locked
Problems with Federations RRS feed

  • Question

  • Hi,
    It is strange I'm federating with Cisco Presence Server and I get an SIP/2.0 401 Unauthorized from Frontend to Edge...... nothing appears in event log.

    Got a trace :

    TL_INFO(TF_PROTOCOL) [1]0688.0354::05/06/2009-17:10:56.381.0000062c (SIPStack,SIPAdminLog::TraceProtocolRecord:SIPAdminLog.cpp(122))$$begin_record
    Instance-Id: 0000003F
    Direction: outgoing;source="external edge";destination="internal edge"
    Peer: ocs.msft.emuclab.net:5061
    Message-Type: request
    Start-Line: NOTIFY sip:user31@msft.emuclab.net;opaque=user:epid:qXX27pqSAlCUVotIFB8GVwAA;gruu SIP/2.0
    From: <sip:user2@cisco.emuclab.org>;tag=f1999865
    To: "User 31" <sip:user31@msft.emuclab.net>;tag=8204c3cbd1
    CSeq: 682338670 NOTIFY
    Call-ID: 46801d18bdd5408e9cb328dcc02f897f
    Via: SIP/2.0/TLS 172.18.32.17:1030;branch=z9hG4bK978AB0ED.9FDDFC5A7924F290;branched=FALSE
    Max-Forwards: 67
    ms-edge-proxy-message-trust: ms-source-type=AuthorizedServer;ms-ep-fqdn=edge-int.msft.emuclab.net;ms-source-verified-user=verified;ms-source-network=federation
    Via: SIP/2.0/TLS 172.16.33.185:5061;branch=z9hG4bK2a250b9c-cbc8022e-33fc6ddf-24e90a53-1;received=172.16.33.185;ms-received-port=41416;ms-received-cid=E00
    Event: presence
    User-Agent: Cisco-PE/7.0
    Contact: <sip:172.16.33.185:5070;transport=tcp>
    Content-Length: 1670
    Content-Type: application/pidf+xml
    Subscription-State: active;expires=7200
    SIP-ETag: 19
    Via: SIP/2.0/UDP 172.16.33.185:5070;received=172.16.33.185;branch=z9hG4bK738f2d8c-3740-4d79-a1f3-8b8a6321339c
    Message-Body: ----****MESSAGE BODY DELETED****----
    $$end_record


    TL_INFO(TF_PROTOCOL) [1]0688.01B4::05/06/2009-17:10:56.381.00000648 (SIPStack,SIPAdminLog::TraceProtocolRecord:SIPAdminLog.cpp(122))$$begin_record
    Instance-Id: 00000040
    Direction: incoming;source="internal edge";destination="external edge"
    Peer: ocs.msft.emuclab.net:5061
    Message-Type: response
    Start-Line: SIP/2.0 401 Unauthorized
    From: <sip:user2@cisco.emuclab.org>;tag=f1999865
    To: "User 31" <sip:user31@msft.emuclab.net>;tag=8204c3cbd1
    CSeq: 682338670 NOTIFY
    Call-ID: 46801d18bdd5408e9cb328dcc02f897f
    Date: Wed, 06 May 2009 17:10:56 GMT
    WWW-Authenticate: NTLM realm="SIP Communications Service", targetname="OCS.msft.emuclab.net", version=4
    WWW-Authenticate: Kerberos realm="SIP Communications Service", targetname="sip/OCS.msft.emuclab.net", version=4
    Via: SIP/2.0/TLS 172.18.32.17:1030;branch=z9hG4bK978AB0ED.9FDDFC5A7924F290;branched=FALSE;ms-received-port=1030;ms-received-cid=1200
    Via: SIP/2.0/TLS 172.16.33.185:5061;branch=z9hG4bK2a250b9c-cbc8022e-33fc6ddf-24e90a53-1;received=172.16.33.185;ms-received-port=41416;ms-received-cid=E00
    Via: SIP/2.0/UDP 172.16.33.185:5070;received=172.16.33.185;branch=z9hG4bK738f2d8c-3740-4d79-a1f3-8b8a6321339c
    Content-Length: 0
    Message-Body: –
    $$end_record

    TL_INFO(TF_DIAG) [1]0688.01B4::05/06/2009-17:10:56.381.000006a7 (SIPStack,SIPAdminLog::TraceDiagRecord:SIPAdminLog.cpp(144))$$begin_record
    LogType: diagnostic
    Severity: information
    Text: The message has an IM Service Provider domain
    SIP-Start-Line: SIP/2.0 401 Unauthorized
    SIP-Call-ID: 46801d18bdd5408e9cb328dcc02f897f
    SIP-CSeq: 682338670 NOTIFY
    Peer: cup1a.cisco.emuclab.org:41416
    Data: domain="cisco.emuclab.org"
    $$end_record

    TL_WARN(TF_DIAG) [1]0688.01B4::05/06/2009-17:10:56.381.000006b0 (SIPStack,SIPAdminLog::TraceDiagRecord:SIPAdminLog.cpp(142))$$begin_record
    LogType: diagnostic
    Severity: warning
    Text: SIP challenge response was filtered by the Access Edge Server
    Result-Code: 0xc3e93d63 SIPPROXY_E_EPROUTING_MSG_INT_CHALLENGE_FILTERED
    SIP-Start-Line: SIP/2.0 401 Unauthorized
    SIP-Call-ID: 46801d18bdd5408e9cb328dcc02f897f
    SIP-CSeq: 682338670 NOTIFY
    Peer: cup1a.cisco.emuclab.org:41416
    $$end_record

    What can be my problem ?

    Thank you


    Wednesday, May 6, 2009 6:27 PM

All replies

  • Did some more digging and in the validations test I get this erro, what does this mean ?


    Maximum hops: 2
    Check two-party IM: Discovered a new SIP server in the path.
    Maximum hops: 3
    Check two-party IM: Discovered a new SIP server in the path.
    Maximum hops: 4
    Received a failure SIP response: User sip:user1@cisco.emuclab.org @ Server ocs.msft.emuclab.net
    Received a failure SIP response: [
    SIP/2.0 404 Not Found
    FROM: "user 30"<sip:user30@msft.emuclab.net>;tag=104536f08fe3538a893b;epid=epid01
    TO: <sip:user1@cisco.emuclab.org>;tag=4f1257b9-35a3da44
    CSEQ: 17 INVITE
    CALL-ID: 592ca4a17c4844ff8c4cb595371d7960
    VIA: SIP/2.0/TLS 172.16.33.150:2636;branch=z9hG4bKb87d28de;ms-received-port=2636;ms-received-cid=C400
    CONTENT-LENGTH: 0
    AUTHENTICATION-INFO: NTLM rspauth="0100000000000000E7E4336546C872DB", srand="598BBAE9", snum="15", opaque="6855C3FF", qop="auth", targetname="OCS.msft.emuclab.net", realm="SIP Communications Service"
    ms-diagnostics: 1011;reason="Ms-Diagnostics header not provided by previous hop";source="edge.msft.emuclab.net";Domain="cisco.emuclab.org";PeerServer="cup1a.cisco.emuclab.org"

    ]

    Suggested Resolution: Use the maximum hop count to determine the server that generated this error. For example, if the maximum hop value is 2, then it is likely that this error was generated by a server that is 1 (immediate target) or 2 hops away. Check whether the target user is a valid user and that the target user domain is trusted by the source user's pool. Check the connectivity between the source and target pools.
    Suggested Resolution: If authentication failed, then make sure the user is SIP-enabled and is homed properly.

    Thank you,
    Paulo
    Thursday, May 7, 2009 9:36 PM