cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4370
Views
0
Helpful
9
Replies

Users can not log on from Internet with Mobile and remote access using Expressway

I'm trying to set up MRA and state expressway in all sessions between Edge and CUCM core and are well displayed. but users can not find the server from internet

9 Replies 9

Jaime Valencia
Cisco Employee
Cisco Employee

Are you able to find the _collab-edge SRV for your servers??

If not, that's what you need to fix.

HTH

java

if this helps, please rate

Yes the collab-edge SRV is found for E. server Exprfessway the problem is when entering user credentials, it displays an error in the application that "can not find server"

 

The SSH tunnel is already configured and the connection TLS also

OK, and what does the logs on EXP-E and EXP-C show about this???

HTH

java

if this helps, please rate

This is logs from Expressway C

2015-10-27T18:51:05-06:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Bytes per second: sent 41578.8, received 23611.8" UTCTime="2015-10-28 00:51:05"
2015-10-27T18:51:05-06:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Transferred: sent 4832, received 2744 bytes, in 0.1 seconds" UTCTime="2015-10-28 00:51:05"
2015-10-27T18:51:05-06:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Authenticated to expe.ad.icsicorp.com.mx ([187.217.209.50]:2222)." UTCTime="2015-10-28 00:51:05"
2015-10-27T18:51:04-06:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="RSA+cert host key for IP address '187.217.209.50' not in list of known hosts." UTCTime="2015-10-28 00:51:04"
2015-10-27T18:51:04-06:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Bytes per second: sent 46139.8, received 26201.9" UTCTime="2015-10-28 00:51:04"
2015-10-27T18:51:04-06:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Transferred: sent 4832, received 2744 bytes, in 0.1 seconds" UTCTime="2015-10-28 00:51:04"
2015-10-27T18:51:04-06:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Authenticated to expe.ad.icsicorp.com.mx ([187.217.209.50]:2222)." UTCTime="2015-10-28 00:51:04"
2015-10-27T18:51:04-06:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="RSA+cert host key for IP address '187.217.209.50' not in list of known hosts." UTCTime="2015-10-28 00:51:04"
2015-10-27T18:51:04-06:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Allocated port 31277 for remote forward to localhost:8443" UTCTime="2015-10-28 00:51:04"
2015-10-27T18:51:04-06:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Allocated port 31144 for remote forward to localhost:8443" UTCTime="2015-10-28 00:51:04"
2015-10-27T18:50:55-06:00 traffic_server[17189]: Event="Request Failed" Detail="Access denied" Reason="Host is not in allow list" Host="cucmbe6k" URL="cucm-uds/servers" UTCTime="2015-10-28 00:50:55,905"
2015-10-27T18:50:05-06:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Bytes per second: sent 51636.5, received 29323.4" UTCTime="2015-10-28 00:50:05"
2015-10-27T18:50:05-06:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Transferred: sent 4832, received 2744 bytes, in 0.1 seconds" UTCTime="2015-10-28 00:50:05"
2015-10-27T18:50:04-06:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="Authenticated to expe.ad.icsicorp.com.mx ([187.217.209.50]:2222)." UTCTime="2015-10-28 00:50:04"
2015-10-27T18:50:04-06:00 ssh: Event="sshd" Module="openssh" Level="INFO" Detail="RSA+cert host key for IP address '187.217.209.50' not in list of known hosts." UTCTime="2015-10-28 00:50:04"

This is logs from Expressway E

2015-10-27T18:51:05-06:00 sshdpfwd[6630]: Received disconnect from 192.168.7.6: 11: disconnected by user
2015-10-27T18:51:05-06:00 sshdpfwd[6628]: Event="sshd" Module="openssh" Level="INFO" Detail="User child is on pid 6630" UTCTime="2015-10-28 00:51:05"
2015-10-27T18:51:05-06:00 sshdpfwd[6628]: Event="sshd" Module="openssh" Level="INFO" Detail="Accepted publickey for pfwd from 192.168.7.6 port 32604 ssh2: RSA+cert c7:18:cc:30:2d:67:fd:a6:4a:31:24:7d:9a:a4:2a:d7" UTCTime="2015-10-28 00:51:05"
2015-10-27T18:51:05-06:00 sshdpfwd[6628]: Event="sshd" Module="openssh" Level="INFO" Detail="Authorized by X509(rsa) : CN=ExpC.ad.icsicorp.com.mx,OU=UC,O=Corporativo ICSI,L=Coatzacoalcos,ST=Veracruz,C=Mx" UTCTime="2015-10-28 00:51:05"
2015-10-27T18:51:04-06:00 sshdpfwd[6628]: Event="sshd" Module="openssh" Level="INFO" Detail="Connection from 192.168.7.6 port 32604 on 192.168.1.131 port 2222" UTCTime="2015-10-28 00:51:04"
2015-10-27T18:51:04-06:00 sshdpfwd: Event="sshd" Module="openssh" Level="INFO" Detail="sshdpfwd run in non-FIPS mode" UTCTime="2015-10-28 00:51:04"
2015-10-27T18:51:04-06:00 sshdpfwd[6628]: Event="sshd" Module="openssh" Level="INFO" Detail="Set /proc/self/oom_score_adj to 0" UTCTime="2015-10-28 00:51:04"
2015-10-27T18:51:04-06:00 sshdpfwd[6623]: Received disconnect from 192.168.7.6: 11: disconnected by user
2015-10-27T18:51:04-06:00 sshdpfwd[6621]: Event="sshd" Module="openssh" Level="INFO" Detail="User child is on pid 6623" UTCTime="2015-10-28 00:51:04"
2015-10-27T18:51:04-06:00 sshdpfwd[6621]: Event="sshd" Module="openssh" Level="INFO" Detail="Accepted publickey for pfwd from 192.168.7.6 port 32602 ssh2: RSA+cert c7:18:cc:30:2d:67:fd:a6:4a:31:24:7d:9a:a4:2a:d7" UTCTime="2015-10-28 00:51:04"
2015-10-27T18:51:04-06:00 sshdpfwd[6621]: Event="sshd" Module="openssh" Level="INFO" Detail="Authorized by X509(rsa) : CN=ExpC.ad.icsicorp.com.mx,OU=UC,O=Corporativo ICSI,L=Coatzacoalcos,ST=Veracruz,C=Mx" UTCTime="2015-10-28 00:51:04"
2015-10-27T18:51:04-06:00 sshdpfwd[6621]: Event="sshd" Module="openssh" Level="INFO" Detail="Connection from 192.168.7.6 port 32602 on 192.168.1.131 port 2222" UTCTime="2015-10-28 00:51:04"
2015-10-27T18:51:04-06:00 sshdpfwd: Event="sshd" Module="openssh" Level="INFO" Detail="sshdpfwd run in non-FIPS mode" UTCTime="2015-10-28 00:51:04"
2015-10-27T18:51:04-06:00 sshdpfwd[6621]: Event="sshd" Module="openssh" Level="INFO" Detail="Set /proc/self/oom_score_adj to 0" UTCTime="2015-10-28 00:51:04"
2015-10-27T18:50:59-06:00 traffic_server[1245]: Event="Sending HTTP error response" Status="404" Reason="Not Found" Dst-ip="187.214.59.254" Dst-port="59977" UTCTime="2015-10-28 00:50:59,209"
2015-10-27T18:50:33-06:00 traffic_server[1245]: Event="Sending HTTP error response" Status="403" Reason="Forbidden" Dst-ip="187.214.59.254" Dst-port="60622" UTCTime="2015-10-28 00:50:33,295"
2015-10-27T18:50:33-06:00 traffic_server[1245]: Event="oauthcb" Detail="SSO access denied" Reason="SSO Disabled" Src-ip="187.214.59.254" Src-port="60622" UTCTime="2015-10-28 00:50:33,295"
2015-10-27T18:50:12-06:00 traffic_server[1245]: Event="Sending HTTP error response" Status="403" Reason="Forbidden" Dst-ip="187.214.59.254" Dst-port="53244" UTCTime="2015-10-28 00:50:12,421"
2015-10-27T18:50:12-06:00 traffic_server[1245]: Event="oauthcb" Detail="SSO access denied" Reason="SSO Disabled" Src-ip="187.214.59.254" Src-port="53244" UTCTime="2015-10-28 00:50:12,420"
2015-10-27T18:50:05-06:00 sshdpfwd[6544]: Received disconnect from 192.168.7.6: 11: disconnected by user
2015-10-27T18:50:04-06:00 sshdpfwd[6542]: Event="sshd" Module="openssh" Level="INFO" Detail="User child is on pid 6544" UTCTime="2015-10-28 00:50:04"
2015-10-27T18:50:04-06:00 sshdpfwd[6542]: Event="sshd" Module="openssh" Level="INFO" Detail="Accepted publickey for pfwd from 192.168.7.6 port 32566 ssh2: RSA+cert c7:18:cc:30:2d:67:fd:a6:4a:31:24:7d:9a:a4:2a:d7" UTCTime="2015-10-28 00:50:04"
2015-10-27T18:50:04-06:00 sshdpfwd[6542]: Event="sshd" Module="openssh" Level="INFO" Detail="Authorized by X509(rsa) : CN=ExpC.ad.icsicorp.com.mx,OU=UC,O=Corporativo ICSI,L=Coatzacoalcos,ST=Veracruz,C=Mx" UTCTime="2015-10-28 00:50:04"
2015-10-27T18:50:04-06:00 sshdpfwd[6542]: Event="sshd" Module="openssh" Level="INFO" Detail="Connection from 192.168.7.6 port 32566 on 192.168.1.131 port 2222" UTCTime="2015-10-28 00:50:04"
2015-10-27T18:50:04-06:00 sshdpfwd: Event="sshd" Module="openssh" Level="INFO" Detail="sshdpfwd run in non-FIPS mode" UTCTime="2015-10-28 00:50:04"
2015-10-27T18:50:04-06:00 sshdpfwd[6542]: Event="sshd" Module="openssh" Level="INFO" Detail="Set /proc/self/oom_score_adj to 0" UTCTime="2015-10-28 00:50:04"

Sandro Nardi
Spotlight
Spotlight

Hi Jose.

is the domain of the user login includend in the "Domains" list of the Expressway C?

which SRV record have you configured on the internal DNS?

Regards

Sandro

CUCM | IM&P <---> Expresway-C <---> Expressway-E <---> Jabber Client

CUCM: 192.168.7.3 --- CUCMBE6K.ad.icsicorp.com.mx
IM&P: 192.168.7.5 --- CUIMPBE6K.ad.icsicorp.com.mx
Expressway-C: 192.168.7.6 --- ExpC.ad.icsicorp.com.mx
Internal DNS: 192.168.5.1
Expressway-E: 192.168.1.131 --- ExpE.ad.icsicorp.com.mx
External-DNS: 192.168.5.3
External-DNS2: 8.8.8.8


In the Outside:
_collab-edge._tls.ad.icsicorp.com.mx is SRV resolved to ExpE.ad.icsicorp.com.mx 8443 -> OK!
ExpE.ad.icsicorp.com.mx is A resolved to 187.217.209.50 -> OK!


In the Inside:
_cisco-uds._tcp.ad.icsicorp.com.mx is SRV resolved to 192.168.7.3 -> OK!
_cuplogin._tcp.ad.icsicorp.com.mx is SRV resolved to 192.168.7.5 -> OK!
ExpC.ad.icsicorp.com.mx is A resolved to 192.168.7.6 -> OK!

I have the same issue, resolved witha a packet capture on the expressway C

Maintenance -> Diagnostic -> Diagnostic logging

check - Take tcpdump while logging

during the MRA log in the EXP-C replicate the client request on the corporate networ.

here the additional record requested from the client during the registration

SRV _cisco-phone-tftp._tcp.yourdomain 3600 IN SRV 0 0 69 yourcucm
SRV _cisco-phone-http._tcp.yourdomain 3600 IN SRV 0 0 80 yourcucm
SRV _xmpp-server._tcp.yourdomain 3600 IN SRV 0 0 5269 yourpresence

Adding this record worked for me.

just to be sure chek the DNS resolution from the EXP-C prospective

Maintenance -> Tools -> network utility -> DNS lookup

Regards Sandro

mneira099
Level 1
Level 1

Hi Jose,

Did you get this issue solved?

I'm having the same issue...

Miguel Neira