cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
38163
Views
38
Helpful
55
Replies

Mobile Remote Access Expressway - Inactive Jabber

Andrew M12
Level 1
Level 1

Have deployed an Expressway-C on the internal and Expressway-E on the DMZ, followed the config guide here, have checked it through 4-5 times now and satisfied everything is configured correctly

www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-1/Mobile-Remote-Access-via-Expressway-Deployment-Guide-X8-1-1.pdf

CUCM version is 9.1(2)

IM + P version is 9.1(1)

Jabber for Windows is 9.7

Jabber for Iphone/Android is 9.6

All Jabbers connect fine inside the network, when on the outside they reach the Expressway-E ok but then get an error “Cannot locate server. Check your server address. If the problem persists, contact your system administrator. Send problem report”


When checking the problem report I see this output on all failed connections (Iphones and Androids)

05-08 16:22:08.863 32374 32374 I         : INFO [0x40028ffc] [ts/adapters/imp/components/Login.cpp(90)] [imp.service] [OnLoginError] - ****************************************************************
05-08 16:22:08.863 32374 32374 I         : INFO [0x40028ffc] [ts/adapters/imp/components/Login.cpp(91)] [imp.service] [OnLoginError] - OnLoginError: (data=0) LERR_JABBER_UNREACHABLE <14>:
05-08 16:22:08.863 32374 32374 I         : INFO [0x40028ffc] [ts/adapters/imp/components/Login.cpp(92)] [imp.service] [OnLoginError] - ****************************************************************


I looked up LERR_JABBER_UNREACHABLE and found this blog about it being a bug for Jabber over VPN which is the opposite of Mobile Remote Access, however I still tried the workaround for the bug but it didn't help

http://blog.prorouting.com/2013/12/cisco-jabber-on-iphone-through-asa-vpn.html

 

Checking on the Expressway-C under Status>Unified Communications I do see an error about Inactive Jabber on the Expressway-E so unsure if this is the cause. Could find no info on this error message in the setup guide or on google

(note – the 2 alarms bubble is just about how I haven’t changed the default passwords, no alarms relating to this Inactive Jabber)

 

 

Has anyone else seen this problem yet and knows how to resolve it?

55 Replies 55

You should enter your public IP address in the Field "IPv4 static NAT address" not the local address.

Anyway, you may have some media problems in this scenario, make sure you have all the NATs (or PATs in your case) allowing the media traffic correctly.

HI tigrepojke.

Can you confirm your CUCM version when you deployed this scenario? You wrote in the post that was using 9.1(2), that's 9.1.2.10000-28, correct?

 

Thank you very much.

 

 

9.1.2.11900-12
 

Worked it out

By default when installing Expressway-E it gets a couple of NICs for internal/external and is required if you cluster them and if you deploy it in a 2 leg scenario, more info in the guides on that stuff.

 

We have ours in the DMZ as a router-on-a-stick type setup and it is NAT'd to the outside world, so we only need the 1 NIC

 

In the Expressway-E config go to System>IP and you will see the couple of NICs, look for the setting "Use dual network interfaces" and set it to No.  Requires a restart

 

Something else that is important.

After changing the above I could log in from outside but I had no-way voice. Going back into System>IP on the Expressway-E there is a box called 'IPv4 static NAT address' and you must populate that with your Public IP of the Expressway-E.  It will require a reboot under Maintenance>Restart Options to take affect.

After that I had voice in both directions

This is for an Expressway-E in a DMZ with one NIC that is setup like a router-on-a-stick with Static NAT.

Hi

 

 

 

 

This worked for me too.  Just wanted to confirm.

Looking at the attached run the diagnostics on your presence servers to see if there are any errors or if any presence services need to be restarted. If that is clear confirm the permissions the SOAP/AXL user on the presence servers. Also check the white list check that they hostnames/IP addresses are exactly the same that is in your UC Services profile

Hello Heathrw

The Presence servers are ok and all services running, the username used on the Expressways for discovering the CUCM and Presence servers has Standard AXL API rights.

I checked the whitelist and it had the Unity servers in there with same hostname as on my CUCM Services profile, I also just now added in the Webex and LDAP servers to the whitelist that are in my Services profile just to be sure. Same result when trying to log in externally

Appreciate the suggestions so far.

 

The attached screenshot seems to have a problem with Jabber not running on the Expressway-E as opposed to problem with the Presence servers internally

 

 

 

 

Hi tigrepojke and heathrw,

Just got into similar problem while looking into configuration for MRA.

- I do have CUCM 10 and CM IM&P 10 with Expressway X8.1.1

- Done with DNS SRV and A records for internal and External DNS and verified by nslookup. 

- We have deployed the ExpressWay E as in Router on stick on DMZ natted with Public IP ( Same as user "tigrepojke" scenario )

- Configured ExpressWay C And E with TLS ON and certificates being uploaded and do have a Active status in Unified communication and Traversal zone.

I am using Cisco Jabber 9.7 for Windows but when i am trying to sign in from outside I am getting an error, "cannot communicate with the server"

 

Here I am kind of lost to where and which part needs to be checked or where to further dig into?

Your assistance and help would be appreciated.

Let me know if you guys need any more detail.

P.S. I have attached screenshot for your reference

Regards

M Taha

With that error message it suggests your DNS is incorrect. If you have it right then your Jabber client on the outside should throw up certificate errors for the Expressway-E (if using self-signed)

 

Check you can resolve the external srv record ( _collab-edge._tls.<yourdomain>)  from outside your network, you said you have done nslookup but it is easy to resolve the external srv record internally if you are using a machine on your network. Change the dns server to an external one for testing purposes

 

_collab-edge._tls.<yourdomain>   

 

Example - open up cmd prompt

type in     nslookup       (enters nslookup mode)

type in    server 8.8.8.8   (changes default server to googles for this test)

type in    _collab-edge._tls.domain.com

 

If your external DNS is correct you should get it resolved to your Expressway-E's public IP address

 

 

If the DNS part is ok then check logs as per heathrw's advice 

 

"you can do a TCP dump on the ExpresswayE and set level logging to 2 to see what is happening on that side"

 

 

 

Hi tigrepojke

thank you for responding to my query.

Well, Yes we have tested it from external side and DNS resolves perfectly when it is outside the corporate network.

The next thing that you have mentioned is, 'TCP dump and set level logging to 2" .

Could you possibly elaborate how to do that exactly.

Another question,

About 'Jabber-config.xml' file do we have to create and upload it to tftp servers? Is it mandatory if you are using Jabber 9.7 for Windows?

Regards

M Taha

 

You can get some logging via Maintenance>Logging and then set it to 4, you can send it to a Syslog server or view it in the webgui via Status>Logs>Event Logs

 

If you need to get more developer style logs then see this link, I followed this when I implemented it and although I didn't need TCP dump logs the info is there on how to do it

http://ciscocollab.wordpress.com/2014/01/29/deploying-collaboration-edge/

 

"The best place I found to troubleshoot this stuff was by putting the Expressway-C and E in “Devel mode” to enable the Experimental menu.  (Instructions for this are found on p.207 of the admin guide.)  The reason for this is because the CollabEdge/MRA feature is still considered experimental.  You need to look at the Developer Logs.  You can enable them for debug level as well as collect a tcpdump."

 

Before you do logging, I would make sure your Expressway-E can resolve all your UC servers by IP and DNS, do that by going to Maintenance>Tools>Network Utilities and using the PING and DNS Lookup tools

I made sure I could get them via IP, hostname and FQDN for example

Ping 10.1.1.1

NSlookup  CUCM01

Nslookup CUCM01.mydomain.com

 

Thanks for the info. I will try that logging.

Just a quick question, As In your latter part, you have mentioned Express-Way E can resolve all your UC servers.

Actually, here I am bit confused. As all UC servers can be resolved by Host name, FQDN at the ExpresWay C end. No issues at all

 

But from ExpressWay-E, How it can possibly resolve it as it has the external DNS server IP configured. It can Ping those UC servers though but I didn't actually get this point without the local DNS IP, how it supposed to resolve the hostname? does it have to ?

Regards

M Taha