Cisco Cisco Expressway
Endpoints cannot register to Unified CM
Endpoints may fail to register for various reasons:
n
Endpoints may not be able to register to Unified CM if there is also a SIP trunk configured between Unified
CM and Expressway-C. If a SIP trunk is configured, you must ensure that it uses a different listening port
on Unified CM from that used for SIP line registrations to Unified CM. See
CM and Expressway-C. If a SIP trunk is configured, you must ensure that it uses a different listening port
on Unified CM from that used for SIP line registrations to Unified CM. See
for more information.
n
Secure registrations may fail ('Failed to establish SSL connection' messages) if the server certificate on
the Expressway-C does not contain in its Subject Alternate Name list, the names of all of the Phone
Security Profiles in Unified CM that are configured for encrypted TLS and are used for devices requiring
remote access. Note that these names — in both Unified CM and in the Expressway's certificate — must
be in FQDN format.
the Expressway-C does not contain in its Subject Alternate Name list, the names of all of the Phone
Security Profiles in Unified CM that are configured for encrypted TLS and are used for devices requiring
remote access. Note that these names — in both Unified CM and in the Expressway's certificate — must
be in FQDN format.
IM and Presence Service realm changes
Provisioning failures can occur when the IM and Presence Service realm has changed and the realm data on
the Expressway-C has not been updated.
the Expressway-C has not been updated.
For example, this could happen if the address of an IM and Presence Service node has changed, or if a new
peer has been added to an IM and Presence Service cluster.
peer has been added to an IM and Presence Service cluster.
The diagnostic log may contain an INFO message like "Failed to query auth component for
SASL mechanisms
SASL mechanisms
" because the Expressway-C cannot find the realm.
Go to
Configuration > Unified Communications > IM and Presence Service nodes
and click Refresh
servers and then save the updated configuration. If the provisioning failures persist, verify the IM and
Presence Service nodes configuration and refresh again.
Presence Service nodes configuration and refresh again.
No voicemail service ("403 Forbidden" response)
Ensure that the Cisco Unity Connection (CUC) hostname is included on the HTTP server allow list on the
Expressway-C.
Expressway-C.
"403 Forbidden" responses for any service requests
Services may fail ("403 Forbidden" responses) if the Expressway-C and Expressway-E are not synchronized
to a reliable NTP server. Ensure that all Expressway systems are synchronized to a reliable NTP service.
to a reliable NTP server. Ensure that all Expressway systems are synchronized to a reliable NTP service.
Client HTTPS requests are dropped by Expressway
This can be caused by the automated intrusion protection feature on the Expressway-E if it detects repeated
invalid attempts (404 errors) from a client IP address to access resources through the HTTP proxy.
invalid attempts (404 errors) from a client IP address to access resources through the HTTP proxy.
To prevent the client address from being blocked, ensure that the HTTP proxy resource access failure
category (
category (
System > Protection > Automated detection > Configuration
) is disabled.
Unified Communications Mobile and Remote Access via Cisco Expressway Deployment Guide (X8.5.2)
Page 51 of 54
Appendix 1: Troubleshooting