Hi Jaime,

It's the same domain name for the clients externally and internally. In the meantime, I've noticed that the problem is also present from internal network when using SRV records, so I excluded Expressway server as possible cause.

Now I get "cannot communicate with the server" message in Jabber. I checked service profiles assigned to users, SRV records are fine also. Did you experience similar issue maybe?

Thanks, Dragan

What is the SRV domain name you are using as we can validate some things remotely? Does nslookup resolve it externally? Are all firewall ports opened properly?

Can you post what SRV records you have, internal and external?

Hi,

I've located problem in internal network, so I'm sending you SRV records from internal DNS:

I had to change real domain name because of customer, I hope you don't mind. Jabber definitely reaches CUCM server, as I can see many traces showing that, but then user is refused.

[csf.log] [csf::ucm90::HomeUdsHttpRequest::performHttpRequest] - Result of HTTP request - Result: SUCCESS, Response Code: 403.

[csf.config] [csf::ucm90::HomeUdsUtilities::convertHttpUtilsResult] - Home Uds query failed responseCode =[403]

[csf.log] [csf::ucm90::HomeUdsHttpRequest::performHttpRequest] - Result of UDS result conversion - UDS Result: HOME_UDS_QUERY_FAILED.

[csf.config] [csf::ucm90::HomeUds100Query::run] - Home Uds request unsuccessful.

[csf.config] [csf::ucm90::UdsProvider::doHomeUdsQuery] - Result from Home UDS query: HOME_UDS_QUERY_FAILED

[csf.config] [CSFUnified::BlacklistAddress::operator ==] - Blacklist URL match found for https://cucm.internaldomain.com:8443/cucm-uds/user/user001 with a reason of [Unable to connect to the Home UDS server during discovery: 4]

Thanks, Dragan

The idea for providing actual domain name was so that we can verify the resolution as well as to ensure proper firewall ports are opened on your firewalls.

From limited info you provided, did you check to ensure the user at question has "home cluster" properly checked on the end user management in CUCM?

Hi Chris,

There is no firewall between Jabber client and CUCM and IMP servers when Jabber is in internal network, I checked that. I also checked DNS resolution in detail for every record and by sniffing network traffic on Jabber client and looking at jabber log files. I checked name resolution on CUCM and IMP too.

Users have home cluster configured ("Enable User for Unified CM IM and Presence (Configure IM and Presence in the associated UC Service Profile" option) and service profile that is assigned to them has IMP servers properly configured. That' what makes me so confused :)

Regards, Dragan

Hi Dragan

Troubleshooting this for you without having access to Exp and/or Jabber logs is difficult. 

My suggestion would be to log a call with TAC, I struggled with the SRV stuff on my first attempt and TAC helped me out quickly.

Thanks

I was not asking about internal firewall as you stated you are able to login internally just fine and the issue only pertains to connections across MRA, is this no longer accurate? If it is, then my firewall question was around proper ports being opened between your Expressway C and Expressway E LAN1 (assuming dual LAN deployment of Exp E) as well as Exp-E LAN2 and internet.  Most issues I encounter with MRA deployment is around proper ports not being opened. This is what i was willing to check for you if you provided the domain name, otherwise you can attempt to ping every port that should be opened from external network.