Cisco Cisco Expressway Maintenance Manual
Troubleshooting External XMPP Federation
This section describes how to troubleshoot your external XMPP federation deployment and describes the impact of
making configuration changes on a live system.
making configuration changes on a live system.
Checking the Basic Status of Your System
If you encounter issues with the XMPP federation status service, you should first check the Status > Unified
Communications page on both the Expressway-C and the Expressway-E.
Communications page on both the Expressway-C and the Expressway-E.
This will highlight any basic connection or configuration problems and provide information and links to help correct
the problem.
the problem.
General Configuration Checklist
Ensure that the following Expressway configuration items have been specified correctly:
■
Port 5269 is open in both directions between the internet and Expressway-E in the DMZ.
■
DNS settings: host name, domain name and default DNS server (System > DNS).
■
An accessible NTP server (System > Time).
■
An active Unified Communications traversal zone on the Expressway-C and its associated Expressway-E
(Status > Zones).
(Status > Zones).
■
Unified Communications mode is set to Mobile and remote access on both the Expressway-C and the
Expressway-E (Configuration > Unified Communications > Configuration).
Expressway-E (Configuration > Unified Communications > Configuration).
■
XMPP federation support is On on the Expressway-E (Configuration > Unified Communications >
Configuration).
Configuration).
■
If static routes are enabled, ensure that the appropriate routes for the federated XMPP domains have been
added to the Expressway-E (Configuration > Unified Communications > Federated static routes).
added to the Expressway-E (Configuration > Unified Communications > Federated static routes).
■
At least one domain is configured on the Expressway-C with XMPP federation set to On (Configuration
> Domains).
> Domains).
■
IM &Presence servers have been discovered on the Expressway-Cand have an active status (Configuration >
Unified Communications > IM and Presence servers).
Unified Communications > IM and Presence servers).
Discovery, Connectivity and Firewall Issues
■
If using DNS lookup, check that _xmpp-server public DNS records exist for the domains and chat node aliases
of all federated parties, and that they use port 5269.
of all federated parties, and that they use port 5269.
■
Check that port 5269 is open in both directions between the internet and Expressway-E in the DMZ.
■
If the Expressway-C cannot connect to XCP on the Expressway-E remote host:
—
Check that the firewall has not blocked port 7400.
—
If the Expressway-E is running dual network interfaces, ensure that the traversal zone on the Expressway-C
is connected to the internally-facing interface on the Expressway-E.
is connected to the internally-facing interface on the Expressway-E.
■
Be aware that inbound and outbound connections can be routed through different cluster peers.
Certificates and Secure TLS Connections
If you have configured secure TLS connections, ensure that:
■
Valid server certificates are installed, they are in date and not revoked.
■
Both the remote and local server certificates must contain a valid domain in the Subject Alternative Name
(SAN). This applies even if Require client-side security certificates is disabled.
(SAN). This applies even if Require client-side security certificates is disabled.
77
Cisco Expressway Administrator Guide