Cisco Cisco TelePresence Video Communication Server Expressway
Appendix 6 — Troubleshooting
VCS Deployment Guide: Authenticating Devices (VCS X7.0)
Page 26 of 44
Appendix 6 — Troubleshooting
Local database troubleshooting
No specific troubleshooting.
H.350 directory service troubleshooting
No specific troubleshooting.
Active Directory (direct) troubleshooting
Check password
If it is a device specific entry, check that the password has been activated and has not expired.
If it is a user login, check that the user can use the username and password in a different application.
401 unauthorized returned from the provisioning server to a
SUBSCRIBE for provisioning
SUBSCRIBE for provisioning
If a “401 unauthorized” is returned from the TMS Agent provisioning server after the VCS has sent a
SUBSCRIBE to it with a P-Asserted-Identity header, check that provisioning has been configured for
this user.
SUBSCRIBE to it with a P-Asserted-Identity header, check that provisioning has been configured for
this user.
For details on configuring provisioning, see the Cisco TMS Provisioning Deployment Guide (document
D14368) and the Cisco TMS Provisioning Troubleshooting Guide (document D14427).
D14368) and the Cisco TMS Provisioning Troubleshooting Guide (document D14427).
Movi fails to authenticate
Mismatch of NTLM versions
In order to use Active Directory (direct) mode, the PC running Movi must use appropriate settings
which are compatible with the AD server. To check (and change if required), see “Appendix 4 —
Active Directory (direct): Movi PC configuration”.
which are compatible with the AD server. To check (and change if required), see “Appendix 4 —
Active Directory (direct): Movi PC configuration”.
Username too long
The Movi username must not exceed 20 characters. Usernames longer than 20 characters will fail to
log in due to a limitation in Active Directory which truncates longer names.
log in due to a limitation in Active Directory which truncates longer names.
Netlogon Log Error Codes - NTreasonCodes
In a diagnostic log taken of an AD direct authentication NT supplied reason code values are returned
in failure cases. The log contains: NTreasonCode="<value>"
in failure cases. The log contains: NTreasonCode="<value>"
In summary:
Log Code
Description
0x0
Successful login
0xC0000022
Domain controller is denying access (try joining domain again)