I seem to of ran into abit of trouble and I cannot really find too much in the ways of documentation to assist me in this.
I am trying to register my EX90 on public internet through MRA. Although I have Jabber working fine (on Win, Tablet, IOS, Android), the EX90 just does not seem to work.
- UCM 9.1.2
- CUPS 9.1.1
- VCSC x8.1.1
- VCSE x8.1.1
- External EX90 TC7.1.1
On the EX90, I am attempting to register it through the provisioning wizard (Cisco UCM via Expressway). When I try the registration I am prompted with:
"Failed to download Expressway configuration
Failed to authenticate the Expressway server: vcse.mydomain.com"
To me, this error is pointed that it cannot resolve to the VCSE's SSL cert.
Has anyone else ran across this as an issue or perhaps can point me towards how to troubleshoot this?
Is the EX90 registering ok when set up internally, without Expressway?
Can you ensure the root certificate that signed the Expressway-E certificate is uploaded on the expressway? (Configuration > Security > CAs; or it is listed there as Preinstalled CAs)
Certificate requirements must be met according to the chapter 'Setting up Expressway Security certificates' in the deployment guide.
Regarding the VCSE SSL cert, I believe the root and intermediate cert are done correctly (I use this environment for WXeTP calls, and just to test, I setup some WXeTP conferences yesterday as well)
As for the EX90 registering internally, I will test this out and see if it works.
I'm having the same issue currently with MRA and EX90. MRA works great with Jabber but the EX90 fails to connect. I loaded certs directly on the EX90 as well...currently EX90 is getting UCM service timed out. I have a TAC case on this issue...I will provide an update once resolution is met.
As unfortunate as it is, I am glad at least someone else is having this issue.
I look forward to your findings and will provide any information if I discover something as well.
Our issue was that our SSL cert from Go Daddy was for a single domain and we needed a multi-domain SSL cert. after getting a new cert the EX90 registered up via MRA. TAC said Jabber for Windows and EX90 do the SRV lookup a little differently.
our single SSL cert had "video.xyz.com" so we recreated a new CSR with both "video.xyz.com" and just "xyz.com". Purchased a multi-domain cert and loaded on VCSe. Then when I click on "Show Decoded" the X509v3 Subject Alternative Name had both domains listed.
Hope your issue needs the same resolution
Rob, that is great news.
We too use godaddy for our ssl cert on the vcse.
I will go ahead and get a UCC cert from them and test this out too. Thanks for the input!
Having the same issue, getting this error message:
"Failed to download Expressway configuration Failed to authenticate the Expressway server: vcse.mydomain.com"
I already checked our certs, everything looks good. The only difference I can see is that I don't have just example.com on the cert, when I try to add it it says it already exists on the cert. So I am not sure you can add just example.com to a cert.
Anyone else have any ideas?