Asked by:
Problems with Federations

Question
-
Hi,
It is strange I'm federating with Cisco Presence Server and I get an SIP/2.0 401 Unauthorized from Frontend to Edge...... nothing appears in event log.
Got a trace :
TL_INFO(TF_PROTOCOL) [1]0688.0354::05/06/2009-17:10:56.381.0000062c (SIPStack,SIPAdminLog::TraceProtocolRecord:SIPAdminLog.cpp(122))$$begin_record
Instance-Id: 0000003F
Direction: outgoing;source="external edge";destination="internal edge"
Peer: ocs.msft.emuclab.net:5061
Message-Type: request
Start-Line: NOTIFY sip:user31@msft.emuclab.net;opaque=user:epid:qXX27pqSAlCUVotIFB8GVwAA;gruu SIP/2.0
From: <sip:user2@cisco.emuclab.org>;tag=f1999865
To: "User 31" <sip:user31@msft.emuclab.net>;tag=8204c3cbd1
CSeq: 682338670 NOTIFY
Call-ID: 46801d18bdd5408e9cb328dcc02f897f
Via: SIP/2.0/TLS 172.18.32.17:1030;branch=z9hG4bK978AB0ED.9FDDFC5A7924F290;branched=FALSE
Max-Forwards: 67
ms-edge-proxy-message-trust: ms-source-type=AuthorizedServer;ms-ep-fqdn=edge-int.msft.emuclab.net;ms-source-verified-user=verified;ms-source-network=federation
Via: SIP/2.0/TLS 172.16.33.185:5061;branch=z9hG4bK2a250b9c-cbc8022e-33fc6ddf-24e90a53-1;received=172.16.33.185;ms-received-port=41416;ms-received-cid=E00
Event: presence
User-Agent: Cisco-PE/7.0
Contact: <sip:172.16.33.185:5070;transport=tcp>
Content-Length: 1670
Content-Type: application/pidf+xml
Subscription-State: active;expires=7200
SIP-ETag: 19
Via: SIP/2.0/UDP 172.16.33.185:5070;received=172.16.33.185;branch=z9hG4bK738f2d8c-3740-4d79-a1f3-8b8a6321339c
Message-Body: ----****MESSAGE BODY DELETED****----
$$end_record
TL_INFO(TF_PROTOCOL) [1]0688.01B4::05/06/2009-17:10:56.381.00000648 (SIPStack,SIPAdminLog::TraceProtocolRecord:SIPAdminLog.cpp(122))$$begin_record
Instance-Id: 00000040
Direction: incoming;source="internal edge";destination="external edge"
Peer: ocs.msft.emuclab.net:5061
Message-Type: response
Start-Line: SIP/2.0 401 Unauthorized
From: <sip:user2@cisco.emuclab.org>;tag=f1999865
To: "User 31" <sip:user31@msft.emuclab.net>;tag=8204c3cbd1
CSeq: 682338670 NOTIFY
Call-ID: 46801d18bdd5408e9cb328dcc02f897f
Date: Wed, 06 May 2009 17:10:56 GMT
WWW-Authenticate: NTLM realm="SIP Communications Service", targetname="OCS.msft.emuclab.net", version=4
WWW-Authenticate: Kerberos realm="SIP Communications Service", targetname="sip/OCS.msft.emuclab.net", version=4
Via: SIP/2.0/TLS 172.18.32.17:1030;branch=z9hG4bK978AB0ED.9FDDFC5A7924F290;branched=FALSE;ms-received-port=1030;ms-received-cid=1200
Via: SIP/2.0/TLS 172.16.33.185:5061;branch=z9hG4bK2a250b9c-cbc8022e-33fc6ddf-24e90a53-1;received=172.16.33.185;ms-received-port=41416;ms-received-cid=E00
Via: SIP/2.0/UDP 172.16.33.185:5070;received=172.16.33.185;branch=z9hG4bK738f2d8c-3740-4d79-a1f3-8b8a6321339c
Content-Length: 0
Message-Body: –
$$end_record
TL_INFO(TF_DIAG) [1]0688.01B4::05/06/2009-17:10:56.381.000006a7 (SIPStack,SIPAdminLog::TraceDiagRecord:SIPAdminLog.cpp(144))$$begin_record
LogType: diagnostic
Severity: information
Text: The message has an IM Service Provider domain
SIP-Start-Line: SIP/2.0 401 Unauthorized
SIP-Call-ID: 46801d18bdd5408e9cb328dcc02f897f
SIP-CSeq: 682338670 NOTIFY
Peer: cup1a.cisco.emuclab.org:41416
Data: domain="cisco.emuclab.org"
$$end_record
TL_WARN(TF_DIAG) [1]0688.01B4::05/06/2009-17:10:56.381.000006b0 (SIPStack,SIPAdminLog::TraceDiagRecord:SIPAdminLog.cpp(142))$$begin_record
LogType: diagnostic
Severity: warning
Text: SIP challenge response was filtered by the Access Edge Server
Result-Code: 0xc3e93d63 SIPPROXY_E_EPROUTING_MSG_INT_CHALLENGE_FILTERED
SIP-Start-Line: SIP/2.0 401 Unauthorized
SIP-Call-ID: 46801d18bdd5408e9cb328dcc02f897f
SIP-CSeq: 682338670 NOTIFY
Peer: cup1a.cisco.emuclab.org:41416
$$end_record
What can be my problem ?
Thank you
Wednesday, May 6, 2009 6:27 PM
All replies
-
Did some more digging and in the validations test I get this erro, what does this mean ?
Maximum hops: 2
Check two-party IM: Discovered a new SIP server in the path.
Maximum hops: 3
Check two-party IM: Discovered a new SIP server in the path.
Maximum hops: 4
Received a failure SIP response: User sip:user1@cisco.emuclab.org @ Server ocs.msft.emuclab.net
Received a failure SIP response: [
SIP/2.0 404 Not Found
FROM: "user 30"<sip:user30@msft.emuclab.net>;tag=104536f08fe3538a893b;epid=epid01
TO: <sip:user1@cisco.emuclab.org>;tag=4f1257b9-35a3da44
CSEQ: 17 INVITE
CALL-ID: 592ca4a17c4844ff8c4cb595371d7960
VIA: SIP/2.0/TLS 172.16.33.150:2636;branch=z9hG4bKb87d28de;ms-received-port=2636;ms-received-cid=C400
CONTENT-LENGTH: 0
AUTHENTICATION-INFO: NTLM rspauth="0100000000000000E7E4336546C872DB", srand="598BBAE9", snum="15", opaque="6855C3FF", qop="auth", targetname="OCS.msft.emuclab.net", realm="SIP Communications Service"
ms-diagnostics: 1011;reason="Ms-Diagnostics header not provided by previous hop";source="edge.msft.emuclab.net";Domain="cisco.emuclab.org";PeerServer="cup1a.cisco.emuclab.org"
]
Suggested Resolution: Use the maximum hop count to determine the server that generated this error. For example, if the maximum hop value is 2, then it is likely that this error was generated by a server that is 1 (immediate target) or 2 hops away. Check whether the target user is a valid user and that the target user domain is trusted by the source user's pool. Check the connectivity between the source and target pools.
Suggested Resolution: If authentication failed, then make sure the user is SIP-enabled and is homed properly.
Thank you,
PauloThursday, May 7, 2009 9:36 PM