07-14-2016 12:00 AM - edited 03-17-2019 06:14 PM
Hi ,
This is new deployment. Jabber couldn't login from Internet using MRA. During the login process it's able to get the certificate from EDGE.
Problem occurred during the authentication process. Client shown the error as" Can't communicate with Server". Expressway sending the the 503 Service unavailable to Client.
Expressway Version: 8.7
Event Log:
Event="Sending HTTP error response" Status="503" Reason="Service Unavailable" Dst-ip="94.76.48.253" Dst-port="31932" UTCTime="2016-07-14 06:37:05,469"
Event="oauthcb" Detail="SSO access denied" Reason="SSO Disabled" Src-ip="94.76.48.253" Src-port="31932" UTCTime="2016-07-14 06:37:05,468"
Expressway logs for Error
ThreadID="139917890758400" Module="cm-1.XXXXXXXXX" Level="INFO " CodeLocation="SASLManager.cpp:198" Detail="Failed to query auth component for SASL mechanisms"
I have already tried with restarting the XCP Router service in IM&P Server but no luck
Thanks in Advance !!!
07-14-2016 12:21 AM
Is jabber working properly from internal network ?
For above error in expressway try below:
From Expressway-C, go to Configuration > Unified Communications > IM&P Servers. Select the check box next to each IM&P server and click Refresh servers.
Note: If this does not fix the issue, the XCP Router on the IM&P server also must be restarted.
http://www.cisco.com/c/en/us/support/docs/unified-communications/expressway/118798-technote-cucm-00.html
Suresh
07-14-2016 12:23 AM
Hi Suresh,
I have tried this already but no luck.
Thanks
07-14-2016 12:51 AM
Okay, are all required ports opened at firewall?
Are all zone showing registered in Exp c&e ?
Is NAT reflection is configured on firewall ?
If all okay then can you attach diagnostic logs (take tcpdump while logging) from Exp c&e ?
Suresh
07-14-2016 01:43 AM
07-17-2016 04:19 AM
Just I have checked attached logs but they are not fully captured, as per logs I can see couple of issues here.
1. TraversalClient Peer 1 Address is not set properly on Exp-C, it should point to public IP address of Exp-E. Can you attach snap shot traversal client zone of Exp-C (specially where peer address is mentioned, at bottom of the page)
2. I'm not able to discover _collab-edge._tls.JUFEXWYE01.cio.gov.bh SRV from public network, have you set SRV & A records correctly at public DNS ?
3. As I have asked earlier, have you configured NAT reflection at firewall ?
Suresh
07-17-2016 04:19 AM
Hi Suresh,
Thanks for your efforts.
1) In this deployment , we have dual NIC in Expressway -E. 1 NIC will communicate with Expressway - C another NIC will communicate with internet.
I hope in this scenario, no need to point the Public IP in traversal Zone and NAT Reflection
2) _collab-edge srv record configured properly. Jabber client able to detect the MRA service from outside.
Do you suspects any other points ?
Thanks in advance....
07-17-2016 09:13 AM
Yes, you are right.
Can you attach diagnostic logs but pls make sure "tcpdump" is checked while collecting logs, so we can see pcap capture once.
Suresh
07-18-2016 05:26 AM
Hi Suresh,
Sure. I will get back to you shortly.
08-23-2016 08:43 AM
Hello,
Did you fix the issue? I have exactly the same issue in the same scenario...
Thanks.
08-23-2016 09:41 AM
Hi Eduardo,
Unfortunately didn't get the opportunity to work on the specific setup to continue the troubleshooting...
Thanks
08-24-2016 07:42 AM
Hi,
We fixed the issue. The problem was in the DNS side, we need add this SRV entry to Internal DNS couse we have multidomain:
_cisco-uds._tcp.publicdomain.com
priority = 10
weight = 10
port = 8443
SRV hostname = CUCM.internaldomain.com
08-23-2016 07:54 PM
Try to go through the troubleshooting process in this article by William Bell, see where it fails:
http://www.netcraftsmen.com/cisco-mobile-remote-access-troubleshooting-basic-connectivity/
08-24-2016 01:41 PM
Hi Sri
Is it Single or Multiple Domain Deployment
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide