04-12-2017 06:11 AM - edited 03-19-2019 12:19 PM
Dear All
I deploy MRA solution but i can't login from outside and this networks logs on EXP-E .Please Help
phone - Network Log
Solved! Go to Solution.
04-13-2017 06:08 PM
Hi,
The logs are in info mode. May be you copied the event logs and pasted here.
Anyways from the screenshot it looks you are missing Expressway series. However you have the traversal server license, so that makes your VM as VCS-E instead of Exp-E which is fine.
But you need to make sure that you must have Cisco supported deployment.
The traversal only supported with Exp-C (Core) and Exp-E (Edge) or VCS-C(control) and VCS-E(Expressway) pair.
You can have Exp-C paired with VCS-E and vice-versa, but it won't be supported by Cisco, however i believe that it must still work. But better to have similar pair.
What setup you have from above ? control with expressway or core with edge ?
Can you attached the diagnostic logs when you try to login?
Regards,
Alok
04-12-2017 08:10 AM
Is login working internally?
Do you have any alerts in either expressway?
Have you deployed MRA before?
Versions?
04-12-2017 08:24 AM
HI Jaime
yes we can login internally success
There's alarm on EXP-C
exp-c - Alarms
04-12-2017 08:27 AM
And Traversal zone is OK and active .
anf FW allows all traffic
04-12-2017 08:36 AM
You never mentioned the versions you're using.
I had a similar issue, make sure to go to your UC servers and refresh them, make sure no errors come from that.
Then if you have not rebooted the boxes, reboot exp-e, wait until if fully comes up, and give it 5-10 minutes before rebooting exp-c.
This fixed the same alarm in my lab, I already had MRA working fine, but got that alarm after upgrading to x8.9.2 and was not able to use phone services.
04-13-2017 07:20 AM
HI Jaime
Thanks for your help.
kindly be informed SSH tunnel issue has been solved after applied your recommendation ..
But we still have error 403 forbidden issue .
kindly find attached EXP-E logs and EXP-C .
also we noted that we have missing in license as appeared on attached file ,could it cause this issue ??
04-13-2017 10:21 AM
Yes, you need the right licensing, what does it say on top of the web page??
Do you see expressway-C and expressway-E?? If not, then you certainly have a problem with licensing
I'll assume that's the EXP-E due to the name of the file, you need the expressway series license and the traversal server license.
07-07-2017 11:11 AM
Hello Jaime,
I have this similar issue.In my own case ,i had performed the above steps before i read your post. I upgraded five days ago and there was no issue.I encountered the issue yesterday and i rebooted the exp e and exp c. The alarm disappeared but re-occurred today.
I am thinking of re-issuing new certificates. what do you think?
04-13-2017 04:30 AM
If you have upgraded from prior to x8.8 then it could be possible you don't have an reverse lookup entry for Expressway edge server on internal DNS causing the SSH tunnel to break. Even though your UC traversal zone is up SSH tunnel will be borken.
Second error 403 forbidden could be related to domain. make sure MRA login domain is configured correctly on core. I recently worked to fix a issue for my friend where he wrongly spelled the domain :).
If this is not the case, please attach expressway logs, and i can help you to look at this.
2017-04-12T13:56:20.454+02:00 | traffic_server[1084]: UTCTime="2017-04-12 11:56:20,454" Module="network.http.trafficserver" Level="INFO": Detail="Sending Response" Txn-id="71" Dst-ip="45.107.224.135" Dst-port="47193" Msg="HTTP/1.1 403 Forbidden" |
Rgds,
Alok
04-13-2017 07:14 AM
Hi Alok
Thanks for your help.
kindly be informed SSH tunnel issue has been solved after applied Jaime recommendation in previous Comment .
But we still have error 403 forbidden issue .
kindly find attached EXP-E logs and EXP-C .
also we noted that we have missing in license as appeared on attached file ,could it cause this issue ??
04-13-2017 06:08 PM
Hi,
The logs are in info mode. May be you copied the event logs and pasted here.
Anyways from the screenshot it looks you are missing Expressway series. However you have the traversal server license, so that makes your VM as VCS-E instead of Exp-E which is fine.
But you need to make sure that you must have Cisco supported deployment.
The traversal only supported with Exp-C (Core) and Exp-E (Edge) or VCS-C(control) and VCS-E(Expressway) pair.
You can have Exp-C paired with VCS-E and vice-versa, but it won't be supported by Cisco, however i believe that it must still work. But better to have similar pair.
What setup you have from above ? control with expressway or core with edge ?
Can you attached the diagnostic logs when you try to login?
Regards,
Alok
04-14-2017 11:56 AM
04-15-2017 05:22 AM
Hi Alok
The Main issue now has been solved after we configured the external domain ON EXP-c and active UC services for this Domain.
No i can login through MRA and make calls but no Audio .
I searched about this issue i foud that i must set EXP-C point to Public IP of EXP-E is it right .
But i configured this UC traversal zone and it's active with this setup (EXP_C point to EXP-E Internal IP )
Thanks
04-17-2017 01:12 AM
If you are using a single nic static nat deployment then yes it needs to point to public ip. The media stream goes to public ip and hairpins back in.
However if the deployment type is dual nic with internal nic for communication and external nic with direct public ip or second nic has a private ip Nd nated then you just need to point to internal nic ip-address.
With dual nic keep in mind that default gateway should be of second nic on expressway-e and for any internal communication from exp-e to exp-c muat be routed via static routes on expressway-e, if core and edge are in different subnet.
Another point is you must open the media ports 36000-59999(udp) from external to dmz so that jabber client can stream media to expressway, expressway never initiates media to external clients if client is behind a nat, because expressway see 2 different address.
Regards,
Alok
04-18-2017 05:20 AM
Hi Alok
After configuired EXP-C to point to public ip of EXP-E .
UC traversal zone is active and reachable ,but on EXP-E state is failed and Sip port is active .
and this's network Logs .
and we try to login from outside this error appear
you can't login out of corporation network .
Thanks
Remon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide