Cannot connect to CISCO CUCM v.11

[bradut]

I have an environment where Pidgin and Cisco Jabber clients connect to a local Cisco Unified Communications Manager (CUCM) server.

I have then tried to connect to the same Cisco server with Jabber-Net, (JabberNet.Example.exe ) but got this error when hit the button in the login form:

ERROR: System.IO.IOException: Authentication failed because the remote party has closed the transport stream.
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
   at JabberNet.bedrock.net.AsyncSocket.StartTLS() in D:\Projects\CISCO\Jabber-Net-develop\src\JabberNet\bedrock\net\AsyncSocket.cs:line 723

I suppose that this problem is not related to the certificates, because Pidgin and Jabber work fine.

[ForNeVeR]

What .NET version are you using? Have you tried the solution from StackOverflow?

[bradut]

Thank you for reply ForNeVeR.

I have targeted all projects in the solution to .Net 4.6.2 as recommended in StackOverflow :"It is worth noting that .NET 4.6 will use the correct protocol by default and does not require either solution."

I have not done anything with 'SslStream' and 'System.Net.ServicePointManager.SecurityProtocol' as I am not familiar with these things.

Maybe I set incorrectly the login parameters?

• I have an existing "testuser1@ActiveDirectoryAndDNSServer"
• "ActiveDirectoryAndDNSServer" is the Active Directory and DNS server
• I have a Cisco presence server at "PresenceServer ", port 5222
• I am able to use Pidgin and Cisco Jabber with these settings
• In the JabberNet Windows Forms example, I opened the Login form and filled in these values:

-- Tab 1: Basic
User: testuser1
Server: PresenceServer
[did not check anything: neither "Allow plaintext authentication" nor "Use Windows credentials..."]

-- Tab 2: Network
Port: 5222
Network Host: [left this field empty]
SSL: checked

-- Other two tab: left the default values

ERROR: System.IO.IOException: Authentication failed because the remote party has closed the transport stream. at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) at JabberNet.bedrock.net.AsyncSocket.StartTLS() in D:\Projects\CISCO\Jabber-Net-develop\src\JabberNet\bedrock\net\AsyncSocket.cs:line 723

----If I disable SSL I get this error:
SEND: <stream:stream xmlns:stream="http://etherx.jabber.org/streams" id="ff2320d7" xmlns="jabber:client" to="PresenceServer" version="1.0"> RECV: <stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' xml:lang='en-US.UTF-8' id='1B30E0A3F0' from='PresenceServer' version='1.0'><stream:features><starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'><required/></starttls></stream:features> SEND: <starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls" /> RECV: <proceed xmlns='urn:ietf:params:xml:ns:xmpp-tls'/> ERROR: System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure. at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception) at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest) ... ... .... at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) at JabberNet.bedrock.net.AsyncSocket.StartTLS() in D:\Projects\CISCO\Jabber-Net-develop\src\JabberNet\bedrock\net\AsyncSocket.cs:line 723 ERROR: System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure. at System.Net.Security.SslState.CheckThrow(Boolean authSuccessCheck, Boolean shutdownCheck) at System.Net.Security.SslStream.get_RemoteCertificate() at JabberNet.bedrock.net.AsyncSocket.get_RemoteCertificate() in D:\Projects\CISCO\Jabber-Net-develop\src\JabberNet\bedrock\net\AsyncSocket.cs:line 225 at JabberNet.jabber.connection.SocketStanzaStream.StartTLS() in D:\Projects\CISCO\Jabber-Net-develop\src\JabberNet\jabber\connection\SocketStanzaStream.cs:line 322 at JabberNet.jabber.connection.XmppStream.StartTLS() in D:\Projects\CISCO\Jabber-Net-develop\src\JabberNet\jabber\connection\XmppStream.cs:line 1199

At this point I am not sure if the values I input are correct. For instance, I didn't figure out whether ActiveDirectoryAndDNSServer is required or not.
Also, not sure if just using .NET 4.6.2 instead of .NET 4.0 does the magic with 'SslStream' and 'System.Net.ServicePointManager.SecurityProtocol' as mentioned in StackOverflow.

Thank you,
Bradut

[ForNeVeR]

Could you try the options mentioned in the documentation? I.e. UntrustedRootOK and OnIvalidCertificate?

[bradut]

Thank you for suggestion.

I was not sure where to implement OnIvalidCertificate, so I took a shortcut and, in the class AsyncSocket, I have modified UntrustedRootOK to return always "true".

It didn't work, and, unfortunately I have now to move to other project. Will try to come back to give it another try when I have a little bit of time

Thank you for your prompt support!