Cisco Cisco Expressway
Expressway returns "401 unauthorized" failure messages
A "401 unauthorized" failure message can occur when the Expressway attempts to authenticate the
credentials presented by the endpoint client.The reasons for this include:
credentials presented by the endpoint client.The reasons for this include:
n
The client is supplying an unknown username or the wrong password.
n
ILS (Intercluster Lookup Service) has not been set up on all of the Unified CM clusters. This may result in
intermittent failures, depending upon which Unified CM node is being used by Expressway for its UDS
query to discover the client's home cluster.
intermittent failures, depending upon which Unified CM node is being used by Expressway for its UDS
query to discover the client's home cluster.
Call failures due to "407 proxy authentication required" or
"500 Internal Server Error" errors
"500 Internal Server Error" errors
Call failures can occur if the traversal zones on Expressway are configured with an Authentication policy of
Check credentials. Ensure that the Authentication policy on the traversal zones used for mobile and
remote access is set to Do not check credentials.
Check credentials. Ensure that the Authentication policy on the traversal zones used for mobile and
remote access is set to Do not check credentials.
Call bit rate is restricted to 384 kbps / video issues when
using BFCP (presentation sharing)
using BFCP (presentation sharing)
This can be caused by video bit rate restrictions within the regions configured on Unified CM.
Ensure that the Maximum Session Bit Rate for Video Calls between and within regions (
System
> Region Information > Region
) is set to a suitable upper limit for your system, for example 6000 kbps.
Endpoints cannot register to Unified CM
Endpoints may fail to register for various reasons:
n
Endpoints may not be able to register to Unified CM if there is also a SIP trunk configured between Unified
CM and Expressway-C. If a SIP trunk is configured, you must ensure that it uses a different listening port
on Unified CM from that used for SIP line registrations to Unified CM. See
CM and Expressway-C. If a SIP trunk is configured, you must ensure that it uses a different listening port
on Unified CM from that used for SIP line registrations to Unified CM. See
n
Secure registrations may fail ('Failed to establish SSL connection' messages) if the server certificate on
the Expressway-C does not contain in its Subject Alternate Name list, the names of all of the Phone
Security Profiles in Unified CM that are configured for encrypted TLS and are used for devices requiring
remote access. Note that these names — in both Unified CM and in the Expressway's certificate — must
be in FQDN format.
the Expressway-C does not contain in its Subject Alternate Name list, the names of all of the Phone
Security Profiles in Unified CM that are configured for encrypted TLS and are used for devices requiring
remote access. Note that these names — in both Unified CM and in the Expressway's certificate — must
be in FQDN format.
Jabber cannot sign in due to XMPP bind failure
The Jabber client may be unable to sign in ("Cannot communicate with the server” error messages) due to
XMPP bind failures.
XMPP bind failures.
This will be indicated by resource bind errors in the Jabber client logs, for example:
XmppSDK.dll #0, 201, Recv:<iq id='uid:527a7fe7:00000cfe:00000000' type='error'><bind xmln
s='urn:ietf:params:xml:ns:xmpp-bind'/><error code='409' type='cancel'><conflict xmlns='ur
n:ietf:params:xml:ns:xmpp-stanzas'/></error></iq>
Unified Communications: Mobile and Remote Access via Cisco Expressway Deployment Guide (X8.1.1)
Page 33 of 36
Appendix 1: Troubleshooting