Cisco Expressway C/E Config Errors

OK, after finally getting it licensed correctly, I have been running into erros where the Unified Communications Service on the C node would never show up right. And the IM&P kept showing XMPP Router: Inactive. I rebuilt the Traversal Zones a number of times. The C side would show active with no issues, but the E Side would show “Status: Fail” with zero connections. Several reboots did nothing, and the CA signed certs were correct.

Background:
On the E-Node, I have the Advanced Networking license since I have the VM in a DMZ with a private address, and I am statically NATing this on a firewall.

My Resolution:
On the E-Node, go into System->Network Interfaces->IP
Change IPv4 Static NAT Mode to ON
When the new IPv4 Static NAT Address appears, input the EXTERNAL IP address for the E-Node.

OK, Now when I try to log in via an outside client, I  get error messages like this on the e-Node;

traffic_server[7756]: Event=”Sending HTTP error response” Status=”403” Reason=”Forbidden” Dst-ip=”x.x.x.x” Dst-port=”49489” UTCTime=”2015-08-05 15:01:52,724“
traffic_server[7756]: Event=”get_edge_sso” Detail=”SSO access denied” Reason=”Domain not allowed” Domain=”external.domain” Src-ip=”x.x.x.x” Src-port=”49489″ UTCTime=”2015-08-05 15:01:52,724″

It appears I need to add a domain on the C-Node that matches my external domain name. Which seems to have fixed the 403 error.

Now, My jabber client can’t locate services, and I’m not seeing any errors on the Expressway systems. What I am seeing is on my DNS, I am getting SRV DNS requests for my external domain. After messing around with a jabber-config.xml file I could never get it to work right.

It appears that, contrary to many of the documents I have read, your INTERNAL DNS needs to be able to resolve the _cisco-uds._tcp SRV record for your EXTERNAL domain, once I added this, then my Jabber client has been able to successfully login.

OK, progress. I downloaded the jabber-config.xml file, added the <VoiceServicesDomain> TAG to the XML file with the EXTERNAL domain in it. Uploaded that file back up to the UCM TFTP server, restarted the TFTP services, and connected via VPN and connected Jabber up so it could download the new config file. After this, I disconnected the VPN, shut down Jabber and restarted it and most everything seems to be working.

Still having an issue with the CWMS connection via a Jabber Client that isn’t on the domain. Still need to research this.

Cisco VCS Expressway C/E Licensing

Well, after fudging up once already, I think I have some insight into the licensing for Expressway. Basically my mistake was I took the PAK for the LIC-EXP-E-PAK and assigned all quantities to the C node (The claim document says you can register the PAK multiple times, which I must be interpreting wrong as the licensing portal tells me it’s been fully fulfilled).

What I SHOULD have done evidently is registered as below;

C-Node:

LIC-EXP-RMS-PMP QTY 10
LIC-EXP-SERIES       QTY 1
LIC-EXP-GW           QTY 1

E-Node:

LIC-EXP-RMS-PMP   QTY 10
LIC-EXP-AN           QTY 1 (Optional, if using Advanced Networking)
LIC-EXP-SERIES       QTY 1
LIC-EXP-GW           QTY 1
LIC-EXP-E           QTY 1

Anyways, currently have a case open with TAC Licensing to verify my current assumptions.

UPDATE:
OK, wow, the config guide makes much more sense after the nodes are licensed. The licensing gives the node their identity as either a C-Node or E-Node. The config guide had what I thought were errors, for instance, on the zone configuration page for the E side that didn’t match the actual GUI. Once the license was added, and I deleted what I had put in there before and created a new one, it matches and not the C-Node to E-Node SIP session shows active.