Expressway MRA unable to login

Ahmad El-Saka · ‎08-29-2016

Hello,

I'm deploying Expressway for MRA. I'm using dual NIC deployment, the zone between C and E servers are active, the zone to Unified Communications are active. And I have only one domain for inside and outside the network.

The Jabber is working fine on premise, however on login from the internet I'm prompted to accept the certificate of the E server then I receive the message "Cannot locate server".

On the Event log on the C server the following log appears: "traffic_server[15999]: Event="Request Failed" Detail="Access denied" Reason="Host is not in allow list" Host="FQDN of presence server" URL="EPASSoap/service/v90"

Note: the FQDN of the presence server already in the auto configured allow list.

Any ideas where to troubleshoot?

Thanks.

Jonathan Schulenberg · ‎08-29-2016

The certificate error is where I would start, especially since the only way that Jabber can get to that API is through the HTTPS Reverse Proxy on Expressway. Double-check the CN and SAN values in your certs.

Page 22: http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-8/Mobile-Remote-Access-via-Expressway-Deployment-Guide-X8-8.pdf

Ahmad El-Saka · ‎08-30-2016

I'm using Expressway for MRA only I have to federated chat.

I have only one domain that is used for Unified Communications registrations and that's the same domain for all servers (CUCM, Presence, Expressway C & E).

I think CN and SAN values are as it should be.