We have deployed sucessfully VCS Expressway-C and VCS Expressway-E with only 1 zone which is "Unified Communication Traversal" and is for Mobile and Remote Access only. VCS-C and VCS-E are communicating and in statuses everything is active and working. Also VCS-C can communicate with CUCM and CUP (both version 10.5).
Problem is when I deploy Cisco Jabber 10.5.1 on computer outside of LAN and without VPN it start communicating with VCS-E, ask me for accepting certificate (we have certificate only intenally generated on Windows CA) and after that it is trying to connect and after few seconds it will tell me that it can't communicate with server.
Did any of you had same problem or can you advice how to troubleshoot? In Jabber logs there is only something like "Cannot authenticate" error message, but when I startup VPN I can authenticate without any problems.
On Expressway-C are your HTTP Allow Lists setup properly? By default, and auto discovered CUCM and IMP should be listed via IP and Hostname, but if not, you'll need to insert manually.
Also, you can look at the config file your Expressway-E would be handing out to Jabber via this method.
From the internet, browse to:
The XML returned is basically the DNS SRV record information available as if internal for _cisco-uds and _cuplogin
TFTP DNS SRV is optional if you configured TFTP in IMP for your Legacy Clients.
It looks like CUP server bug.
We had 10.5 RTM version. I have upgraded to UCSInstall_CUP_10.5.1.12900-2 after I've created this question and also renamed my VCS-E server hostname to match my CUP domain when clients are looking from outside.
Example: I had vcs-e.domain.com and I have renamed to vcs-e.cz.domain.com (as my CUP domain is cz.domain.com) and updated SRV records to match new hostname.
So I don't know if it was bug, or incompatibility between CUP 10.5 RTM and VCS 8.2.2 but now after these 2 changes I'm able to login with mobile and remote access normally. No change in configuration, just upgrade CUP and external hostname change of VCS-E.
i had problems that after changing the hostname on Edge and matching it with DNS records it worked, so probably this configuration change fixed your issue.