I am trying to setup MRA .
But its unsuccessful. and getting the error in the status > unified communication
I am not using any TLS and have not uploaded any certificate since i am not using a secure deployment.
any help in troubleshooting appreciated.
Solved! Go to Solution.
use both domains in expressway-E and expressway-c, just add it and enable cm and IMP registration
Advertise LAN 1 inside your Internal DNS Server for example:
external domain: abc.com
internal domain: xyz.com
External DNS Server:
_collab-edge.-tls.abc.com--- pointing to vcse.abc.com
vcse.abc.com--- pointing to public IP address
vcse.xyz.com--- pointing to LAN 1 IP address, who is connecting to a vcs-c IP address.
While creating a certificate in expressway-C keep in mind add expressway-e internal fQDn in San names.
You do need to get certificates for MRA to work, they're the foundation of this.
That is completely separate from the fact you're not using mixed mode on CUCM, that only means you won't need a few steps and SAN entries in the EXP-C certificate.
You also need to read thoroughly the MRA configuration guide which outlines all the steps and requirements for MRA to work.
Thanks Jamie for the info .
I created a CA and uploaded the signed certificate to the expressway C and Expressway E.
I uploaded the root certificate to both of the server
tried creating a traversal zone using TLS but it is not coming up.
Getting the error in the logs field
tvcs: Event="External Server Communications Failure" Reason="Connect failed" Service="NeighbourGatekeeper" Dst-ip="Public IP of Exp-e" Dst-port="7001" Detail="name:FQDN of EXP E" Protocol="TCP" Level="1" UTCTime="2017-03-23 21:21:58,918"
Do you have dual NIC on EXP-E?? I tried with Dual and single Nic both but the issue is same
Or single NIC, and have you actually used the public IP?? I tried using the public ip as well but the issue is same
Do you have all the proper ports open between both systems? Yes I all all allow policy
for MRA, you need to use the UC traversal zone, there is no TLS option there: I have used the UC traversal zone and there is no option for TLS