cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

AMA-CUCM Troubleshooting: Best Practices for Reading Trace Files

4703
Views
20
Helpful
49
Replies
Enthusiast

Still on 8.5.1 on the C but 8

Still on 8.5.1 on the C but 8.5.3 on the E.

 

I'll give that a shot this afternoon, need to run out to a client first and then back to playing with my Expressway. Thanks for the suggestions

Beginner

Hi community,Problem here

Hi community,

Problem here also with MRA setup. Here is what I've currently done and have : 

- CUCM 10.5.2

- ExpresswayC and E 8.5.1

- clients : DX80 and Iphone Jabber

Initially jabber was working fine, then upgraded to 8.5.3 and stopped working as everyone said. Now, I've downgraded to 8.5.1 and jabber is working again. 

On the other hand, DX80 as mentioned in Release Notes of latest firmware 10.2.4.46, says that it needs the following for MRA to work : 

- CUCM 10.5.2 or later

- expressway 8.5.2 or later

- DX80 10.2.4.46 firmware

- certificate on expressway-e signed by public CA (now I have the certificates signed locally - Microsoft machine) 

I don't have, yet, certificates signed by public CA, will get there too, but what I think it should be solved first is the error I get in the About device -> Status -> Status messages on my DX80 endpoint, when defining Expressway as connecting to CUCM : 

"Not able to resolve service name: example.com", where example.com represents my domain. Still, there is no problem with Expressway responding to iphone jabber requests, as mentioned previously.

I believe I should first solve this problem, so that DX reaches Expressway-Edge and, as mentioned in Release Notes, if there is a problem with the locally generated certificate, I should receive an error or something similar saying that Expressway-E certificate is not being trusted.

Any thoughts community ? Where should I go from here.

Many thanks,

Ciprian. 

Cisco Employee

Folks-I normally don't

Folks-

I normally don't respond since I am Cisco and have to deal with it every day, but I know where your problem is.  It has nothing to do with the 8.5.3 version, but more with an enforcement of how CUCM and IMP must be setup to work with 8.5.3.  I would bet money that currently your CUCM and IMP are deployed using IP Addresses in the Server area inside the Database in CUCM. When upgrading to 8.5.3, it seems that it is fixed only to work with FQDN. So you need to migrate/move your Current CUCM/IMP setup to what will be needed anyway for cert deployment and move to FQDN. If you do that, rebuild your MRA settings in Exp-C and verify all things are FQDN, it will start up and work fine.-

Have fun-

Justin Jordan CSE-Collaboration

Beginner

Hi Justin,Thanks for the

Hi Justin,

Thanks for the suggestion. Is this documented in the MRA deployment in any way?
There is a recommended way of connecting CUCM and VCS/Expressway-C over TLS, but it should work over TCP only, shouldn't it?

Regards

Andre

Enthusiast

The Justin,We ran into the

The Justin,

We ran into the error message with X8.6 and all tomcat certs were signed by an internal CA server. However, the server names were listed as IP address still and not FQDN format. I disabled TLS verification on the Expressway Core for the CUCM configuration and was able to authenticate.

 

I wanted to just confirm, newer versions of Expressway will require CUCM server names to be in FQDN format? Is that documented anywhere? Normally for deployments I always recommend it but in this case we hadn't changed the server name format yet.

Enthusiast

Tried this afternoon. No dice

Tried this afternoon. No dice. Still fails

 

Here are my logs when both C and E were on 8.5.3. Flushed DNS as suggested. Even tried refreshing the CUCM and IM servers in the UC Config page on the C

 

2015-06-19T16:09:57-04:00    ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Bytes per second: sent 57098.6, received 30828.9" UTCTime="2015-06-19 20:09:57"
2015-06-19T16:09:57-04:00    ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Transferred: sent 4208, received 2272 bytes, in 0.1 seconds" UTCTime="2015-06-19 20:09:57"
2015-06-19T16:09:57-04:00    ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Authenticated to expressway.domain.com ([YY.YY.YY.YY]:2222)." UTCTime="2015-06-19 20:09:57"
2015-06-19T16:09:57-04:00    ssh: Event="sshd" Module="openssh" Level="INFO" Detail="RSA+cert host key for IP address 'YY.YY.YY.YY' not in list of known hosts." UTCTime="2015-06-19 20:09:57"
2015-06-19T16:09:57-04:00    ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Allocated port 33698 for remote forward to localhost:8443" UTCTime="2015-06-19 20:09:57"
2015-06-19T16:09:42-04:00    management: Level="INFO" Event="Unified Communications server configuration" Detail="Added CUP cluster" Publisher="SVR-IM.domain.com" Nodes found="1" UTCTime="2015-06-19 20:09:42,749"
2015-06-19T16:09:42-04:00    management: Level="INFO" Event="Unified Communications server configuration" Detail="Adding CUP server" Name="172.10.10.5" Version="10.5.1" UTCTime="2015-06-19 20:09:42,725"
2015-06-19T16:09:42-04:00    management: Level="INFO" Event="Unified Communications server configuration" Detail="Adding CUP cluster" Publisher="SVR-IM.domain.com" UTCTime="2015-06-19 20:09:42,195"
2015-06-19T16:09:37-04:00    edgeconfigprovisioning: Level="WARNING" Service="ECS" Detail="Request failed" User="('username', 'user1')" Reason="Home CUCM not available - Tried all available UDS" UTCTime="2015-06-19 20:09:37,884"
2015-06-19T16:09:25-04:00    edgeconfigprovisioning: Level="ERROR" Detail="Certificate verify failure" Server="XX.XX.XX.XX" Reason="No subject alternate name" UTCTime="2015-06-19 20:09:25,967"
2015-06-19T16:09:17-04:00    management: Level="INFO" Event="Unified Communications server configuration" Detail="Added CUCM cluster" Publisher="SVR-CUCM.domain.com" Nodes="2" Call Managers="1" TFTP servers="1" UTCTime="2015-06-19 20:09:17,18"
2015-06-19T16:09:15-04:00    management: Level="INFO" Event="Unified Communications server configuration" Detail="Adding Call Manager" Name="XX.XX.XX.XX" Version="10.5.1" UTCTime="2015-06-19 20:09:15,750"
2015-06-19T16:09:14-04:00    management: Level="INFO" Event="Unified Communications server configuration" Detail="Adding CUCM cluster" Publisher="SVR-CUCM.domain.com" UTCTime="2015-06-19 20:09:14,871"
2015-06-19T16:08:57-04:00    ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Bytes per second: sent 58755.3, received 31723.4" UTCTime="2015-06-19 20:08:57"
2015-06-19T16:08:57-04:00    ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Transferred: sent 4208, received 2272 bytes, in 0.1 seconds" UTCTime="2015-06-19 20:08:57"
2015-06-19T16:08:57-04:00    ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Authenticated to expressway.domain.com ([YY.YY.YY.YY]:2222)." UTCTime="2015-06-19 20:08:57"
2015-06-19T16:08:57-04:00    ssh: Event="sshd" Module="openssh" Level="INFO" Detail="RSA+cert host key for IP address 'YY.YY.YY.YY' not in list of known hosts." UTCTime="2015-06-19 20:08:57"
2015-06-19T16:08:57-04:00    ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Allocated port 33698 for remote forward to localhost:8443" UTCTime="2015-06-19 20:08:57"
2015-06-19T16:07:57-04:00    ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Bytes per second: sent 86017.7, received 46443.0" UTCTime="2015-06-19 20:07:57"
2015-06-19T16:07:57-04:00    ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Transferred: sent 4208, received 2272 bytes, in 0.0 seconds" UTCTime="2015-06-19 20:07:57"
2015-06-19T16:07:57-04:00    ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Authenticated to expressway.domain.com ([YY.YY.YY.YY]:2222)." UTCTime="2015-06-19 20:07:57"
2015-06-19T16:07:57-04:00    ssh: Event="sshd" Module="openssh" Level="INFO" Detail="RSA+cert host key for IP address 'YY.YY.YY.YY' not in list of known hosts." UTCTime="2015-06-19 20:07:57"
2015-06-19T16:07:57-04:00    ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Allocated port 33698 for remote forward to localhost:8443" UTCTime="2015-06-19 20:07:57"
2015-06-19T16:06:57-04:00    ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Bytes per second: sent 78667.3, received 42474.3" UTCTime="2015-06-19 20:06:57"
2015-06-19T16:06:57-04:00    ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Transferred: sent 4208, received 2272 bytes, in 0.1 seconds" UTCTime="2015-06-19 20:06:57"
2015-06-19T16:06:57-04:00    ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Authenticated to expressway.domain.com ([YY.YY.YY.YY]:2222)." UTCTime="2015-06-19 20:06:57"
2015-06-19T16:06:57-04:00    ssh: Event="sshd" Module="openssh" Level="INFO" Detail="RSA+cert host key for IP address 'YY.YY.YY.YY' not in list of known hosts." UTCTime="2015-06-19 20:06:57"
2015-06-19T16:06:57-04:00    ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Allocated port 33698 for remote forward to localhost:8443" UTCTime="2015-06-19 20:06:57"
2015-06-19T16:05:57-04:00    ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Bytes per second: sent 66277.2, received 35784.7" UTCTime="2015-06-19 20:05:57"
2015-06-19T16:05:57-04:00    ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Transferred: sent 4208, received 2272 bytes, in 0.1 seconds" UTCTime="2015-06-19 20:05:57"
2015-06-19T16:05:57-04:00    ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Authenticated to expressway.domain.com ([YY.YY.YY.YY]:2222)." UTCTime="2015-06-19 20:05:57"
2015-06-19T16:05:57-04:00    ssh: Event="sshd" Module="openssh" Level="INFO" Detail="RSA+cert host key for IP address 'YY.YY.YY.YY' not in list of known hosts." UTCTime="2015-06-19 20:05:57"
2015-06-19T16:05:57-04:00    ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Allocated port 33698 for remote forward to localhost:8443" UTCTime="2015-06-19 20:05:57"
2015-06-19T16:05:47-04:00    edgeconfigprovisioning: Level="WARNING" Service="ECS" Detail="Request failed" User="('username', 'user3')" Reason="Home CUCM not available - Tried all available UDS" UTCTime="2015-06-19 20:05:47,111"
2015-06-19T16:05:47-04:00    edgeconfigprovisioning: Level="WARNING" Service="UDSManager" Detail="User cluster not found" Identity="('username', 'user3')" Cluster="SVR-CUCM.domain.com" Reason="UC node svr-cucm.domain.com not found" UTCTime="2015-06-19 20:05:47,111"
2015-06-19T16:05:04-04:00    edgeconfigprovisioning: Level="WARNING" Service="ECS" Detail="Request failed" User="('username', 'user4')" Reason="Home CUCM not available - Tried all available UDS" UTCTime="2015-06-19 20:05:04,742"
2015-06-19T16:05:04-04:00    edgeconfigprovisioning: Level="WARNING" Service="UDSManager" Detail="User cluster not found" Identity="('username', 'user4')" Cluster="SVR-CUCM.domain.com" Reason="UC node svr-cucm.domain.com not found" UTCTime="2015-06-19 20:05:04,741"
2015-06-19T16:04:57-04:00    ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Bytes per second: sent 61701.0, received 33313.8" UTCTime="2015-06-19 20:04:57"
2015-06-19T16:04:57-04:00    ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Transferred: sent 4208, received 2272 bytes, in 0.1 seconds" UTCTime="2015-06-19 20:04:57"
2015-06-19T16:04:57-04:00    ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Authenticated to expressway.domain.com ([YY.YY.YY.YY]:2222)." UTCTime="2015-06-19 20:04:57"
2015-06-19T16:04:57-04:00    ssh: Event="sshd" Module="openssh" Level="INFO" Detail="RSA+cert host key for IP address 'YY.YY.YY.YY' not in list of known hosts." UTCTime="2015-06-19 20:04:57"
2015-06-19T16:04:57-04:00    ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Allocated port 33698 for remote forward to localhost:8443" UTCTime="2015-06-19 20:04:57"


XX.XX.XX.XX is internal address of CUCM server
YY.YY.YY.YY is external address of Expressway E

 

What I dont like are these lines

 

2015-06-19T16:09:25-04:00    edgeconfigprovisioning: Level="ERROR" Detail="Certificate verify failure" Server="XX.XX.XX.XX" Reason="No subject alternate name" UTCTime="2015-06-19 20:09:25,967"

 

2015-06-19T16:04:57-04:00    ssh: Event="sshd" Module="openssh" Level="INFO" Detail="RSA+cert host key for IP address 'YY.YY.YY.YY' not in list of known hosts." UTCTime="2015-06-19 20:04:57"

Hi.On Cucm os admin page, go

Hi.

On Cucm os admin page, go to security --> certificate management 

Download tomcat certificate and import it on exp c as trusted CA

Reboot expressway C

 

 

Let me know 

Cheers

 

Carlo

Please rate all helpful posts "The more you help the more you learn"

... Please also post

... Please also post Expressway C decoded Server Certificate 

Thanks

 

Carlo

Please rate all helpful posts "The more you help the more you learn"
Enthusiast

Working on it. Cannot get it

Working on it. Cannot get it to work at all anymore on 8.5.1 :s

 

Tried a restore to working config and nothing

 

The tomcat certs were already in before. I'll post Expressway C cert after

Enthusiast

Certificate:    Data:       

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: xxxxxxx (0xabcdefghijklmon)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2
        Validity
            Not Before: Mar 24 08:17:40 2015 GMT
            Not After : Mar 24 08:17:40 2016 GMT
        Subject: OU=Domain Control Validated, CN=svr-exp-c.domain.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b5:7d:04:73:f1:af:0b:d1:fa:85:e8:ef:3e:9e:
                    91:aa:65:5d:cb:64:f2:24:d9:89:ea:50:02:45:56:
                    9e:61:79:62:91:59:d5:35:ae:12:84:fc:17:6a:97:
                    7e:04:dfjkhdfljkdfjkldfjlkdfjlk77:ad:ba:58:81:
                    65:c5:d3:88:b9:3b:ed:64:bd:6f:e5:22:99:80:53:
                    b7:34:f6:12:d6:e4:f0:1a:55:db:8a:d5:41:2e:19:
                    ad:7e:0a:7b:36:0a:b0:62:d5:16:cb:e8:b6:d8:f1:
                    fd:18:36:8c:02:b5:7a:e0:1f:8c:9b:6f:20:ba:c3:
                    83:c4:9b:89:fa:b6:b9:d1:12:4e:18:90:f0:65:ab:
                    a1:2f:16:ae:fdjkfdjkdfjkdfkjdfj69:36:36:67:24:
                    7d:fa:67:78:86:a9:05:67:ab:ab:d4:b0:84:3a:3e:
                    a1:11:5b:f0:01:f2:f9:f5:42:29:5b:7f:c7:7b:61:
                    24:9c:9b:a9:01:5a:61:76:18:23:9c:17:69:cc:fe:
                    b4:d3:hdhdhdhdhddhdhdhdhdhdhdhdh:3c:e4:58:ae:
                    8b:9b:d7:70:ff:1d:d0:ad:6a:fa:5f:cc:b1:a6:96:
                    43:36:38:23:06:9f:43:0c:0e:ba:f2:f2:12:66:4b:
                    ed:74:c3:69:85:de:9f:12:85:02:fb:d8:e9:13:9a:
                    f0:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:http://crl.godaddy.com/gdig2s1-87.crl

            X509v3 Certificate Policies:
                Policy: 2.16.840.1.114413.1.7.23.1
                  CPS: http://certificates.godaddy.com/repository/

            Authority Information Access:
                OCSP - URI:http://ocsp.godaddy.com/
                CA Issuers - URI:http://certificates.godaddy.com/repository/gdig2.crt

            X509v3 Authority Key Identifier:
                keyid:40:C2:BD:27:8E:CC:34:dndndndndndndnjd:6C:B3:F0:B4:2C:80:CE

            X509v3 Subject Alternative Name:
                DNS:svr-exp-c.domain.com, DNS:www.svr-exp-c.domain.com, DNS:iphone.domain.com, DNS:android.domain.com, DNS:expressway.domain.com
            X509v3 Subject Key Identifier:
                56:BE:A9:74:81:B8:02:A4:Ddkdkdkdkdkdkdkdkdk4B:63:DA:E9:F5:41
    Signature Algorithm: sha256WithRSAEncryption
         98:2b:23:be:62:0e:5c:fc:35:b2:5a:9c:88:84:f1:53:f1:31:
         1f:32:9c:71:4ddhdhdhdhdhdh:09:38:28:c7:ab:db:e3:27:83:
         4d:c6:3b:54:f6:ca:28:d4:d7:86:20:c2:dd:10:45:7f:f5:36:
         f7:79:29:a5:68:24:06:f6:d3:fb:8f:25:8b:40:e5:6a:8e:f4:
         85:e7:1a:00:7a:0f:c9:76:68:43:0e:66:2e:63:bc:ab:d4:33:
         0c:2b:70:b2:47:c8:ddjdjdjdjdjdjdjdjdjdjdjdjdjdj:f1:03:
         2a:45:02:6d:f7:b1:21:61:8c:ca:8b:82:29:08:d5:a9:05:3d:
         fb:75:e3:b7:58:15:eb:1f:1f:78:4f:8b:78:23:07:1f:1e:d9:
         4d:ef:52:07:f9:d7:cc:61:69:0c:d7:4f:54:9b:29:f8:78:e8:
         01:38:8c:12:bc:b3:b4:18:9a:3f:f6:2d:cb:ce:b8:f8:65:9b:
         4e:a5:a7:45:f9:a4:70:11:1f:f3:13:d0:c8:02:0e:eb:e6:45:
         ab:f9:67:bdjhdhdhdjkskskskskskskskskc4:59:08:31:60:e7:
         e2:72:f4:82:83:47:bc:ab:b1:12:5d:4a:a2:ed:9b:11:ad:a6:
         e5:9f:7f:d5:a1:62:9f:79:ef:9c:11:61:fb:1f:d6:90:2b:c3:
         ba:f5:07:ba

 

Enthusiast

Tried again today with 8.5.3

Tried again today with 8.5.3 on C. Did the DNS flush, refreshed servers, uploaded tomcat

Failure again:

Reason="Home CUCM not available - Tried all available UDS"

 

Says my username and password are incorrect on the phone

Jakub.On Exp C go to

Jakub.

On Exp C go to Configuration --> Protocol --> Sip put UDP mode to ON

Try again and let me know

 

Cheers

 

Carlo

 

Please rate all helpful posts "The more you help the more you learn"
Enthusiast

I tried the UDS thing you

I tried the UDS thing you mentioned and it disconnected everyone.

 

I think I'm going to put this on ice since people are beginning to get pissed that they are getting disconnected so often. It's internal but still a live environment.

 

Maybe they'll sort some things out in 8.5.4 or we permanently stay at 8.5.1

Enthusiast

Can you post a screenshot of

Can you post a screenshot of your Certificate page in Expressway C? Trusted CA and Server Certificate?

Please blur or black out anything that I dont need to see

Thanks David,Yes i have

Thanks David,

Yes i have shared this info with TAC but they urge me to upgrade it to 8.5.3 and even that contain the same Bug eventually i have downgraded to 8.5.1 and the problem solved. 

 

Now i am facing other problems :) that Jabber for iPhone gets register but its phone service doesn't come up some times or if it comes there is no voice between internal phone and jabber iPhone.

Thanks.

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards