Cisco Cisco Expressway
Known Symptoms, Causes, and Fixes
TLS connections are failing
Possible Causes: Each server's certificate must be able to authenticate that server as a web client or as a web
server.
server.
Fix: The Microsoft FE, Expressway, and IM&P servers must have certificates that have entries for TLS Web Server
Authentication and TLS Web Client Authentication in the Extended Key Usage section.
Authentication and TLS Web Client Authentication in the Extended Key Usage section.
IM&P is not allowing connections from Expressway or Microsoft server
Possible Cause 1: The IM&P Access Control Lists (ACLs) are not configured properly.
Fix: Check the IM&P ACLs.
In Cisco Unified CM IM and Presence Administration, go to System > Security > Incoming ACL. This list needs to have
entries for all Expressways and all Microsoft FE Servers.
entries for all Expressways and all Microsoft FE Servers.
Go to System > Security > Outgoing ACL. This list needs to have entries for all the Microsoft FE servers.
Possible Cause 2: The Expressway and Microsoft FE are not TLS peers on IM&P.
Fix: From Cisco Unified CM IM and Presence Administration, go to System > Security > TLS Peer Subjects and add
entries for all the Expressway and MS FE servers. Go to System > Security > TLS Context Configuration and click the
links for "Peer Auth.” Make sure that all Expressway and MS peers are selected, and that all the ciphers are selected.
entries for all the Expressway and MS FE servers. Go to System > Security > TLS Context Configuration and click the
links for "Peer Auth.” Make sure that all Expressway and MS peers are selected, and that all the ciphers are selected.
Calls or chats are not working.
Possible Cause: The IM&P peer auth listener is on the wrong port.
Fix: Go to System > Application Listeners and check that SIP peer auth is listening on port 5061. If SIP server auth is
on 5061, you need to change them around as documented in the IM&P documentation.
on 5061, you need to change them around as documented in the IM&P documentation.
Jabber presence, as seen by Microsoft client, does not update when the Jabber user is on a call
Possible Cause: A misconfiguration has occurred between IM&P and CUCM.
Fix: On IM&P, go to Presence > Routing > Settings and switch Method/Event Routing Status to On.
You need to restart the proxy service for this to take effect.
Jabber-to-Jabber chat and presence are not working (nothing to do with Expressway)
Possible Cause: Some proxy services need a restart.
Fix: If you tried restarting the proxy services you received notifications about, but it did not fix the issue, ¬ restart the
whole of IM&P. This force restarts all the services.
whole of IM&P. This force restarts all the services.
65
Cisco Expressway with Microsoft Infrastructure Deployment Guide
Appendix 2: Chat / Presence Between Jabber and Microsoft Clients