HI tigrepojke.

Can you confirm your CUCM version when you deployed this scenario? You wrote in the post that was using 9.1(2), that's 9.1.2.10000-28, correct?

Thank you very much.

9.1.2.11900-12
 

Worked it out

By default when installing Expressway-E it gets a couple of NICs for internal/external and is required if you cluster them and if you deploy it in a 2 leg scenario, more info in the guides on that stuff.

We have ours in the DMZ as a router-on-a-stick type setup and it is NAT'd to the outside world, so we only need the 1 NIC

In the Expressway-E config go to System>IP and you will see the couple of NICs, look for the setting "Use dual network interfaces" and set it to No.  Requires a restart

Once the Expressway-E was back up, in the Expressway-Cs gui under Status>Unified Communications you will see the error is gone that said "Inactive Jabber"

Hope this helps other people setting this up, and don't rely on your security guy deploying the Expressway-E OVA in your DMZ

Something else that is important.

After changing the above I could log in from outside but I had no-way voice. Going back into System>IP on the Expressway-E there is a box called 'IPv4 static NAT address' and you must populate that with your Public IP of the Expressway-E.  It will require a reboot under Maintenance>Restart Options to take affect.

After that I had voice in both directions

This is for an Expressway-E in a DMZ with one NIC that is setup like a router-on-a-stick with Static NAT.

Hi tigrepojke

Excellent Post - I've exactly the same issue and diabling the second NIC - i'm able to connect in from the outside using Jabber for Window 9.7.

Thanks

Anthony

This worked for me too.  Just wanted to confirm.

Looking at the attached run the diagnostics on your presence servers to see if there are any errors or if any presence services need to be restarted. If that is clear confirm the permissions the SOAP/AXL user on the presence servers. Also check the white list check that they hostnames/IP addresses are exactly the same that is in your UC Services profile

Hello Heathrw

The Presence servers are ok and all services running, the username used on the Expressways for discovering the CUCM and Presence servers has Standard AXL API rights.

I checked the whitelist and it had the Unity servers in there with same hostname as on my CUCM Services profile, I also just now added in the Webex and LDAP servers to the whitelist that are in my Services profile just to be sure. Same result when trying to log in externally

Appreciate the suggestions so far.

The attached screenshot seems to have a problem with Jabber not running on the Expressway-E as opposed to problem with the Presence servers internally

With that error message it suggests your DNS is incorrect. If you have it right then your Jabber client on the outside should throw up certificate errors for the Expressway-E (if using self-signed)

Check you can resolve the external srv record ( _collab-edge._tls.<yourdomain>)  from outside your network, you said you have done nslookup but it is easy to resolve the external srv record internally if you are using a machine on your network. Change the dns server to an external one for testing purposes

_collab-edge._tls.<yourdomain>   

Example - open up cmd prompt

type in     nslookup       (enters nslookup mode)

type in    server 8.8.8.8   (changes default server to googles for this test)

type in    _collab-edge._tls.domain.com

If your external DNS is correct you should get it resolved to your Expressway-E's public IP address

If the DNS part is ok then check logs as per heathrw's advice 

"you can do a TCP dump on the ExpresswayE and set level logging to 2 to see what is happening on that side"

Hi tigrepojke

thank you for responding to my query.

Well, Yes we have tested it from external side and DNS resolves perfectly when it is outside the corporate network.

The next thing that you have mentioned is, 'TCP dump and set level logging to 2" .

Could you possibly elaborate how to do that exactly.

Another question,

About 'Jabber-config.xml' file do we have to create and upload it to tftp servers? Is it mandatory if you are using Jabber 9.7 for Windows?

Regards

M Taha

You can get some logging via Maintenance>Logging and then set it to 4, you can send it to a Syslog server or view it in the webgui via Status>Logs>Event Logs

If you need to get more developer style logs then see this link, I followed this when I implemented it and although I didn't need TCP dump logs the info is there on how to do it

http://ciscocollab.wordpress.com/2014/01/29/deploying-collaboration-edge/

"The best place I found to troubleshoot this stuff was by putting the Expressway-C and E in “Devel mode” to enable the Experimental menu.  (Instructions for this are found on p.207 of the admin guide.)  The reason for this is because the CollabEdge/MRA feature is still considered experimental.  You need to look at the Developer Logs.  You can enable them for debug level as well as collect a tcpdump."

Before you do logging, I would make sure your Expressway-E can resolve all your UC servers by IP and DNS, do that by going to Maintenance>Tools>Network Utilities and using the PING and DNS Lookup tools

I made sure I could get them via IP, hostname and FQDN for example

Ping 10.1.1.1

NSlookup  CUCM01

Nslookup CUCM01.mydomain.com

Thanks for the info. I will try that logging.

Just a quick question, As In your latter part, you have mentioned Express-Way E can resolve all your UC servers.

Actually, here I am bit confused. As all UC servers can be resolved by Host name, FQDN at the ExpresWay C end. No issues at all

But from ExpressWay-E, How it can possibly resolve it as it has the external DNS server IP configured. It can Ping those UC servers though but I didn't actually get this point without the local DNS IP, how it supposed to resolve the hostname? does it have to ?

Regards

M Taha