Cisco Cisco Expressway Fehlerbehebungsanleitung
port 8443 is not reachable, then the Jabber client fails to log in.
2. Unacceptable or No Available Certificate on VCS Expressway
After the Jabber client has received an answer for _collab−edge, it then contacts Expressway with Transport
Layer Security (TLS) over port 8443 to try to retrieve the certificate from Expressway to set up TLS for
communication between the Jabber client and Expressway.
Layer Security (TLS) over port 8443 to try to retrieve the certificate from Expressway to set up TLS for
communication between the Jabber client and Expressway.
If Expressway does not have a valid signed certificate that contains either the FQDN or domain of
Expressway, then this fails and the Jabber client fails to log in.
Expressway, then this fails and the Jabber client fails to log in.
If this issue occurs, the customer should use the Certificate Signing Request (CSR) tool on Expressway,
which automatically includes the FQDN of Expressway as a Subject Alternative Name (SAN).
which automatically includes the FQDN of Expressway as a Subject Alternative Name (SAN).
Note: MRA requires secure communication between Expressway−C and Expressway−E, and between
Expressway−E and external endpoints.
Expressway−E and external endpoints.
Expressway−C Server Certificate Requirements:
The Chat Node Aliases configured on the IM&P servers. This is required if you perform Extensible
Messaging and Presence Protocol (XMPP) federation. Expressway−C should automatically include
these in the CSR provided that an IM&P server has already been discovered on Expressway−C.
Messaging and Presence Protocol (XMPP) federation. Expressway−C should automatically include
these in the CSR provided that an IM&P server has already been discovered on Expressway−C.
•
The names in FQDN format of all Phone Security Profiles in CUCM configured for TLS and used on
devices configured for MRA. This allows for secure communication between the CUCM and
Expressway−C for the devices that use those Phone Security Profiles.
devices configured for MRA. This allows for secure communication between the CUCM and
Expressway−C for the devices that use those Phone Security Profiles.
•
Expressway−E Server Certificate Requirements:
All domains configured for Unified Communications. This includes the domain of Expressway−E and
C, email address domain configured for Jabber, and any Presence domains.
C, email address domain configured for Jabber, and any Presence domains.
1.
The Chat Node Aliases configured on the IM&P servers. This is required if you perform XMPP
federation.
federation.
2.
The MRA Deployment Guide describes this issue in greater detail on pages 17−18.
3. No UDS Servers Found in Edge Configuration
After the Jabber client successfully establishes a secure connection with Expressway−E, it asks for its edge
configuration (get_edge_config). This edge configuration contains the SRV records for _cuplogin and
_cisco−uds. If these SRV records are not returned in the edge configuration, then the Jabber client is not able
to proceed with login.
configuration (get_edge_config). This edge configuration contains the SRV records for _cuplogin and
_cisco−uds. If these SRV records are not returned in the edge configuration, then the Jabber client is not able
to proceed with login.
In order to fix this, make sure that _cisco−uds and _cuplogin SRV records are created internally and
resolvable by Expressway−C.
resolvable by Expressway−C.
More information on the DNS SRV records can be found on page 10 of the MRA Deployment Guide for
X8.5.
X8.5.
This is also a common symptom if you are in a dual domain. If you run in a dual domain and find the Jabber
client is not being returned any User Data Service (UDS), you must ensure your configuration follows the
DNS section of the Configuration Note: Mobile and Remote Access through Expressway/VCS in a
multi−domain deployment.
client is not being returned any User Data Service (UDS), you must ensure your configuration follows the
DNS section of the Configuration Note: Mobile and Remote Access through Expressway/VCS in a
multi−domain deployment.