cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2208
Views
0
Helpful
8
Replies

Spark - Call Sevice Connect calls failing

samson.kareem
Level 1
Level 1

Hi,

I have set up Spark Hybrid call service connect  but calls from the Spark client to an on-premise CUCM phone are failing.

Looking at the logs on the Expressway E the INVITE from the collaboration coud is received and a SIP 404 is sent back.
The search history shows the search failed with " Not accepting pre-loaded route headers" and this is what I am confused
about. I have configured a DNS zone (for inbound and outbound calls) as per the setup guide for Call Service Aware with
"Preloaded SIP Routes" set to on.

From what I can see this zone is not being used (my understanding is that inbound calls to Expressway E use the default zone anyway).
Can anyone shed some light on how the DNS zone should be matched?

MTLS is enabled and the port is set to 5062 as per the setup guide.

8 Replies 8

Lokesh Kumar Lal
Cisco Employee
Cisco Employee

Hi,

Does your call Reach Exp C? check the search history on that tab. Please share search history info from E and C and the specific call details.

It would be good to capture a diagnostic log with TCP dump.

Regards,
Lokesh K. Lal
Engineering Product Manager
Cisco Systems Inc.

Please don't forget to rate useful posts

Hi,


At the time, the call was was terminating on the Expressway E. Unfortunately we have somehow taken a step back and now calls do not show up on the E so we are looking at the F/W and DNS.

Once that has been looked at I'll share the logs from the Exp E.

We have solved the issue. We had to install additonal root certs (even though we already had one loaded with the certifcate chain) on the Expressway E.

For reference searching in the event log for the port you are using for Mutual TLS (eg 5062) showed up TLS negotiation errors which pointed us towards the cert issue.

thanks.  And yes it needs the intermediate roots cert is any. You could verify with the web browser as well

https:// IP add of exp E:5062  -> View cert and it would give you the details

Regards,
Lokesh K. Lal
Engineering Product Manager
Cisco Systems Inc.

Please don't forget to rate useful posts

Hi samson.kareem,

Just a quick question, where did you get the additional root certificates from?


Regards,

Martin

Hi,

Symantec website. There are several root certs and we had one of them installed (G5 I think its called). We also added the G3 and G4 certs and that worked.

Hi Samson, same issue here.

Please where you found the Root Ca and where installed it. On Expressway-E ?

Can you give a link?

Thank you

Regards

Alessandro

H Alessandro,

Yes you need to install the Root cert and and intermediate certs from the CA that signed the server cert on the Expressway E. In the case of Symantec, we had to install more than one root before Mutual TLS authentication succeeded.

If Symantec is your CA, have a look here

https://knowledge.symantec.com/support/ssl-certificates-support/index?page=content&id=AR657

Regards
Samson

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: