Yes I have configured proper TCT device.
I did not try from internal network because everyone is working from home
I'd start by reviewing a PRT and then move on to expressway logs if there are not enough details of the issue in the PRT.
To troubleshoot, go on Expressway->Status->Unified Communications status. If something is broken it would show up on Expressway-C.
Other tool is the Collaboration Analyzer https://cway.cisco.com/csa/ which simulates a Jabber login. You can find some details on both tools to address your issue.
See when you are able to login which means Internet to Expressway to CUCM the connectivity as well as SRV records to find the respective servers are all good & if any ldap integration it's all good. However Calling service is not working then I advise you check configurations of CUCM & IMP integration as well as the services on the CUCM.
Also try to logging using the same user from Internal network & then try.
Also try logging the user from another device
If you can share some logs or snapshot of the errors it may help to identify the exact issue.
I advise to check Jabber PRT, Expressway logs, CUCM CCM logs.