This is new deployment. Jabber couldn't login from Internet using MRA. During the login process it's able to get the certificate from EDGE.
Problem occurred during the authentication process. Client shown the error as" Can't communicate with Server". Expressway sending the the 503 Service unavailable to Client.
Expressway Version: 8.7
Event="Sending HTTP error response" Status="503" Reason="Service Unavailable" Dst-ip="220.127.116.11" Dst-port="31932" UTCTime="2016-07-14 06:37:05,469"
Event="oauthcb" Detail="SSO access denied" Reason="SSO Disabled" Src-ip="18.104.22.168" Src-port="31932" UTCTime="2016-07-14 06:37:05,468"
Expressway logs for Error
ThreadID="139917890758400" Module="cm-1.XXXXXXXXX" Level="INFO " CodeLocation="SASLManager.cpp:198" Detail="Failed to query auth component for SASL mechanisms"
I have already tried with restarting the XCP Router service in IM&P Server but no luck
Thanks in Advance !!!
Is jabber working properly from internal network ?
For above error in expressway try below:
From Expressway-C, go to Configuration > Unified Communications > IM&P Servers. Select the check box next to each IM&P server and click Refresh servers.
Note: If this does not fix the issue, the XCP Router on the IM&P server also must be restarted.
Okay, are all required ports opened at firewall?
Are all zone showing registered in Exp c&e ?
Is NAT reflection is configured on firewall ?
If all okay then can you attach diagnostic logs (take tcpdump while logging) from Exp c&e ?
Just I have checked attached logs but they are not fully captured, as per logs I can see couple of issues here.
1. TraversalClient Peer 1 Address is not set properly on Exp-C, it should point to public IP address of Exp-E. Can you attach snap shot traversal client zone of Exp-C (specially where peer address is mentioned, at bottom of the page)
2. I'm not able to discover _collab-edge._tls.JUFEXWYE01.cio.gov.bh SRV from public network, have you set SRV & A records correctly at public DNS ?
3. As I have asked earlier, have you configured NAT reflection at firewall ?
Thanks for your efforts.
1) In this deployment , we have dual NIC in Expressway -E. 1 NIC will communicate with Expressway - C another NIC will communicate with internet.
I hope in this scenario, no need to point the Public IP in traversal Zone and NAT Reflection
2) _collab-edge srv record configured properly. Jabber client able to detect the MRA service from outside.
Do you suspects any other points ?
Thanks in advance....
Yes, you are right.
Can you attach diagnostic logs but pls make sure "tcpdump" is checked while collecting logs, so we can see pcap capture once.
We fixed the issue. The problem was in the DNS side, we need add this SRV entry to Internal DNS couse we have multidomain:
priority = 10
weight = 10
port = 8443
SRV hostname = CUCM.internaldomain.com
Try to go through the troubleshooting process in this article by William Bell, see where it fails: