Showing results for 
Search instead for 
Did you mean: 

Maximum number of BOT TCT TAB devices connected via MRA Expressway



I want to know how many users can log-in to Jabber client via Expressway? We are using Expressway C and E with MRA solution. We have been having some troubles when more than 15 users logs-in.


Kind regards,


Hall of Fame Cisco Employee

From MRA guideBoth Unified CM

From MRA guide

Both Unified CM remote sessions and VCS traversal calls contribute to the traversal load on the system. 

So, it's up to the size of your Expressways when you deployed them



if this helps, please rate

 Thank you, Jaime. This is


Thank you, Jaime. This is the problem I have:

tvcs: Event="Authentication Failed" Service="SIP" Src-ip="XXX.XXX.XXX.XXX" Src-port="52623" Detail="No valid authentication" Protocol="TLS" Method="REGISTER" Level="1" UTCTime="2015-10-12 18:14:13,262"
tvcs: Event="Inbound TLS Negotiation Error" Service="SIP" Src-ip="XXX.XXX.XXX.XXX" Src-port="51033" Dst-ip="IP_Expressway-E" Dst-port="5061" Detail="No SSL error available, probably remote disconnect" Protocol="TLS" Level="1" UTCTime="2015-10-12 17:21:37,175"
traffic_server[13461]: Event="Sending HTTP error response" Status="404" Reason="Not Found" Dst-ip="XXX.XXX.XXX.XXX" Dst-port="16575" UTCTime="2015-10-12 17:21:36,390"


Do you know why is this happening?


Does CUCM send any certificate to Jabber client? How does it receive it? When I use "Install/Upgrade option in CUCM, the status always stays in "pending".


Hall of Fame Cisco Employee

MRA endpoints only need the

MRA endpoints only need the EXP-E cert to avoid certificate issues

Is the traversal zone up and running? Is the status of the UC OK??

And I have no why you mentioned something about install/upgrade for this...

If this is in production, and only happens when a certain amount of users is reached, you might want to open a TAC so they can see why this is happening.



if this helps, please rate

 The traversal zone is up and


The traversal zone is up and running. The status of the Unified Communication is OK. I think I will open a SR, this behavior is not normal.


Hello again,When logging-in,

Hello again,

When logging-in, does it work different a BOT/TCT device compared to a CSF device signed to CUCM via MRA?

I found out that a BOT/TCT device doesn't need to be non-secure (Phone security profile) to sing-in by the first time into the CUCM.

A CSF device needs -first- to have his individual certificate (generated in CUCM), and CUCM needs to pass it internally to the CSF device (jabber windows). We are able to log-in with a secure profile only when the device logs-in by the first time internally (not using Expressway). After that we are able to log-in with Expressway and secure profile. This behavior doesn't happen with BOT/TCT devices; they log-in always (even the first time) with a SECURE profile and through expressway. If I don't sing-in the CSF device internally, it won't work with a secure profile through Expressway, only works with a non-secure security profile.


Normal behavior? Do we always need to sing-in the CSF device internally by the first time?


Thank you.

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards