10-12-2015 10:41 AM - edited 03-18-2019 05:05 AM
Hello,
I want to know how many users can log-in to Jabber client via Expressway? We are using Expressway C and E with MRA solution. We have been having some troubles when more than 15 users logs-in.
Kind regards,
Heriberto.
10-12-2015 10:55 AM
From MRA guide
Both Unified CM remote sessions and VCS traversal calls contribute to the traversal load on the system.
So, it's up to the size of your Expressways when you deployed them
10-12-2015 11:23 AM
Thank you, Jaime. This is the problem I have:
tvcs: Event="Authentication Failed" Service="SIP" Src-ip="XXX.XXX.XXX.XXX" Src-port="52623" Detail="No valid authentication" Protocol="TLS" Method="REGISTER" Level="1" UTCTime="2015-10-12 18:14:13,262"
tvcs: Event="Inbound TLS Negotiation Error" Service="SIP" Src-ip="XXX.XXX.XXX.XXX" Src-port="51033" Dst-ip="IP_Expressway-E" Dst-port="5061" Detail="No SSL error available, probably remote disconnect" Protocol="TLS" Level="1" UTCTime="2015-10-12 17:21:37,175"
traffic_server[13461]: Event="Sending HTTP error response" Status="404" Reason="Not Found" Dst-ip="XXX.XXX.XXX.XXX" Dst-port="16575" UTCTime="2015-10-12 17:21:36,390"
Do you know why is this happening?
Does CUCM send any certificate to Jabber client? How does it receive it? When I use "Install/Upgrade option in CUCM, the status always stays in "pending".
10-12-2015 11:50 AM
MRA endpoints only need the EXP-E cert to avoid certificate issues
Is the traversal zone up and running? Is the status of the UC OK??
And I have no why you mentioned something about install/upgrade for this...
If this is in production, and only happens when a certain amount of users is reached, you might want to open a TAC so they can see why this is happening.
10-12-2015 02:26 PM
The traversal zone is up and running. The status of the Unified Communication is OK. I think I will open a SR, this behavior is not normal.
10-13-2015 02:22 PM
Hello again,
When logging-in, does it work different a BOT/TCT device compared to a CSF device signed to CUCM via MRA?
I found out that a BOT/TCT device doesn't need to be non-secure (Phone security profile) to sing-in by the first time into the CUCM.
A CSF device needs -first- to have his individual certificate (generated in CUCM), and CUCM needs to pass it internally to the CSF device (jabber windows). We are able to log-in with a secure profile only when the device logs-in by the first time internally (not using Expressway). After that we are able to log-in with Expressway and secure profile. This behavior doesn't happen with BOT/TCT devices; they log-in always (even the first time) with a SECURE profile and through expressway. If I don't sing-in the CSF device internally, it won't work with a secure profile through Expressway, only works with a non-secure security profile.
Normal behavior? Do we always need to sing-in the CSF device internally by the first time?
Thank you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide