VMware Horizon Community
curttc
Contributor
Contributor

Cisco Jabber / Horizon View issue (updated)

Reposting this as an update from this original posting:

https://communities.vmware.com/thread/621781

My organization has been working to prepare our Horizon environment for several months and begin pushing the product into production. To give you some background, we are sticking with mainly instant-clone sessions and are running version 7.9 of the Horizon Agent and Connection Server. Testing so far has been great, and we are nearly ready to roll out to production. The final issue I am facing revolves around instant-clone desktop sessions and Cisco Jabber. For the past several weeks I have struggled to get Jabber to retain any login data once a user's session is terminated and they start a new one. The user is always prompted to log back in again when starting a brand new session (AKA, the username and password fields in Jabber are blank at each log in). I have searched all over for answers, but can't seem to find anything conclusive. My golden image is running v.12.7 of Cisco Jabber (have tried multiple different older versions, still with no luck).  In UEM (v.9.8), I have configured the following settings:

pastedImage_0.png

We have confirmed with further troubleshooting that everything is configured correctly via CUCM and CUPS with Jabber. We've been using it in our environment for the last several years with no issues. Any local machine in our environment not currently using Horizon logs into Jabber automatically as expected. This issue only presents itself in the Horizon environment when using an instant-clone desktop pool.

To add to the confusion even more, when I log in with my AD credentials into the exact same desktop pool and launch Jabber, I am logged in automatically and everything works without issue. I have tested this with several other users in our IT department, all of which belong to similar AD groups and they are logged in automatically as well with no issue. This also leads me to believe that this could be due to some sort of permissions problem, but to troubleshoot further, I went ahead and compared my Jabber log under C:\Users\<username>\AppData\Local\Cisco\Unified Communications\Jabber\CSF\Logs\jabber.txt to a user that could not be logged in automatically when launching Jabber.

To reiterate, the log for both users do show a successful DNS query to UDS and CUPS login, so actually finding the services doesn’t seem to be the issue here because I can also do a DNS lookup of both UDS and CUPS and get a successful return with all the correct info. I know most internet posts regarding automatic login issues are usually remedied with making sure CUPS and UDS are configured correctly and that the Jabber client can make a successful DNS query, so that’s why I bring it up.

My findings are that the problem seems to lie within when Jabber first launches and attempts to pull data from the jabberLocalConfig.dat file. To my understanding, this file is in part responsible for caching the user data when they log into Jabber for the first time. When I launch Jabber in my instant clone session, the Jabber logs show this:

pastedImage_1.png

You can see that Jabber is able to successfully read and decrypt my configuration file that was captured by my UEM settings, and I can confirm that the path in the log to the UEM-Archive folder does exist. So it would appear that UEM is capturing the settings I configured correctly. However, when trying to log in with a problematic user, this is the Jabber log output:

pastedImage_2.png

You can see that the last line states that Jabber could not get the valid encrypt key.  With that info, I headed to the permissions on the user’s UEM-Archive location to compare them with mine. All permissions are identical (with the exception of me being an Administrator on our UEM server, but even in that case I manually tried to give problematic users administrator permission on the UEM server temporarily and had the same result).

From what I can tell, this definitely seems to be some sort of permissions problem, I just can’t determine what it causing it. Seeing as how with certain users Jabber logs in (namely anyone in our IT department) and the settings are retained and Jabber logs in correctly, I can’t say I think this is related to Jabber, but I’m not entirely sure at this point. From what I’ve researched online, my UEM configuration as I’ve listed above seems to be working fine for others in the same scenario. Some further steps I have also tried with no luck:

  • Reinstalling Jabber on the golden image
  • Rolling back to an older version of Jabber
  • Deleting the users UEM Archive folder and regenerating it by logging into an instant clone session with their account
  • Completely recreating the golden image (three times to be precise)

If anyone can shed any light on this I’d appreciate it. Otherwise, I think I’m going to bite the bullet and open a ticket with VMware and potentially Cisco.

Reply
0 Kudos
0 Replies