Cisco Cisco TelePresence Video Communication Server Expressway

Client HTTPS requests are dropped by VCS

This can be caused by the automated intrusion protection feature on the VCS Expressway if it detects
repeated invalid attempts (404 errors) from a client IP address to access resources through the HTTP proxy.

To prevent the client address from being blocked, ensure that the HTTP proxy resource access failure
category (

System > Protection > Automated detection > Configuration

) is disabled.

Unable to configure IM&P servers for remote access

'Failed: <address> is not a IM and Presence Server'

This error can occur when trying to configure the IM&P servers used for remote access (via

Configuration >

Unified Communications > IM and Presence servers

It is due to missing CA certificates on the IM&P servers and applies to systems running 9.1.1. More
information and the recommended solution is described in

bug CSCul05131

Invalid SAML assertions

If clients fail to authenticate via SSO, one potential reason is that invalid assertions from the IDP are being
rejected by the VCS Control.

Check the logs for "Invalid SAML Response".

One example is when ADFS does not have a claim rule to send the users' IDs to the VCS Control. In this
case you will see "No uid Attribute in Assertion from IdP" in the log.

The VCS is expecting the user ID to be asserted by a claim from ADFS that has the identity in an attribute
called uid. You need to go into ADFS and set up a claim rule, on each relying party trust, to send the users'
AD email addresses (or sAMAccountNames, depending on your deployment) as "uid" to each relying party.

Unified Communications Mobile and Remote Access via Cisco VCS Deployment Guide (X8.6)

Page 53 of 55

Appendix 1: Troubleshooting