Opened 2 years ago

Last modified 16 months ago

#16844 new defect

Cannot connect to Cisco Jabber using VTG token

Reported by: miatawnt2b Owned by: deryni
Milestone: Component: XMPP
Version: 2.10.11 Keywords:
Cc: miatawnt2b@…, mhegeraat, p.support

Description

My company recently performed a UC upgrade for Cisco Jabber. Since I have not been able to connect and pidgin is failing with a sasl: No worthy mechs found. Below is the Debug

(11:52:50) jabber: jabber_actions: have pep: NO
(11:52:50) jabber: jabber_actions: have pep: NO
(11:52:50) account: Connecting to account jmill@technetworks.com/.
(11:52:50) connection: Connecting. gc = 0x55bcbe9c6a80
(11:52:50) dnsquery: Performing DNS lookup for exp-e.technetworks.com
(11:52:50) dns: DNS child 6777 no longer exists
(11:52:50) dns: Created new DNS child 11737, there are now 1 children.
(11:52:50) dns: Successfully sent DNS request to child 11737
(11:52:50) dns: Got response for 'exp-e.technetworks.com'
(11:52:50) dnsquery: IP resolved for exp-e.technetworks.com
(11:52:50) proxy: Attempting connection to xxx.xxx.xxx.xxx
(11:52:50) proxy: Connecting to exp-e.technetworks.com:5222 with no proxy
(11:52:50) proxy: Connection in progress
(11:52:50) proxy: Connecting to exp-e.technetworks.com:5222.
(11:52:50) proxy: Connected to exp-e.technetworks.com:5222.
(11:52:50) jabber: Sending (jmill@technetworks.com): <?xml version='1.0' ?>
(11:52:50) jabber: Sending (jmill@technetworks.com): <stream:stream to='technetworks.com' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>
(11:52:50) jabber: Recv (183): <stream:stream xmlns='jabber:client' xml:lang='en-US.UTF-8' xmlns:stream='http://etherx.jabber.org/streams' from='technetworks.com'   id='HPsvtFGUmHIilYRIOqAKHA5678' version='1.0'>
(11:52:50) jabber: Recv (107): <stream:features><starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'><required/></starttls></stream:features>
(11:52:50) jabber: Sending (jmill@technetworks.com): <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
(11:52:50) jabber: Recv (50): <proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
(11:52:50) nss: SSL version 3.3 using 128-bit AES with 160-bit SHA1 MAC
Server Auth: 2048-bit RSA, Key Exchange: 2048-bit RSA, Compression: NULL
Cipher Suite Name: TLS_RSA_WITH_AES_128_CBC_SHA
(11:52:50) nss: subject=CN=*.technetworks.com,O="Hye Tech Network & Security Solutions, LLC",L=Phoenix,ST=Arizona,C=US issuer=CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US
(11:52:50) nss: subject=CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US issuer=CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
(11:52:50) nss: subject=CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US issuer=CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
(11:52:50) certificate/x509/tls_cached: Starting verify for exp-e.technetworks.com
(11:52:50) certificate/x509/tls_cached: Checking for cached cert...
(11:52:50) certificate/x509/tls_cached: ...Found cached cert
(11:52:50) nss/x509: Loading certificate from /home/jmill/.purple/certificates/x509/tls_peers/exp-e.technetworks.com
(11:52:50) certificate/x509/tls_cached: Peer cert matched cached
(11:52:50) nss/x509: Exporting certificate to /home/jmill/.purple/certificates/x509/tls_peers/exp-e.technetworks.com
(11:52:50) util: Writing file /home/jmill/.purple/certificates/x509/tls_peers/exp-e.technetworks.com
(11:52:50) nss: Trusting CN=*.technetworks.com,O="Hye Tech Network & Security Solutions, LLC",L=Phoenix,ST=Arizona,C=US
(11:52:50) certificate: Successfully verified certificate for exp-e.technetworks.com
(11:52:50) jabber: Sending (ssl) (jmill@technetworks.com): <stream:stream to='technetworks.com' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>
(11:52:50) jabber: Recv (ssl)(183): <stream:stream xmlns='jabber:client' xml:lang='en-US.UTF-8' xmlns:stream='http://etherx.jabber.org/streams' from='technetworks.com'   id='HPsvtFGUmHIilYRIOqAKHA5678' version='1.0'>
(11:52:50) jabber: Recv (ssl)(139): <stream:features><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>CISCO-VTG-TOKEN</mechanism></mechanisms></stream:features>
(11:52:50) sasl: Mechs found: CISCO-VTG-TOKEN
(11:52:50) sasl: No worthy mechs found
(11:52:50) connection: Connection error on 0x55bcbe9c6a80 (reason: 3 description: Server does not use any supported authentication method)
(11:52:50) jabber: jabber_actions: have pep: NO
(11:52:50) jabber: jabber_actions: have pep: NO
(11:52:50) account: Disconnecting account jmill@technetworks.com/ (0x55bcbe652400)
(11:52:50) connection: Disconnecting connection 0x55bcbe9c6a80
(11:52:50) jabber: Sending (ssl) (jmill@technetworks.com): </stream:stream>
(11:52:50) jabber: jabber_actions: have pep: NO
(11:52:50) jabber: jabber_actions: have pep: NO
(11:52:50) connection: Destroying connection 0x55bcbe9c6a80
(11:52:53) util: Writing file prefs.xml to directory /home/jmill/.purple
(11:52:53) util: Writing file /home/jmill/.purple/prefs.xml

Is there any other useful information I can provide to help find a solution?

Attachments (1)

Developer Guide for Cisco Unified CM IM & Presence 10.5.pdf (1.8 MB) - added by petzah 2 years ago.

Download all attachments as: .zip

Change History (6)

comment:1 Changed 2 years ago by mhegeraat

Same problem here. Official Jabber client connects with no issues.

(20:49:55) jabber: jabber_actions: have pep: NO
(20:49:56) account: Connecting to account michel.hegeraat@eu.didata.com/.
(20:49:56) connection: Connecting. gc = 0D94AC38
(20:49:56) dnsquery: Performing DNS lookup for euukflevcse.eu.didata.com
(20:49:56) dnsquery: IP resolved for euukflevcse.eu.didata.com
(20:49:56) proxy: Attempting connection to 192.54.47.150
(20:49:56) proxy: Connecting to euukflevcse.eu.didata.com:5222 with no proxy
(20:49:56) proxy: Connection in progress
(20:49:56) proxy: Connecting to euukflevcse.eu.didata.com:5222.
(20:49:56) proxy: Connected to euukflevcse.eu.didata.com:5222.
(20:49:56) jabber: Sending (michel.hegeraat@eu.didata.com): <?xml version='1.0' ?>
(20:49:56) jabber: Sending (michel.hegeraat@eu.didata.com): <stream:stream to='eu.didata.com' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>
(20:49:56) jabber: Recv (178): <stream:stream xmlns='jabber:client' xml:lang='en-US.UTF-8' xmlns:stream='http://etherx.jabber.org/streams' from='eu.didata.com'   id='IX-NMJPiUQpo5s8HdvsiTCf70583' version='1.0'>
(20:49:56) jabber: Recv (107): <stream:features><starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'><required/></starttls></stream:features>
(20:49:56) jabber: Sending (michel.hegeraat@eu.didata.com): <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
(20:49:56) jabber: Recv (50): <proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>
(20:49:56) nss: SSL version 3.3 using 128-bit AES with 160-bit SHA1 MAC
Server Auth: 4096-bit RSA, Key Exchange: 4096-bit RSA, Compression: NULL
Cipher Suite Name: TLS_RSA_WITH_AES_128_CBC_SHA
(20:49:56) nss: subject=CN=euukflevcse.eu.didata.com,O=Dimension Data Holdings Plc,L=Johannesburg,ST=Gauteng,C=ZA issuer=CN=DigiCert High Assurance CA-3,OU=www.digicert.com,O=DigiCert Inc,C=US
(20:49:56) nss: subject=CN=DigiCert High Assurance CA-3,OU=www.digicert.com,O=DigiCert Inc,C=US issuer=CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
(20:49:56) nss: subject=CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US issuer=CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
(20:49:56) certificate/x509/tls_cached: Starting verify for euukflevcse.eu.didata.com
(20:49:56) certificate/x509/tls_cached: Checking for cached cert...
(20:49:56) certificate/x509/tls_cached: ...Found cached cert
(20:49:56) nss/x509: Loading certificate from C:\Users\michel.hegeraat\AppData\Roaming\.purple\certificates\x509\tls_peers\euukflevcse.eu.didata.com
(20:49:56) certificate/x509/tls_cached: Peer cert matched cached
(20:49:56) nss/x509: Exporting certificate to C:\Users\michel.hegeraat\AppData\Roaming\.purple\certificates\x509\tls_peers\euukflevcse.eu.didata.com
(20:49:56) util: Writing file C:\Users\michel.hegeraat\AppData\Roaming\.purple\certificates\x509\tls_peers\euukflevcse.eu.didata.com
(20:49:56) nss: Trusting CN=euukflevcse.eu.didata.com,O=Dimension Data Holdings Plc,L=Johannesburg,ST=Gauteng,C=ZA
(20:49:56) certificate: Successfully verified certificate for euukflevcse.eu.didata.com
(20:49:56) jabber: Sending (ssl) (michel.hegeraat@eu.didata.com): <stream:stream to='eu.didata.com' xmlns='jabber:client' xmlns:stream='http://etherx.jabber.org/streams' version='1.0'>
(20:49:56) jabber: Recv (ssl)(178): <stream:stream xmlns='jabber:client' xml:lang='en-US.UTF-8' xmlns:stream='http://etherx.jabber.org/streams' from='eu.didata.com'   id='IX-NMJPiUFKep8bjMsiTTA30583' version='1.0'>
(20:49:56) jabber: Recv (ssl)(139): <stream:features><mechanisms xmlns='urn:ietf:params:xml:ns:xmpp-sasl'><mechanism>CISCO-VTG-TOKEN</mechanism></mechanisms></stream:features>
(20:49:56) sasl: Mechs found: CISCO-VTG-TOKEN
(20:49:56) sasl: No worthy mechs found
(20:49:56) connection: Connection error on 0D94AC38 (reason: 3 description: Server does not use any supported authentication method)
(20:49:56) jabber: jabber_actions: have pep: NO
(20:49:56) account: Disconnecting account michel.hegeraat@eu.didata.com/ (0061CE40)
(20:49:56) connection: Disconnecting connection 0D94AC38
(20:49:56) jabber: Sending (ssl) (michel.hegeraat@eu.didata.com): </stream:stream>
(20:49:56) jabber: jabber_actions: have pep: NO


Last edited 2 years ago by mhegeraat (previous) (diff)

comment:3 Changed 21 months ago by miatawnt2b

Are there any updates or plans to fix this functionality? Is there any further information I can provide to help get this working? Thank you!

comment:4 Changed 16 months ago by p.support

Hi miatawnt2b and mhegeraat

Did you manage get around this? Which UCM and Expressway version did you upgrade from/to?

We're seeing the same problem. We upgraded UCM from 10.5.2 to 11.5 and Expressway to X8.8 and 3rd party XMPP clients no longer work because the PLAIN SASL is not sent back with the XMPP chatter.

If we sign in from an on-prem machine, stipulating our presence server as the XMPP server, it works fine, but through Expressway, it fails with the "sasl: No worthy mechs found" error.

Keen to know if you've resolved this?

Thanks

comment:5 Changed 16 months ago by mhegeraat

No fix for me. I'm back to running multiple client programs for XMPP.

Note: See TracTickets for help on using tickets.
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!