Webex for BroadWorks Troubleshooting Specific Issues

Partner Hub Issues

Administrator Cannot see Customer Organizations

As an administrator for your Partner organization in Webex, you should have the Full Administrator role. That role is used for managing your partner organization, including assigning administrative privileges to yourself and others. To manage customer organizations, you need to grant yourself (or other people) the Sales Full Administrator role or Sales Administrator role. See https://help.webex.com/fs78p5.

User Provisioning Issues

Integrated IM&P Errors for Specific Enterprises / Customers

If you have a mix of enterprises using different cloud collaboration services, e.g. UC-One SaaS and Webex for BroadWorks, you may have opted to modify the provisioning adapter on a per-enterprise basis.

To check what is configured for Integrated IM&P (default for enterprises, unless a more specific setting exists), run AS_CLI/Interface/Messaging> get. For a specific enterprise's provisioning parameters, open the enterprise and go to Services > Integrated IM&P.

Check that the Integrated IM&P configuration for that enterprise matches exactly what is shown in the Customer Template in Partner Hub. The following settings must match, or provisioning fails for all users in the enterprise:

BroadWorks Enterprise Integrated IM&P setting

Partner Hub Customer Template setting

Messaging Server URL

Provisioning URL

Messaging Server Username

Provisioning Account Name

Messaging Server Password

Provisioning Account Password, Confirm Password

Integrated IM&P Errors for Specific Users

This applies if you are using flowthrough provisioning, and assumes that provisioning is working for some/most users (so you can rule out a configuration issue).

If you are seeing Integrated IM&P errors in BroadWorks, for example, “[Error 18215] Provisioning error with Messaging server” and “[Error 18211] Communication error with Messaging server”, you should investigate the following potential causes:

  • The user’s email address could already exist CI. Search for the user in Help Desk to check if their email address is already there. This is not necessarily conclusive, because the user may exist in an organization whose data you are not permitted to see in Help Desk.

  • The user independently signed up to Webex, prior to being assigned the Integrated IM&P service. In this case, one option is to have the user delete their free account so that they can become a part of the Customer Organization you are provisioning. Instructions are at https://help.webex.com/5m4i4y.

  • The user does not have a primary phone number assigned to their profile (all Webex for BroadWorks subscribers must have a primary DID). See the topic on analyzing PSLog from AS.

User Provisioning Failures in Response from Provisioning Bridge

If users are not appearing in Control Hub, within a few minutes of assigning Integrated IM&P, have a look at the response codes from the provisioning bridge service. Run a PSLog to look at the HTTP response codes.

200 OK

A 200 OK response does not mean that the user is successfully provisioned. It means that the provisioning service received the request and successfully submitted the corresponding user creation request to upstream services.

The provisioning transaction is asynchronous by design. The service responds 200 OK because the user creation process can take several minutes and, for performance reasons, we do not want to receive multiple requests to create the same user.

However, if the user does not eventually appear in the Customer Organization after a 200 OK response, it could indicate that the user creation failed in the Webex services upstream of the provisioning service.

You need to escalate a provisioning failure that has a 200 OK response.

400 Bad Request

Check the HTTP response which should have more detail on potential issues that could cause this response from the provisioning service. Some examples of the <message> node:

  • “Can not trust BroadWorks email with legacy provisioning API.”

    The email address associated with the failing user provisioning request is not valid, or is mistyped, but you have asserted in the template that the email addresses can be trusted. Check the users’ profiles in BroadWorks, specifically the email id.

  • “Customer org is not found in database and also new org creation flag is not enabled.”

    This failed provisioning request should be creating a new Customer Organization in Webex, but your template is configured to prevent new Customer Organizations to be created. If you want to allow new organizations, for email domains that do not match existing customers in Webex, then you can reconfigure your template in Partner Hub and retest the provisioning request. However, if you are not expecting a new organization to be created for this user, perhaps the email address is mistyped (specifically the domain part). Check the user’s email id in BroadWorks.

403 Forbidden

The provisioning request has no chance of succeeding. You will need to investigate the request and response in this case. For example, if you see an IP address as the target of the provisioning request – instead of the appropriate provisioning bridge URL for your organization (see the firewall configuration topics in Solution Guide) – it could indicate that your Application Server is missing a required patch (ap373197).

Check that all required patches are applied to the Application Server, and that you completed the related configuration for successful flowthrough provisioning.

409 Conflict

The provisioning request cannot proceed because there is an existing user in Webex that matches the email address in the request.

User Already in CI

Get the subscriber email out of the HTTP POST request and search for it in Help Desk.

You may not see the user if you are not permitted, but you may also see that the user is in a ‘free’ organization e.g. “Consumer”.

You can ask this user to delete their free account, or you can use a different email address to provision them. See https://help.webex.com/ndta402.

Users Sign in Issues

User Activation Portal Does Not Load

The normal Webex for BroadWorks sign in flow includes a User Activation Portal where users enter their passwords. Sometimes this portal does not load after the user has supplied their email address in the Webex app sign in screen.

This issue can be caused on client side or on the service side. On the client side, it is typically caused by the client’s native browser being incompatible in some way with the service.

Single Sign On failed

  • In BroadWorks, check that the user has been assigned the device types for the Webex app (see Device Profiles section in Prepare Your Environment section of the Solution Guide).

  • Check the user is using the correct password: If the template you used to provision the user’s Customer Organization (in Partner Hub) is configured for BroadWorks authentication, the user should be entering their BroadWorks “Web Access” password.

Calling Configuration and Registration Issues

After a user has been provisioned in Webex and they successfully sign in to the Webex app, then the app registers to BroadWorks. The following are the expected registration sequence and the resulting signs of a healthy registration (as seen from the Webex app):

Expected Registration Sequence

  1. Client calls XSI to get a device management token and the URL to the DMS

  2. Client requests its device profile from DMS by presenting the token from step 1

  3. Client reads the device profile and retrieves the SIP credentials, addresses, and ports

  4. Client sends a SIP REGISTER to SBC using the information from step 3

  5. SBC sends the SIP REGISTER to the AS (SBC may perform a look-up in the NS to locate an AS if SBC does not already know the SIP user.)

Expected Signs of Successful Client Registration

Calling Options icon appears in the Webex interface.

In the Webex app phone services tab (e.g. Settings > Phone Services on Windows, Preferences > Phone Services on Mac), the message “SSO Session: You’re signed in” means the app registered successfully (to BroadWorks in this case).

Client has no Calling Icon

Most of the time this means the user does not have the correct license / entitlements.

Client Shows Phone Services Tab but no SSO Session

This is an unsuccessful registration. There are multiple reasons why a Webex app client would fail registration with BroadWorks:

Multiple Calling Services Being Tested with Same Clients

This known issue can be caused by the client changing between different calling back ends. It is most likely to occur during trials of different calling services offered via (the same) Webex app clients. You can reset the client database (link) to remedy this issue.

Misconfiguration of Authentication Service

Check the XSP(s) hosting the authentication service against the Solution Guide (see Configure Services on your Webex for BroadWorks XSPs). Specifically:

  • The RSA keys (that you generate on one XSP) are copied onto all the XSPs

  • The authentication service URL has been provided to the web container on all XSPs, and entered correctly in the cluster in Partner Hub

  • External authentication by certificates is configured:

            allowUserApp = false
            allowClientApp = true
  • When using MTLS, you must upload the Webex client certificate to the XSPs (you can getthe certificate from Partner Hub, on the BroadWorks Settings page)

Misconfiguration of BroadWorks tags

Check that you have configured the required BroadWorks tags for the Webex app (see BroadWorks Tags Required for Webex section in Solution Guide) and that there are no conflicts or incorrect values.

Specifically, the %SBC_ADDRESS_WXT% tag should be the SBC towards your SIP registrar for Webex app clients.

Desktop Client Disconnects Phone Services After Successful SSO Connection

This issue can be caused by the same user signing in to multiple clients on the same platform type. For example, if a user signs in successfully to the Webex app on Windows, and then signs in to the webex app on a different Windows machine, there is only an active SSO session on one of the machines. This is by design.

If you absolutely need to work around this issue, you can configure BroadWorks to have multiple instances of the same device type, but they must have unique SIP addresses. This configuration is outside the scope of Webex for BroadWorks.

Desktop Device not Provisioned for User

This signature is seen in the client (\bwc\) log:

<Error> [0x70000476b000] BroadWorksConfigDownloader.cpp:106 onAccessDeviceListSucceeded:BWC:SCF: ConfigDownload - the device profile 'Business Communicator - PC' is not found.

Call Settings Webview Issues

Self Care Button/Link Not Showing in Webex app

A different symptom of this issue is when the button/link is shown, but clicking it opens an external browser.

  • Verify the required client configuration template is deployed and CSW tags are properly set. (See the Call Settings Webview section in the Webex for BroadWorks Solution Guide).

  • Verify the Webex app is registered for calling in BroadWorks.

  • Check that the Webex app is a recent version that supports CSWV.

Blank Page or Error After Clicking Self Care Button/Link

Generally, this behavior in the Webex app indicates a configuration or deployment issue with the CSWV application on BroadWorks XSP.

Collect details for further investigation, including CSWV logs, access logs, config-wxt.xml repository, and template file, and then raise a case.

End User Error Codes

The following table outlines end user error codes that may be seen in the client user activation portal.

This is not an exhaustive list of error codes. The table lists only existing error codes for which the Webex app does not currently provide clear direction to the user.
Table 1. End User Error Codes

Error Code

Error Message


Failed validating credentials as broadworks user unauthorized


Failed validating credentials as user is locked out


Failed validating credentials as add user failed for self activation


Failed to send email as user in unauthenticated


Failed validating email due to pre-check failure or pending user incorrect state for PartnerOrgUUID : {partnerOrgUUID} , BroadoworksUUID : {broadworksUUID} , ConfigSetUUID : {configSetUUID}


Failed validating email as emailId already in use in a different Org


Failed validating email as configSet is not matching with configSet in customerConfig


Failed validating email as user is already entitled for another conflicting service, conflicting entitlements


Failed validating email as email is already associated with another broadworks UserId


Failed validating email as user customer config mapping is incorrect


Failed validating email as userId is already in use on this broadworks cluster


Failed adding user through self activation as user is already part of a different org


Failed adding user through self activation as multiple pending users exists with same broadworksUserId under same broadworks cluster


Failed adding user through self activation as userId is already in use on this broadworks cluster


Failed adding user through self activation as email address was already provisioned with a different BroadWorks userId


Failed adding user through self activation as userId is already in use on this broadworks cluster


Failed adding user through self activation as provisioningID doesn't match expected provisioningID of subscriber's enterprise


Failed adding user through self activation as spEnterpriseId specified in this request conflicts with a Service Provider or Enterprise already provisioned from this BroadWorks Cluster