14 Apr
2004
14 Apr
'04
10:17 p.m.
After much head scratching and experimentation I found a light at the end of the tunnel.
The problem is I'm stuck in the tunnel and don't seem to be getting anywhere near
the light.
I've got SER running on a RH7.3 box (IP 10.3.5.1) with pretty much default config (see
ser.cfg below). There are two clients running MSN Messenger 4.6. One client is running
WinXP (IP 10.3.5.2) and the other is running Win2k (IP 10.3.5.3). The builds of Messenger
are 4.6.0073 (for XP) and 4.6.0083 (for 2k). Both MSN clients are pointed at 10.3.5.1 for
their "Communication Service."
When logging in, the XP client gets a password prompt as it should and can login using the
proper password.
However, when logging in from the Win2k client, as soon as I click to sign in, an error
message appears saying "Signing in to Communications Service failed because the
service is temporarily unavailable. Please try again later."
Here's the ngrep output:
-------------------------
]root(a)10.3.5.1]# ngrep -qd eth0 src 10.3.5.1 or src 10.3.5.3 or dst 10.3.5.1 or dst
10.3.5.3
U 10.3.5.3:1133 -> 10.3.5.1:5060
REGISTER sip:team3 SIP/2.0..Via: SIP/2.0/UDP 10.3.5.3:10829..Max-Forwards:
70..From: <sip:admin@team3>;tag=ff832bee93744680bca56666ad7c9e0a;epid=0d50f
b3ca3..To: <sip:admin@team3>..Call-ID: e85f11868c82477da20e852a4cb223d9@10.
3.5.3..CSeq: 1 REGISTER..Contact: <sip:10.3.5.3:10829>;methods="INVITE, MES
SAGE, INFO, SUBSCRIBE, OPTIONS, BYE, CANCEL, NOTIFY, ACK, REFER"..User-Agen
t: RTC/1.2.4949..Event: registration..Allow-Events: presence..Content-Lengt
h: 0....
U 10.3.5.1:5060 -> 10.3.5.3:10829
SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP 10.3.5.3:10829..From: <sip:admin
@team3>;tag=ff832bee93744680bca56666ad7c9e0a;epid=0d50fb3ca3..To: <sip:admi
n@team3>;tag=b27e1a1d33761e85846fc98f5f3a7e58.6d83..Call-ID: e85f11868c8247
7da20e852a4cb223d9@10.3.5.3..CSeq: 1 REGISTER..WWW-Authenticate: Digest rea
lm="team3",
nonce="407d8acfa56dbcb713c69e56e85c6a8280e2d02d"..Server: Sip E
Xpress router (0.8.12 (i386/linux))..Content-Length: 0..Warning: 392 10.3.5
.1:5060 "Noisy feedback tells: pid=15189 req_src_ip=10.3.5.3 req_src_port=
1133 in_uri=sip:team3 out_uri=sip:team3 via_cnt==1"....
-------------------------
My interpretation is that SER is just saying "Access denied," but I never got a
chance to input a password.
The real mystery is that it works properly from my WinXP client. I've matched all the
settings that I can find. I even tried changing the IP address of the Win2k client to
that of the WinXP client and trying to login with the same username that worked on the XP
client. Still I get the same service temp. unavailable message. I've also tried
uninstalling/reinstalling Messenger 4.6 on the Win2k clients, but that didn't change
anything either.
Am I doing something obviously wrong? I would *really* appreciate any guidance or ideas.
I'm pretty much at wits end.
Best Regards
-Chris
Here's my ser.cfg for good measure...
-------------------------
#
# $Id: ser.cfg,v 1.21.4.1 2003/11/10 15:35:15 andrei Exp $
#
# simple quick-start config script
#
# ----------- global configuration parameters ------------------------
#debug=3 # debug level (cmd line: -dddddddddd)
#fork=yes
#log_stderror=no # (cmd line: -E)
/* Uncomment these lines to enter debugging mode
debug=7
fork=no
log_stderror=yes
*/
check_via=no # (cmd. line: -v)
dns=no # (cmd. line: -r)
rev_dns=no # (cmd. line: -R)
#port=5060
#children=4
fifo="/tmp/ser_fifo"
alias="team3"
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database
loadmodule "/usr/lib/ser/modules/mysql.so"
loadmodule "/usr/lib/ser/modules/sl.so"
loadmodule "/usr/lib/ser/modules/tm.so"
loadmodule "/usr/lib/ser/modules/rr.so"
loadmodule "/usr/lib/ser/modules/maxfwd.so"
loadmodule "/usr/lib/ser/modules/usrloc.so"
loadmodule "/usr/lib/ser/modules/registrar.so"
# Uncomment this if you want digest authentication
# mysql.so must be loaded !
loadmodule "/usr/lib/ser/modules/auth.so"
loadmodule "/usr/lib/ser/modules/auth_db.so"
# ----------------- setting module-specific parameters ---------------
# -- usrloc params --
#modparam("usrloc", "db_mode", 0)
# Uncomment this if you want to use SQL database
# for persistent storage and comment the previous line
modparam("usrloc", "db_mode", 2)
# -- auth params --
# Uncomment if you are using auth module
#
modparam("auth_db", "calculate_ha1", yes)
#
# If you set "calculate_ha1" parameter to yes (which true in this config),
# uncomment also the following parameter)
#
modparam("auth_db", "password_column", "password")
# -- rr params --
# add value to ;lr param to make some broken UAs happy
modparam("rr", "enable_full_lr", 1)
# ------------------------- request routing logic -------------------
# main routing logic
route{
# initial sanity checks -- messages with
# max_forwards==0, or excessively long requests
if (!mf_process_maxfwd_header("10")) {
sl_send_reply("483","Too Many Hops");
break;
};
if ( msg:len > max_len ) {
sl_send_reply("513", "Message too big");
break;
};
# we record-route all messages -- to make sure that
# subsequent messages will go through our proxy; that's
# particularly good if upstream and downstream entities
# use different transport protocol
record_route();
# loose-route processing
if (loose_route()) {
t_relay();
break;
};
# if the request is for other domain use UsrLoc
# (in case, it does not work, use the following command
# with proper names and addresses in it)
if (uri == myself) {
if (method=="REGISTER") {
# Uncomment this if you want to use digest authentication
if (!www_authorize("team3", "subscriber")) {
www_challenge("team3", "0");
break;
};
save("location");
break;
};
# native SIP destinations are handled using our USRLOC DB
if (!lookup("location")) {
sl_send_reply("404", "Not Found");
break;
};
};
# forward to current uri now; use stateful forwarding; that
# works reliably even if we forward from TCP to UDP
if (!t_relay()) {
sl_reply_error();
};
}
14 Apr
14 Apr
10:28 p.m.
On 14-04 15:17, Chris Bookholt wrote:
After much head scratching and experimentation I found
a light at the end of the tunnel. The problem is I'm stuck in the tunnel and
don't seem to be getting anywhere near the light.
Stay away from the light ! It's not that bad on this side :-).
I've got SER running on a RH7.3 box (IP 10.3.5.1)
with pretty much default config (see ser.cfg below). There are two clients running MSN
Messenger 4.6. One client is running WinXP (IP 10.3.5.2) and the other is running Win2k
(IP 10.3.5.3). The builds of Messenger are 4.6.0073 (for XP) and 4.6.0083 (for 2k). Both
MSN clients are pointed at 10.3.5.1 for their "Communication Service."
When logging in, the XP client gets a password prompt as it should and can login using
the proper password.
However, when logging in from the Win2k client, as soon as I click to sign in, an error
message appears saying "Signing in to Communications Service failed because the
service is temporarily unavailable. Please try again later."
Here's the ngrep output:
-------------------------
]root(a)10.3.5.1]# ngrep -qd eth0 src 10.3.5.1 or src 10.3.5.3 or dst 10.3.5.1 or dst
10.3.5.3
U 10.3.5.3:1133 -> 10.3.5.1:5060
REGISTER sip:team3 SIP/2.0..Via: SIP/2.0/UDP 10.3.5.3:10829..Max-Forwards:
70..From: <sip:admin@team3>;tag=ff832bee93744680bca56666ad7c9e0a;epid=0d50f
b3ca3..To: <sip:admin@team3>..Call-ID: e85f11868c82477da20e852a4cb223d9@10.
3.5.3..CSeq: 1 REGISTER..Contact: <sip:10.3.5.3:10829>;methods="INVITE, MES
SAGE, INFO, SUBSCRIBE, OPTIONS, BYE, CANCEL, NOTIFY, ACK, REFER"..User-Agen
t: RTC/1.2.4949..Event: registration..Allow-Events: presence..Content-Lengt
h: 0....
U 10.3.5.1:5060 -> 10.3.5.3:10829
SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP 10.3.5.3:10829..From: <sip:admin
@team3>;tag=ff832bee93744680bca56666ad7c9e0a;epid=0d50fb3ca3..To: <sip:admi
n@team3>;tag=b27e1a1d33761e85846fc98f5f3a7e58.6d83..Call-ID: e85f11868c8247
7da20e852a4cb223d9@10.3.5.3..CSeq: 1 REGISTER..WWW-Authenticate: Digest rea
lm="team3",
nonce="407d8acfa56dbcb713c69e56e85c6a8280e2d02d"..Server: Sip E
Xpress router (0.8.12 (i386/linux))..Content-Length: 0..Warning: 392 10.3.5
.1:5060 "Noisy feedback tells: pid=15189 req_src_ip=10.3.5.3 req_src_port=
1133 in_uri=sip:team3 out_uri=sip:team3 via_cnt==1"....
-------------------------
My interpretation is that SER is just saying "Access denied," but I never got a
chance to input a password.
The messages are correct -- Windows messenger sends a REGISTER message
without digest credentials and SER says 401 Unauthorized (because the
credentials are missing). As the next step Windows Messenger is
supposed to ask you for username and password and re-send the
REGISTER, this time including digest credentials.
The real mystery is that it works properly from my
WinXP client. I've matched all the settings that I can find. I even tried changing
the IP address of the Win2k client to that of the WinXP client and trying to login with
the same username that worked on the XP client. Still I get the same service temp.
unavailable message. I've also tried uninstalling/reinstalling Messenger 4.6 on the
Win2k clients, but that didn't change anything either.
Windows messenger does not like when the digest realm is different from
To/From domain, this does not seem to be the case here, but I would
recommend you to try some real domain -- with dot inside, for example
team3.com.
If this does not help, then try to uninstall Windows Messenger and make
sure that you also uninstall all libraries (RTC ?) it is using, then
try to install exactly the same version as on WinXP (if possible).
I remember that some time ago somebody (Juha ?) told me that it is
possible to change some value in the register to disable the realm
validation, maybe this would be worth trying (I do not know more
details).
Jan.
11:27 p.m.
New subject: [Serusers] DB Authentication Issues (The Pain Continues)
Jan Janak wrote:
Windows messenger does not like when the digest realm
is different from
To/From domain, this does not seem to be the case here, but I would
recommend you to try some real domain -- with dot inside, for example
team3.com.
I created a domain in DNS called team3. In that domain all my hosts are called
"host.team3"
So now in my MSN configs, my SER server is referenced as popov.team3 and I login as
admin(a)popov.team3.
Unfortunately, this produces the same result as before: the XP client gets in, but the 2K
client never prompts for a password. You think it's because my "TLD" has
four chars instead of three?
If this does not help, then try to uninstall Windows Messenger and make
sure that you also uninstall all libraries (RTC ?) it is using, then
try to install exactly the same version as on WinXP (if possible).
I do suspect that not all bits of MSN are being uninstalled because when I reinstalled, it
remembered the IP address of the SER server. Any clue how to uninstall those libraries?
Also, it is not possible to install the exact same version on 2K and XP. I tried earlier
and it complained that the XP version is only for systems running XP.
-Chris
11:49 p.m.
New subject: [Serusers] DB Authentication Issues (The Pain Continues)
Chris Bookholt wrote:
Unfortunately, this produces the same result as
before: the XP client gets in, but the 2K client never prompts for a password. You think
it's because my "TLD" has four chars instead of three?
I just tried making my domain "team3.com" but the problem persists.
-Chris
15 Apr
15 Apr
6:17 p.m.
New subject: [Serusers] DB Authentication Issues (The Pain Continues)
On 14-04 16:27, Chris Bookholt wrote:
I have no idea, sorry.
Jan.
Jan Janak wrote:
I don't know, I just tried to eliminate anything "unusal" that could
confuse WM.
Windows messenger does not like when the digest
realm is different from
To/From domain, this does not seem to be the case here, but I would
recommend you to try some real domain -- with dot inside, for example
team3.com.
I created a domain in DNS called team3. In that domain all my hosts are called
"host.team3"
So now in my MSN configs, my SER server is referenced as popov.team3 and I login as
admin(a)popov.team3.
Unfortunately, this produces the same result as before: the XP client gets in, but the 2K
client never prompts for a password. You think it's because my "TLD" has
four chars instead of three? If this does
not help, then try to uninstall Windows Messenger and make
sure that you also uninstall all libraries (RTC ?) it is using, then
try to install exactly the same version as on WinXP (if possible).
I do suspect that not all bits of MSN are being uninstalled because when I reinstalled,
it remembered the IP address of the SER server. Any clue how to uninstall those
libraries? 
7:59 a.m.
Jan Janak writes:
I remember that some time ago somebody (Juha ?) told
me that it is
possible to change some value in the register to disable the realm
validation, maybe this would be worth trying (I do not know more
details).
i used regedit to set the realm to be the same as the domain name in my
sip uri, but i too don't remember the details. today i consider it
waste of time to try to use ms products as sip UAs, because the company
doesn't seem to care about standards or interoperability.
-- juha
7527
days inactive
7528
days old
5 comments
3 participants
participants (3)
-
Chris Bookholt -
Jan Janak -
Juha Heinanen