05-09-2014 04:14 AM - edited 03-13-2019 08:33 PM
Have deployed an Expressway-C on the internal and Expressway-E on the DMZ, followed the config guide here, have checked it through 4-5 times now and satisfied everything is configured correctly
CUCM version is 9.1(2)
IM + P version is 9.1(1)
Jabber for Windows is 9.7
Jabber for Iphone/Android is 9.6
All Jabbers connect fine inside the network, when on the outside they reach the Expressway-E ok but then get an error “Cannot locate server. Check your server address. If the problem persists, contact your system administrator. Send problem report”
When checking the problem report I see this output on all failed connections (Iphones and Androids)
05-08 16:22:08.863 32374 32374 I : INFO [0x40028ffc] [ts/adapters/imp/components/Login.cpp(90)] [imp.service] [OnLoginError] - ****************************************************************
05-08 16:22:08.863 32374 32374 I : INFO [0x40028ffc] [ts/adapters/imp/components/Login.cpp(91)] [imp.service] [OnLoginError] - OnLoginError: (data=0) LERR_JABBER_UNREACHABLE <14>:
05-08 16:22:08.863 32374 32374 I : INFO [0x40028ffc] [ts/adapters/imp/components/Login.cpp(92)] [imp.service] [OnLoginError] - ****************************************************************
I looked up LERR_JABBER_UNREACHABLE and found this blog about it being a bug for Jabber over VPN which is the opposite of Mobile Remote Access, however I still tried the workaround for the bug but it didn't help
http://blog.prorouting.com/2013/12/cisco-jabber-on-iphone-through-asa-vpn.html
Checking on the Expressway-C under Status>Unified Communications I do see an error about Inactive Jabber on the Expressway-E so unsure if this is the cause. Could find no info on this error message in the setup guide or on google
(note – the 2 alarms bubble is just about how I haven’t changed the default passwords, no alarms relating to this Inactive Jabber)
Has anyone else seen this problem yet and knows how to resolve it?
Solved! Go to Solution.
02-18-2016 02:26 AM
You should enter your public IP address in the Field "IPv4 static NAT address" not the local address.
Anyway, you may have some media problems in this scenario, make sure you have all the NATs (or PATs in your case) allowing the media traffic correctly.
01-12-2015 09:33 AM
HI tigrepojke.
Can you confirm your CUCM version when you deployed this scenario? You wrote in the post that was using 9.1(2), that's 9.1.2.10000-28, correct?
Thank you very much.
01-13-2015 12:56 AM
9.1.2.11900-12
05-12-2014 03:38 PM
Worked it out
By default when installing Expressway-E it gets a couple of NICs for internal/external and is required if you cluster them and if you deploy it in a 2 leg scenario, more info in the guides on that stuff.
We have ours in the DMZ as a router-on-a-stick type setup and it is NAT'd to the outside world, so we only need the 1 NIC
In the Expressway-E config go to System>IP and you will see the couple of NICs, look for the setting "Use dual network interfaces" and set it to No. Requires a restart
05-13-2014 08:19 AM
Something else that is important.
After changing the above I could log in from outside but I had no-way voice. Going back into System>IP on the Expressway-E there is a box called 'IPv4 static NAT address' and you must populate that with your Public IP of the Expressway-E. It will require a reboot under Maintenance>Restart Options to take affect.
After that I had voice in both directions
This is for an Expressway-E in a DMZ with one NIC that is setup like a router-on-a-stick with Static NAT.
07-03-2014 10:11 PM
Hi tigrepojke
Excellent Post - I've exactly the same issue and diabling the second NIC - i'm able to connect in from the outside using Jabber for Window 9.7.
Thanks
Anthony
01-27-2015 08:53 AM
This worked for me too. Just wanted to confirm.
05-12-2014 02:40 AM
Looking at the attached run the diagnostics on your presence servers to see if there are any errors or if any presence services need to be restarted. If that is clear confirm the permissions the SOAP/AXL user on the presence servers. Also check the white list check that they hostnames/IP addresses are exactly the same that is in your UC Services profile
05-12-2014 03:14 AM
Hello Heathrw
The Presence servers are ok and all services running, the username used on the Expressways for discovering the CUCM and Presence servers has Standard AXL API rights.
I checked the whitelist and it had the Unity servers in there with same hostname as on my CUCM Services profile, I also just now added in the Webex and LDAP servers to the whitelist that are in my Services profile just to be sure. Same result when trying to log in externally
Appreciate the suggestions so far.
The attached screenshot seems to have a problem with Jabber not running on the Expressway-E as opposed to problem with the Presence servers internally
07-21-2014 06:09 AM
07-21-2014 06:10 AM
Hi tigrepojke and heathrw,
Just got into similar problem while looking into configuration for MRA.
- I do have CUCM 10 and CM IM&P 10 with Expressway X8.1.1
- Done with DNS SRV and A records for internal and External DNS and verified by nslookup.
- We have deployed the ExpressWay E as in Router on stick on DMZ natted with Public IP ( Same as user "tigrepojke" scenario )
- Configured ExpressWay C And E with TLS ON and certificates being uploaded and do have a Active status in Unified communication and Traversal zone.
I am using Cisco Jabber 9.7 for Windows but when i am trying to sign in from outside I am getting an error, "cannot communicate with the server"
Here I am kind of lost to where and which part needs to be checked or where to further dig into?
Your assistance and help would be appreciated.
Let me know if you guys need any more detail.
P.S. I have attached screenshot for your reference
Regards
M Taha
07-21-2014 07:25 AM
With that error message it suggests your DNS is incorrect. If you have it right then your Jabber client on the outside should throw up certificate errors for the Expressway-E (if using self-signed)
Check you can resolve the external srv record ( _collab-edge._tls.<yourdomain>) from outside your network, you said you have done nslookup but it is easy to resolve the external srv record internally if you are using a machine on your network. Change the dns server to an external one for testing purposes
_collab-edge._tls.<yourdomain>
Example - open up cmd prompt
type in nslookup (enters nslookup mode)
type in server 8.8.8.8 (changes default server to googles for this test)
type in _collab-edge._tls.domain.com
If your external DNS is correct you should get it resolved to your Expressway-E's public IP address
If the DNS part is ok then check logs as per heathrw's advice
"you can do a TCP dump on the ExpresswayE and set level logging to 2 to see what is happening on that side"
07-22-2014 03:15 AM
Hi tigrepojke
thank you for responding to my query.
Well, Yes we have tested it from external side and DNS resolves perfectly when it is outside the corporate network.
The next thing that you have mentioned is, 'TCP dump and set level logging to 2" .
Could you possibly elaborate how to do that exactly.
Another question,
About 'Jabber-config.xml' file do we have to create and upload it to tftp servers? Is it mandatory if you are using Jabber 9.7 for Windows?
Regards
M Taha
07-22-2014 03:37 AM
You can get some logging via Maintenance>Logging and then set it to 4, you can send it to a Syslog server or view it in the webgui via Status>Logs>Event Logs
If you need to get more developer style logs then see this link, I followed this when I implemented it and although I didn't need TCP dump logs the info is there on how to do it
http://ciscocollab.wordpress.com/2014/01/29/deploying-collaboration-edge/
"The best place I found to troubleshoot this stuff was by putting the Expressway-C and E in “Devel mode” to enable the Experimental menu. (Instructions for this are found on p.207 of the admin guide.) The reason for this is because the CollabEdge/MRA feature is still considered experimental. You need to look at the Developer Logs. You can enable them for debug level as well as collect a tcpdump."
Before you do logging, I would make sure your Expressway-E can resolve all your UC servers by IP and DNS, do that by going to Maintenance>Tools>Network Utilities and using the PING and DNS Lookup tools
I made sure I could get them via IP, hostname and FQDN for example
Ping 10.1.1.1
NSlookup CUCM01
Nslookup CUCM01.mydomain.com
07-22-2014 04:10 AM
Thanks for the info. I will try that logging.
Just a quick question, As In your latter part, you have mentioned Express-Way E can resolve all your UC servers.
Actually, here I am bit confused. As all UC servers can be resolved by Host name, FQDN at the ExpresWay C end. No issues at all
But from ExpressWay-E, How it can possibly resolve it as it has the external DNS server IP configured. It can Ping those UC servers though but I didn't actually get this point without the local DNS IP, how it supposed to resolve the hostname? does it have to ?
Regards
M Taha
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide