OK, after finally getting it licensed correctly, I have been running into erros where the Unified Communications Service on the C node would never show up right. And the IM&P kept showing XMPP Router: Inactive. I rebuilt the Traversal Zones a number of times. The C side would show active with no issues, but the E Side would show “Status: Fail” with zero connections. Several reboots did nothing, and the CA signed certs were correct.
Background:
On the E-Node, I have the Advanced Networking license since I have the VM in a DMZ with a private address, and I am statically NATing this on a firewall.
My Resolution:
On the E-Node, go into System->Network Interfaces->IP
Change IPv4 Static NAT Mode to ON
When the new IPv4 Static NAT Address appears, input the EXTERNAL IP address for the E-Node.
OK, Now when I try to log in via an outside client, I get error messages like this on the e-Node;
| traffic_server[7756]: Event=”Sending HTTP error response” Status=”403” Reason=”Forbidden” Dst-ip=”x.x.x.x” Dst-port=”49489” UTCTime=”2015-08-05 15:01:52,724“ | |
| traffic_server[7756]: Event=”get_edge_sso” Detail=”SSO access denied” Reason=”Domain not allowed” Domain=”external.domain” Src-ip=”x.x.x.x” Src-port=”49489″ UTCTime=”2015-08-05 15:01:52,724″ |
It appears I need to add a domain on the C-Node that matches my external domain name. Which seems to have fixed the 403 error.
Now, My jabber client can’t locate services, and I’m not seeing any errors on the Expressway systems. What I am seeing is on my DNS, I am getting SRV DNS requests for my external domain. After messing around with a jabber-config.xml file I could never get it to work right.
It appears that, contrary to many of the documents I have read, your INTERNAL DNS needs to be able to resolve the _cisco-uds._tcp SRV record for your EXTERNAL domain, once I added this, then my Jabber client has been able to successfully login.
OK, progress. I downloaded the jabber-config.xml file, added the <VoiceServicesDomain> TAG to the XML file with the EXTERNAL domain in it. Uploaded that file back up to the UCM TFTP server, restarted the TFTP services, and connected via VPN and connected Jabber up so it could download the new config file. After this, I disconnected the VPN, shut down Jabber and restarted it and most everything seems to be working.
Still having an issue with the CWMS connection via a Jabber Client that isn’t on the domain. Still need to research this.
cciespstudy 