I want to know how many users can log-in to Jabber client via Expressway? We are using Expressway C and E with MRA solution. We have been having some troubles when more than 15 users logs-in.
From MRA guide
Both Unified CM remote sessions and VCS traversal calls contribute to the traversal load on the system.
So, it's up to the size of your Expressways when you deployed them
Thank you, Jaime. This is the problem I have:
tvcs: Event="Authentication Failed" Service="SIP" Src-ip="XXX.XXX.XXX.XXX" Src-port="52623" Detail="No valid authentication" Protocol="TLS" Method="REGISTER" Level="1" UTCTime="2015-10-12 18:14:13,262"
tvcs: Event="Inbound TLS Negotiation Error" Service="SIP" Src-ip="XXX.XXX.XXX.XXX" Src-port="51033" Dst-ip="IP_Expressway-E" Dst-port="5061" Detail="No SSL error available, probably remote disconnect" Protocol="TLS" Level="1" UTCTime="2015-10-12 17:21:37,175"
traffic_server: Event="Sending HTTP error response" Status="404" Reason="Not Found" Dst-ip="XXX.XXX.XXX.XXX" Dst-port="16575" UTCTime="2015-10-12 17:21:36,390"
Do you know why is this happening?
Does CUCM send any certificate to Jabber client? How does it receive it? When I use "Install/Upgrade option in CUCM, the status always stays in "pending".
MRA endpoints only need the EXP-E cert to avoid certificate issues
Is the traversal zone up and running? Is the status of the UC OK??
And I have no why you mentioned something about install/upgrade for this...
If this is in production, and only happens when a certain amount of users is reached, you might want to open a TAC so they can see why this is happening.
The traversal zone is up and running. The status of the Unified Communication is OK. I think I will open a SR, this behavior is not normal.
When logging-in, does it work different a BOT/TCT device compared to a CSF device signed to CUCM via MRA?
I found out that a BOT/TCT device doesn't need to be non-secure (Phone security profile) to sing-in by the first time into the CUCM.
A CSF device needs -first- to have his individual certificate (generated in CUCM), and CUCM needs to pass it internally to the CSF device (jabber windows). We are able to log-in with a secure profile only when the device logs-in by the first time internally (not using Expressway). After that we are able to log-in with Expressway and secure profile. This behavior doesn't happen with BOT/TCT devices; they log-in always (even the first time) with a SECURE profile and through expressway. If I don't sing-in the CSF device internally, it won't work with a secure profile through Expressway, only works with a non-secure security profile.
Normal behavior? Do we always need to sing-in the CSF device internally by the first time?