Cisco Cisco TelePresence Video Communication Server Expressway
Appendix 1 — Troubleshooting
VCS Deployment Guide: Device authentication on Cisco VCS (VCS X7.2)
Page 23 of 50
Appendix 1 — Troubleshooting
This section provides information to help troubleshoot and resolve authentication issues.
Local database troubleshooting
No specific troubleshooting.
H.350 directory service troubleshooting
No specific troubleshooting.
Active Directory (direct) troubleshooting
Check password
If it is a device specific entry, check that the password has been activated and has not expired.
If it is a user login, check that the user can use the username and password in a different application.
401 unauthorized returned from the provisioning server to a SUBSCRIBE for provisioning
If a “401 unauthorized” is returned from the TMS Agent provisioning server after the VCS has sent a
SUBSCRIBE to it with a P-Asserted-Identity header, check that provisioning has been configured for
this user.
SUBSCRIBE to it with a P-Asserted-Identity header, check that provisioning has been configured for
this user.
For details on configuring provisioning, see the Cisco TMS Provisioning Deployment Guide (document
D14368) and the Cisco TMS Provisioning Troubleshooting Guide (document D14427).
D14368) and the Cisco TMS Provisioning Troubleshooting Guide (document D14427).
Movi / Jabber Video fails to authenticate
Mismatch of NTLM versions
In order to use Active Directory (direct) mode, the PC running Movi must use appropriate settings
which are compatible with the AD server. To check (and change if required), see “Appendix 4 —
Active Directory (direct): Movi PC configuration”.
which are compatible with the AD server. To check (and change if required), see “Appendix 4 —
Active Directory (direct): Movi PC configuration”.
Username too long
The Movi username must not exceed 20 characters. Usernames longer than 20 characters will fail to
log in due to a limitation in Active Directory which truncates longer names.
log in due to a limitation in Active Directory which truncates longer names.
Netlogon Log Error Codes - NTreasonCodes
In a diagnostic log taken of an AD direct authentication, NT supplied reason code values are returned
in failure cases. The log contains: NTreasonCode="<value>"; these values are documented at:
in failure cases. The log contains: NTreasonCode="<value>"; these values are documented at:
. In summary:
Log Code
Description
0x0
Successful login
0xC0000022
Domain controller is denying access (try joining domain again)
0xC0000064
The specified user does not exist (user name does not exist)
0xC000006A
The value provided as the current password is not correct (name is correct but the password is
wrong)
wrong)