05-20-2015 08:40 AM - edited 03-17-2019 05:11 PM
Yesterday we upgraded our Expressway C and E to X8.5.2 from X8.2.1
Now, our Jabber for iOS and Jabber for Android devices are disconnecting more frequently. When the application is re-opened, the user is told that their password is wrong. If they re-enter their password, it will connect but will disconnect again eventually.
When switching between the office Wi-Fi and the cellular network, Jabber sometimes reconnects after a long period of time or sometimes never. Sometimes it's IM that doesn't reconnect or sometimes it's Phone Services that does not reconnect.
It is difficult to pinpoint a pattern but it is visibly less stable than the previous version we were using. No other configuration changes have taken place.
Reason for upgrade was due to no ringback tone when dialing outside numbers using Expressway
06-19-2015 10:03 AM
Still on 8.5.1 on the C but 8.5.3 on the E.
I'll give that a shot this afternoon, need to run out to a client first and then back to playing with my Expressway. Thanks for the suggestions
07-11-2015 09:40 PM
Hi community,
Problem here also with MRA setup. Here is what I've currently done and have :
- CUCM 10.5.2
- ExpresswayC and E 8.5.1
- clients : DX80 and Iphone Jabber
Initially jabber was working fine, then upgraded to 8.5.3 and stopped working as everyone said. Now, I've downgraded to 8.5.1 and jabber is working again.
On the other hand, DX80 as mentioned in Release Notes of latest firmware 10.2.4.46, says that it needs the following for MRA to work :
- CUCM 10.5.2 or later
- expressway 8.5.2 or later
- DX80 10.2.4.46 firmware
- certificate on expressway-e signed by public CA (now I have the certificates signed locally - Microsoft machine)
I don't have, yet, certificates signed by public CA, will get there too, but what I think it should be solved first is the error I get in the About device -> Status -> Status messages on my DX80 endpoint, when defining Expressway as connecting to CUCM :
"Not able to resolve service name: example.com", where example.com represents my domain. Still, there is no problem with Expressway responding to iphone jabber requests, as mentioned previously.
I believe I should first solve this problem, so that DX reaches Expressway-Edge and, as mentioned in Release Notes, if there is a problem with the locally generated certificate, I should receive an error or something similar saying that Expressway-E certificate is not being trusted.
Any thoughts community ? Where should I go from here.
Many thanks,
Ciprian.
07-24-2015 01:44 PM
Folks-
I normally don't respond since I am Cisco and have to deal with it every day, but I know where your problem is. It has nothing to do with the 8.5.3 version, but more with an enforcement of how CUCM and IMP must be setup to work with 8.5.3. I would bet money that currently your CUCM and IMP are deployed using IP Addresses in the Server area inside the Database in CUCM. When upgrading to 8.5.3, it seems that it is fixed only to work with FQDN. So you need to migrate/move your Current CUCM/IMP setup to what will be needed anyway for cert deployment and move to FQDN. If you do that, rebuild your MRA settings in Exp-C and verify all things are FQDN, it will start up and work fine.-
Have fun-
Justin Jordan CSE-Collaboration
07-27-2015 06:15 AM
Hi Justin,
Thanks for the suggestion. Is this documented in the MRA deployment in any way?
There is a recommended way of connecting CUCM and VCS/Expressway-C over TLS, but it should work over TCP only, shouldn't it?
Regards
Andre
08-18-2015 04:16 PM
The Justin,
We ran into the error message with X8.6 and all tomcat certs were signed by an internal CA server. However, the server names were listed as IP address still and not FQDN format. I disabled TLS verification on the Expressway Core for the CUCM configuration and was able to authenticate.
I wanted to just confirm, newer versions of Expressway will require CUCM server names to be in FQDN format? Is that documented anywhere? Normally for deployments I always recommend it but in this case we hadn't changed the server name format yet.
06-19-2015 01:20 PM
Tried this afternoon. No dice. Still fails
Here are my logs when both C and E were on 8.5.3. Flushed DNS as suggested. Even tried refreshing the CUCM and IM servers in the UC Config page on the C
2015-06-19T16:09:57-04:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Bytes per second: sent 57098.6, received 30828.9" UTCTime="2015-06-19 20:09:57"
2015-06-19T16:09:57-04:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Transferred: sent 4208, received 2272 bytes, in 0.1 seconds" UTCTime="2015-06-19 20:09:57"
2015-06-19T16:09:57-04:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Authenticated to expressway.domain.com ([YY.YY.YY.YY]:2222)." UTCTime="2015-06-19 20:09:57"
2015-06-19T16:09:57-04:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="RSA+cert host key for IP address 'YY.YY.YY.YY' not in list of known hosts." UTCTime="2015-06-19 20:09:57"
2015-06-19T16:09:57-04:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Allocated port 33698 for remote forward to localhost:8443" UTCTime="2015-06-19 20:09:57"
2015-06-19T16:09:42-04:00 management: Level="INFO" Event="Unified Communications server configuration" Detail="Added CUP cluster" Publisher="SVR-IM.domain.com" Nodes found="1" UTCTime="2015-06-19 20:09:42,749"
2015-06-19T16:09:42-04:00 management: Level="INFO" Event="Unified Communications server configuration" Detail="Adding CUP server" Name="172.10.10.5" Version="10.5.1" UTCTime="2015-06-19 20:09:42,725"
2015-06-19T16:09:42-04:00 management: Level="INFO" Event="Unified Communications server configuration" Detail="Adding CUP cluster" Publisher="SVR-IM.domain.com" UTCTime="2015-06-19 20:09:42,195"
2015-06-19T16:09:37-04:00 edgeconfigprovisioning: Level="WARNING" Service="ECS" Detail="Request failed" User="('username', 'user1')" Reason="Home CUCM not available - Tried all available UDS" UTCTime="2015-06-19 20:09:37,884"
2015-06-19T16:09:25-04:00 edgeconfigprovisioning: Level="ERROR" Detail="Certificate verify failure" Server="XX.XX.XX.XX" Reason="No subject alternate name" UTCTime="2015-06-19 20:09:25,967"
2015-06-19T16:09:17-04:00 management: Level="INFO" Event="Unified Communications server configuration" Detail="Added CUCM cluster" Publisher="SVR-CUCM.domain.com" Nodes="2" Call Managers="1" TFTP servers="1" UTCTime="2015-06-19 20:09:17,18"
2015-06-19T16:09:15-04:00 management: Level="INFO" Event="Unified Communications server configuration" Detail="Adding Call Manager" Name="XX.XX.XX.XX" Version="10.5.1" UTCTime="2015-06-19 20:09:15,750"
2015-06-19T16:09:14-04:00 management: Level="INFO" Event="Unified Communications server configuration" Detail="Adding CUCM cluster" Publisher="SVR-CUCM.domain.com" UTCTime="2015-06-19 20:09:14,871"
2015-06-19T16:08:57-04:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Bytes per second: sent 58755.3, received 31723.4" UTCTime="2015-06-19 20:08:57"
2015-06-19T16:08:57-04:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Transferred: sent 4208, received 2272 bytes, in 0.1 seconds" UTCTime="2015-06-19 20:08:57"
2015-06-19T16:08:57-04:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Authenticated to expressway.domain.com ([YY.YY.YY.YY]:2222)." UTCTime="2015-06-19 20:08:57"
2015-06-19T16:08:57-04:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="RSA+cert host key for IP address 'YY.YY.YY.YY' not in list of known hosts." UTCTime="2015-06-19 20:08:57"
2015-06-19T16:08:57-04:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Allocated port 33698 for remote forward to localhost:8443" UTCTime="2015-06-19 20:08:57"
2015-06-19T16:07:57-04:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Bytes per second: sent 86017.7, received 46443.0" UTCTime="2015-06-19 20:07:57"
2015-06-19T16:07:57-04:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Transferred: sent 4208, received 2272 bytes, in 0.0 seconds" UTCTime="2015-06-19 20:07:57"
2015-06-19T16:07:57-04:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Authenticated to expressway.domain.com ([YY.YY.YY.YY]:2222)." UTCTime="2015-06-19 20:07:57"
2015-06-19T16:07:57-04:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="RSA+cert host key for IP address 'YY.YY.YY.YY' not in list of known hosts." UTCTime="2015-06-19 20:07:57"
2015-06-19T16:07:57-04:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Allocated port 33698 for remote forward to localhost:8443" UTCTime="2015-06-19 20:07:57"
2015-06-19T16:06:57-04:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Bytes per second: sent 78667.3, received 42474.3" UTCTime="2015-06-19 20:06:57"
2015-06-19T16:06:57-04:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Transferred: sent 4208, received 2272 bytes, in 0.1 seconds" UTCTime="2015-06-19 20:06:57"
2015-06-19T16:06:57-04:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Authenticated to expressway.domain.com ([YY.YY.YY.YY]:2222)." UTCTime="2015-06-19 20:06:57"
2015-06-19T16:06:57-04:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="RSA+cert host key for IP address 'YY.YY.YY.YY' not in list of known hosts." UTCTime="2015-06-19 20:06:57"
2015-06-19T16:06:57-04:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Allocated port 33698 for remote forward to localhost:8443" UTCTime="2015-06-19 20:06:57"
2015-06-19T16:05:57-04:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Bytes per second: sent 66277.2, received 35784.7" UTCTime="2015-06-19 20:05:57"
2015-06-19T16:05:57-04:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Transferred: sent 4208, received 2272 bytes, in 0.1 seconds" UTCTime="2015-06-19 20:05:57"
2015-06-19T16:05:57-04:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Authenticated to expressway.domain.com ([YY.YY.YY.YY]:2222)." UTCTime="2015-06-19 20:05:57"
2015-06-19T16:05:57-04:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="RSA+cert host key for IP address 'YY.YY.YY.YY' not in list of known hosts." UTCTime="2015-06-19 20:05:57"
2015-06-19T16:05:57-04:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Allocated port 33698 for remote forward to localhost:8443" UTCTime="2015-06-19 20:05:57"
2015-06-19T16:05:47-04:00 edgeconfigprovisioning: Level="WARNING" Service="ECS" Detail="Request failed" User="('username', 'user3')" Reason="Home CUCM not available - Tried all available UDS" UTCTime="2015-06-19 20:05:47,111"
2015-06-19T16:05:47-04:00 edgeconfigprovisioning: Level="WARNING" Service="UDSManager" Detail="User cluster not found" Identity="('username', 'user3')" Cluster="SVR-CUCM.domain.com" Reason="UC node svr-cucm.domain.com not found" UTCTime="2015-06-19 20:05:47,111"
2015-06-19T16:05:04-04:00 edgeconfigprovisioning: Level="WARNING" Service="ECS" Detail="Request failed" User="('username', 'user4')" Reason="Home CUCM not available - Tried all available UDS" UTCTime="2015-06-19 20:05:04,742"
2015-06-19T16:05:04-04:00 edgeconfigprovisioning: Level="WARNING" Service="UDSManager" Detail="User cluster not found" Identity="('username', 'user4')" Cluster="SVR-CUCM.domain.com" Reason="UC node svr-cucm.domain.com not found" UTCTime="2015-06-19 20:05:04,741"
2015-06-19T16:04:57-04:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Bytes per second: sent 61701.0, received 33313.8" UTCTime="2015-06-19 20:04:57"
2015-06-19T16:04:57-04:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Transferred: sent 4208, received 2272 bytes, in 0.1 seconds" UTCTime="2015-06-19 20:04:57"
2015-06-19T16:04:57-04:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Authenticated to expressway.domain.com ([YY.YY.YY.YY]:2222)." UTCTime="2015-06-19 20:04:57"
2015-06-19T16:04:57-04:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="RSA+cert host key for IP address 'YY.YY.YY.YY' not in list of known hosts." UTCTime="2015-06-19 20:04:57"
2015-06-19T16:04:57-04:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Allocated port 33698 for remote forward to localhost:8443" UTCTime="2015-06-19 20:04:57"
XX.XX.XX.XX is internal address of CUCM server
YY.YY.YY.YY is external address of Expressway E
What I dont like are these lines
2015-06-19T16:09:25-04:00 edgeconfigprovisioning: Level="ERROR" Detail="Certificate verify failure" Server="XX.XX.XX.XX" Reason="No subject alternate name" UTCTime="2015-06-19 20:09:25,967"
2015-06-19T16:04:57-04:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="RSA+cert host key for IP address 'YY.YY.YY.YY' not in list of known hosts." UTCTime="2015-06-19 20:04:57"
06-19-2015 01:37 PM
Hi.
On Cucm os admin page, go to security --> certificate management
Download tomcat certificate and import it on exp c as trusted CA
Reboot expressway C
Let me know
Cheers
Carlo
06-19-2015 01:47 PM
... Please also post Expressway C decoded Server Certificate
Thanks
Carlo
06-19-2015 01:55 PM
Working on it. Cannot get it to work at all anymore on 8.5.1 :s
Tried a restore to working config and nothing
The tomcat certs were already in before. I'll post Expressway C cert after
06-19-2015 02:00 PM
Certificate:
Data:
Version: 3 (0x2)
Serial Number: xxxxxxx (0xabcdefghijklmon)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2
Validity
Not Before: Mar 24 08:17:40 2015 GMT
Not After : Mar 24 08:17:40 2016 GMT
Subject: OU=Domain Control Validated, CN=svr-exp-c.domain.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b5:7d:04:73:f1:af:0b:d1:fa:85:e8:ef:3e:9e:
91:aa:65:5d:cb:64:f2:24:d9:89:ea:50:02:45:56:
9e:61:79:62:91:59:d5:35:ae:12:84:fc:17:6a:97:
7e:04:dfjkhdfljkdfjkldfjlkdfjlk77:ad:ba:58:81:
65:c5:d3:88:b9:3b:ed:64:bd:6f:e5:22:99:80:53:
b7:34:f6:12:d6:e4:f0:1a:55:db:8a:d5:41:2e:19:
ad:7e:0a:7b:36:0a:b0:62:d5:16:cb:e8:b6:d8:f1:
fd:18:36:8c:02:b5:7a:e0:1f:8c:9b:6f:20:ba:c3:
83:c4:9b:89:fa:b6:b9:d1:12:4e:18:90:f0:65:ab:
a1:2f:16:ae:fdjkfdjkdfjkdfkjdfj69:36:36:67:24:
7d:fa:67:78:86:a9:05:67:ab:ab:d4:b0:84:3a:3e:
a1:11:5b:f0:01:f2:f9:f5:42:29:5b:7f:c7:7b:61:
24:9c:9b:a9:01:5a:61:76:18:23:9c:17:69:cc:fe:
b4:d3:hdhdhdhdhddhdhdhdhdhdhdhdh:3c:e4:58:ae:
8b:9b:d7:70:ff:1d:d0:ad:6a:fa:5f:cc:b1:a6:96:
43:36:38:23:06:9f:43:0c:0e:ba:f2:f2:12:66:4b:
ed:74:c3:69:85:de:9f:12:85:02:fb:d8:e9:13:9a:
f0:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.godaddy.com/gdig2s1-87.crl
X509v3 Certificate Policies:
Policy: 2.16.840.1.114413.1.7.23.1
CPS: http://certificates.godaddy.com/repository/
Authority Information Access:
OCSP - URI:http://ocsp.godaddy.com/
CA Issuers - URI:http://certificates.godaddy.com/repository/gdig2.crt
X509v3 Authority Key Identifier:
keyid:40:C2:BD:27:8E:CC:34:dndndndndndndnjd:6C:B3:F0:B4:2C:80:CE
X509v3 Subject Alternative Name:
DNS:svr-exp-c.domain.com, DNS:www.svr-exp-c.domain.com, DNS:iphone.domain.com, DNS:android.domain.com, DNS:expressway.domain.com
X509v3 Subject Key Identifier:
56:BE:A9:74:81:B8:02:A4:Ddkdkdkdkdkdkdkdkdk4B:63:DA:E9:F5:41
Signature Algorithm: sha256WithRSAEncryption
98:2b:23:be:62:0e:5c:fc:35:b2:5a:9c:88:84:f1:53:f1:31:
1f:32:9c:71:4ddhdhdhdhdhdh:09:38:28:c7:ab:db:e3:27:83:
4d:c6:3b:54:f6:ca:28:d4:d7:86:20:c2:dd:10:45:7f:f5:36:
f7:79:29:a5:68:24:06:f6:d3:fb:8f:25:8b:40:e5:6a:8e:f4:
85:e7:1a:00:7a:0f:c9:76:68:43:0e:66:2e:63:bc:ab:d4:33:
0c:2b:70:b2:47:c8:ddjdjdjdjdjdjdjdjdjdjdjdjdjdj:f1:03:
2a:45:02:6d:f7:b1:21:61:8c:ca:8b:82:29:08:d5:a9:05:3d:
fb:75:e3:b7:58:15:eb:1f:1f:78:4f:8b:78:23:07:1f:1e:d9:
4d:ef:52:07:f9:d7:cc:61:69:0c:d7:4f:54:9b:29:f8:78:e8:
01:38:8c:12:bc:b3:b4:18:9a:3f:f6:2d:cb:ce:b8:f8:65:9b:
4e:a5:a7:45:f9:a4:70:11:1f:f3:13:d0:c8:02:0e:eb:e6:45:
ab:f9:67:bdjhdhdhdjkskskskskskskskskc4:59:08:31:60:e7:
e2:72:f4:82:83:47:bc:ab:b1:12:5d:4a:a2:ed:9b:11:ad:a6:
e5:9f:7f:d5:a1:62:9f:79:ef:9c:11:61:fb:1f:d6:90:2b:c3:
ba:f5:07:ba
06-20-2015 04:57 AM
Tried again today with 8.5.3 on C. Did the DNS flush, refreshed servers, uploaded tomcat
Failure again:
Reason="Home CUCM not available - Tried all available UDS"
Says my username and password are incorrect on the phone
06-20-2015 06:05 AM
Jakub.
On Exp C go to Configuration --> Protocol --> Sip put UDP mode to ON
Try again and let me know
Cheers
Carlo
06-22-2015 05:06 AM
I tried the UDS thing you mentioned and it disconnected everyone.
I think I'm going to put this on ice since people are beginning to get pissed that they are getting disconnected so often. It's internal but still a live environment.
Maybe they'll sort some things out in 8.5.4 or we permanently stay at 8.5.1
06-19-2015 09:53 AM
Can you post a screenshot of your Certificate page in Expressway C? Trusted CA and Server Certificate?
Please blur or black out anything that I dont need to see
06-11-2015 01:20 AM
Thanks David,
Yes i have shared this info with TAC but they urge me to upgrade it to 8.5.3 and even that contain the same Bug eventually i have downgraded to 8.5.1 and the problem solved.
Now i am facing other problems :) that Jabber for iPhone gets register but its phone service doesn't come up some times or if it comes there is no voice between internal phone and jabber iPhone.
Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide