Cisco Cisco Expressway
n
Check that port 5269 is open in both directions between the internet and Cisco Expressway-E in the DMZ.
n
If the Cisco Expressway-C cannot connect to XCP on the Cisco Expressway-E remote host:
l
Check that the firewall has not blocked port 7400.
l
If the Cisco Expressway-E is running dual network interfaces, ensure that the traversal zone on the
Cisco Expressway-C is connected to the internally-facing interface on the Cisco Expressway-E.
Cisco Expressway-C is connected to the internally-facing interface on the Cisco Expressway-E.
n
Be aware that inbound and outbound connections can be routed through different cluster peers.
n
If the address of an IM and Presence Service node has changed, or a new peer has been added to an IM
and Presence Service cluster, go to
and Presence Service cluster, go to
Configuration > Unified Communications > IM and Presence
Service nodes
and click Refresh Servers. You must then save the updated configuration.
Certificates and Secure TLS Connections
If you have configured secure Transport Layer Security (TLS) connections, ensure that:
n
Valid server certificates are installed, they are in date and not revoked.
n
Both the remote and local server certificates must contain a valid domain in the Subject Alternative Name
(SAN). This applies even if Require client-side security certificates is disabled.
(SAN). This applies even if Require client-side security certificates is disabled.
n
If Require client-side security certificates is enabled, ensure that the server certificate is signed by a CA
and is not locally signed.
and is not locally signed.
n
Certificate Authority (CA) certificates are installed.
n
If you are using group chat over TLS, ensure that the Cisco Expressway-C and Cisco Expressway-E
server certificates include in their list of subject alternate names (using either XMPPAddress or DNS
formats) all of the Chat Node Aliases that are configured on the IM and Presence Service servers.
server certificates include in their list of subject alternate names (using either XMPPAddress or DNS
formats) all of the Chat Node Aliases that are configured on the IM and Presence Service servers.
n
Ensure that compatible security settings (TLS required, optional, no TLS) exist on your system and the
remote federated system.
remote federated system.
See
for more information.
Checking the Event Log
Check the Event Log on the Cisco Expressway-E for XMPP events.
Events related to XMPP federation are tagged with Module="XMPPFederation". There are no XMPP-
related logs on the Cisco Expressway-C.
related logs on the Cisco Expressway-C.
Performing Diagnostic Logging
When performing diagnostic logging (
Maintenance > Diagnostics > Diagnostic logging
), set the
develop.xcp.federation support log (
Maintenance > Diagnostics > Advanced > Support Log
configuration
) to debug level.
Cisco Unified Communications XMPP Federation Deployment Guide (1.4)
Page 20 of 59