Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
440
Views
6
Helpful
3
Replies

Expressway Cluster Second C server fails to communicate with E cluster

themizzz21
Level 1
Level 1

‎01-19-2024 03:39 AM

Hello,

There are two Expressway clusters of C and E expressway servers.

Each cluster contains two servers.

On the primary C server (expc-emea....), the Unified Communications traversal zone peer address communication:

themizzz21_0-1705662807103.png

On the second C server (expc1-emea....), the Unified Communications traversal zone peer address communication:

themizzz21_1-1705663036896.png

themizzz21_2-1705663128712.png

But the Secure Traversal Tests from expc1 to each member of the ExpE cluster are successful:

themizzz21_4-1705663489241.png

themizzz21_5-1705663603626.png

So, the question is: are those failures from the second server of the cluster something normal?

Should I have to resolve the communication issue.

Thank you very much.

 

 

 

Labels:
0 Helpful
3 Replies 3

Shalid Kurunnan Chalil
Spotlight
Spotlight

‎01-19-2024 04:17 AM

 

Hi there,

No, this is not normal. Both Expressway C servers should have an active connection to the Expressway E servers. If I am correct, the secure traversal test checks certificate validation, i.e., the hosts on the Expressway E have trust certificates in their trust store, and vice versa. It validates that the hosts on either side of the servers can identify each other and trust certificate chains. However, for connectivity, the firewall should open port 7001 to allow access from the Expressway C server to the Expressway E server.

Just to be sure, I cross-verified a few of my customers' Expressway clusters, and I can confirm that both Expressway C server zones should be shown as online.

The error looks like the Expressway C is unable to connect with Expressway E servers on port 7001. Please check the firewall settings once.

Regards,

Shalid 

Disclaimer:

Responses are based on personal knowledge and experience. Consider them as guidance. Other members may offer different perspectives or better approaches. No responsibility is assumed for outcomes; discretion is advised.

b.winter
VIP
VIP

‎01-19-2024 04:42 AM

Looks like a connection error. Have you added the rules for the second Exp-C on the FW?
If it would be a certificate issue, you would get something like "TLS negotiation error".

Login to the Exp-C via CLI with root user and test the following command:
wget http://<IP of EXP-E>:7001

And check if you get a "connected" message.
Should look something like this, if the test is good

bwinter_0-1705668111529.png

If that's not working, you most probably will have to check IP routing and / or FW.

Nithin Eluvathingal
VIP
VIP

‎01-19-2024 06:42 AM

As others have already noted, the scenario you reported is unusual. The image you attached indicates that the expressway cannot connect to port 7001. Please verify that the firewall between Expressway C node 2 and the Expressway E server has the ports open as specified in the Expressway port usage guide.

 

NithinEluvathingal_0-1705674521573.png

https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X12-5/Cisco-Expressway-IP-Port-Usage-for-Firewall-Traversal-Deployment-Guide-X12-5.pdf

You can perform a quick check using the method that @b.winter recommended.



Response Signature


Customers Also Viewed These Support Documents