Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1262
Views
0
Helpful
5
Replies

Maximum number of BOT TCT TAB devices connected via MRA Expressway

HeribertoVV
Level 1
Level 1

‎10-12-2015 10:41 AM - edited ‎03-18-2019 05:05 AM

Hello,

 

I want to know how many users can log-in to Jabber client via Expressway? We are using Expressway C and E with MRA solution. We have been having some troubles when more than 15 users logs-in.

 

Kind regards,

Heriberto.

Labels:
0 Helpful
5 Replies 5

Jaime Valencia
Cisco Employee
Cisco Employee

‎10-12-2015 10:55 AM

From MRA guide

Both Unified CM remote sessions and VCS traversal calls contribute to the traversal load on the system. 

So, it's up to the size of your Expressways when you deployed them

HTH

java

if this helps, please rate
0 Helpful

HeribertoVV
Level 1
Level 1
In response to Jaime Valencia

‎10-12-2015 11:23 AM

 

Thank you, Jaime. This is the problem I have:

tvcs: Event="Authentication Failed" Service="SIP" Src-ip="XXX.XXX.XXX.XXX" Src-port="52623" Detail="No valid authentication" Protocol="TLS" Method="REGISTER" Level="1" UTCTime="2015-10-12 18:14:13,262"
tvcs: Event="Inbound TLS Negotiation Error" Service="SIP" Src-ip="XXX.XXX.XXX.XXX" Src-port="51033" Dst-ip="IP_Expressway-E" Dst-port="5061" Detail="No SSL error available, probably remote disconnect" Protocol="TLS" Level="1" UTCTime="2015-10-12 17:21:37,175"
traffic_server[13461]: Event="Sending HTTP error response" Status="404" Reason="Not Found" Dst-ip="XXX.XXX.XXX.XXX" Dst-port="16575" UTCTime="2015-10-12 17:21:36,390"

 

Do you know why is this happening?

 

Does CUCM send any certificate to Jabber client? How does it receive it? When I use "Install/Upgrade option in CUCM, the status always stays in "pending".

 

0 Helpful

Jaime Valencia
Cisco Employee
Cisco Employee
In response to HeribertoVV

‎10-12-2015 11:50 AM

MRA endpoints only need the EXP-E cert to avoid certificate issues

Is the traversal zone up and running? Is the status of the UC OK??

And I have no why you mentioned something about install/upgrade for this...

If this is in production, and only happens when a certain amount of users is reached, you might want to open a TAC so they can see why this is happening.

HTH

java

if this helps, please rate
0 Helpful

HeribertoVV
Level 1
Level 1
In response to Jaime Valencia

‎10-12-2015 02:26 PM

 

The traversal zone is up and running. The status of the Unified Communication is OK. I think I will open a SR, this behavior is not normal.

0 Helpful

HeribertoVV
Level 1
Level 1
In response to Jaime Valencia

‎10-13-2015 02:22 PM

Hello again,

When logging-in, does it work different a BOT/TCT device compared to a CSF device signed to CUCM via MRA?

I found out that a BOT/TCT device doesn't need to be non-secure (Phone security profile) to sing-in by the first time into the CUCM.

A CSF device needs -first- to have his individual certificate (generated in CUCM), and CUCM needs to pass it internally to the CSF device (jabber windows). We are able to log-in with a secure profile only when the device logs-in by the first time internally (not using Expressway). After that we are able to log-in with Expressway and secure profile. This behavior doesn't happen with BOT/TCT devices; they log-in always (even the first time) with a SECURE profile and through expressway. If I don't sing-in the CSF device internally, it won't work with a secure profile through Expressway, only works with a non-secure security profile.

 

Normal behavior? Do we always need to sing-in the CSF device internally by the first time?

 

Thank you.

0 Helpful
Customers Also Viewed These Support Documents