Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Mobile Remote Access - Error "403 - Forbidden"

Hello Guys,

I give up! After three days of Troubleshooting, searching for configuration, Certificate excess I have no idea why the MRA on my Testenvironment is not working. I think I made a mistake with the Domains and Certificates which are needed. Here the Facts. The SSH Tunnel between Expressway C and E is up and active. I see in the Logs, that this is working fine. But I always get an error, when some Devices want to connect from external.

External Configuration:

Domain: mbit-s.com

Type

Entry

Resolves To

SRV record

_collab-edge._tls.mbit-s.com

jabber.mbit-s.com

A record

jabber.mbit-s.com

IP address ExpresswayE

Internal Configuration:

Domain UC-Server: int.mbit-s.com
Collab Edge Domain: jabber.mbit-s.com

In my Desperation I made three _cisco-uds._tcp SRVs with all three Domainnames. They are all pointing to the same CUCM.

Type

Entry

Resolves To

SRV record

_cisco-uds._tcp.int.mbit-s.com

_cisco-uds._tcp.jabber.mbit-s.com

_cisco-uds._tcp.mbit-s.com

CUCM Int-Domain

A record

CUCM Int-Domain

IP address CUCM

 

Internal the Login is just working fine (with all three Domains ;)). Presence, Phone all is working.

I also added in the Certificate CSR of the Expressway Edge all three Domainnames (see in the JPG “DNS-Names”). The certificate is able for Server- and Clientauthentication (JPG Key Usage).

Logs from Expressway Edge:

2014-09-25T21:41:49+02:00 Mbit-S-UC14 ashell: Level="INFO" Event="Admin Session Finish" Detail="CLI session" User="" Src-ip="local" Pid="3502" UTCTime="2014-09-25 19:41:49,268"
2014-09-25T21:41:49+02:00 Mbit-S-UC14 tvcs: UTCTime="2014-09-25 19:41:49,268" Module="developer.rshell" Level="INFO" CodeLocation="ppcmains/rshell/rshell.cpp(601)" Method="::rsClientTask" Thread="0x7f17dcb5a700": rshell: Received disconnect from remote.  Shutting down.
2014-09-25T21:41:49+02:00 Mbit-S-UC14 ashell: Level="INFO" Event="Admin Session Start" Detail="CLI session" User="" Src-ip="local" Pid="3526" UTCTime="2014-09-25 19:41:49,617"
2014-09-25T21:41:50+02:00 Mbit-S-UC14 ashell: Level="INFO" Event="Admin Session Finish" Detail="CLI session" User="" Src-ip="local" Pid="3526" UTCTime="2014-09-25 19:41:50,91"
2014-09-25T21:41:50+02:00 Mbit-S-UC14 tvcs: UTCTime="2014-09-25 19:41:50,091" Module="developer.rshell" Level="INFO" CodeLocation="ppcmains/rshell/rshell.cpp(601)" Method="::rsClientTask" Thread="0x7f17dcb5a700": rshell: Received disconnect from remote.  Shutting down.
2014-09-25T21:41:55+02:00 Mbit-S-UC14 traffic_server[25719]: UTCTime="2014-09-25 19:41:55,286" Module="network.http.trafficserver" Level="INFO": Detail="Receive Request" Txn-id="33" Src-ip="88.217.180.198" Src-port="28409" Msg="GET https:///bWJpdC1zLmNvbQ/get_edge_config?service_name=_cisco-uds&service_name=_cuplogin HTTP/1.1"
2014-09-25T21:41:55+02:00 Mbit-S-UC14 traffic_server[25719]: UTCTime="2014-09-25 19:41:55,286" Module="network.http.trafficserver" Level="DEBUG": Detail="Receive Request" Txn-id="33" Src-ip="88.217.180.198" Src-port="28409"
HTTPMSG:
|GET https:///bWJpdC1zLmNvbQ/get_edge_config?service_name=_cisco-uds&service_name=_cuplogin HTTP/1.1
Authorization: xxxxx
Host: jabber.mbit-s.com:8443
Accept: */*
User-Agent: Jabber-iOS-797

|

2014-09-25T21:41:55+02:00 Mbit-S-UC14 traffic_server[25719]: UTCTime="2014-09-25 19:41:55,286" Module="network.http.trafficserver" Level="INFO": Detail="Sending Response" Txn-id="33" Dst-ip="88.217.180.198" Dst-port="28409" Msg="HTTP/1.1 403 Forbidden"
2014-09-25T21:41:55+02:00 Mbit-S-UC14 traffic_server[25719]: UTCTime="2014-09-25 19:41:55,286" Module="network.http.trafficserver" Level="DEBUG": Detail="Sending Response" Txn-id="33" Dst-ip="88.217.180.198" Dst-port="28409"
HTTPMSG:
|HTTP/1.1 403 Forbidden
Date: Thu, 25 Sep 2014 19:41:55 GMT
Connection: close
Server: CE_E
Cache-Control: no-store
Content-Type: text/html
Content-Language: en
Content-Length: 64

 

Does someone else have the same Problem? How did you resolve it?

Thanks a lot!

Kind regards,

DrMxxxxx

Everyone's tags (6)
9 REPLIES

What does Unified

What does Unified communication status say on Exp-C/E?

Please rate useful posts.
Community Member

 It tells me: All is fine, I

 

 

It tells me: All is fine, I think. :)

 

Kind Regards,

DrM

 

Attachment didnt come through

Attachment didnt come through.

Please rate useful posts.
Community Member

Is changed. Thanks. :)

Is changed. Thanks. :)

Are you in hybrid mode? ie do

Are you in hybrid mode? ie do you use WebEx connect instead of Presence servers?

Please rate useful posts.
Community Member

No WebEx Integration or

No WebEx Integration or hybrid. I have a Presence Server.

Community Member

Have you tried adding the

Have you tried adding the <VoiceServicesDomain> to your jabber-config.xml with your external domain? It looks like you have a multi domain deployment correct?

you can test this by creating a jabber-user-config.xml under your c:\users\username\appdata\cisco\unified communications\jabber\csf\config directory.

i also needed to add <ExcludedServices>WEBEX to mine.

http://www.cisco.com/c/en/us/support/docs/unified-communications/expressway-series/117811-configure-vcs-00.html

 

Community Member

Not yet. I think I will test

Not yet. I think I will test it next week and get back with an answer.

Thanks!

Regards,

DrM

Having the same issue here

Having the same issue here with endpoints only though.  My Jabber works fine from the outside.

Thank you,
Justin Ferello
Technical Support Specialist, ScanSource KBZ
1579
Views
0
Helpful
9
Replies
CreatePlease to create content