cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6616
Views
10
Helpful
19
Replies

Failed to login with Jabber from outside through MRA

Remon Adel
Level 1
Level 1

Dear All
I deploy MRA solution but i can't login from outside and this networks logs on EXP-E  .Please Help

phone - Network Log

2017-04-12T14:52:42.703+02:00 traffic_server[1084]: UTCTime="2017-04-12 12:52:42,703" Module="network.http.trafficserver" Level="INFO": Detail="Sending Response" Txn-id="87" Dst-ip="45.107.224.135" Dst-port="47238" Msg="HTTP/1.1 403 Forbidden"
2017-04-12T14:52:42.702+02:00 traffic_server[1084]: UTCTime="2017-04-12 12:52:42,702" Module="network.http.trafficserver" Level="INFO": Detail="Receive Request" Txn-id="87" Src-ip="45.107.224.135" Src-port="47238" Msg="GET https:///aXRjZWd5cHQuZWc/get_edge_config?service_name=_cisco-uds&service_name=_cuplogin HTTP/1.1"
2017-04-12T14:52:42.235+02:00 traffic_server[1084]: UTCTime="2017-04-12 12:52:42,235" Module="network.http.trafficserver" Level="INFO": Detail="Sending Response" Txn-id="86" Dst-ip="45.107.224.135" Dst-port="47237" Msg="HTTP/1.1 403 Forbidden"
2017-04-12T14:52:42.235+02:00 traffic_server[1084]: UTCTime="2017-04-12 12:52:42,235" Module="network.http.trafficserver" Level="INFO": Detail="Receive Request" Txn-id="86" Src-ip="45.107.224.135" Src-port="47237" Msg="GET https:///aXRjZWd5cHQuZWc/get_edge_config?service_name=_cisco-uds&service_name=_cuplogin HTTP/1.1"
2017-04-12T14:46:56.338+02:00 traffic_server[1084]: UTCTime="2017-04-12 12:46:56,338" Module="network.http.trafficserver" Level="INFO": Detail="Sending Response" Txn-id="85" Dst-ip="45.107.224.135" Dst-port="47235" Msg="HTTP/1.1 503 Service Unavailable"
2017-04-12T14:46:56.338+02:00 traffic_server[1084]: UTCTime="2017-04-12 12:46:56,338" Module="network.http.trafficserver" Level="INFO": Detail="Receive Request" Txn-id="85" Src-ip="45.107.224.135" Src-port="47235" Msg="GET https:///oauthcb HTTP/1.1"
2017-04-12T14:46:14.094+02:00 traffic_server[1084]: UTCTime="2017-04-12 12:46:14,094" Module="network.http.trafficserver" Level="INFO": Detail="Sending Response" Txn-id="84" Dst-ip="45.107.224.135" Dst-port="47234" Msg="HTTP/1.1 403 Forbidden"
2017-04-12T14:46:14.094+02:00 traffic_server[1084]: UTCTime="2017-04-12 12:46:14,094" Module="network.http.trafficserver" Level="INFO": Detail="Receive Request" Txn-id="84" Src-ip="45.107.224.135" Src-port="47234" Msg="GET https:///aXRjZWd5cHQuZWc/get_edge_config?service_name=_cisco-uds&service_name=_cuplogin HTTP/1.1"
2017-04-12T14:46:13.313+02:00 traffic_server[1084]: UTCTime="2017-04-12 12:46:13,314" Module="network.http.trafficserver" Level="INFO": Detail="Sending Response" Txn-id="83" Dst-ip="45.107.224.135" Dst-port="47233" Msg="HTTP/1.1 403 Forbidden"
2017-04-12T14:46:13.313+02:00 traffic_server[1084]: UTCTime="2017-04-12 12:46:13,313" Module="network.http.trafficserver" Level="INFO": Detail="Receive Request" Txn-id="83" Src-ip="45.107.224.135" Src-port="47233" Msg="GET https:///aXRjZWd5cHQuZWc/get_edge_config?service_name=_cisco-uds&service_name=_cuplogin HTTP/1.1"
2017-04-12T14:45:45.636+02:00 traffic_server[1084]: UTCTime="2017-04-12 12:45:45,636" Module="network.http.trafficserver" Level="INFO": Detail="Sending Response" Txn-id="82" Dst-ip="45.107.224.135" Dst-port="47232" Msg="HTTP/1.1 503 Service Unavailable"
2017-04-12T14:45:45.636+02:00 traffic_server[1084]: UTCTime="2017-04-12 12:45:45,636" Module="network.http.trafficserver" Level="INFO": Detail="Receive Request" Txn-id="82" Src-ip="45.107.224.135" Src-port="47232" Msg="GET https:///oauthcb HTTP/1.1"
2017-04-12T14:45:35.178+02:00 traffic_server[1084]: UTCTime="2017-04-12 12:45:35,178" Module="network.http.trafficserver" Level="INFO": Detail="Sending Response" Txn-id="81" Dst-ip="45.107.224.135" Dst-port="47231" Msg="HTTP/1.1 403 Forbidden"
2017-04-12T14:45:35.178+02:00 traffic_server[1084]: UTCTime="2017-04-12 12:45:35,178" Module="network.http.trafficserver" Level="INFO": Detail="Receive Request" Txn-id="81" Src-ip="45.107.224.135" Src-port="47231" Msg="GET https:///aXRjZWd5cHQuZWc/get_edge_config?service_name=_cisco-uds&service_name=_cuplogin HTTP/1.1"
2017-04-12T14:45:34.685+02:00 traffic_server[1084]: UTCTime="2017-04-12 12:45:34,685" Module="network.http.trafficserver" Level="INFO": Detail="Sending Response" Txn-id="80" Dst-ip="45.107.224.135" Dst-port="47230" Msg="HTTP/1.1 403 Forbidden"
2017-04-12T14:45:34.685+02:00 traffic_server[1084]: UTCTime="2017-04-12 12:45:34,685" Module="network.http.trafficserver" Level="INFO": Detail="Receive Request" Txn-id="80" Src-ip="45.107.224.135" Src-port="47230" Msg="GET https:///aXRjZWd5cHQuZWc/get_edge_config?service_name=_cisco-uds&service_name=_cuplogin HTTP/1.1"
2017-04-12T14:25:43.294+02:00 traffic_server[1084]: UTCTime="2017-04-12 12:25:43,294" Module="network.http.trafficserver" Level="INFO": Detail="Sending Response" Txn-id="79" Dst-ip="45.107.224.135" Dst-port="47226" Msg="HTTP/1.1 403 Forbidden"
2017-04-12T14:25:43.294+02:00 traffic_server[1084]: UTCTime="2017-04-12 12:25:43,294" Module="network.http.trafficserver" Level="INFO": Detail="Receive Request" Txn-id="79" Src-ip="45.107.224.135" Src-port="47226" Msg="GET https:///aXRjZWd5cHQuZWc/get_edge_config?service_name=_cisco-uds&service_name=_cuplogin HTTP/1.1"
2017-04-12T14:25:42.862+02:00 traffic_server[1084]: UTCTime="2017-04-12 12:25:42,862" Module="network.http.trafficserver" Level="INFO": Detail="Sending Response" Txn-id="78" Dst-ip="45.107.224.135" Dst-port="47225" Msg="HTTP/1.1 403 Forbidden"
2017-04-12T14:25:42.862+02:00 traffic_server[1084]: UTCTime="2017-04-12 12:25:42,862" Module="network.http.trafficserver" Level="INFO": Detail="Receive Request" Txn-id="78" Src-ip="45.107.224.135" Src-port="47225" Msg="GET https:///aXRjZWd5cHQuZWc/get_edge_config?service_name=_cisco-uds&service_name=_cuplogin HTTP/1.1"
2017-04-12T14:25:06.190+02:00 traffic_server[1084]: UTCTime="2017-04-12 12:25:06,191" Module="network.http.trafficserver" Level="INFO": Detail="Sending Response" Txn-id="77" Dst-ip="45.107.224.135" Dst-port="47223" Msg="HTTP/1.1 503 Service Unavailable"
2017-04-12T14:25:06.190+02:00 traffic_server[1084]: UTCTime="2017-04-12 12:25:06,190" Module="network.http.trafficserver" Level="INFO": Detail="Receive Request" Txn-id="77" Src-ip="45.107.224.135" Src-port="47223" Msg="GET https:///oauthcb HTTP/1.1"
2017-04-12T14:24:30.042+02:00 traffic_server[1084]: UTCTime="2017-04-12 12:24:30,041" Module="network.http.trafficserver" Level="INFO": Detail="Sending Response" Txn-id="76" Dst-ip="45.107.224.135" Dst-port="47222" Msg="HTTP/1.1 403 Forbidden"
2017-04-12T14:24:30.041+02:00 traffic_server[1084]: UTCTime="2017-04-12 12:24:30,041" Module="network.http.trafficserver" Level="INFO": Detail="Receive Request" Txn-id="76" Src-ip="45.107.224.135" Src-port="47222" Msg="GET https:///aXRjZWd5cHQuZWc/get_edge_config?service_name=_cisco-uds&service_name=_cuplogin HTTP/1.1"
2017-04-12T14:24:29.600+02:00 traffic_server[1084]: UTCTime="2017-04-12 12:24:29,601" Module="network.http.trafficserver" Level="INFO": Detail="Sending Response" Txn-id="75" Dst-ip="45.107.224.135" Dst-port="47221" Msg="HTTP/1.1 403 Forbidden"
2017-04-12T14:24:29.600+02:00 traffic_server[1084]: UTCTime="2017-04-12 12:24:29,600" Module="network.http.trafficserver" Level="INFO": Detail="Receive Request" Txn-id="75" Src-ip="45.107.224.135" Src-port="47221" Msg="GET https:///aXRjZWd5cHQuZWc/get_edge_config?service_name=_cisco-uds&service_name=_cuplogin HTTP/1.1"
2017-04-12T14:22:46.518+02:00 traffic_server[1084]: UTCTime="2017-04-12 12:22:46,518" Module="network.http.trafficserver" Level="INFO": Detail="Sending Response" Txn-id="74" Dst-ip="45.107.224.135" Dst-port="47220" Msg="HTTP/1.1 403 Forbidden"
2017-04-12T14:22:46.518+02:00 traffic_server[1084]: UTCTime="2017-04-12 12:22:46,517" Module="network.http.trafficserver" Level="INFO": Detail="Receive Request" Txn-id="74" Src-ip="45.107.224.135" Src-port="47220" Msg="GET https:///aXRjZWd5cHQuZWc/get_edge_config?service_name=_cisco-uds&service_name=_cuplogin HTTP/1.1"
2017-04-12T14:22:45.749+02:00 traffic_server[1084]: UTCTime="2017-04-12 12:22:45,749" Module="network.http.trafficserver" Level="INFO": Detail="Sending Response" Txn-id="73" Dst-ip="45.107.224.135" Dst-port="47219" Msg="HTTP/1.1 403 Forbidden"
2017-04-12T14:22:45.749+02:00 traffic_server[1084]: UTCTime="2017-04-12 12:22:45,748" Module="network.http.trafficserver" Level="INFO": Detail="Receive Request" Txn-id="73" Src-ip="45.107.224.135" Src-port="47219" Msg="GET https:///aXRjZWd5cHQuZWc/get_edge_config?service_name=_cisco-uds&service_name=_cuplogin HTTP/1.1"
2017-04-12T14:22:37.784+02:00 traffic_server[1084]: UTCTime="2017-04-12 12:22:37,784" Module="network.http.trafficserver" Level="INFO": Detail="Sending Response" Txn-id="72" Dst-ip="45.107.224.135" Dst-port="47217" Msg="HTTP/1.1 503 Service Unavailable"
2017-04-12T14:22:37.784+02:00 traffic_server[1084]: UTCTime="2017-04-12 12:22:37,784" Module="network.http.trafficserver" Level="INFO": Detail="Receive Request" Txn-id="72" Src-ip="45.107.224.135" Src-port="47217" Msg="GET https:///oauthcb HTTP/1.1"
2017-04-12T13:56:20.454+02:00 traffic_server[1084]: UTCTime="2017-04-12 11:56:20,454" Module="network.http.trafficserver" Level="INFO": Detail="Sending Response" Txn-id="71" Dst-ip="45.107.224.135" Dst-port="47193" Msg="HTTP/1.1 403 Forbidden"
2017-04-12T13:56:20.454+02:00 traffic_server[1084]: UTCTime="2017-04-12 11:56:20,454" Module="network.http.trafficserver" Level="INFO": Detail="Receive Request" Txn-id="71" Src-ip="45.107.224.135" Src-port="47193" Msg="GET https:///aXRjZWd5cHQuZWc/get_edge_config?service_name=_cisco-uds&service_name=_cuplogin HTTP/1.1"
1 Accepted Solution

Accepted Solutions

Hi,

The logs are in info mode. May be you copied the event logs and pasted here.

Anyways from the screenshot it looks you are missing Expressway series. However you have the traversal server license, so that makes your VM as VCS-E instead of Exp-E which is fine.

But you need to make sure that you must have Cisco supported deployment.

The traversal only supported with Exp-C (Core) and Exp-E (Edge) or VCS-C(control) and VCS-E(Expressway) pair.

You can have Exp-C paired with VCS-E and vice-versa, but it won't be supported by Cisco, however i believe that it must still work. But better to have similar pair.

What setup you have from above ? control with expressway or core with edge ?

Can you attached the diagnostic logs when you try to login?

Regards,

Alok

View solution in original post

19 Replies 19

Jaime Valencia
Cisco Employee
Cisco Employee

Is login working internally?

Do you have any alerts in either expressway?

Have you deployed MRA before?

Versions?

HTH

java

if this helps, please rate

HI Jaime

yes we can login internally success

There's alarm on  EXP-C 
exp-c - Alarms

Unified Communications SSH tunnel notification failure This system cannot communicate with one or more remote hosts: phone.XXXXXXX.eg Raised Warning Ensure that your firewall allows traffic from the Expressway-C ephemeral ports to 2222 TCP on the Expressway-E

And Traversal zone is OK and active .
anf FW allows all traffic

You never mentioned the versions you're using.

I had a similar issue, make sure to go to your UC servers and refresh them, make sure no errors come from that.

Then if you have not rebooted the boxes, reboot exp-e, wait until if fully comes up, and give it 5-10 minutes before rebooting exp-c.

This fixed the same alarm in my lab, I already had MRA working fine, but got that alarm after upgrading to x8.9.2 and was not able to use phone services.

HTH

java

if this helps, please rate

HI Jaime
Thanks for your help.
kindly be informed SSH tunnel issue has been solved after applied your  recommendation ..

But we still have  error 403 forbidden issue .
kindly find attached EXP-E logs and EXP-C .
also we noted that we have missing in license as appeared on attached file ,could it cause this issue ?? 

Yes, you need the right licensing, what does it say on top of the web page??

Do you see expressway-C and expressway-E?? If not, then you certainly have a problem with licensing

I'll assume that's the EXP-E due to the name of the file, you need the expressway series license and the traversal server license.

HTH

java

if this helps, please rate

Hello Jaime,

I have this similar issue.In my own case ,i had performed the above steps before i read your post. I upgraded  five days ago and there was no issue.I encountered the issue yesterday and i rebooted the exp e and exp c. The alarm disappeared but re-occurred today.

I am thinking of re-issuing new certificates. what do you think?

Alok Jaiswal
Level 4
Level 4

If you have upgraded from prior to x8.8 then it could be possible you don't have an reverse lookup entry for Expressway edge server on internal DNS causing the SSH tunnel to break. Even though your UC traversal zone is up SSH tunnel will be borken.

Second error 403 forbidden could be related to domain. make sure MRA login domain is configured correctly on core. I recently worked to fix a issue for my friend where he wrongly spelled the domain :). 

If this is not the case, please attach expressway logs, and i can help you to look at this.

2017-04-12T13:56:20.454+02:00 traffic_server[1084]: UTCTime="2017-04-12 11:56:20,454" Module="network.http.trafficserver" Level="INFO": Detail="Sending Response" Txn-id="71" Dst-ip="45.107.224.135" Dst-port="47193" Msg="HTTP/1.1 403 Forbidden"

Rgds,

Alok

Hi Alok
Thanks for your help.
kindly be informed SSH tunnel issue has been solved after applied Jaime recommendation in previous Comment .

But we still have  error 403 forbidden issue .
kindly find attached EXP-E logs and EXP-C .
also we noted that we have missing in license as appeared on attached file ,could it cause this issue ?? 

Hi,

The logs are in info mode. May be you copied the event logs and pasted here.

Anyways from the screenshot it looks you are missing Expressway series. However you have the traversal server license, so that makes your VM as VCS-E instead of Exp-E which is fine.

But you need to make sure that you must have Cisco supported deployment.

The traversal only supported with Exp-C (Core) and Exp-E (Edge) or VCS-C(control) and VCS-E(Expressway) pair.

You can have Exp-C paired with VCS-E and vice-versa, but it won't be supported by Cisco, however i believe that it must still work. But better to have similar pair.

What setup you have from above ? control with expressway or core with edge ?

Can you attached the diagnostic logs when you try to login?

Regards,

Alok

Hi Alok 
thanks for your attention and help ,

Our setup is EXP- C and VCS - E ,we configured UC traversal Zone and it's Active between them .

Kindly find diagnostic logs attached when we try to login .

Hi Alok
The Main issue now has been solved after we configured the external domain ON EXP-c and active UC services for this Domain.
No i can login through MRA and make calls but no Audio .
I searched about this issue i foud that i must set EXP-C point to Public IP of EXP-E is it right .
But i configured this UC traversal zone and it's active  with this setup (EXP_C point to EXP-E Internal IP )

Thanks

If you are using a single nic static nat deployment then yes it needs to point to public ip. The media stream goes to public ip and hairpins back in.

However if the deployment type is dual nic with internal nic for communication and external nic with direct public ip or second nic has a private ip Nd nated then you just need to point to internal nic ip-address.

With dual nic keep in mind that default gateway should be of second nic on expressway-e and for any internal communication from exp-e to exp-c muat be routed via static routes on expressway-e, if core and edge are in different subnet.

Another point is you must open the media ports 36000-59999(udp) from external to dmz so that jabber client can stream media to expressway, expressway never initiates media to external clients if client is behind a nat, because expressway see 2 different address. 

Regards,

Alok

Hi Alok

After configuired EXP-C  to point to public ip of EXP-E .
UC traversal zone is active and reachable ,but on EXP-E state is failed and Sip port is active .

and this's network Logs .
and we try to login from outside this error appear 
you can't login out of corporation network .

Thanks
Remon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: