12-21-2022 02:46 AM
Hello!
I have a Expressway Cluster setup that is supposed to be ONLY for MRA.
And yet, the Expressway E Servers (and only the E Servers) keep complaining that they are out of compliance and need either a RMS License or a UCM_TelepresenceRoom license (that alternates).
Does anyone have any idea what can cause this or how I can find out. Or even better how do I prevent it.
Thanks!
Kind regards,
J
12-21-2022 03:25 AM
Look at the call history in the Expressway E. I bet you are getting spam calls that are trying to use your Expressway for calls. One easy way to cut that down is to not allow UDP 5060 to your E. MRA uses TCP. You may also still need to apply some access lists as well.
12-21-2022 03:47 AM
Hello!
Yeah, thats what I suspected. What am I looking for in the call list? "non-traversal" calls?
TCP and UDP are both disabled. Only TLS is allowed.
So, if this is Spam there is no way to really prevent this, right? Ok. I could use Access Lists but then the Spam invites come from a different IP, so I constantly have to maintain the access lists. That is not really an option.
Question is, what happens to the Expressway? Is it only this annoying "Out of Compliance" message and I can just ignore it?
Or will the System stop working after a grace period?
And isn't this something that you should see on pretty much every Expressway that is accessible via the internet?
12-21-2022 03:50 AM
Ahh. Looks like I am not the only one:
https://community.cisco.com/t5/ip-telephony-and-phones/expressway-insufficient-uc-manager-telepresence-room-license/m-p/4708086
I will try this and see if it helps.
12-21-2022 07:01 AM - edited 12-21-2022 07:03 AM
Hi,
as written in the other post, but this is only applicable for registrations.
If someone tries to register to your expressway, a telepresence license count will be added, even if the registration isn't successfull at all.
The same for normal H.323 or SIP calls to your expressway. But this you have to prevent with call policy rules.
12-21-2022 05:48 AM
I'll bet those calls are using '@' your IP address. What I have done to resolve this is to use an ACL that only allows '@'userdomain.com. I usually even go a step further and require the LHS to start with a letter. Most of the spam calls are numeric only.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide