You should enter your public IP address in the Field "IPv4 static NAT address" not the local address.
Anyway, you may have some media problems in this scenario, make sure you have all the NATs (or PATs in your case) allowing the media traffic correctly.
Can you confirm your CUCM version when you deployed this scenario? You wrote in the post that was using 9.1(2), that's 22.214.171.12400-28, correct?
Thank you very much.
Worked it out
By default when installing Expressway-E it gets a couple of NICs for internal/external and is required if you cluster them and if you deploy it in a 2 leg scenario, more info in the guides on that stuff.
We have ours in the DMZ as a router-on-a-stick type setup and it is NAT'd to the outside world, so we only need the 1 NIC
In the Expressway-E config go to System>IP and you will see the couple of NICs, look for the setting "Use dual network interfaces" and set it to No. Requires a restart
Something else that is important.
After changing the above I could log in from outside but I had no-way voice. Going back into System>IP on the Expressway-E there is a box called 'IPv4 static NAT address' and you must populate that with your Public IP of the Expressway-E. It will require a reboot under Maintenance>Restart Options to take affect.
After that I had voice in both directions
This is for an Expressway-E in a DMZ with one NIC that is setup like a router-on-a-stick with Static NAT.
Excellent Post - I've exactly the same issue and diabling the second NIC - i'm able to connect in from the outside using Jabber for Window 9.7.
Looking at the attached run the diagnostics on your presence servers to see if there are any errors or if any presence services need to be restarted. If that is clear confirm the permissions the SOAP/AXL user on the presence servers. Also check the white list check that they hostnames/IP addresses are exactly the same that is in your UC Services profile
The Presence servers are ok and all services running, the username used on the Expressways for discovering the CUCM and Presence servers has Standard AXL API rights.
I checked the whitelist and it had the Unity servers in there with same hostname as on my CUCM Services profile, I also just now added in the Webex and LDAP servers to the whitelist that are in my Services profile just to be sure. Same result when trying to log in externally
Appreciate the suggestions so far.
The attached screenshot seems to have a problem with Jabber not running on the Expressway-E as opposed to problem with the Presence servers internally
Hi tigrepojke and heathrw,
Just got into similar problem while looking into configuration for MRA.
- I do have CUCM 10 and CM IM&P 10 with Expressway X8.1.1
- Done with DNS SRV and A records for internal and External DNS and verified by nslookup.
- We have deployed the ExpressWay E as in Router on stick on DMZ natted with Public IP ( Same as user "tigrepojke" scenario )
- Configured ExpressWay C And E with TLS ON and certificates being uploaded and do have a Active status in Unified communication and Traversal zone.
I am using Cisco Jabber 9.7 for Windows but when i am trying to sign in from outside I am getting an error, "cannot communicate with the server"
Here I am kind of lost to where and which part needs to be checked or where to further dig into?
Your assistance and help would be appreciated.
Let me know if you guys need any more detail.
P.S. I have attached screenshot for your reference
With that error message it suggests your DNS is incorrect. If you have it right then your Jabber client on the outside should throw up certificate errors for the Expressway-E (if using self-signed)
Check you can resolve the external srv record ( _collab-edge._tls.<yourdomain>) from outside your network, you said you have done nslookup but it is easy to resolve the external srv record internally if you are using a machine on your network. Change the dns server to an external one for testing purposes
Example - open up cmd prompt
type in nslookup (enters nslookup mode)
type in server 126.96.36.199 (changes default server to googles for this test)
type in _collab-edge._tls.domain.com
If your external DNS is correct you should get it resolved to your Expressway-E's public IP address
If the DNS part is ok then check logs as per heathrw's advice
"you can do a TCP dump on the ExpresswayE and set level logging to 2 to see what is happening on that side"
thank you for responding to my query.
Well, Yes we have tested it from external side and DNS resolves perfectly when it is outside the corporate network.
The next thing that you have mentioned is, 'TCP dump and set level logging to 2" .
Could you possibly elaborate how to do that exactly.
About 'Jabber-config.xml' file do we have to create and upload it to tftp servers? Is it mandatory if you are using Jabber 9.7 for Windows?
You can get some logging via Maintenance>Logging and then set it to 4, you can send it to a Syslog server or view it in the webgui via Status>Logs>Event Logs
If you need to get more developer style logs then see this link, I followed this when I implemented it and although I didn't need TCP dump logs the info is there on how to do it
"The best place I found to troubleshoot this stuff was by putting the Expressway-C and E in “Devel mode” to enable the Experimental menu. (Instructions for this are found on p.207 of the admin guide.) The reason for this is because the CollabEdge/MRA feature is still considered experimental. You need to look at the Developer Logs. You can enable them for debug level as well as collect a tcpdump."
Before you do logging, I would make sure your Expressway-E can resolve all your UC servers by IP and DNS, do that by going to Maintenance>Tools>Network Utilities and using the PING and DNS Lookup tools
I made sure I could get them via IP, hostname and FQDN for example
Thanks for the info. I will try that logging.
Just a quick question, As In your latter part, you have mentioned Express-Way E can resolve all your UC servers.
Actually, here I am bit confused. As all UC servers can be resolved by Host name, FQDN at the ExpresWay C end. No issues at all
But from ExpressWay-E, How it can possibly resolve it as it has the external DNS server IP configured. It can Ping those UC servers though but I didn't actually get this point without the local DNS IP, how it supposed to resolve the hostname? does it have to ?