Вы находитесь на странице: 1из 215

Collaboration Edge

Troubleshooting

Collaboration Edge Troubleshooting Philip Smeuninx Technical Leader Services psmeunin@cisco.com BRKCOL-2602

Philip Smeuninx Technical Leader Services psmeunin@cisco.com

BRKCOL-2602

Agenda

Introduction

Mobile and Remote Access

XMPP Federation

B2B

Takeaways

Agenda • Introduction • Mobile and Remote Access • XMPP Federation • B2B • Takeaways
Agenda • Introduction • Mobile and Remote Access • XMPP Federation • B2B • Takeaways
Agenda • Introduction • Mobile and Remote Access • XMPP Federation • B2B • Takeaways

Before we start

Before we start For your reference Tool bookmark Questions
Before we start For your reference Tool bookmark Questions
Before we start For your reference Tool bookmark Questions
Before we start For your reference Tool bookmark Questions

For your reference

Tool bookmark

Questions

Before we start For your reference Tool bookmark Questions
Before we start For your reference Tool bookmark Questions

Mobile and Remote Access

Mobile and Remote Access
Mobile and Remote Access
Mobile and Remote Access

Topology

CUCM

CUP

Internet
Internet

Expressway-C

Topology CUCM CUP Internet Expressway-C Expressway-E  Expressway x8.5  CUCM/CUP 10.5(2)  Jabber for Windows
Expressway-E
Expressway-E

Expressway x8.5

CUCM/CUP 10.5(2)

Jabber for Windows 10.5(2)

CUCM CUP Internet Expressway-C Expressway-E  Expressway x8.5  CUCM/CUP 10.5(2)  Jabber for Windows 10.5(2)
CUCM CUP Internet Expressway-C Expressway-E  Expressway x8.5  CUCM/CUP 10.5(2)  Jabber for Windows 10.5(2)
CUCM CUP Internet Expressway-C Expressway-E  Expressway x8.5  CUCM/CUP 10.5(2)  Jabber for Windows 10.5(2)

ExpressWay Configuration and Troubleshooting

System configuration

Firewall configuration

Certificate configuration and deployment

Traversal zone configuration

UC server discovery

DNS and domain configuration/deployment

and deployment ④ Traversal zone configuration ⑤ UC server discovery ⑥ DNS and domain configuration/deployment
and deployment ④ Traversal zone configuration ⑤ UC server discovery ⑥ DNS and domain configuration/deployment
and deployment ④ Traversal zone configuration ⑤ UC server discovery ⑥ DNS and domain configuration/deployment

Mobile and Remote access

System Configuration

Mobile and Remote access System Configuration
Mobile and Remote access System Configuration
Mobile and Remote access System Configuration

System Configuration

Set Unified Communications mode to ‘Mobile and remote access’ on E and C

Configuration > Unified Communications > Configuration

> Unified Communications > Configuration • Check the Administrator guide for more help on system

Check the Administrator guide for more help on system configuration topics

Unified Communications > Configuration • Check the Administrator guide for more help on system configuration topics
Unified Communications > Configuration • Check the Administrator guide for more help on system configuration topics
Unified Communications > Configuration • Check the Administrator guide for more help on system configuration topics

System configuration - NTP

Each system must be synched with NTP server > System > Time

System configuration - NTP • Each system must be synched with NTP server > System >

System Configuration - NTP

If NTP is not configured and synchronized on ExpressWay-C and ExpressWay-E Jabber Telephony registration to CUCM may not succeed.

Security mechanism based on SIP SERVICE messages.

Expressway-E time-stamps a SERVICE message

Expressway-E sends the SERVICE message to Expressway-C

Expressway-C verifies the SERVICE is received within 60 secs error margin

sends the SERVICE message to Expressway-C ③ Expressway-C verifies the SERVICE is received within 60 secs
sends the SERVICE message to Expressway-C ③ Expressway-C verifies the SERVICE is received within 60 secs
sends the SERVICE message to Expressway-C ③ Expressway-C verifies the SERVICE is received within 60 secs

Mobile and Remote access

Firewall Configuration

Mobile and Remote access Firewall Configuration
Mobile and Remote access Firewall Configuration
Mobile and Remote access Firewall Configuration

Firewall Configuration

What traffic does the firewall need to pass?

HTTPS proxy for secure provisioning of endpoints

SIP/TLS, RTP/SRTP for audio/video media

XCP/XMPP for IM&P for Jabber

HTTPS Services

Traversal Connection between ExpressWay-C and E

ClusterDB change notifications (ssh tunnel)

 HTTPS Services  Traversal Connection between ExpressWay-C and E  ClusterDB change notifications (ssh tunnel)

Firewall Configuration To which ports does this translate?

Port usage: ExpressWay C to Expressway E

Internet
Internet
IM&P CUCM-UDS
IM&P
CUCM-UDS
DMZ ExpressWay E
DMZ
ExpressWay E
Expressway E Internet IM&P CUCM-UDS DMZ ExpressWay E ExpressWay C ExpressWay C ExpressWay E Source Port

ExpressWay C

ExpressWay C ExpressWay E Source Port Listening Port Management Control Inbound and outbound calls Open
ExpressWay C
ExpressWay E
Source Port
Listening Port
Management Control
Inbound and outbound calls
Open Firewall
Private to DMZ
IP Address
IP address of
- ExpressWay C
IP address of
- ExpressWay E
TCP Ue
XMPP (IM and Presence)
TCP 7400
30000 to 35999 *
SSH
TCP Ue
TCP 2222
(HTTP/S tunnels)
30000
to 35999 *
TCP & TLS A
25000 to 29999
TCP & TLS B
SIP signaling
7001
UDP Y C
UDP Y E
SIP media
36000
to 59999 **
36000 to 36011 **
IP Ports

TCP & TLS A = Configurable TCP Outbound ports range

TCP & TLS B = Configurable traversal port for traversal link between Expressway C and Expressway E (i.e. 7001, 7002, etc.)

Ue = Configurable TCP ephemeral port range

Y C = Configurable traversal media ports range (on Expressway

C)

Y E = Configurable multiplexed media ports range (on Expressway E)

traversal media ports range (on Expressway C) Y E = Configurable multiplexed media ports range (on
traversal media ports range (on Expressway C) Y E = Configurable multiplexed media ports range (on
traversal media ports range (on Expressway C) Y E = Configurable multiplexed media ports range (on

Firewall Configuration Where to configure these ports?

ExpressWay C

> System > Administration

ports? • ExpressWay C > System > Administration ExpressWay C ExpressWay E Source Port Listening Port
ExpressWay C ExpressWay E Source Port Listening Port Inbound and outbound calls Private to DMZ
ExpressWay C
ExpressWay E
Source Port
Listening Port
Inbound and outbound calls
Private to DMZ
IP address of
- ExpressWay C
IP address of
- ExpressWay E
XMPP (IM and Presence)
SSH
(HTTP/S tunnels)
TCP & TLS B
SIP signaling
TCP & TLS A
25000 to 29999
7001
UDP Y C
UDP Y E
SIP media
36000 to 59999 **
36000 to 36011 **
TCP Ue TCP 7400 30000 to 35999 * TCP Ue TCP 2222 30000 to 35999
TCP Ue
TCP 7400
30000 to 35999 *
TCP Ue
TCP 2222
30000 to 35999 *

Management Control

Open Firewall

IP Address

** TCP Ue TCP 7400 30000 to 35999 * TCP Ue TCP 2222 30000 to 35999

Firewall Configuration Where to configure these ports?

ExpressWay C

> Protocols > SIP

these ports? • ExpressWay C > Protocols > SIP ExpressWay C ExpressWay E Source Port Listening
ExpressWay C ExpressWay E Source Port Listening Port Management Control Inbound and outbound calls Open
ExpressWay C
ExpressWay E
Source Port
Listening Port
Management Control
Inbound and outbound calls
Open Firewall
Private to DMZ
IP Address
IP address of
- ExpressWay C
IP address of
- ExpressWay E
TCP Ue
XMPP (IM and Presence)
TCP 7400
30000 to 35999 *
SSH
TCP Ue
TCP 2222
(HTTP/S tunnels)
30000 to 35999 *
TCP & TLS A
25000 to 29999
TCP & TLS B
SIP signaling
7001
UDP Y C
UDP Y E
SIP media
36000 to 59999 **
36000 to 36011 **

Firewall Configuration Where to configure these ports?

Firewall Configuration Where to configure these ports? • ExpressWay C > Configuration > Traversal Subzone

ExpressWay C

> Configuration > Traversal Subzone

ExpressWay C ExpressWay E Source Port Listening Port Management Control Inbound and outbound calls Open
ExpressWay C
ExpressWay E
Source Port
Listening Port
Management Control
Inbound and outbound calls
Open Firewall
Private to DMZ
IP Address
IP address of
- ExpressWay C
IP address of
- ExpressWay E
TCP Ue
XMPP (IM and Presence)
TCP 7400
30000 to 35999 *
SSH
TCP Ue
TCP 2222
(HTTP/S tunnels)
30000 to 35999 *
TCP & TLS B
SIP signaling
TCP & TLS A
25000 to 29999
7001
UDP Y C
UDP Y E
SIP media
36000 to 59999 **
36000 to 36011 **

Firewall Configuration Where to configure these ports?

Firewall Configuration Where to configure these ports? • ExpressWay E > Configuration > Zone > Traversal

ExpressWay E

> Configuration > Zone > Traversal Zone

ExpressWay C ExpressWay E Source Port Listening Port Inbound and outbound calls Private to DMZ
ExpressWay C
ExpressWay E
Source Port
Listening Port
Inbound and outbound calls
Private to DMZ
IP address of
IP address of
- ExpressWay C
- ExpressWay E
TCP Ue
XMPP (IM and Presence)
TCP 7400
30000 to 35999 *
SSH
TCP Ue
TCP 2222
(HTTP/S tunnels)
30000 to 35999 *
SIP signaling
TCP & TLS A
25000 to 29999
TCP & TLS B
7001
UDP Y C
UDP Y E
SIP media
36000 to 59999 **
36000 to 36011 **
TLS B 7001 UDP Y C UDP Y E SIP media 36000 to 59999 ** 36000

Management Control

Open Firewall

IP Address

TLS B 7001 UDP Y C UDP Y E SIP media 36000 to 59999 ** 36000

Expressway E Demultiplexing media ports

Small/medium deployment

– Demultiplexing media ports • Small/medium deployment ->Configured Media Demultiplexing ports Default : 2776
– Demultiplexing media ports • Small/medium deployment ->Configured Media Demultiplexing ports Default : 2776

->Configured Media Demultiplexing ports

Default : 2776 (RTP) 2777 (RTCP)

or ->First 2 ports from Traversal Media port range Default : 36000 (RTP) 36001 (RTCP)

Media port range Default : 36000 (RTP) – 36001 (RTCP) 36000-36001 or 2776-2777 ExpressWay E 36000-59999
Media port range Default : 36000 (RTP) – 36001 (RTCP) 36000-36001 or 2776-2777 ExpressWay E 36000-59999

36000-36001

or

2776-2777 ExpressWay E
2776-2777
ExpressWay E

36000-59999

port range Default : 36000 (RTP) – 36001 (RTCP) 36000-36001 or 2776-2777 ExpressWay E 36000-59999 ExpressWay

ExpressWay C

port range Default : 36000 (RTP) – 36001 (RTCP) 36000-36001 or 2776-2777 ExpressWay E 36000-59999 ExpressWay

Expressway E Demultiplexing media ports

For large systems new install

media ports • For large systems new install -> First 12 ports from Traversal Media port

-> First 12 ports from Traversal Media port range

Default : 36000 (RTP) 36011 (RTCP)

Traversal Media port range Default : 36000 (RTP) – 36011 (RTCP) 36000-59999 ExpressWay C 36000-36011 ExpressWay

36000-59999

Traversal Media port range Default : 36000 (RTP) – 36011 (RTCP) 36000-59999 ExpressWay C 36000-36011 ExpressWay

ExpressWay C

36000-36011 ExpressWay E
36000-36011
ExpressWay E
Traversal Media port range Default : 36000 (RTP) – 36011 (RTCP) 36000-59999 ExpressWay C 36000-36011 ExpressWay

Firewall configuration Demultiplex port range after upgrades

Upgrade from x7 to x8.1 -> 50000 50001 System uses port pair from Traversal Media port range

Upgrade from x8.1 (upgraded from x7) to x8.2 -> 50000 50001 Demultiplex port range = retained from previous version and ‘Use configured demultiplexing ports’ is set to Yes

Upgrade from x7 to x8.2 -> 2776 2777 Demultiplex port range = retained from previous version and ‘Use configured demultiplexing ports’ is set to Yes

Demultiplex port range = retained from previous version and ‘Use configured demultiplexing ports’ is set to
Demultiplex port range = retained from previous version and ‘Use configured demultiplexing ports’ is set to
Demultiplex port range = retained from previous version and ‘Use configured demultiplexing ports’ is set to

Firewall Configuration To which ports does this translate?

Port usage: Expressway E to/from Public Internet

• Port usage: Expressway E to/from Public Internet IM&P CUCM-UDS ExpressWay C DMZ Expressway E Internet
IM&P CUCM-UDS
IM&P
CUCM-UDS
ExpressWay C
ExpressWay C

DMZ

to/from Public Internet IM&P CUCM-UDS ExpressWay C DMZ Expressway E Internet Expressway E Source Port Internet

Expressway E

Internet
Internet
Expressway E Source Port Internet SIP UA Listening Port Management Control Outbound to SIP UA
Expressway E
Source Port
Internet SIP UA
Listening Port
Management Control
Outbound to SIP UA in the Internet
Open Firewall
DMZ to Internet
IP Address
Public IP address of
- ExpressWay E
IP address of
- Any (or specific IP)
XMPP (IM and Presence)) Client/Server
N/A
N/A/5269
UDS
N/A
N/A
(Provisioning and Phonebook)
TURN Server Control
N/A
N/A
TLS
25000 to 29999
TLS S
SIP signaling
>= 1024
Media
UDP Y E
36000 to 59999 **
UDP N
>= 1024
IP Ports

N = ExpressWay wait unit it receives media, then it sends its

media to the IP port from which media was received (egress port of the media from the far end non SIP-aware firewall)

S = Source port, typically >=1024

Y E = Configurable traversal media ports range (on Expressway

E)

firewall) S = Source port, typically >=1024 Y E = Configurable traversal media ports range (on
firewall) S = Source port, typically >=1024 Y E = Configurable traversal media ports range (on

Firewall Configuration To which ports does this translate?

Port usage: Expressway E to/from Public Internet

• Port usage: Expressway E to/from Public Internet IM&P CUCM-UDS DMZ Internet ExpressWay E ExpressWay C
IM&P CUCM-UDS
IM&P
CUCM-UDS
DMZ Internet ExpressWay E
DMZ
Internet
ExpressWay E
Internet IM&P CUCM-UDS DMZ Internet ExpressWay E ExpressWay C Expressway C Internet SIP UA Listening Port

ExpressWay C

Expressway C Internet SIP UA Listening Port Source Port Management Control Inbound from SIP UA
Expressway C
Internet SIP UA
Listening Port
Source Port
Management Control
Inbound from SIP UA in the Internet
Open Firewall
Internet to DMZ
IP Address
IP address of
- VCS Expressway
IP address of
- Any (or specific IP)
TCP S
XMPP (IM and Presence)) Client/Server
TCP 5222/5269
>= 1024
UDS
TCP S
TCP 8443
(Provisioning)
>= 1024
UDP S
TURN Server Control
UDP 3478
>= 1024
TLS S
SIP signaling
TLS 5061
>= 1024
UDP N
Media
UDP Y E
36000 to 59999 **
>= 1024
IP Ports

N = ExpressWay wait unit it receives media, then it sends its

media to the IP port from which media was received (egress

port of the media from the far end non SIP-aware firewall)

S = Source port, typically >=1024

Y E = Configurable traversal media ports range (on Expressway/E)

** Default media ports range (X8.1) is 36000 59999 which configurable

traversal media ports range (on Expressway/E) ** Default media ports range (X8.1) is 36000 – 59999
traversal media ports range (on Expressway/E) ** Default media ports range (X8.1) is 36000 – 59999

Firewall Configuration To which ports does this translate?

Port usage: ExpressWay C to Unified CM and IM&P

• Port usage: ExpressWay C to Unified CM and IM&P IM&P CUCM-UDS DMZ ExpressWay E Internet
IM&P CUCM-UDS
IM&P
CUCM-UDS
DMZ ExpressWay E
DMZ
ExpressWay E
Internet
Internet
and IM&P IM&P CUCM-UDS DMZ ExpressWay E Internet ExpressWay C CUCM&CUP System ExpressWay C Listening
and IM&P IM&P CUCM-UDS DMZ ExpressWay E Internet ExpressWay C CUCM&CUP System ExpressWay C Listening

ExpressWay C

CUCM&CUP System ExpressWay C Listening Port Source Port Management Control Private Network Open Firewall N/A
CUCM&CUP System
ExpressWay C
Listening Port
Source Port
Management Control
Private Network
Open Firewall
N/A
IP address of
IP address of
IP Address
- Unified CM
- ExpressWay C
- IM & Presence Server
TCP 7400
TCP Ue
XMPP (IM and Presence)
(IM&P Server)
30000
to 35999 *
UDS – CUCM
SOAP – IM&P
TCP 8443
(CUCM Server, IM&P Server)
TCP Ue
30000
to 35999 *
TCP 6970
TCP Ue
TFTP
(TFTP Server)
30000
to 35999 *
TCP 443
TCP Ue
CUC (Voicemail)
(CUC server)
30000
to 35999 *
IP Ports

Ue = Configurable TCP ephemeral port range

* Default ephemeral ports range (X8.1) for is 30000 35999 which configurable

Configurable TCP ephemeral port range * Default ephemeral ports range (X8.1) for is 30000 – 35999
Configurable TCP ephemeral port range * Default ephemeral ports range (X8.1) for is 30000 – 35999

Dual NIC consideration (advanced networking option)

If option key is added it will add a second LAN (LAN 2)

This will result in following default configuration

With following port assignment

will add a second LAN (LAN 2) • This will result in following default configuration •
will add a second LAN (LAN 2) • This will result in following default configuration •

Dual NIC consideration (advanced networking option)

Dual-NIC enabled but not used/connected (only for static NAT) ExpressWay C

will not be able to connect to 7400 for XMPP

ExpressWay C will not be able to connect to 7400 for XMPP • ExpressWay C diagnostic

ExpressWay C diagnostic logs

xwayc XCP_JABBERD[23843]: UTCTime="2015-03-25 17:19:45,843" ThreadID="139747212576512" Module="Jabber" Level="INFO " CodeLocation="mio.c:1109" Detail="Connecting on fd 28 to host '10.48.55.99', port 7400” xwayc XCP_JABBERD[23843]: UTCTime="2015-03-25 17:19:45,847" ThreadID="139747212576512" Module="Jabber" Level="ERROR" CodeLocation="mio.c:1121" Detail="Unable to connect to host '10.48.55.99', port 7400:(111) Connection refused” xwayc XCP_JABBERD[23843]: UTCTime="2015-03-25 17:19:45,847" ThreadID="139747406935808" Module="Jabber" Level="ERROR" CodeLocation="base_connection.cpp:104" Detail="Failed to connect to component jabberd-port-

1.xwayc-coluc-com

Solution : Disable LAN 2 (internal) or connect it physically

connect to component jabberd-port- 1.xwayc-coluc-com ” • Solution : Disable LAN 2 (internal) or connect it
connect to component jabberd-port- 1.xwayc-coluc-com ” • Solution : Disable LAN 2 (internal) or connect it
connect to component jabberd-port- 1.xwayc-coluc-com ” • Solution : Disable LAN 2 (internal) or connect it

Firewall Setup Port Status and Configuration

Maintenance > Tools > Port Usage

Firewall Setup Port Status and Configuration • Maintenance > Tools > Port Usage

HTTP Server Allow list

> Configuration > Unified Communications > Configuration

> Unified Communications > Configuration The hostname or IP address of an on-prem HTTP server that

The hostname or IP address of an on-prem HTTP server that a Jabber client

located outside of the enterprise is allowed to access.

Access is granted when server portion of the client-supplied URI matches the name entered here or resolves via DNS lookup to configured IP.

when server portion of the client-supplied URI matches the name entered here or resolves via DNS
when server portion of the client-supplied URI matches the name entered here or resolves via DNS
when server portion of the client-supplied URI matches the name entered here or resolves via DNS

Mobile and Remote Access

Certificates

Mobile and Remote Access Certificates
Mobile and Remote Access Certificates
Mobile and Remote Access Certificates

Certificates

> Maintenance

> Security Certificate

> Server Certificate

Certificates > Maintenance > Security Certificate > Server Certificate
Certificates > Maintenance > Security Certificate > Server Certificate

Certificates

> Maintenance > Security Certificate > Trusted CA Certificate

Certificates > Maintenance > Security Certificate > Trusted CA Certificate

ExpressWay C Server Certificate

Used with ExpressWay E for traversal zone connection

Used with CUCM when endpoint security mode is Authenticated or Encrypted (TLS transport used)

Must be CA Signed -> Enterprise CA or Public CA

CA Root which issued the certificate must be appended to “Trusted CA certificate” on both ExpressWay’s

CA Root must be uploaded to Callmanager-trust store on every node in the

cluster

on both ExpressWay’s • CA Root must be uploaded to Callmanager-trust store on every node in
on both ExpressWay’s • CA Root must be uploaded to Callmanager-trust store on every node in
on both ExpressWay’s • CA Root must be uploaded to Callmanager-trust store on every node in

Troubleshooting CA Root not uploaded on ExpressWay E

Traversal Zone State Failed

Expressway-C Diagnostics logs (traversal client)

Failed • Expressway-C Diagnostics logs (traversal client) xwayc tvcs: Event="Outbound TLS Negotiation Error"

xwayc tvcs: Event="Outbound TLS Negotiation Error" Service="SIP" Src-ip="10.48.55.98" Src-

port="25016" Dst-ip="10.48.55.99" Dst-port="7001" Detail="tlsv1 alert unknown ca" Protocol="TLS" Common-name="xwaye.coluc.com" Level="1" UTCTime="2014-03-24 17:33:30,872

Expressway Event logs

Level="1" UTCTime="2014-03-24 17:33:30,872 ” • Expressway Event logs

Troubleshooting

CA Root not uploaded on CUCM

Softphone Registration fails (other will work) when endpoint security settings are authenticated or encrypted

CUCM • Softphone Registration fails (other will work) when endpoint security settings are authenticated or encrypted
CUCM • Softphone Registration fails (other will work) when endpoint security settings are authenticated or encrypted
CUCM • Softphone Registration fails (other will work) when endpoint security settings are authenticated or encrypted

Troubleshooting

CA Root not uploaded on CUCM

ExpressWay-C diagnostic logs

2014-03-24T18:57:37+00:00 xwayc tvcs: Event="Outbound TLS Negotiation Error"

Service="SIP" Src-ip="10.48.55.98" Src-port="25264" Dst-ip="10.48.55.96" Dst-port="5061" Detail="tlsv1 alert unknown ca" Protocol="TLS" Common-name="COLCM9PUB.coluc.com"

Level="1" UTCTime="2014-03-24 18:57:37,777”

Expressway-C event logs

Level="1" UTCTime="2014-03- 24 18:57:37,777” • Expressway-C event logs

ExpressWay C Certificate Requirements

Extended Key Usage

- TLS Web Server Authentication

- TLS Web Client Authentication

SAN elements configured with :

- FQDN Expressway C

- IM and Presence chat node alias

- Unified CM Security Profile names

SAN elements configured with : - FQDN Expressway C - IM and Presence chat node alias
SAN elements configured with : - FQDN Expressway C - IM and Presence chat node alias
SAN elements configured with : - FQDN Expressway C - IM and Presence chat node alias

ExpressWay C Certificate Requirements

Expressway C

CUP

ExpressWay C – Certificate Requirements Expressway C CUP

ExpressWay C Certificate Requirements

ExpressWay C – Certificate Requirements Expressway C CUCM

Expressway C

CUCM

ExpressWay C – Certificate Requirements Expressway C CUCM

Troubleshooting

Security Profile added as SAN (CUCM trace)

SIPTcp - Connection Indication - Listen Port = 5061, Peer Port = 25002

SIPTcp - wait_SdlReadRsp: Incoming SIP TCP message from 10.48.55.98 on port 25002 index 10 with 2994

bytes:[53,NET]

REGISTER sip:COLCM9PUB SIP/2.0…

//SIP/SIPHandler/ccbId=0/scbId=0/wait_SIPCertificateInd: could not find a trunk device using address or

x509SubjectName calling findSIPStationInit

//SIP/SIPHandler/ccbId=0/scbId=0/findDeviceByX509Subject: x509Subject:xwayc.coluc.com, port:5061 //SIP/SIPHandler/ccbId=25/scbId=0/findDevicePID: Routed to SIPStationInit

SIPStationInit: connId=10, CSFEWAYJ, 10.48.55.98:5061, Incoming register request received over TLS. Subject=[/C=BE/ST=BRABANT/L=DIEGEM/O=CISCO/OU=TAC/CN=xwayc.coluc.com]

SIPStationD(9) - validTLSConnection:TLS InvalidX509NameInCertificate, Rcvd=xwayc.coluc.com, Expected=CSFEWAYJ. Will check SAN the next

SIPStationD(9) - validTLSConnection: Found matching SAN, SAN Rcvd=xwayc.coluc.com;conference-2- ecup9.coluc.com;csf-secure, Expected=csf-secure

Found matching SAN , SAN Rcvd= xwayc.coluc.com;conference-2- ecup9.coluc.com; csf-secure , Expected= csf-secure
Found matching SAN , SAN Rcvd= xwayc.coluc.com;conference-2- ecup9.coluc.com; csf-secure , Expected= csf-secure
Found matching SAN , SAN Rcvd= xwayc.coluc.com;conference-2- ecup9.coluc.com; csf-secure , Expected= csf-secure

Troubleshooting

Security Profile not added as SAN (CUCM trace)

SIPTcp - Connection Indication - Listen Port = 5061, Peer Port = 25004

SIPTcp - wait_SdlReadRsp: Incoming SIP TCP message from 10.48.55.98 on port 25004 index 10 with 2994

bytes:[53,NET]

REGISTER sip:COLCM9PUB SIP/2.0…

//SIP/SIPHandler/ccbId=0/scbId=0/wait_SIPCertificateInd: could not find a trunk device using address or

x509SubjectName calling findSIPStationInit

//SIP/SIPHandler/ccbId=0/scbId=0/findDeviceByX509Subject: x509Subject:xwayc.coluc.com, port:5061 //SIP/SIPHandler/ccbId=25/scbId=0/findDevicePID: Routed to SIPStationInit

SIPStationInit: connId=10, CSFEWAYJ, 10.48.55.98:5061, Incoming register request received over TLS. Subject=[/C=BE/ST=BRABANT/L=DIEGEM/O=CISCO/OU=TAC/CN=xwayc.coluc.com]

SIPStationD(3) - validTLSConnection:TLS InvalidX509NameInCertificate, Rcvd=xwayc.coluc.com, Expected=CSFEWAYJ. Will check SAN the next

SIPStationD(3) - validTLSConnection:TLS InvalidX509NameInCertificate Error , did not find matching SAN either, Rcvd=xwayc.coluc.com;conference-2-ecup9.coluc.com, Expected=csf-secure

Error , did not find matching SAN either , Rcvd=xwayc.coluc.com;conference-2-ecup9.coluc.com, Expected=csf-secure
Error , did not find matching SAN either , Rcvd=xwayc.coluc.com;conference-2-ecup9.coluc.com, Expected=csf-secure
Error , did not find matching SAN either , Rcvd=xwayc.coluc.com;conference-2-ecup9.coluc.com, Expected=csf-secure

Troubleshooting Security Profile not added as SAN (CUCM trace)

Troubleshooting Security Profile not added as SAN (CUCM trace)
Troubleshooting Security Profile not added as SAN (CUCM trace)
Troubleshooting Security Profile not added as SAN (CUCM trace)

ExpressWay E Server Certificate

Used with ExpressWay C for traversal zone connection

Used with foreign domains for XMPP Federation

Must be CA Signed

Public CA

CA Root which issued the certificate must be appended to “Trusted CA certificate” on both ExpressWay’s

CA • CA Root which issued the certificate must be appended to “Trusted CA certificate” on
CA • CA Root which issued the certificate must be appended to “Trusted CA certificate” on
CA • CA Root which issued the certificate must be appended to “Trusted CA certificate” on

ExpressWay E Certificate Requirements

Extended Key Usage

- TLS Web Server Authentication

- TLS Web Client Authentication

SAN elements configured with :

- Unified CM Registration domains (incl. voiceservices domains)

- IM and Presence chat node alias

- XMPP Domain

with : - Unified CM Registration domains (incl. voiceservices domains) - IM and Presence chat node
with : - Unified CM Registration domains (incl. voiceservices domains) - IM and Presence chat node
with : - Unified CM Registration domains (incl. voiceservices domains) - IM and Presence chat node

ExpressWay E Certificate Requirements

Expressway C

ExpressWay E – Certificate Requirements Expressway C Expressway E

Expressway E

ExpressWay E – Certificate Requirements Expressway C Expressway E

Troubleshooting CA root not uploaded to ExpressWay C

Traversal Zone State

root not uploaded to ExpressWay C • Traversal Zone State • ExpressWay E diagnostic logs xwaye

ExpressWay E diagnostic logs

xwaye tvcs: Event="Inbound TLS Negotiation Error" Service="SIP" Src-ip="10.48.55.98" Src-

port="25006" Dst-ip="10.48.55.99" Dst-port="7001" Detail="tlsv1 alert unknown ca" Protocol="TLS" Level="1" UTCTime="2014-03-25 09:52:36,680”

ExpressWay E event logs

ca " Protocol="TLS" Level="1" UTCTime="2014-03- 25 09:52:36,680” • ExpressWay E event logs
Bookmark X8.5 Tool • Secure traversal test Expressway C

Bookmark X8.5 Tool

Secure traversal test Expressway C

Bookmark X8.5 Tool • Secure traversal test Expressway C
Bookmark X8.5 Tool • Secure traversal test Expressway C

Mobile and Remote Access

Unified Communications Traversal Zone

Mobile and Remote Access Unified Communications Traversal Zone
Mobile and Remote Access Unified Communications Traversal Zone
Mobile and Remote Access Unified Communications Traversal Zone

Unified Communications Traversal Zone

Expressway-E is traversal server in DMZ

Expressway-C is traversal client inside the network

Establish traversal link between both using traversal zone configuration

Enterprise Network

DMZ

Outside Network

Internet Expressway-C Traversal Client Expressway-E Traversal Server Endpoint B Traversal Link Management Signal
Internet
Expressway-C
Traversal Client
Expressway-E
Traversal Server
Endpoint B
Traversal Link Management
Signal
Media Payload
Endpoint A

CUCM

Client Expressway-E Traversal Server Endpoint B Traversal Link Management Signal Media Payload Endpoint A CUCM

UC Traversal Zone

ExpressWay E Traversal Server

»
»
UC Traversal Zone ExpressWay E – Traversal Server » • Select Type : Unified Communications traversal

Select Type : Unified Communications

traversal

Configure username to be used by Traversal

Client to authenticate with server

Port is default 7001, listening port for

traversal client connection

Must match CN or SAN from Certificate presented by Traversal Client

(ExpressWay C)

for traversal client connection • Must match CN or SAN from Certificate presented by Traversal Client
for traversal client connection • Must match CN or SAN from Certificate presented by Traversal Client

UC Traversal Zone

ExpressWay E Traversal Server

Traversal Zone Status

Traversal Zone ExpressWay E – Traversal Server • Traversal Zone Status • Connection status with Traversal

Connection status with Traversal Client

Traversal Zone ExpressWay E – Traversal Server • Traversal Zone Status • Connection status with Traversal
Traversal Zone ExpressWay E – Traversal Server • Traversal Zone Status • Connection status with Traversal

UC Traversal Zone ExpressWay C Traversal Client

UC Traversal Zone ExpressWay C – Traversal Client • Select ‘Unified Communications Traversal’ as Type •

Select ‘Unified Communications Traversal’ as Type

Configure same username and

password as added on the Traversal Server (Expressway E)

Destination port Traversal Server is listening on

and password as added on the Traversal Server (Expressway E) • Destination port Traversal Server is
and password as added on the Traversal Server (Expressway E) • Destination port Traversal Server is

UC Traversal Zone ExpressWay C Traversal Client

UC Traversal Zone ExpressWay C – Traversal Client Must resolve to Public IP address Expressway E
UC Traversal Zone ExpressWay C – Traversal Client Must resolve to Public IP address Expressway E

Must resolve to Public IP address Expressway E when single NIC deployment

to Public IP address Expressway E when single NIC deployment • Must be FQDN (*) •

Must be FQDN (*)

Must match CN or SAN from Certificate presented by

Expressway E

E when single NIC deployment • Must be FQDN (*) • Must match CN or SAN
E when single NIC deployment • Must be FQDN (*) • Must match CN or SAN

Troubleshooting Peer Address not matching CN

Peer Address configured as IP address

not matching CN • Peer Address configured as IP address • ExpressWay C diagnostic logs 2014-03-25T14:08:16+00:00

ExpressWay C diagnostic logs

2014-03-25T14:08:16+00:00 xwayc tvcs: Event="Outbound TLS Negotiation Error" Service="SIP" Src-ip="10.48.55.98" Src-port="25697" Dst-ip="10.48.55.99" Dst-port="7001" Detail="Peer's TLS certificate identity was unacceptable" Protocol="TLS" Common- name="10.48.55.99" Level="1" UTCTime="2014-03-25 14:08:16,699”

ExpressWay C Event logs

name="10.48.55.99" Level="1" UTCTime="2014-03- 25 14:08:16,699” • ExpressWay C Event logs

Troubleshooting Peer Address not matching CN

Peer Address/FQDN not matching CN

not matching CN • Peer Address/FQDN not matching CN • ExpressWay C diagnostic logs 2014-03-25T14:16:36+00:00

ExpressWay C diagnostic logs

2014-03-25T14:16:36+00:00 xwayc tvcs: Event="Outbound TLS Negotiation Error" Service="SIP" Src-ip="10.48.55.98" Src-port="25714" Dst-ip="10.48.55.99" Dst-port="7001" Detail="Peer's TLS certificate identity was unacceptable" Protocol="TLS" Common- name="xwy.coluc.com" Level="1" UTCTime="2014-03-25 14:16:36,699"

ExpressWay C Event logs

name="xwy.coluc.com" Level="1" UTCTime="2014-03-25 14:16:36,699" • ExpressWay C Event logs

Troubleshooting Password incorrect

Traversal Client will show for this zone

incorrect • Traversal Client will show for this zone • ExpressWay C diagnostic logs

ExpressWay C diagnostic logs

Module="network.dns" Level="DEBUG": Detail="Sending DNS query" Name="xwaye.coluc.com" Type="A and AAAA” Module="network.dns" Level="DEBUG": Detail="Resolved hostname to: ['IPv4''TCP''10.48.55.99']

(A/AAAA) Number of relevant records retrieved: 1”

Module="network.tcp" Level="DEBUG": Src-ip="10.48.55.98" Src-port="25723" Dst-ip="10.48.55.99" Dst- port="7001" Detail="TCP Connecting” Module="network.tcp" Level="DEBUG": Src-ip="10.48.55.98" Src-port="25723" Dst-ip="10.48.55.99" Dst- port="7001" Detail="TCP Connection Established”

Src-port="25723" Dst-ip="10.48.55.99" Dst- port="7001" Detail="TCP Connection Established”
Src-port="25723" Dst-ip="10.48.55.99" Dst- port="7001" Detail="TCP Connection Established”
Src-port="25723" Dst-ip="10.48.55.99" Dst- port="7001" Detail="TCP Connection Established”

Password incorrect (contd.)

ExpressWay C diagnostics logs

Module="network.sip" Level="DEBUG": Action="Sent" Local-ip="10.48.55.98" Local-port="25723" Dst-ip="10.48.55.99" Dst-port="7001" Msg- SIPMSG:

|OPTIONS sip:10.48.55.99:7001;transport=tls SIP/2.0 . Module="network.sip" Level="DEBUG": Action="Received" Local-ip="10.48.55.98" Local-port="25723" Src-ip="10.48.55.99" Src-port="7001" SIPMSG:

|SIP/2.0 401 Unauthorised

WWW-Authenticate: Digest realm="TraversalZone", nonce="527e7f2a24ff1c54e3e4cd5025f674967e81d2aa9b214fda98cef27f3f82",

opaque="AQAAAPet.

….

Module="network.sip" Level="DEBUG": Action="Sent" Local-ip="10.48.55.98" Local-port="25723" Dst-ip="10.48.55.99" Dst-port="7001" Msg- SIPMSG:

|OPTIONS sip:10.48.55.99:7001;transport=tls SIP/2.0 …. Authorization: Digest nonce="527e7f2a24ff1c54e3e4cd5025f674967e81d2aa9b214fda98cef27f3f82", realm="TraversalZone", opaque="AQAAAPet+0JJTq4cyuB34opHePwV7bkk", algorithm=MD5, uri="sip:10.48.55.99:7001;transport=tls", username="xway", response=”

2014-03-25T14:19:56+00:00 xwayc tvcs: UTCTime="2014-03-25 14:19:56,705" Module="network.sip" Level="DEBUG": Action="Received"

SIPMSG:

|SIP/2.0 401 Unauthorised …. Event="External Server Communications Failure" Reason="gatekeeper timed out" Service="NeighbourGatekeeper" Dst-ip="10.48.55.99" Dst- port="7001" Detail="name:xwaye.coluc.com" Protocol="TCP" Level="1" UTCTime="2014-03-25 14:19:56,705"

Detail="name:xwaye.coluc.com" Protocol="TCP" Level="1" UTCTime="2014-03-25 14:19:56,705"
Detail="name:xwaye.coluc.com" Protocol="TCP" Level="1" UTCTime="2014-03-25 14:19:56,705"
Detail="name:xwaye.coluc.com" Protocol="TCP" Level="1" UTCTime="2014-03-25 14:19:56,705"

Troubleshooting Password incorrect

ExpressWay E diagnostic logs

Module="network.ldap" Level="INFO":

Module="developer.nomodule" Level="WARN" CodeLocation="ppcmains/sip/sipproxy/SipProxyAuthentication.cpp(686)" Method="SipProxyAuthentication::checkDigestSAResponse" Thread="0x7f2485cb0700": calculated response does not

match supplied response, calculatedResponse=769c8f488f71eebdf28b61ab1dc9f5e9,

response=319a0bb365decf98c1bb7b3ce350f6ec

Event="Authentication Failed" Service="SIP" Src-ip="10.48.55.98" Src-port="25723" Detail="Incorrect authentication credential for user" Protocol="TLS" Method="OPTIONS" Level="1”

Detail="Authentication credential found in directory for identity: xway

Method="OPTIONS" Level="1” Detail="Authentication credential found in directory for identity: xway ”
Method="OPTIONS" Level="1” Detail="Authentication credential found in directory for identity: xway ”
Method="OPTIONS" Level="1” Detail="Authentication credential found in directory for identity: xway ”

Troubleshooting Password incorrect

ExpressWay C event log

Troubleshooting Password incorrect • ExpressWay C event log • ExpressWay E event log

ExpressWay E event log

Troubleshooting Password incorrect • ExpressWay C event log • ExpressWay E event log

Mobile and Remote Access

UC Server Discovery

Mobile and Remote Access UC Server Discovery
Mobile and Remote Access UC Server Discovery
Mobile and Remote Access UC Server Discovery

UC Server Discovery

UC Server Discovery
UC Server Discovery

CUCM Server Discovery

Discovers hostname (processnodetable)

Discovers version

Discovers Cluster Security mode (Transport Protocols)

Discovers hostname (processnodetable) • Discovers version • Discovers Cluster Security mode (Transport Protocols)
Discovers hostname (processnodetable) • Discovers version • Discovers Cluster Security mode (Transport Protocols)

CUCM Server Discovery

CUCM Server Discovery HTTPS Expressway C TOMCAT UDS/8443 expwayC.domain1.com colcm10pub.coluc.com Q: What do I enter

HTTPS

CUCM Server Discovery HTTPS Expressway C TOMCAT UDS/8443 expwayC.domain1.com colcm10pub.coluc.com Q: What do I enter

Expressway C

TOMCAT UDS/8443

CUCM Server Discovery HTTPS Expressway C TOMCAT UDS/8443 expwayC.domain1.com colcm10pub.coluc.com Q: What do I enter

expwayC.domain1.com

colcm10pub.coluc.com

C TOMCAT UDS/8443 expwayC.domain1.com colcm10pub.coluc.com Q: What do I enter here? A: Depends on TLS verify

Q:

What do I enter here?

A:

Depends on TLS verify setting

UDS/8443 expwayC.domain1.com colcm10pub.coluc.com Q: What do I enter here? A: Depends on TLS verify setting
UDS/8443 expwayC.domain1.com colcm10pub.coluc.com Q: What do I enter here? A: Depends on TLS verify setting
UDS/8443 expwayC.domain1.com colcm10pub.coluc.com Q: What do I enter here? A: Depends on TLS verify setting

CUCM Server Discovery TLS verify mode

CUCM Server Discovery – TLS verify mode TLS verify mode = On Publisher address = FQDN,

TLS verify mode = On

Server Discovery – TLS verify mode TLS verify mode = On Publisher address = FQDN, MUST

Publisher address = FQDN, MUST match CN TOMCAT Certificate Publisher (*)

– TLS verify mode TLS verify mode = On Publisher address = FQDN, MUST match CN
– TLS verify mode TLS verify mode = On Publisher address = FQDN, MUST match CN
– TLS verify mode TLS verify mode = On Publisher address = FQDN, MUST match CN

CUCM Server Discovery TLS verify mode

CUCM Server Discovery – TLS verify mode TLS verify mode = On OR (*) Publisher address

TLS verify mode = On

Server Discovery – TLS verify mode TLS verify mode = On OR (*) Publisher address =

OR (*) Publisher address = FQDN MUST match SAN TOMCAT Certificate Publisher

mode = On OR (*) Publisher address = FQDN MUST match SAN TOMCAT Certificate Publisher (*)

(*) Only valid statement RFC 6125

mode = On OR (*) Publisher address = FQDN MUST match SAN TOMCAT Certificate Publisher (*)
mode = On OR (*) Publisher address = FQDN MUST match SAN TOMCAT Certificate Publisher (*)

CUCM Server Discovery TLS verify mode

CUCM Server Discovery – TLS verify mode TLS verify mode = On CA Certificate must be
CUCM Server Discovery – TLS verify mode TLS verify mode = On CA Certificate must be
CUCM Server Discovery – TLS verify mode TLS verify mode = On CA Certificate must be

TLS verify mode = On

CA Certificate must be uploaded ‘Trusted CA certificate’ list Expressway C

– TLS verify mode TLS verify mode = On CA Certificate must be uploaded ‘Trusted CA

CUCM Server Discovery TLS verify mode

CUCM Server Discovery – TLS verify mode TLS verify mode = Off No requirements for TOMCAT
CUCM Server Discovery – TLS verify mode TLS verify mode = Off No requirements for TOMCAT

TLS verify mode = Off

No requirements for

TOMCAT Certificate Publisher

CUCM Server Discovery – TLS verify mode TLS verify mode = Off No requirements for TOMCAT

CUCM Server Discovery Zone Configuration

Auto-Zone Configuration per node and per transport protocol

Syntax : CEtcp-<UCMName>’ and ‘CEtls-<UCMName>’

per node and per transport protocol • Syntax : ‘ CEtcp-<UCMName >’ and ‘ CEtls-<UCMName >’

CUCM Server Discovery Zone Configuration

TLS verify mode = On

Server Discovery – Zone Configuration TLS verify mode = On ‘TLS verify mode’ Discovery ‘TLS verify
Server Discovery – Zone Configuration TLS verify mode = On ‘TLS verify mode’ Discovery ‘TLS verify

‘TLS verify mode’ Discovery

Server Discovery – Zone Configuration TLS verify mode = On ‘TLS verify mode’ Discovery ‘TLS verify

‘TLS verify mode’ Zone

Server Discovery – Zone Configuration TLS verify mode = On ‘TLS verify mode’ Discovery ‘TLS verify
Server Discovery – Zone Configuration TLS verify mode = On ‘TLS verify mode’ Discovery ‘TLS verify
Server Discovery – Zone Configuration TLS verify mode = On ‘TLS verify mode’ Discovery ‘TLS verify

CUCM Server Discovery Zone Configuration

CUCM Server Discovery – Zone Configuration TLS verify mode = On ‘ CEtls-<UCMName >’ Zone: -

TLS verify mode = On

CEtls-<UCMName>’ Zone:

- TLS Verify mode = On - Peer Address must match CN or SAN from Callmanager certificate

>’ Zone: - TLS Verify mode = On - Peer Address must match CN or SAN
>’ Zone: - TLS Verify mode = On - Peer Address must match CN or SAN

CUCM Server Discovery Zone Configuration

TLS verify mode = Off

Discovery – Zone Configuration TLS verify mode = Off ‘TLS verify mode’ configuration Discovery ‘TLS verify
Discovery – Zone Configuration TLS verify mode = Off ‘TLS verify mode’ configuration Discovery ‘TLS verify

‘TLS verify mode’ configuration Discovery

Configuration TLS verify mode = Off ‘TLS verify mode’ configuration Discovery ‘TLS verify mode’ configuration Zone

‘TLS verify mode’ configuration Zone

Configuration TLS verify mode = Off ‘TLS verify mode’ configuration Discovery ‘TLS verify mode’ configuration Zone
Configuration TLS verify mode = Off ‘TLS verify mode’ configuration Discovery ‘TLS verify mode’ configuration Zone
Configuration TLS verify mode = Off ‘TLS verify mode’ configuration Discovery ‘TLS verify mode’ configuration Zone

CUCM Server Discovery Zone Configuration

CUCM Server Discovery – Zone Configuration
CUCM Server Discovery – Zone Configuration
CUCM Server Discovery – Zone Configuration
CUCM Server Discovery – Zone Configuration
CUCM Server Discovery – Zone Configuration
CUCM Server Discovery – Zone Configuration
CUCM Server Discovery – Zone Configuration

CUCM Server Discovery Search Rule Configuration

1 Search Rule per node per transport protocol Pattern matching for header

– Search Rule Configuration • 1 Search Rule per node per transport protocol • Pattern matching

Troubleshooting - Different server Domain

Troubleshooting - Different server Domain Expressway C expwayC.edge1.com Internal DNS CUCM colcm9pub.coluc.com How does

Expressway C

expwayC.edge1.com
expwayC.edge1.com
- Different server Domain Expressway C expwayC.edge1.com Internal DNS CUCM colcm9pub.coluc.com How does Server

Internal DNS

CUCM

colcm9pub.coluc.com
colcm9pub.coluc.com

How does Server configuration on CUCM impact the discovery?

C expwayC.edge1.com Internal DNS CUCM colcm9pub.coluc.com How does Server configuration on CUCM impact the discovery?

Troubleshooting Different server Domain

Troubleshooting Different server Domain • Status is Active when DNS resolves <hostname>@<domain xway>

Status is Active when DNS resolves <hostname>@<domain xway> or

<hostname>

What when Expressway and CUCM servers are in different domains ?

xway> or <hostname> • What when Expressway and CUCM servers are in different domains ?
xway> or <hostname> • What when Expressway and CUCM servers are in different domains ?
xway> or <hostname> • What when Expressway and CUCM servers are in different domains ?

Troubleshooting - Different server Domain

Expressway C Internal DNS CUCM expwayC.edge1.com colcm9pub.coluc.com
Expressway C
Internal DNS
CUCM
expwayC.edge1.com
colcm9pub.coluc.com
C Internal DNS CUCM expwayC.edge1.com colcm9pub.coluc.com DNS query fails for colcm9pub.edge.com colcm9pub
C Internal DNS CUCM expwayC.edge1.com colcm9pub.coluc.com DNS query fails for colcm9pub.edge.com colcm9pub
C Internal DNS CUCM expwayC.edge1.com colcm9pub.coluc.com DNS query fails for colcm9pub.edge.com colcm9pub

DNS query fails for

colcm9pub.edge.com

colcm9pub

C Internal DNS CUCM expwayC.edge1.com colcm9pub.coluc.com DNS query fails for colcm9pub.edge.com colcm9pub
C Internal DNS CUCM expwayC.edge1.com colcm9pub.coluc.com DNS query fails for colcm9pub.edge.com colcm9pub

Troubleshooting - Different server Domain

How to solve? 1) Use FQDN for server configuration on CCMADMIN

to solve? 1) Use FQDN for server configuration on CCMADMIN 2) Use IP address for server

2) Use IP address for server configuration on CCMADMIN (*)

2) Use IP address for server configuration on CCMADMIN (*) (*) Requires ‘TLS verify mode’ =

(*) Requires ‘TLS verify mode’ = ‘Off’ for mixed-mode configurations

for server configuration on CCMADMIN (*) (*) Requires ‘TLS verify mode’ = ‘Off’ for mixed -mode
for server configuration on CCMADMIN (*) (*) Requires ‘TLS verify mode’ = ‘Off’ for mixed -mode
for server configuration on CCMADMIN (*) (*) Requires ‘TLS verify mode’ = ‘Off’ for mixed -mode

Troubleshooting - Different server Domain

Troubleshooting - Different server Domain When FQDN is returned shows ‘Active’ when xway can DNS resolve

When FQDN is returned shows ‘Active’ when xway can DNS resolve <hostname>@<domain> as configured in CCMADMIN

Here colcm9pub.coluc.com

and colcm9sub1.coluc.com

resolve <hostname>@<domain> as configured in CCMADMIN Here colcm9pub.coluc.com and colcm9sub1.coluc.com
resolve <hostname>@<domain> as configured in CCMADMIN Here colcm9pub.coluc.com and colcm9sub1.coluc.com

Troubleshooting - Different server Domain

Troubleshooting - Different server Domain No DNS query is required as IP address is used. Will

No DNS query is required as IP address is used. Will always show Active

Troubleshooting - Different server Domain No DNS query is required as IP address is used. Will
Troubleshooting - Different server Domain No DNS query is required as IP address is used. Will

Troubleshooting - Self Signed Certificates

TLS verify + Self Signed CCM/Tomcat certificate

When Tomcat cert is uploaded first -> discovery will succeed

When CCM cert is uploaded first -> discovery will fail

TLS verify + Self Signed CCM/Tomcat certificate + Encryption

Either discovery will fail or TLS connections with CUCM will fail

With self-signed certificates use ‘TLS verify mode’ = ‘Off’ and only upload the CUCM cert

with CUCM will fail With self-signed certificates use ‘TLS verify mode’ = ‘Off’ and only upload
with CUCM will fail With self-signed certificates use ‘TLS verify mode’ = ‘Off’ and only upload
with CUCM will fail With self-signed certificates use ‘TLS verify mode’ = ‘Off’ and only upload

Troubleshooting - Single Server Certificate (CCM & TOMCAT)

Expressway disregard CN for identity verification when SAN attributes are

present

RFC 6125 Move from CN-ID to DNS-ID, SRV-ID or URI-ID

With “TLS Verify” mode for HTTPS (discovery) and SIP TLS (edge calls)

CCM and TOMCAT Certificates MUST FQDN SAN = DNS-ID

“TLS Verify” mode for HTTPS (discovery) and SIP TLS (edge calls) CCM and TOMCAT Certificates MUST
“TLS Verify” mode for HTTPS (discovery) and SIP TLS (edge calls) CCM and TOMCAT Certificates MUST
“TLS Verify” mode for HTTPS (discovery) and SIP TLS (edge calls) CCM and TOMCAT Certificates MUST

Troubleshooting - Multi-Server Certificates for UC App Servers

Multi-Server certificates for CUCM/CUP have ‘-ms’ appended to the CN

Certificate will have SAN populated

with all server nodes

Expressway X8.2 + supports multi-server certificates

• Certificate will have SAN populated with all server nodes • Expressway X8.2 + supports multi-server
• Certificate will have SAN populated with all server nodes • Expressway X8.2 + supports multi-server
• Certificate will have SAN populated with all server nodes • Expressway X8.2 + supports multi-server

Troubleshooting - Search Rule matching for Edge/MRA calls

|INVITE sip:2000@cucm10p.coluc.com;user=phone SIP/2.0

Via: SIP/2.0/TLS 10.48.55.93:7001;egress-zone=TraversalUC;branch=…

Via: SIP/2.0/TLS 10.48.55.106:52008;branch=z9hG4bK000073dc;received=10.48.55.106;ingress-zone=CollaborationEdgeZone Call-ID: 0050568a-003a0004-0000592c-00003095@10.48.55.106 CSeq: 101 INVITE Remote-Party-ID: "5445" <sip:5445@cucm10p.coluc.com>;party=calling;id-type=subscriber;privacy=off;screen=yes Contact: <sip:1622b86e-bc3b-fa8c-66d3-2d7a96c892bf@10.48.55.106:52008;transport=tls>;video;bfcp From: "5445" <sip:5445@cucm10p.coluc.com>;tag=0050568a003a000800006fdd-00006fe8 To: <sip:2000@cucm10p.coluc.com> Max-Forwards: 10

To: <sip:2000@cucm10p.coluc.com> Max-Forwards: 10 Route: <sip:cucm10p.coluc.com;transport=tls;lr>
Route: <sip:cucm10p.coluc.com;transport=tls;lr>
Route: <sip:cucm10p.coluc.com;transport=tls;lr>

Record-Route: <sip:proxy-call-id=a8c00915-9391-463a-a99d-fd511ca1ed85@10.48.55.93:7001;transport=tls;lr;zone-id=1>

Record-Route:

Record-Route: <sip:proxy-call-id=a8c00915-9391-463a-a99d-fd511ca1ed85@10.48.55.93:5061;transport=tls;lr> Allow: ACK,BYE,CANCEL,INVITE,NOTIFY,OPTIONS,REFER,REGISTER,UPDATE,SUBSCRIBE,INFO User-Agent: Cisco-CSF

….

Set by client based on :

Device Pool

Device Security mode

User-Agent: Cisco-CSF …. Set by client based on : • Device Pool • Device Security mode

Mobile and Remote Access

DNS and Domain

Mobile and Remote Access DNS and Domain
Mobile and Remote Access DNS and Domain
Mobile and Remote Access DNS and Domain

Domain Configuration ExpressWay C & E DNS Configuration

System > DNS

Domain Configuration ExpressWay C & E – DNS Configuration • System > DNS
Domain Configuration ExpressWay C & E – DNS Configuration • System > DNS
Domain Configuration ExpressWay C & E – DNS Configuration • System > DNS

Domain Configuration ExpressWay C Domain Configuration

> Configurations > Domains

Domain Configuration ExpressWay C – Domain Configuration > Configurations > Domains

Client Service Discovery

Client Service Discovery • Service discovery enables clients and endpoints to automatically detect and locate service.

Service discovery enables clients and endpoints to automatically detect and locate service.

The client/endpoint does query DNS servers to retrieve service (SRV) records that provide the location of servers.

Clients/endpoints outside internal network must be able to resolve

‘_collab-edge

tls.<domain>

with target Expressway E server

Clients/endpoints & ExpressWay C inside the internal network must be able to

resolve _cisco-uds

tcp.<domain>’

SRV record with target CUCM server.

The external DNS may not resolve ‘_cisco-uds

The internal DNS may not resolve ‘_collab-edge

tcp

tls

SRV records

SRV records

not resolve ‘_cisco -uds • The internal DNS may not resolve ‘_ collab-edge tcp ’ tls
not resolve ‘_cisco -uds • The internal DNS may not resolve ‘_ collab-edge tcp ’ tls
not resolve ‘_cisco -uds • The internal DNS may not resolve ‘_ collab-edge tcp ’ tls

ExpressWay Mobile and Remote Access Domain and DNS configuration

Scenario 1

- Flat domain structure

- ExpressWay Servers : domain1.com

- UC servers : domain1.com

- IM&P domain : domain1.com

- UC servers : domain1.com - IM&P domain : domain1.com Jabber Client cup.domain1.com IM&P Domain =

Jabber Client

cup.domain1.com

IM&P Domain =

domain1.com

Jabber Client cup.domain1.com IM&P Domain = domain1.com Expressway E Expressway C Internal DNS CUCM Home UDS
Expressway E
Expressway E

Expressway C

Internal DNS

CUCM Home UDS

IMP Server

External DNS

Expressway C Internal DNS CUCM Home UDS IM & P Server External DNS xwayE.domain1 com xwayC.domain1.com
Expressway C Internal DNS CUCM Home UDS IM & P Server External DNS xwayE.domain1 com xwayC.domain1.com

xwayE.domain1 com

xwayC.domain1.com

Expressway C Internal DNS CUCM Home UDS IM & P Server External DNS xwayE.domain1 com xwayC.domain1.com

cucm.domain1.com

Expressway C Internal DNS CUCM Home UDS IM & P Server External DNS xwayE.domain1 com xwayC.domain1.com

ExpressWay Scenario 1 Domain and DNS configuration

Jabber Client
Jabber Client
Expressway E
Expressway E
1 Domain and DNS configuration Jabber Client Expressway E Expressway C Internal DNS CUCM Home UDS

Expressway C

Internal DNS

CUCM Home UDS

External DNS

E Expressway C Internal DNS CUCM Home UDS External DNS IM & P Server xwayE.domain1 com

IMP Server

C Internal DNS CUCM Home UDS External DNS IM & P Server xwayE.domain1 com xwayC.domain1.com cucm.domain1.com

xwayE.domain1 com

xwayC.domain1.com

cucm.domain1.com

cup.domain1.com

with IM and Presence Domain =

domain1.com

Question : How do I login? Answer : With <userid>@domain1.com

with IM and Presence Domain = domain1.com Question : How do I login? Answer : With
with IM and Presence Domain = domain1.com Question : How do I login? Answer : With
with IM and Presence Domain = domain1.com Question : How do I login? Answer : With

ExpressWay Scenario 1

Domain and DNS configuration

ExpressWay – Scenario 1 Domain and DNS configuration Jabber Client External DNS Expressway E ExpressWay C

Jabber Client

External DNS
External DNS
Expressway E
Expressway E
DNS configuration Jabber Client External DNS Expressway E ExpressWay C Internal DNS CUCM Home UDS IM

ExpressWay C

Jabber Client External DNS Expressway E ExpressWay C Internal DNS CUCM Home UDS IM & P

Internal DNS

CUCM Home UDS

IMP Server

E ExpressWay C Internal DNS CUCM Home UDS IM & P Server expwyE.domain1 com expwyC.domain1.com cucm.domain1.com

expwyE.domain1 com

expwyC.domain1.com

cucm.domain1.com

cup.domain1.com

with IM and Presence Domain =

domain1.com

Question: How is my external DNS configured? Answer:

 

Entry

Resolves to

SRV record ‘_collab-edge

tls.domain1.com’

expwyE.domain1.com port 8443

A record ‘xwayE.domain1.com’

External IP address ExpressWay E

expwyE.domain1.com port 8443 A record ‘xwayE.domain1.com’ External IP address ExpressWay E
expwyE.domain1.com port 8443 A record ‘xwayE.domain1.com’ External IP address ExpressWay E
expwyE.domain1.com port 8443 A record ‘xwayE.domain1.com’ External IP address ExpressWay E

ExpressWay Scenario 1

Domain and DNS configuration

ExpressWay – Scenario 1 Domain and DNS configuration Jabber Client Expressway E ExpressWay C Internal DNS

Jabber Client

Expressway E
Expressway E
1 Domain and DNS configuration Jabber Client Expressway E ExpressWay C Internal DNS CUCM Home UDS
1 Domain and DNS configuration Jabber Client Expressway E ExpressWay C Internal DNS CUCM Home UDS

ExpressWay C

Internal DNS

CUCM Home UDS

Client Expressway E ExpressWay C Internal DNS CUCM Home UDS IM & P Server External DNS

IMP Server

External DNS

C Internal DNS CUCM Home UDS IM & P Server External DNS cucm.domain1.com xwayC.domain1.com cup.domain1.com with

cucm.domain1.com

xwayC.domain1.com

cup.domain1.com

with IM and Presence Domain =

domain1.com

Question: How is my ExpressWay E configured? Answer:

> System > DNS > - System host name ‘xwayE- Domain name ‘domain1.com’

E configured? Answer: > System > DNS > - System host name ‘ xwayE ’ -
E configured? Answer: > System > DNS > - System host name ‘ xwayE ’ -
E configured? Answer: > System > DNS > - System host name ‘ xwayE ’ -

ExpressWay Scenario 1

Domain and DNS configuration

ExpressWay – Scenario 1 Domain and DNS configuration Jabber Client Expressway E xwayE.domain1 com ExpressWay C

Jabber Client

Expressway E xwayE.domain1 com
Expressway E
xwayE.domain1 com
ExpressWay C
ExpressWay C
Jabber Client Expressway E xwayE.domain1 com ExpressWay C Internal DNS CUCM Home UDS IM & P

Internal DNS

CUCM Home UDS

IMP Server

External DNS

C Internal DNS CUCM Home UDS IM & P Server External DNS cucm.domain1.com cup.domain1.com with IM

cucm.domain1.com

cup.domain1.com

with IM and Presence Domain =

domain1.com

Question: How is my ExpressWay C configured?

Answer:

> System > DNS >

- System host name ‘xwayE

- Domain name ‘domain1.com’

> Configuration > Domains >

‘domain1.com’ > Configuration > Domains > - Domain ‘domain1.com’ enabled for: ‘UCM

- Domain ‘domain1.com’ enabled for:

‘UCM registrations’ and ‘IM and Presence’

> Domains > - Domain ‘domain1.com’ enabled for: ‘UCM registrations’ and ‘IM and Presence’
> Domains > - Domain ‘domain1.com’ enabled for: ‘UCM registrations’ and ‘IM and Presence’

ExpressWay Scenario 1 Domain and DNS configuration

ExpressWay – Scenario 1 Domain and DNS configuration Jabber Client Expressway E ExpressWay C Internal DNS

Jabber Client

Expressway E ExpressWay C Internal DNS xwayE.domain1 com xwayC.domain1 com
Expressway E
ExpressWay C
Internal DNS
xwayE.domain1 com
xwayC.domain1 com
C Internal DNS xwayE.domain1 com xwayC.domain1 com CUCM Home UDS IM & P Server External DNS

CUCM Home UDS

DNS xwayE.domain1 com xwayC.domain1 com CUCM Home UDS IM & P Server External DNS cucm.domain1.com

IMP Server

External DNS

xwayC.domain1 com CUCM Home UDS IM & P Server External DNS cucm.domain1.com cup.domain1.com with IM and

cucm.domain1.com

cup.domain1.com

with IM and Presence Domain =

domain1.com

Question: How is my Internal DNS configured?

Answer:

 

Entry

Resolves to

SRV record ‘_cisco-uds

tcp.domain1.com’

cucm.domain1.com port 8443

A record ‘cucm.domain1.com’

IP address CUCM

- uds tcp.domain1.com’ cucm.domain1.com port 8443 A record ‘cucm.domain1.com’ IP address CUCM
- uds tcp.domain1.com’ cucm.domain1.com port 8443 A record ‘cucm.domain1.com’ IP address CUCM
- uds tcp.domain1.com’ cucm.domain1.com port 8443 A record ‘cucm.domain1.com’ IP address CUCM

ExpressWay Scenario 1

Domain and DNS configuration

ExpressWay – Scenario 1 Domain and DNS configuration Jabber Client CUCM Home UDS Expressway E ExpressWay

Jabber Client

CUCM Home UDS
CUCM Home UDS
Expressway E
Expressway E
DNS configuration Jabber Client CUCM Home UDS Expressway E ExpressWay C Internal DNS IM & P

ExpressWay C

Internal DNS

IMP Server

External DNS

E ExpressWay C Internal DNS IM & P Server External DNS xwayC.domain1 com xwayE.domain1 com cup.domain1.com
xwayC.domain1 com
xwayC.domain1 com

xwayE.domain1 com

cup.domain1.com

with IM and Presence Domain =

domain1.com

Question: How is my CUCM configured? Answer:

> CCMADMIN > System > Server - Server with hostname ‘cucm’ > CLI ‘set network domain ‘domain1.com’

> System > Server - Server with hostname ‘ cucm ’ > CLI ‘ set network
> System > Server - Server with hostname ‘ cucm ’ > CLI ‘ set network
> System > Server - Server with hostname ‘ cucm ’ > CLI ‘ set network

ExpressWay Scenario 1

Domain and DNS configuration

ExpressWay – Scenario 1 Domain and DNS configuration Jabber Client IM&P Server Expressway E ExpressWay C

Jabber Client

IM&P Server
IM&P Server
Expressway E
Expressway E
DNS configuration Jabber Client IM&P Server Expressway E ExpressWay C Internal DNS CUCM Home UDS External

ExpressWay C

Internal DNS

CUCM Home UDS

External DNS

E ExpressWay C Internal DNS CUCM Home UDS External DNS xwayE.domain1 com xwayC.domain1 com cucm.domain1.com

xwayE.domain1 com

xwayC.domain1 com cucm.domain1.com
xwayC.domain1 com
cucm.domain1.com

Question: How is my CUP configured? Answer:

> CUPAdmin > Clustertopology

- Node configuration with ‘cup.domain1.com

- IM and Presence Domain with ‘domain1.com’

> Clustertopology - Node configuration with ‘cup.domain1.com - IM and Presence Domain with ‘domain1.com’
> Clustertopology - Node configuration with ‘cup.domain1.com - IM and Presence Domain with ‘domain1.com’
> Clustertopology - Node configuration with ‘cup.domain1.com - IM and Presence Domain with ‘domain1.com’

ExpressWay Mobile and Remote Access

Domain and DNS configuration

Scenario 2 - Mixed domain structure

- Expressway servers : domain2.com

- UC and CUP servers : domain1.com

- IM&P domain : domain1.com

cup.domain1.com

IM&P Domain =

domain1.com

: domain1.com cup.domain1.com IM&P Domain = domain1.com Jabber Client Expressway E Expressway C Internal DNS CUCM

Jabber Client

cup.domain1.com IM&P Domain = domain1.com Jabber Client Expressway E Expressway C Internal DNS CUCM Home UDS
Expressway E
Expressway E

Expressway C

Internal DNS

CUCM Home UDS

IMP Server

External DNS

Expressway C Internal DNS CUCM Home UDS IM & P Server External DNS xwayE.domain2 com xwayC.domain2.com

xwayE.domain2 com

xwayC.domain2.com

cucm.domain1.com

Expressway C Internal DNS CUCM Home UDS IM & P Server External DNS xwayE.domain2 com xwayC.domain2.com
Expressway C Internal DNS CUCM Home UDS IM & P Server External DNS xwayE.domain2 com xwayC.domain2.com
Expressway C Internal DNS CUCM Home UDS IM & P Server External DNS xwayE.domain2 com xwayC.domain2.com

ExpressWay Scenario 2

Domain and DNS configuration

Jabber Client
Jabber Client
Expressway E
Expressway E
2 Domain and DNS configuration Jabber Client Expressway E Expressway C Internal DNS CUCM Home UDS

Expressway C

Internal DNS

CUCM Home UDS

External DNS

E Expressway C Internal DNS CUCM Home UDS External DNS IM & P Server xwayE. domain2

IMP Server

C Internal DNS CUCM Home UDS External DNS IM & P Server xwayE. domain2 com xwayC.domain2.com

xwayE.domain2 com

xwayC.domain2.com

cucm.domain1.com

cup.domain1.com

with IM and Presence Domain =

domain1.com

Question : How do I login?

Answer :

- With <userid>@domain1.com (*)

- jabber-config.xml has ‘voiceservicesdomain’ set to domain2.com

Answer : - With <userid>@domain1.com (*) - jabber-config.xml has ‘ voiceservicesdomain ’ set to domain2.com
Answer : - With <userid>@domain1.com (*) - jabber-config.xml has ‘ voiceservicesdomain ’ set to domain2.com
Answer : - With <userid>@domain1.com (*) - jabber-config.xml has ‘ voiceservicesdomain ’ set to domain2.com

ExpressWay Scenario 2

Domain and DNS configuration

ExpressWay – Scenario 2 Domain and DNS configuration Jabber Client External DNS Expressway E ExpressWay C

Jabber Client

External DNS
External DNS
Expressway E
Expressway E
DNS configuration Jabber Client External DNS Expressway E ExpressWay C Internal DNS CUCM Home UDS IM

ExpressWay C

Jabber Client External DNS Expressway E ExpressWay C Internal DNS CUCM Home UDS IM & P

Internal DNS

CUCM Home UDS

IMP Server

E ExpressWay C Internal DNS CUCM Home UDS IM & P Server xwayE.domain2 com xwayC.domain2.com cucm.domain1.com

xwayE.domain2 com

xwayC.domain2.com

cucm.domain1.com

cup.domain1.com

with IM and Presence Domain =

domain1.com

Question: How is my external DNS configured? Answer:

 

Entry

Resolves to

SRV record ‘_collab-edge

tls.domain2.com’

xwayE.domain2.com port 8443

A record ‘xwayE.domain2.com’

External IP address ExpressWay E

xwayE.domain2.com port 8443 A record ‘xwayE.domain2.com’ External IP address ExpressWay E
xwayE.domain2.com port 8443 A record ‘xwayE.domain2.com’ External IP address ExpressWay E
xwayE.domain2.com port 8443 A record ‘xwayE.domain2.com’ External IP address ExpressWay E

ExpressWay Scenario 2

Domain and DNS configuration

ExpressWay – Scenario 2 Domain and DNS configuration Jabber Client External DNS Expressway E ExpressWay C

Jabber Client

External DNS Expressway E
External DNS
Expressway E
DNS configuration Jabber Client External DNS Expressway E ExpressWay C Internal DNS CUCM Home UDS IM
DNS configuration Jabber Client External DNS Expressway E ExpressWay C Internal DNS CUCM Home UDS IM

ExpressWay C

Jabber Client External DNS Expressway E ExpressWay C Internal DNS CUCM Home UDS IM & P

Internal DNS

CUCM Home UDS

IMP Server

E ExpressWay C Internal DNS CUCM Home UDS IM & P Server xwayC.domain1.com cucm.domain1.com cup.domain1.com with

xwayC.domain1.com

cucm.domain1.com

cup.domain1.com

with IM and Presence Domain =

domain1.com

Question: How is my ExpressWay E configured? Answer:

> System > DNS > - System host name ‘xwayE- Domain name ‘domain2.com’

E configured? Answer: > System > DNS > - System host name ‘ xwayE ’ -
E configured? Answer: > System > DNS > - System host name ‘ xwayE ’ -
E configured? Answer: > System > DNS > - System host name ‘ xwayE ’ -

ExpressWay Scenario 2

Domain and DNS configuration

Expressway E xwayE.domain2 com
Expressway E
xwayE.domain2 com
ExpressWay C
ExpressWay C
configuration Expressway E xwayE.domain2 com ExpressWay C Jabber Client Internal DNS CUCM Home UDS IM &

Jabber Client

Expressway E xwayE.domain2 com ExpressWay C Jabber Client Internal DNS CUCM Home UDS IM & P

Internal DNS

CUCM Home UDS

IMP Server

External DNS

Internal DNS CUCM Home UDS IM & P Server External DNS cucm.domain1.com cup.domain1.com with IM and

cucm.domain1.com

cup.domain1.com

with IM and Presence Domain =

domain1.com

Question: How is my ExpressWay C configured?

Answer:

> System > DNS >

- System host name ‘xwayC

- Domain name ‘domain2.com’

> Configuration > Domains >

- Domain ‘domain1.com’ enabled for ‘UCM registrations’ and ‘IM and Presence’

- Domain ‘domain2.com’ enabled for ‘UCM registrations’ and ‘IM and Presence’

and ‘IM and Presence’ - Domain ‘domain2.com’ enabled for ‘UCM registrations’ and ‘IM and Presence’
and ‘IM and Presence’ - Domain ‘domain2.com’ enabled for ‘UCM registrations’ and ‘IM and Presence’
and ‘IM and Presence’ - Domain ‘domain2.com’ enabled for ‘UCM registrations’ and ‘IM and Presence’

ExpressWay Scenario 2

Domain and DNS configuration

ExpressWay – Scenario 2 Domain and DNS configuration Jabber Client Expressway E ExpressWay C Internal DNS

Jabber Client

Expressway E ExpressWay C Internal DNS xwayE.domain2.com xwayC.domain2.com
Expressway E
ExpressWay C
Internal DNS
xwayE.domain2.com
xwayC.domain2.com
C Internal DNS xwayE.domain2.com xwayC.domain2.com CUCM Home UDS IM & P Server External DNS cucm.domain1.com
C Internal DNS xwayE.domain2.com xwayC.domain2.com CUCM Home UDS IM & P Server External DNS cucm.domain1.com

CUCM Home UDS

IMP Server

External DNS

xwayC.domain2.com CUCM Home UDS IM & P Server External DNS cucm.domain1.com cup.domain1.com with IM and Presence

cucm.domain1.com

cup.domain1.com

with IM and Presence Domain =

domain1.com

Question: How is my Internal DNS configured?

Answer:

 

Entry

Resolves to

SRV record ‘_cisco-uds

tcp.domain2.com’

cucm.domain1.com port 8443

A record ‘cucm.domain1.com’

IP address CUCM

- uds tcp.domain2.com’ cucm.domain1.com port 8443 A record ‘cucm.domain1.com’ IP address CUCM
- uds tcp.domain2.com’ cucm.domain1.com port 8443 A record ‘cucm.domain1.com’ IP address CUCM
- uds tcp.domain2.com’ cucm.domain1.com port 8443 A record ‘cucm.domain1.com’ IP address CUCM

ExpressWay Scenario 2

Domain and DNS configuration

ExpressWay – Scenario 2 Domain and DNS configuration Jabber Client CUCM Home UDS Expressway E ExpressWay

Jabber Client

CUCM Home UDS
CUCM Home UDS
Expressway E
Expressway E
DNS configuration Jabber Client CUCM Home UDS Expressway E ExpressWay C Internal DNS IM & P

ExpressWay C

Internal DNS

IMP Server

External DNS

E ExpressWay C Internal DNS IM & P Server External DNS xwayC.domain1 com xwayE.domain1 com cup.domain1.com
xwayC.domain1 com
xwayC.domain1 com

xwayE.domain1 com

cup.domain1.com

with IM and Presence Domain =

domain1.com

Question: How is my CUCM configured? Answer:

> CCMADMIN > System > Server - Server with hostname ‘cucm’ > CLI ‘set network domain ‘domain1.com’

> System > Server - Server with hostname ‘ cucm ’ > CLI ‘ set network
> System > Server - Server with hostname ‘ cucm ’ > CLI ‘ set network
> System > Server - Server with hostname ‘ cucm ’ > CLI ‘ set network

ExpressWay Scenario 2

Domain and DNS configuration

ExpressWay – Scenario 2 Domain and DNS configuration Jabber Client IM&P Server Expressway E ExpressWay C

Jabber Client

IM&P Server
IM&P Server
Expressway E
Expressway E
DNS configuration Jabber Client IM&P Server Expressway E ExpressWay C Internal DNS CUCM Home UDS External

ExpressWay C

Internal DNS

CUCM Home UDS

External DNS

E ExpressWay C Internal DNS CUCM Home UDS External DNS cucm.domain1.com xwayE.domain1 com xwayC.domain1 com
cucm.domain1.com
cucm.domain1.com

xwayE.domain1 com

xwayC.domain1 com

Question: How is my CUP configured? Answer:

> CUPAdmin > Clustertopology

- Node configuration with ‘cup.domain1.com

- IM and Presence Domain with ‘domain1.com’

> Clustertopology - Node configuration with ‘cup.domain1.com - IM and Presence Domain with ‘domain1.com’
> Clustertopology - Node configuration with ‘cup.domain1.com - IM and Presence Domain with ‘domain1.com’
> Clustertopology - Node configuration with ‘cup.domain1.com - IM and Presence Domain with ‘domain1.com’

ExpressWay Mobile and Remote Access

Domain and DNS configuration

Scenario 3 - Mixed domain structure

- Expressway servers : domain3.com

- UC and CUP servers : domain2.com

- IM&P domain : domain1.com

cup.domain2.com

IM&P Domain =

domain1.com

: domain1.com cup.domain2.com IM&P Domain = domain1.com Jabber Client Expressway E Expressway C Internal DNS CUCM

Jabber Client

cup.domain2.com IM&P Domain = domain1.com Jabber Client Expressway E Expressway C Internal DNS CUCM Home UDS
Expressway E
Expressway E

Expressway C

Internal DNS

CUCM Home UDS

IMP Server

External DNS

Expressway C Internal DNS CUCM Home UDS IM & P Server External DNS xwayE.domain3 com xwayC.domain3.com

xwayE.domain3 com

xwayC.domain3.com

cucm.domain2.com

Expressway C Internal DNS CUCM Home UDS IM & P Server External DNS xwayE.domain3 com xwayC.domain3.com
Expressway C Internal DNS CUCM Home UDS IM & P Server External DNS xwayE.domain3 com xwayC.domain3.com
Expressway C Internal DNS CUCM Home UDS IM & P Server External DNS xwayE.domain3 com xwayC.domain3.com

ExpressWay Scenario 3

Domain and DNS configuration

Jabber Client
Jabber Client
Expressway E
Expressway E
3 Domain and DNS configuration Jabber Client Expressway E Expressway C Internal DNS CUCM Home UDS

Expressway C

Internal DNS

CUCM Home UDS

External DNS

E Expressway C Internal DNS CUCM Home UDS External DNS IM & P Server xwayE.domain3 com

IMP Server

C Internal DNS CUCM Home UDS External DNS IM & P Server xwayE.domain3 com xwayC.domain3.com cucm.domain2.com

xwayE.domain3 com

xwayC.domain3.com

cucm.domain2.com

cup.domain2.com

with IM and Presence Domain =

domain1.com

Question : How do I login?

Answer :

- With <userid>@domain1.com

- jabber-config.xml has voice ‘voiceservicesdomain’ set to domain3.com

: - With <userid>@domain1.com - jabber-config.xml has voice ‘ voiceservicesdomain ’ set to domain3.com
: - With <userid>@domain1.com - jabber-config.xml has voice ‘ voiceservicesdomain ’ set to domain3.com
: - With <userid>@domain1.com - jabber-config.xml has voice ‘ voiceservicesdomain ’ set to domain3.com

ExpressWay Scenario 3

Domain and DNS configuration

ExpressWay – Scenario 3 Domain and DNS configuration Jabber Client External DNS Expressway E ExpressWay C

Jabber Client

External DNS
External DNS
Expressway E
Expressway E
DNS configuration Jabber Client External DNS Expressway E ExpressWay C Internal DNS CUCM Home UDS IM

ExpressWay C

Jabber Client External DNS Expressway E ExpressWay C Internal DNS CUCM Home UDS IM & P

Internal DNS

CUCM Home UDS

IMP Server

E ExpressWay C Internal DNS CUCM Home UDS IM & P Server xwayE.domain3 com xwayC.domain3.com cucm.domain2.com

xwayE.domain3 com

xwayC.domain3.com

cucm.domain2.com

cup.domain2.com

with IM and Presence Domain =

domain1.com

Question: How is my external DNS configured? Answer:

 

Entry

Resolves to

SRV record ‘_collab-edge

tls.domain3.com’

xwayE.domain3.com port 8443

A record ‘xwayE.domain3.com’

External IP address ExpressWay E

xwayE.domain3.com port 8443 A record ‘xwayE.domain3.com’ External IP address ExpressWay E
xwayE.domain3.com port 8443 A record ‘xwayE.domain3.com’ External IP address ExpressWay E
xwayE.domain3.com port 8443 A record ‘xwayE.domain3.com’ External IP address ExpressWay E

ExpressWay Scenario 3

Domain and DNS configuration

ExpressWay – Scenario 3 Domain and DNS configuration Jabber Client External DNS Expressway E ExpressWay C

Jabber Client

External DNS Expressway E
External DNS
Expressway E
DNS configuration Jabber Client External DNS Expressway E ExpressWay C Internal DNS CUCM Home UDS IM
DNS configuration Jabber Client External DNS Expressway E ExpressWay C Internal DNS CUCM Home UDS IM

ExpressWay C

Jabber Client External DNS Expressway E ExpressWay C Internal DNS CUCM Home UDS IM & P

Internal DNS

CUCM Home UDS

IMP Server

E ExpressWay C Internal DNS CUCM Home UDS IM & P Server xwayC.domain3.com cucm.domain2.com cup.domain2.com with

xwayC.domain3.com

cucm.domain2.com

cup.domain2.com

with IM and Presence Domain =

domain1.com

Question: How is my ExpressWay E configured? Answer:

> System > DNS > - System host name ‘xwayE- Domain name ‘domain3.com’

E configured? Answer: > System > DNS > - System host name ‘ xwayE ’ -
E configured? Answer: > System > DNS > - System host name ‘ xwayE ’ -
E configured? Answer: > System > DNS > - System host name ‘ xwayE ’ -

ExpressWay Scenario 3

Domain and DNS configuration

ExpressWay – Scenario 3 Domain and DNS configuration Jabber Client Expressway E ExpressWay C xwayE.domain3.com

Jabber Client

Expressway E ExpressWay C xwayE.domain3.com
Expressway E
ExpressWay C
xwayE.domain3.com
Jabber Client Expressway E ExpressWay C xwayE.domain3.com Internal DNS CUCM Home UDS IM & P Server
Jabber Client Expressway E ExpressWay C xwayE.domain3.com Internal DNS CUCM Home UDS IM & P Server

Internal DNS

CUCM Home UDS

ExpressWay C xwayE.domain3.com Internal DNS CUCM Home UDS IM & P Server External DNS cucm.domain2.com

IMP Server

External DNS

Internal DNS CUCM Home UDS IM & P Server External DNS cucm.domain2.com cup.domain2.com with IM and

cucm.domain2.com

cup.domain2.com

with IM and Presence Domain =

domain1.com

Question: How is my ExpressWay C configured?

Answer:

> System > DNS >

- System host name ‘xwayC

- Domain name ‘domain3.com’

> Configuration > Domains >

- Domain ‘domain1.com’ enabled for ‘UCM registrations’ and ‘IM and Presence’

- Domain ‘domain2.com’ enabled for ‘UCM registrations’ and ‘IM and Presence’

- Domain ‘domain3.com’ enabled for ‘UCM registrations’ and ‘IM and Presence’

and ‘IM and Presence’ - Domain ‘domain3.com’ enabled for ‘UCM registrations’ and ‘IM and Presence’
and ‘IM and Presence’ - Domain ‘domain3.com’ enabled for ‘UCM registrations’ and ‘IM and Presence’
and ‘IM and Presence’ - Domain ‘domain3.com’ enabled for ‘UCM registrations’ and ‘IM and Presence’

ExpressWay Scenario 3

Domain and DNS configuration

ExpressWay – Scenario 3 Domain and DNS configuration Jabber Client Expressway E ExpressWay C Internal DNS

Jabber Client

Expressway E ExpressWay C Internal DNS xwayE.domain3 com xwayC.domain3 com
Expressway E
ExpressWay C
Internal DNS
xwayE.domain3 com
xwayC.domain3 com
C Internal DNS xwayE.domain3 com xwayC.domain3 com CUCM Home UDS IM & P Server External DNS

CUCM Home UDS

IMP Server

External DNS

xwayC.domain3 com CUCM Home UDS IM & P Server External DNS cucm.domain2.com cup.domain2.com with IM and

cucm.domain2.com

cup.domain2.com

with IM and Presence Domain =

domain1.com

Question: How is my Internal DNS configured?

Answer:

 

Entry

Resolves to

SRV record ‘_cisco-uds

tcp.domain3.com’

cucm.domain2.com port 8443

A record ‘cucm.domain2.com’

IP address CUCM

- uds tcp.domain3.com’ cucm.domain2.com port 8443 A record ‘cucm.domain2.com’ IP address CUCM
- uds tcp.domain3.com’ cucm.domain2.com port 8443 A record ‘cucm.domain2.com’ IP address CUCM
- uds tcp.domain3.com’ cucm.domain2.com port 8443 A record ‘cucm.domain2.com’ IP address CUCM

ExpressWay Scenario 3

Domain and DNS configuration

ExpressWay – Scenario 3 Domain and DNS configuration Jabber Client CUCM Home UDS Expressway E ExpressWay

Jabber Client

CUCM Home UDS
CUCM Home UDS
Expressway E
Expressway E
DNS configuration Jabber Client CUCM Home UDS Expressway E ExpressWay C Internal DNS IM & P

ExpressWay C

Internal DNS

IMP Server

External DNS

E ExpressWay C Internal DNS IM & P Server External DNS xwayC.domain3 com xwayE.domain3 com cup.domain2.com
xwayC.domain3 com
xwayC.domain3 com

xwayE.domain3 com

cup.domain2.com

with IM and Presence Domain =

domain1.com

Question: How is my CUCM configured? Answer:

> CCMADMIN > System > Server - Server with hostname ‘cucm’ > CLI ‘set network domain ‘domain2.com’

> System > Server - Server with hostname ‘ cucm ’ > CLI ‘ set network
> System > Server - Server with hostname ‘ cucm ’ > CLI ‘ set network
> System > Server - Server with hostname ‘ cucm ’ > CLI ‘ set network

ExpressWay Scenario 3

Domain and DNS configuration

ExpressWay – Scenario 3 Domain and DNS configuration Jabber Client IM&P Server Expressway E ExpressWay C

Jabber Client

IM&P Server
IM&P Server
Expressway E
Expressway E
DNS configuration Jabber Client IM&P Server Expressway E ExpressWay C Internal DNS CUCM Home UDS External

ExpressWay C

Internal DNS

CUCM Home UDS

External DNS

E ExpressWay C Internal DNS CUCM Home UDS External DNS xwayE.domain1 com cucm.domain2.com xwayC.domain1 com

xwayE.domain1 com

cucm.domain2.com
cucm.domain2.com

xwayC.domain1 com

Question: How is my CUP configured? Answer:

> CUPAdmin > Clustertopology

- Node configuration with ‘cup.domain2.com

- IM and Presence Domain with ‘domain3.com’

> Clustertopology - Node configuration with ‘cup.domain2.com - IM and Presence Domain with ‘domain3.com’
> Clustertopology - Node configuration with ‘cup.domain2.com - IM and Presence Domain with ‘domain3.com’
> Clustertopology - Node configuration with ‘cup.domain2.com - IM and Presence Domain with ‘domain3.com’

Troubleshooting - CNAME Considerations

Target URL Jabber can be subdomain of domain returned by HTTP server (Expressway E) -> Cookie domain : cisco.com -> Target URL : expressway.internal.cisco.com

Cookie is returned by server in get_edge_config responds

Cookie is save and re-used for subsequent HTTP requests

With correct domain/DNS/Alias configuration Jabber will show -> Cookies size = 1 With incorrect domain/DNS/Alias configuration Jabber will show -> Cookies size = 0

Jabber does not save the cookie and discovery will fail

configuration Jabber will show -> Cookies size = 0 Jabber does not save the cookie and
configuration Jabber will show -> Cookies size = 0 Jabber does not save the cookie and
configuration Jabber will show -> Cookies size = 0 Jabber does not save the cookie and

Troubleshooting - CNAME Considerations

Troubleshooting - CNAME Considerations [csf.httpclient] [http::executeImpl] - *----- * HTTP response from: https://expway.

[csf.httpclient] [http::executeImpl] - *-----* HTTP response from:

https://expway.cisco.com:8443/dmFyZGUuZGs/get_edge_config?service_name=_cisco-uds&service_name=_cuplogin[2] -> 200.

[csf.edge] [netutils::adapters::httpResponseToEdgeResponse] - Cookie : .cisco.com TRUE/TRUE

4583-a433-5d56ed2671be

1421787961 X-Auth 47159c6b-e978-

[csf.edge] [netutils::adapters::httpResponseToEdgeResponse] - Cookies size = 1

[csf.netutils.adapters] [netutils::adapters::EdgeUtilsAdapter::transformRequest] - Transformed

Urls:https://expway.cisco.com:8443/dmFyZGUuZGsvaHR0cHMvMTAuMTg0LjEuNTIvODQ0Mw/cucm-uds/user/93085[csf.edge]

[edge::EdgeUtilsImpl::transformHttpCookies] - Transforming 0 Http Cookies for each transformedUrl -size: 2 [csf.edge] [edge::EdgeUtilsImpl::getHttpCookies] - checking if http cookies can be returned from cached edge config

[csf.httpclient] [http::CurlHttpUtils::setCookies] - setting cookie : X-Auth

Jabber for each HTTP request will search for cached cookies If found and domain/target is matched will be used in subsequent requests

each HTTP request will search for cached cookies If found and domain/target is matched will be
each HTTP request will search for cached cookies If found and domain/target is matched will be
each HTTP request will search for cached cookies If found and domain/target is matched will be

Troubleshooting - CNAME Considerations

Troubleshooting - CNAME Considerations [csf.httpclient] [http::executeImpl] - *----- * HTTP response from: https://expway.

[csf.httpclient] [http::executeImpl] - *-----* HTTP response from:

https://expway.cisco.com:8443/dmFyZGUuZGs/get_edge_config?service_name=_cisco-uds&service_name=_cuplogin[2] -> 200.

[csf.edge] [netutils::adapters::httpResponseToEdgeResponse] - Cookie : .internal.com TRUE/TRUE

e978-4583-a433-5d56ed2671be

1421787961 X-Auth 47159c6b-

[csf.edge] [netutils::adapters::httpResponseToEdgeResponse] - Cookies size = 0

** Discovery has failed. Calling Callback! **

Cookie domain does not match HTTP target domain

- Cookies size = 0 ** Discovery has failed. Calling Callback! ** Cookie domain does not
- Cookies size = 0 ** Discovery has failed. Calling Callback! ** Cookie domain does not
- Cookies size = 0 ** Discovery has failed. Calling Callback! ** Cookie domain does not

Troubleshooting ExpressWay or UC Server Domain not configured

ExpressWay or UC server domain not added

or not enabled for Unified Communications

Jabber login will fail Cannot communicate with the server

Diagnostic logs will show

HTTPMSG:|GET

with the server • Diagnostic logs will show HTTPMSG:|GET https:/// Y29sdWMuY29t

https:///Y29sdWMuY29t/get_edge_config?service_name=_cisco-uds&service_name=_cuplogin

HTTP/1.1Authorization: xxxxxHost: xwaye.coluc.com:8443 Accept: */*User-Agent: Jabber-Win-345

xwaye.coluc.com:8443 Accept: */*User-Agent: Jabber-Win-345 HTTPMSG:|HTTP/1.1 403 Forbidden Date: Mon, 17 Mar 2014

HTTPMSG:|HTTP/1.1 403 Forbidden Date:

Mon, 17 Mar 2014 16:07:20 GMT Connection: closeServer:

CE_EContent-Length: 0|

Date: Mon, 17 Mar 2014 16:07:20 GMT Connection: closeServer: CE_EContent-Length: 0 | Decodes to ‘ coluc.com
Date: Mon, 17 Mar 2014 16:07:20 GMT Connection: closeServer: CE_EContent-Length: 0 | Decodes to ‘ coluc.com

Decodes to ‘coluc.com

Date: Mon, 17 Mar 2014 16:07:20 GMT Connection: closeServer: CE_EContent-Length: 0 | Decodes to ‘ coluc.com

Troubleshooting IM&P Domain not configured (UC Domain)

IM&P domain not added or not enabled for IM&P

Jabber login will fail Cannot communicate with the server

Diagnostic logs will show

communicate with the server • Diagnostic logs will show xwaye XCP_JABBERD[12144]: UTCTime="2014-03-14

xwaye XCP_JABBERD[12144]: UTCTime="2014-03-14 14:30:25,310"

ThreadID="140582990952192" Module="Jabber" Level="INFO Detail="bouncing a packet to 'domain3.com” from 'cm-1_jsmcp-1.xwaye-domain1.com'”

xwaye XCP_CM[12513]: UTCTime="2014-03-14 14:30:25,310" ThreadID="140004551300864" Module="cm-1.xwaye-domain1.com" Level="INFO " CodeLocation="SASLManager.cpp:198" Detail="Failed to query auth component for SASL mechanisms"

" CodeLocation="SASLManager.cpp:198" Detail="Failed to query auth component for SASL mechanisms "
" CodeLocation="SASLManager.cpp:198" Detail="Failed to query auth component for SASL mechanisms "
" CodeLocation="SASLManager.cpp:198" Detail="Failed to query auth component for SASL mechanisms "
Tool bookmark • Service record lookups https://mxtoolbox.com/NetworkTools.aspx
Tool bookmark • Service record lookups https://mxtoolbox.com/NetworkTools.aspx

Tool bookmark

Service record lookups https://mxtoolbox.com/NetworkTools.aspx

Tool bookmark • Service record lookups https://mxtoolbox.com/NetworkTools.aspx
Tool bookmark

Tool bookmark

Tool bookmark
Tool bookmark • Base64 decoding/encoding https://www.base64decode.org

Tool bookmark

Base64 decoding/encoding

https://www.base64decode.org

Tool bookmark • Base64 decoding/encoding https://www.base64decode.org
Tool bookmark • Base64 decoding/encoding https://www.base64decode.org
Tool Bookmark - Jabber URL transform - Jabber transforms original Url: http://colcm9pub:6970/CSFxwayj.cnf.xml - Base

Tool Bookmark - Jabber URL transform

- Jabber transforms original Url: http://colcm9pub:6970/CSFxwayj.cnf.xml

- Base Url with appended Edge domain: coluc.com/

- Base Url with appended protocol: coluc.com/http/

- Base Url with appended host: coluc.com/http/colcm9pub

- Base Url before encoding: coluc.com/http/colcm9pub/6970

- Encoded Base64 Url: Y29sdWMuY29tL2h0dHAvY29sY205cHViLzY5NzA=

- Transformed Url:

https://xwaye.coluc.com:8443/Y29sdWMuY29tL2h0dHAvY29sY205cHViLzY5NzA

=/CSFxwayj.cnf.xml

- Transformed Url: https://xwaye.coluc.com:8443/Y29sdWMuY29tL2h0dHAvY29sY205cHViLzY5NzA =/CSFxwayj.cnf.xml
- Transformed Url: https://xwaye.coluc.com:8443/Y29sdWMuY29tL2h0dHAvY29sY205cHViLzY5NzA =/CSFxwayj.cnf.xml
- Transformed Url: https://xwaye.coluc.com:8443/Y29sdWMuY29tL2h0dHAvY29sY205cHViLzY5NzA =/CSFxwayj.cnf.xml
Tool bookmark – Jabber get_edge_config • A good way to verify that the basic MRA

Tool bookmark Jabber get_edge_config

A good way to verify that the basic MRA components are in place is to run the first

HTTP request Jabber would do.

To do this verification, open a browser and enter the following URL to verify that the HTTP Reverse proxy is working, and that the ExpressWay-C can discover the DNS.

sco -uds&service_name=_cuplogin COLUC.COM • Use a CUCM User credentials when prompted by

COLUC.COM

Use a CUCM User credentials when prompted by the browser

sco -uds&service_name=_cuplogin COLUC.COM • Use a CUCM User credentials when prompted by the browser
sco -uds&service_name=_cuplogin COLUC.COM • Use a CUCM User credentials when prompted by the browser
sco -uds&service_name=_cuplogin COLUC.COM • Use a CUCM User credentials when prompted by the browser
Tool bookmark – Jabber get_edge_config • Service Config

Tool bookmark Jabber get_edge_config

Service Config

Tool bookmark – Jabber get_edge_config • Service Config
Tool bookmark – Jabber get_edge_config • Service Config
Expressway Diagnostic Logs • Diagnostics logs

Expressway Diagnostic Logs

Expressway Diagnostic Logs • Diagnostics logs

Diagnostics logs

Expressway Diagnostic Logs • Diagnostics logs
Expressway Diagnostic Logs • Diagnostics logs
Expressway Diagnostic Logs • Diagnostics logs

XMPP Federation

XMPP Federation
XMPP Federation
XMPP Federation

XMPP Federation Support

XMPP Federation on CUP

XMPP Federation Support • XMPP Federation on CUP

XMPP Federation Support

XMPP Federation on Expressway E

XMPP Federation Support • XMPP Federation on Expressway E

XMPP Federation Configuration Tasks

XMPP Federation Support

DNS vs Static

Dialback Secret

Security mode

Privacy mode

Serviceability

XMPP Federation Support • DNS vs Static • Dialback Secret • Security mode • Privacy mode
XMPP Federation Support • DNS vs Static • Dialback Secret • Security mode • Privacy mode

XMPP Federation Support

Disable XMPP Federation on CUP Cisco Unified CM IM and Presence Administration > Presence > Inter Domain Federation > XMPP Federation > Settings

CM IM and Presence Administration > Presence > Inter Domain Federation > XMPP Federation > Settings
CM IM and Presence Administration > Presence > Inter Domain Federation > XMPP Federation > Settings

XMPP Federation Support

Expressway C Enable Domain for XMPP Federation

Expressway E Enable XMPP Federation feature

Federation Support • Expressway C Enable Domain for XMPP Federation • Expressway E Enable XMPP Federation
Federation Support • Expressway C Enable Domain for XMPP Federation • Expressway E Enable XMPP Federation
Federation Support • Expressway C Enable Domain for XMPP Federation • Expressway E Enable XMPP Federation
Federation Support • Expressway C Enable Domain for XMPP Federation • Expressway E Enable XMPP Federation
Federation Support • Expressway C Enable Domain for XMPP Federation • Expressway E Enable XMPP Federation

XMPP Federation Support

Verify Notifications on CUP for restart XCP router

XMPP Federation Support • Verify Notifications on CUP for restart XCP router

XMPP Federation Support

Verify Notifications on CUP for restart XCP router

XMPP Federation Support • Verify Notifications on CUP for restart XCP router
XMPP Federation Support • Verify Notifications on CUP for restart XCP router
XMPP Federation Support • Verify Notifications on CUP for restart XCP router
XMPP Federation Support • Verify Notifications on CUP for restart XCP router

XMPP Federation Support

XMPP Federation Support Expressway C shows Event=" System Configuration Changed " Node=" clusterdb

Expressway C shows

Event="System Configuration Changed" Node="clusterdb@10.48.55.94"

Detail="xconfiguration xcpS2SStatus uuid 9896d611-5603-408e-bec4-6cc2e9bad514

remote_address: 10.48.55.113:7001 remote_address: 10.48.55.113:7001"

Event="System Configuration Changed" Node="clusterdb@10.48.55.94" Detail="xconfiguration xcpS2SStatus uuid 9896d611-5603-408e-bec4-6cc2e9bad514 remote_address: 10.48.55.113:7001 s2s_realm: cm-2_s2scp-1.eft-xwye-a-coluc-com"

Module="network.axl" Level="INFO" Action="Send" URL="https://ecup10.coluc.com:8443/axl/" Function="executeSQLQuery"

CUP shows

" Function=" executeSQLQuery " CUP shows admin:run sql select * from xmpps2snodes pkid

admin:run sql select * from xmpps2snodes pkid

===============================================================

055c13d9-943d-459d-a3c6-af1d1176936d cm-2_s2scp-1.eft-xwye-a-coluc-com

cp_id

055c13d9-943d-459d-a3c6-af1d1176936d cm-2_s2scp-1.eft-xwye-a-coluc-com cp_id
055c13d9-943d-459d-a3c6-af1d1176936d cm-2_s2scp-1.eft-xwye-a-coluc-com cp_id
055c13d9-943d-459d-a3c6-af1d1176936d cm-2_s2scp-1.eft-xwye-a-coluc-com cp_id

XMPP Federation</