls\src\http\CurlAnswerEvaluator.cpp(117)] [csf.httpclient] [http::CurlAnswerEvaluator::curlCodeToResult] - curlCode=[28] error message=[Connection timed out after 1 milliseconds] result=[CONNECTION_TIMEOUT_ERROR] fips enabled=[false] 2015-02-27 09:14:50,079 INFO [0x0af0] [ls\src\http\BasicHttpClientImpl.cpp(410)] [csf.httpclient] [http::executeImpl] - *-* HTTP response from: https://collab-edge.company.com:8443/oauthcb [3] - 0. 2015-02-27 09:14:50,079 ERROR [0x0af0] [ls\src\http\BasicHttpClientImpl.cpp(414)] [csf.httpclient] [http::executeImpl] - There was an issue performing the call to curl_easy_perform: CONNECTION_TIMEOUT_ERROR 2015-02-27 09:14:50,079 DEBUG [0x0af0] [etutils\src\http\HttpRequestData.cpp(90)] [csf.httpclient] [http::HttpRequestData::returnEasyCURLConnection] - Returning borrowed EasyCURLConnection from request : 3 2015-02-27 09:14:50,079 DEBUG [0x0af0] [utils\adapters\EdgeUtilsAdapter.cpp(255)] [csf.netutils.adapters] [netutils::adapters::EdgeUtilsAdapter::isRequestTransformed] - isRequestTransformed: result:0. originalPath: '/oauthcb' pathFromUrlUsed: '/oauthcb'. 2015-02-27 09:14:50,079 DEBUG [0x0af0] [tutils\src\http\HttpRequestData.cpp(105)] [csf.httpclient] [http::HttpRequestData::~HttpRequestData] - Destroying instance of Request data, with request: 3 And then I get the message in Jabber which says Cannot Communicate with the Server [image: Inline image 1] It turns out that if I try to telnet to collab-edge.company.com on port 8443, it fails: [image: Inline image 2] And a Wireshark reveals that the TCP three way handshake never happens, with two TCP SYN re-transmits, before finally timing out. [image: Inline image 3] Interestingly, this free WiFi network does not prevent me from accessing the standard HTTPS port of 443, and I can actually
Re: [cisco-voip] Jabber, MRA, and Free Public WiFi
CSCup73547 is of interest here. While you are playing with this check out the experimental section of xconfig. -Ryan On Feb 27, 2015, at 3:31 PM, Justin Steinberg jsteinb...@gmail.commailto:jsteinb...@gmail.com wrote: good write up. I wonder what would happen if the _collab-edge._tls SRV returned port 443 with an internet firewall in front of Expressway translating 443 to 8443. I wonder whether the Jabber clients read the port from the SRV or whether they have 8443 hardcoded. I'll try to test that on my next deployment. On Fri, Feb 27, 2015 at 2:02 PM, Anthony Holloway avholloway+cisco-v...@gmail.commailto:avholloway+cisco-v...@gmail.com wrote: All, Just a heads up to my fellow techs, I am at Caribou Coffee today and my Jabber will not sign in. The user experience is as follows: Jabber discovers MRA successfully, but when trying to authenticate it sends an auth request to: https://collab-edge.company.com:8443/oauthcb The logs show that an HTTP timeout occurs: (Found in C:\Users\you\AppData\Local\Cisco\Unified Communications\Jabber\CSF\Logs\csf-unified.log) 2015-02-27 09:14:40,081 INFO [0x0af0] [etutils\src\http\CurlHttpUtils.cpp(1163)] [csf.httpclient] [http::CurlHttpUtils::configureEasyRequest] - *-* Making HTTP request to: https://collab-edge.company.com:8443/oauthcb [3] 2015-02-27 09:14:40,081 INFO [0x0af0] [etutils\src\http\CurlHttpUtils.cpp(1738)] [csf.httpclient] [http::CurlHeaders::CurlHeaders] - Number of Request Headers : 1 2015-02-27 09:14:40,081 DEBUG [0x0af0] [etutils\src\http\CurlHttpUtils.cpp(1345)] [csf.httpclient] [http::CurlHttpUtils::configureEasyRequest] - Checking for proxy information for request [3] ... 2015-02-27 09:14:40,081 DEBUG [0x0af0] [ts\csf-netutils\src\http\Request.cpp(83)] [csf.httpclient] [http::Request::getProxy] - No Proxy will be used per configuration of this request 2015-02-27 09:14:40,081 DEBUG [0x0af0] [etutils\src\http\CurlHttpUtils.cpp(1429)] [csf.httpclient] [http::CurlHttpUtils::configureEasyRequest] - No proxy information available [3]. 2015-02-27 09:14:40,081 DEBUG [0x0af0] [etutils\src\http\CurlHttpUtils.cpp(1502)] [csf.httpclient] [http::CurlHttpUtils::configureEasyRequest] - Setting connect timeout value in milliseconds to : 1 2015-02-27 09:14:40,081 DEBUG [0x0af0] [etutils\src\http\CurlHttpUtils.cpp(1511)] [csf.httpclient] [http::CurlHttpUtils::configureEasyRequest] - Setting transfer timeout value in milliseconds to : 3 2015-02-27 09:14:40,081 DEBUG [0x0af0] [etutils\src\http\CurlHttpUtils.cpp(1514)] [csf.httpclient] [http::CurlHttpUtils::configureEasyRequest] - HTTP Request Configured. 2015-02-27 09:14:40,081 DEBUG [0x0af0] [ls\src\http\BasicHttpClientImpl.cpp(482)] [csf.httpclient] [http::performCurlRequest] - About to perform curl connection request... 2015-02-27 09:14:40,096 DEBUG [0x0af0] [netutils\src\http\CurlHttpUtils.cpp(307)] [csf.httpclient] [http::CurlHttpUtils::logPhaseData] - Pre connect phase. Resolved IP: 23.23.23.23 2015-02-27 09:14:50,079 DEBUG [0x0af0] [etutils\src\http\CurlHttpUtils.cpp(1679)] [csf.httpclient] [http::CurlHttpUtils::logOperationTiming] - Network IO timestamps: [name lookup = 0.016 ; connect = 0 ; ssl connect = 0 ; pre-transfer = 0 ; start-transfer = 0 ; total = 10 ; redirect = 0] 2015-02-27 09:14:50,079 INFO [0x0af0] [ls\src\http\CurlAnswerEvaluator.cpp(117)] [csf.httpclient] [http::CurlAnswerEvaluator::curlCodeToResult] - curlCode=[28] error message=[Connection timed out after 1 milliseconds] result=[CONNECTION_TIMEOUT_ERROR] fips enabled=[false] 2015-02-27 09:14:50,079 INFO [0x0af0] [ls\src\http\BasicHttpClientImpl.cpp(410)] [csf.httpclient] [http::executeImpl] - *-* HTTP response from: https://collab-edge.company.com:8443/oauthcb [3] - 0. 2015-02-27 09:14:50,079 ERROR [0x0af0] [ls\src\http\BasicHttpClientImpl.cpp(414)] [csf.httpclient] [http::executeImpl] - There was an issue performing the call to curl_easy_perform: CONNECTION_TIMEOUT_ERROR 2015-02-27 09:14:50,079 DEBUG [0x0af0] [etutils\src\http\HttpRequestData.cpp(90)] [csf.httpclient] [http::HttpRequestData::returnEasyCURLConnection] - Returning borrowed EasyCURLConnection from request : 3 2015-02-27 09:14:50,079 DEBUG [0x0af0] [utils\adapters\EdgeUtilsAdapter.cpp(255)] [csf.netutils.adapters] [netutils::adapters::EdgeUtilsAdapter::isRequestTransformed] - isRequestTransformed: result:0. originalPath: '/oauthcb' pathFromUrlUsed: '/oauthcb'. 2015-02-27 09:14:50,079 DEBUG [0x0af0] [tutils\src\http\HttpRequestData.cpp(105)] [csf.httpclient] [http::HttpRequestData::~HttpRequestData] - Destroying instance of Request data, with request: 3 And then I get the message in Jabber which says Cannot Communicate with the Server image.png It turns out that if I try to telnet to collab-edge.company.comhttp://collab-edge.company.com/ on port 8443, it fails: image.png And a Wireshark reveals that the TCP three