Cisco Cisco Expressway
Jabber Cannot Sign In When Connecting to Different Peers in a Cluster of Expressway-Es
Jabber sign in failures have been seen when there is inconsistency of the DNS domain name between Expressway-E
peers. The domain names must be identical, even with respect to case, on all peers in the cluster.
peers. The domain names must be identical, even with respect to case, on all peers in the cluster.
Go to System > DNS on each peer to make sure that Domain name is identical on all peers.
Expressway Returns "401 Unauthorized" Failure Messages
A "401 unauthorized" failure message can occur when the Expressway attempts to authenticate the credentials
presented by the endpoint client.The reasons for this include:
presented by the endpoint client.The reasons for this include:
■
The client is supplying an unknown username or the wrong password.
■
ILS (Intercluster Lookup Service) has not been set up on all of the Unified CM clusters. This may result in
intermittent failures, depending upon which Unified CM node is being used by Expressway for its UDS query to
discover the client's home cluster.
intermittent failures, depending upon which Unified CM node is being used by Expressway for its UDS query to
discover the client's home cluster.
Call Failures due to "407 Proxy Authentication Required" or "500 Internal Server
Error" errors
Error" errors
Call failures can occur if the traversal zones on Expressway are configured with an Authentication policy of Check
credentials. Ensure that the Authentication policy on the traversal zones used for mobile and remote access is set to
Do not check credentials.
credentials. Ensure that the Authentication policy on the traversal zones used for mobile and remote access is set to
Do not check credentials.
Call Bit Rate is Restricted to 384 kbps / Video Issues when Using BFCP
(Presentation Sharing)
(Presentation Sharing)
This can be caused by video bit rate restrictions within the regions configured on Unified CM.
Ensure that the Maximum Session Bit Rate for Video Calls between and within regions (System > Region
Information > Region) is set to a suitable upper limit for your system, for example 6000 kbps.
Information > Region) is set to a suitable upper limit for your system, for example 6000 kbps.
Endpoints Cannot Register to Unified CM
Endpoints may fail to register for various reasons:
■
Endpoints may not be able to register to Unified CM if there is also a SIP trunk configured between Unified CM
and Expressway-C. If a SIP trunk is configured, you must ensure that it uses a different listening port on
Unified CM from that used for SIP line registrations to Unified CM. See
and Expressway-C. If a SIP trunk is configured, you must ensure that it uses a different listening port on
Unified CM from that used for SIP line registrations to Unified CM. See
■
Secure registrations may fail ('Failed to establish SSL connection' messages) if the server certificate on the
Expressway-C does not contain in its Subject Alternate Name list, the names of all of the Phone Security
Profiles in Unified CM that are configured for encrypted TLS and are used for devices requiring remote access.
Note that these names — in both Unified CM and in the Expressway's certificate — must be in FQDN format.
Expressway-C does not contain in its Subject Alternate Name list, the names of all of the Phone Security
Profiles in Unified CM that are configured for encrypted TLS and are used for devices requiring remote access.
Note that these names — in both Unified CM and in the Expressway's certificate — must be in FQDN format.
IM and Presence Service Realm Changes
Provisioning failures can occur when the IM and Presence Service realm has changed and the realm data on the
Expressway-C has not been updated.
Expressway-C has not been updated.
For example, this could happen if the address of an IM and Presence Service node has changed, or if a new peer has
been added to an IM and Presence Service cluster.
been added to an IM and Presence Service cluster.
The diagnostic log may contain an INFO message like "
Failed to query auth component for SASL mechanisms
"
because the Expressway-C cannot find the realm.
53
Mobile and Remote Access Through Cisco Expressway Deployment Guide
Appendix 1: Troubleshooting