05-15-2017 03:06 PM - edited 03-19-2019 12:25 PM
I've just installed and configured X8.9.2 single NIC, 1 ASA firewall, CUCM and IM Presence 11.5.1. Traversal zone create and active, no errors! Can retrieve XML using direct and 64Baseencoded links to CUCM/TFTP, but when trying to sign in with Jabber over MRA from internet, get Cannot communicate with server. It only let's me enter username and password, but doesn't sign in. Would really appreciate any help. Thank you!
05-15-2017 09:28 PM
Hi,
Please verify the setup as per the following
http://www.cisco.com/c/en/us/support/docs/unified-communications/expressway/118798-technote-cucm-00.html#anc5
Manish
- Do rate helpful posts -
05-15-2017 11:22 PM
Dear Manish, check as you advised, all is perfect, but still cannot sign in. When I start Jabber for Windows it says, at the beginning "Finding Services...", then after 2-3 seconds, it asks me for Password, then "Sinning in...", after about 1 min, I get "Cannot communicate with the Server". What could be the problem?
05-16-2017 12:52 AM
Next step in that case would be to collect the Jabber problem report and the Expressway diagnostic logs.
Manish
05-16-2017 12:59 AM
Bellow is the log from Expressway-E:
2017-05-16T10:37:51.018+03:00 | traffic_server[2887]: Event="Sending HTTP error response" Status="404" Reason="Not Found" Dst-ip="94.243.69.111" Dst-port="50294" UTCTime="2017-05-16 07:37:51,018" |
2017-05-16T10:37:49.440+03:00 | traffic_server[2887]: Event="Sending HTTP error response" Status="503" Reason="Service Unavailable" Dst-ip="94.243.69.111" Dst-port="50292" UTCTime="2017-05-16 07:37:49,440" |
2017-05-16T10:37:49.440+03:00 | traffic_server[2887]: Event="oauthcb" Detail="SSO access denied" Reason="SSO Disabled" Src-ip="94.243.69.111" Src-port="50292" UTCTime="2017-05-16 07:37:49,440" |
Bellow is the log from Expressway-C:
I've attached, also, the log from Jabber Windows.
05-16-2017 01:13 AM
On the Expressway-C, Status --> Unified Communications, is anything red or down there?
Do you get a prompt to accept a certificate when you try to login?
On the Expressway-C, go to Configuration --> Unified Communications --> IM & Presence Service Nodes --> click on the checkbox for each IM&P server and click ‘refresh servers’
Can you try logging in again post that.
Manish
05-16-2017 01:25 AM
All is green! All is Active and OK! All certificates including Expressway-E, have need signed by the same CA! When I Sign in with Jabber I don't get to accept certificate, I'm immediately prompted to enter the Password. In the logs nothing appears in RED.
I have also attached the Diagnostic logging from Expressway E and C.
05-16-2017 06:48 AM
Is the login working fine internally for this user?
Manish
05-16-2017 07:37 AM
Sure, from inside works perfectly!
05-16-2017 10:17 PM
Thank you so much! Opened a TAC and found that port 5222 (XMPP) was closed on the public IP of Exp-E. All works fine now!!
05-16-2017 04:08 PM
i see something in the log file.
2017-05-16T11:17:19.725+03:00 vcs-c portforwarding: UTCTime="2017-05-16 08:17:19,724" Module="developer.portforwarding.twisted" Level="INFO" CodeLocation="_observer(131)" AMP connection lost (HOST:IPv4Address(TCP, '127.0.0.1', 35068) PEER:IPv4Address(TCP, '127.0.0.1', 8191)) 2017-05-16T11:17:19.725+03:00 vcs-c portforwarding: UTCTime="2017-05-16 08:17:19,725" Module="developer.portforwarding.twisted" Level="INFO" CodeLocation="_observer(131)" AMP connection lost (HOST:IPv4Address(TCP, '127.0.0.1', 35070) PEER:IPv4Address(TCP, '127.0.0.1', 8191))
Can you tell me more about your expressway-edge configuration ? is it a dual nic or single nic ?
please make sure you able to do the reverse dns lookup for the exp-e ip-address, and the response must be the exp-e fqdn.
Regards,
Alok
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide