Cisco Cisco Expressway
■
security parameters
■
phone security profiles
You must ensure that any such changes are reflected in the Expressway-C. To do this you must rediscover all Unified
CM and IM and Presence Service nodes (on Expressway go to Configuration > Unified Communications).
CM and IM and Presence Service nodes (on Expressway go to Configuration > Unified Communications).
Checking SSO Status and Tokens
You can check and clear users' SSO tokens on Users > SSO token holders. This could help identify problems with a
particular user's SSO access.
particular user's SSO access.
You can check SSO statistics on Status > Unified Communications > View detailed SSO statistics. Any unexpected
requests or responses on this page could help identify configuration or authorization issues.
requests or responses on this page could help identify configuration or authorization issues.
Expressway Certificate / TLS Connectivity Issues
If the Expressway's server certificate or trusted CA certificates have been modified, you must restart the Expressway
before those changes will take effect.
before those changes will take effect.
If you are using secure profiles, ensure that the root CA of the authority that signed the Expressway-C certificate is
installed as a CallManager-trust certificate (Security > Certificate Management in the Cisco Unified OS
Administration application).
installed as a CallManager-trust certificate (Security > Certificate Management in the Cisco Unified OS
Administration application).
Cisco Jabber Sign In Issues
Jabber Does Not Register for Phone Services
There is a case handling mismatch between the Expressway and the UDS (User Data Service) that prevents Jabber
from registering for phone services if the supplied user ID does not match the case of the stored ID. Jabber still signs
in but cannot use phone services.
from registering for phone services if the supplied user ID does not match the case of the stored ID. Jabber still signs
in but cannot use phone services.
Users can avoid this issue by signing in with the user ID exactly as it is stored in UDS.
.
Jabber Cannot Sign In due to XMPP Bind Failure
The Jabber client may be unable to sign in ("Cannot communicate with the server” error messages) due to XMPP bind
failures.
failures.
This will be indicated by resource bind errors in the Jabber client logs, for example:
XmppSDK.dll #0, 201, Recv:<iq id='uid:527a7fe7:00000cfe:00000000' type='error'><bind
xmlns='urn:ietf:params:xml:ns:xmpp-bind'/><error code='409' type='cancel'><conflict
xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/></error></iq>
xmlns='urn:ietf:params:xml:ns:xmpp-stanzas'/></error></iq>
XmppSDK.dll #0, CXmppClient::onResourceBindError
XmppSDK.dll #0, 39, CTriClient::HandleDisconnect, reason:16
Jabber Cannot Sign In due to SSH Tunnels Failure
Jabber can fail to sign in due to the SSH tunnels failing to be established. The traversal zone between the
Expressway-C and Expressway-E will work normally in all other respects. Expressway will report 'Application failed -
An unexpected software error was detected in portforwarding.pyc'.
Expressway-C and Expressway-E will work normally in all other respects. Expressway will report 'Application failed -
An unexpected software error was detected in portforwarding.pyc'.
This can occur if the Expressway-E DNS hostname contains underscore characters. Go to System > DNS and ensure
that the System host name only contains letters, digits and hyphens.
that the System host name only contains letters, digits and hyphens.
52
Mobile and Remote Access Through Cisco Expressway Deployment Guide
Appendix 1: Troubleshooting