Cisco Cisco TelePresence Video Communication Server Expressway
Client HTTPS requests are dropped by VCS
This can be caused by the automated intrusion protection feature on the VCS Expressway if it detects
repeated invalid attempts (404 errors) from a client IP address to access resources through the HTTP proxy.
repeated invalid attempts (404 errors) from a client IP address to access resources through the HTTP proxy.
To prevent the client address from being blocked, ensure that the HTTP proxy resource access failure
category (
category (
System > Protection > Automated detection > Configuration
) is disabled.
Unable to configure IM&P servers for remote access
'Failed: <address> is not a IM and Presence Server'
This error can occur when trying to configure the IM&P servers used for remote access (via
Configuration >
Unified Communications > IM and Presence servers
).
It is due to missing CA certificates on the IM&P servers and applies to systems running 9.1.1. More
information and the recommended solution is described in
information and the recommended solution is described in
Invalid SAML assertions
If clients fail to authenticate via SSO, one potential reason is that invalid assertions from the IDP are being
rejected by the VCS Control.
rejected by the VCS Control.
Check the logs for "Invalid SAML Response".
One example is when ADFS does not have a claim rule to send the users' IDs to the VCS Control. In this
case you will see "No uid Attribute in Assertion from IdP" in the log.
case you will see "No uid Attribute in Assertion from IdP" in the log.
The VCS is expecting the user ID to be asserted by a claim from ADFS that has the identity in an attribute
called uid. You need to go into ADFS and set up a claim rule, on each relying party trust, to send the users'
AD email addresses (or sAMAccountNames, depending on your deployment) as "uid" to each relying party.
called uid. You need to go into ADFS and set up a claim rule, on each relying party trust, to send the users'
AD email addresses (or sAMAccountNames, depending on your deployment) as "uid" to each relying party.
Unified Communications Mobile and Remote Access via Cisco VCS Deployment Guide (X8.6)
Page 53 of 55
Appendix 1: Troubleshooting