Audio and video not woriking in a web browser due to LtpaToken “undefined”

When testing audio and video via a web browser of mobile phone I would see the following error in a browser when trying to use audio and video in a meeting. Using the thick client worked.

st2

Looking at the SIP Proxy Registrars SystemOut.log I saw the following exceptions.

[2/11/14 18:08:43:660 GMT] 000000a7 LdapPasswordS I LdapPasswordServer  CWSCT0359I: Hashed Credential attributes not found.
[2/11/14 18:08:43:661 GMT] 000000a7 SIPDigestServ E SIPDigestService  CWSCT0340E: Error – cannot retrieve password attribute.

I enabled trace on the SIP PR ( *=info:com.ibm.ws.security.*=all:com.ibm.ws.sip.*=all) and found that the LtpaToken was “undefined.”

REGISTER sip:prcf.collaborationben.com;transport=tls SIP/2.0
Content-Length: 0
Expires: 1800
Max-Forwards: 70
Cookie: LtpaToken=”undefined”
Supported: path, outbound
User-Agent: Sametime-ST9.0-Softphone
Contact: <sip:WebAVClient-Ben.Williams%40collaborationben.com@**********:54303;transport=tls>;methods=”INVITE,ACK,BYE,CANCEL,OPTIONS,INFO,MESSAGE,SUBSCRIBE,NOTIFY,PRACK,UPDATE,REFER”;reg-id=1;+sip.instance=”<urn:uuid:********************>”
Call-ID: *****************@192.0.1.58
CSeq: 1 REGISTER
To: sip:WebAVClient-Ben.Williams%40collaborationben.com@prcf.collaborationben.com
From: WebAVClient-Ben.Williams%40collaborationben.com <sip:WebAVClient-Ben.Williams%40collaborationben.com@prcf.collaborationben.com>;tag=BCF17103-85B0EEA0
Via: SIP/2.0/TLS 192.0.1.58:54303;branch=z9hG4bK42f99901F8B8AD8E

I also saw that when I logged in as an LDAP user the trace showed my file system administrative user.

user:defaultWIMFileBasedRealm/uid=wasadmin,o=defaultWIMFileBasedRealm

The LtpaToken must be working because the SIP PR is in the same cell as the majority of the other application servers and awareness works which means SSO must be working but the above shows that it isn’t. Odd.

I also noticed that if I authenticated with the Community server first and then switched to the meeting server URL, audio and video worked. It was the LtpaToken being provided by the WAS application server that was a problem.

I tried a couple of things such as changing the realm name to match the LDAP server as opposed to the default (defaultWIMFileBasedRealm) but this did not work.

Thankfully Khalid arranged a call with development and he asked me to uncheck “Set security cookies to HTTPOnly to help prevent cross-site scripting attacks.”

st3

After I resynchronised and stopped and started all the application servers and proxies I could then use audio and video in my clients!

This should be making its way into a Technote soon.

 

Advertisements

Sametime audio and video failing due to business cards

We all know that LDAP is the biggest threat to Sametime, don’t we? Are we all aware of how that impacts audio and video through business cards?

Well, a customer logged a problem yesterday after audio and video failed on their 8.5.2.1 infrastructure. What made this more difficult to troubleshoot was the fact that last week and we had other problems relating to audio and video which was “taken out” after a network change the weekend prior. With last weeks problem clouding my judgement I went down the route of checking for network and synchronisation issues (last weeks problem) that I failed to look at LDAP.

It wasn’t until I spent some hours checking that last weeks problem hadn’t reared it’s head again that I looked at client side trace and saw the following exception.

CLFRB1232W: When processing the softphone configuration encountered an error: com.ibm.collaboration.realtime.telephony.exception.TelephonyRuntimeException: Required directory or missing required configuration information. Voice and video services are not available. Please contact the administrator.

The error in the client was:

1

These errors indicate that the UserInfo service isn’t providing the email address to the client’s business card. Audio and video requires the email address to function. This was detailed in a Technote which now seems to be broken http://www-01.ibm.com/support/docview.wss?uid=swg21447891

I also checked the registered bindings in the SSC and saw people connected to the SIP Proxy Registrar with audio and video working for some. Business cards were not showing the email address and in the client trace there was further signs of UserInfo problems.

User attribute search returned 0 attributes for person CN=Joe Bloggs,OU=London,O=ACME (chat01.acme.com)

New DirectoryLookupThread created for [CN=Joe Bloggs,OU=London,O=ACME]
java.lang.Throwable
at com.ibm.collaboration.realtime.people.internal.DirectoryLookupThread.<init>(Unknown Source)
at com.ibm.collaboration.realtime.people.internal.PeopleCacheMgr.loadPersonData(Unknown Source)
at com.ibm.collaboration.realtime.people.internal.PeopleCacheMgr.loadPersonData(Unknown Source)
at com.ibm.collaboration.realtime.people.internal.PeopleCacheEventHandler.handlePartnerInteraction(Unknown Source)
at com.ibm.collaboration.realtime.people.internal.PeopleCacheEventHandler.handleBuddySelected(Unknown Source)
at com.ibm.collaboration.realtime.people.internal.PeopleCacheEventHandler.handleMessageEvent(Unknown Source)
at com.ibm.collaboration.realtime.magiccarpet.MessageEventHandlerProxy.handleMessageEvent(Unknown Source)
at com.ibm.collaboration.realtime.magiccarpet.MessageEventAdapter.processEvent(Unknown Source)
at com.ibm.collaboration.realtime.magiccarpet.messageprocessor.WorkItemRunnable.run(Unknown Source)
at com.ibm.collaboration.realtime.magiccarpet.messageprocessor.WorkThread.run(Unknown Source)

Calling the servlet via a web browser returned the correct results chat01.acme.com/servlet/UserInfoServlet?operation=3&userId=cn=Joe%20Bloggs,ou=London,o=Acme&setid=1.

 <?xml version=”1.0″ encoding=”UTF-8″ ?>
– <userinfo>
– <user id=”cn=Joe Bloggs,ou=London,o=acme“>
<field name=”Name” type=”text/plain”>Joe Bloggs</field>
<field name=”Company” type=”” error=”UNAVAILABLE” />
<field name=”Title” type=”” error=”UNAVAILABLE” />
<field name=”Telephone” type=”” error=”UNAVAILABLE” />
<field name=”MailAddress” type=”text/plain”>Joe.Bloggs@acme.com</field>
<field name=”Location” type=”” error=”UNAVAILABLE” />
<field name=”Photo” type=”” error=”UNAVAILABLE” />
</user>
</userinfo>

This customer has problems with LDAP and changing the max and low pending variables has been tried before but it broke other Sametime components. Until a test environment is provisioned or it is agreed that I can fix forward in production not much can be done with regards to performance tuning.

Anyway, the Community server was restarted this morning and business cards worked and so did audio and video. For the time being.