Issue MRA Expressway
Hi all
I had configured Highway c + e and traversal area present you on C and E.
But the event log show me an error by minute and jabber cannot open a session.
Anyone know what the average error?
-----------------------------------------------------------------------------------------------------------------
2015 08-21 T 15: 36:38 + 08:00 | sshdpfwd [12233]: error: mm_request_receive: socket closed |
2015 08-21 T 15: 36:38 + 08:00 | "" sshdpfwd [12235]: Event = "sshd" Module ="openssh" Level = "INFO" detail = "disconnected from 200.20.30.93" elements UTCTime ='2015-08-21 07:36:38" |
2015 08-21 T 15: 36:38 + 08:00 | sshdpfwd [12235]: received disconnect from 200.20.30.93: 11: disconnected by the user |
2015 08-21 T 15: 36:38 + 08:00 | "" sshdpfwd [12233]: Event = "sshd" Module ="openssh" Level = "INFO" detail = "child user is on the NEST 12235" elements UTCTime ='2015-08-21 07:36:38" |
2015 08-21 T 15: 36:38 + 08:00 | "" sshdpfwd [12233]: Event = "sshd" Module ="openssh" Level = "INFO" detail = "publickey accepted for 200.20.30.93 _pfwd 35380 ssh2 port: RSA + SHA256:XkWEN5bLqWjVRYxTTVeAnHYD5B7pEOtrpkhnQfc + AEo cert" elements UTCTime ='2015-08-21 07:36:38" |
2015 08-21 T 15: 36:38 + 08:00 | "" sshdpfwd [12233]: Event = "sshd" Module ="openssh" Level = "INFO" detail = "authorized by X 509 (rsa): CN = expc1.hxipcc.com, OR = HX, O is HX, L KM, ST = YN, C = CN =" elements UTCTime ='2015-08-21 07:36:38" |
2015 08-21 T 15: 36:38 + 08:00 | "" sshdpfwd [12233]: Event = "sshd" Module ="openssh" Level = "INFO" detail = "35380 on connection to 200.20.30.93 port 10.0.51.99 port 2222" elements UTCTime ='2015-08-21 07:36:38" |
2015 08-21 T 15: 36:38 + 08:00 |
"" sshdpfwd [12233]: Event = "sshd" Module ="openssh" Level = "INFO" detail = '/ proc/self/oom_score_adj to 0 value"elements UTCTime ='2015-08-21 07:36:38" |
This is a Bug of cosmetics.
You can see the information in the link below:
CSCuv97323: 8.6 shows 'closed socket"error on Exp-E but MRA is successful
Tags: Cisco Support
Similar Questions
-
Highway-E dual NIC and MRA Expressway-C
Hi guys,.
I've seen a few threads and crossed a few guides, but still a little confused on implementing MRA on one double NIC Expressway-E.
We have the following text:
ExpC - lan - expe - ASA-Internet
ExpC: LAN1 - 10.1.1.2
Experience: LAN1 - 10.1.1.5
Experience: LAN2 - 10.1.10.10 (Nat'ed 20.20.20.20)As you can see, I would have only one firewall located between the external port on the experience and the Internet.
Q1:
Since I am on dual NIC, how can I set up the course of ExpC of experience? I'm going to point to the domain name FULL on experience (expe.company.com - 20.20.20.20)? I know that's what Cisco is recommended, if you use single NIC on the experience. Apply to dual NIC too?Q2:
Which firewall ports must be open between ExpC LAN1 and LAN2 expedition (10.1.10.10)? I take a look at the guides, but was not clear if the ports to be opened were between ExpC LAN1 and LAN2 expedition (10.1.10.10) or ExpC LAN1 and ExpE LAN1 (10.1.1.5)Thanks in advance
Q1:
Since I am on dual NIC, how can I set up the course of ExpC of experience? I'm going to point to the domain name FULL on experience (expe.company.com - 20.20.20.20)? I know that's what Cisco is recommended, if you use single NIC on the experience. Apply to dual NIC too?your EXpC must point to the 10.1.1.5 because she has no consciousness of NAT, if you want to point to a FQN then let the EXpC resolve in the internal IP address. 10.1.1.5 double NIC in my opinion are the best set up.
T2, on top of my head (and there is a lot of info about it) between expc and experience: port 7001 for the crossing area, to the IP external expe 10.1.1.5, sip, sip tls, rtp dns etc.
-
MRA Expressway - C routed false Media
Hi all
I have install an Expressway (X8.2.2) deployment for Mobile and remote access. Both servers are well experienced, and it is possible to connect with a remote Jabber Client through the Express-E track. The chat works correctly and that telephone Services are configured correctly, too.
Question: When you try to establish a telephone call between a Jabber Client internally and a remote Jabber Client, signaling works, but there is no stream multimedia creation. Highway-E shows under status to call a Session connected with call routed and routed media set to True, but Expressway-C is routed with fake media.
Highway-E Session looks good, showing the way through the TraversalZone and having call connected state and media and routed real appeal.
For the signalig itself, there is a problem, too. When calling internal remotely, it is possible to end the phone call from the internal client, but it times out trying to put an end to the external client. (The call is still open from the Point of view of the internal Client then).
Issues related to the:
one)
What is the reason, I can't end calls from the client to the outside, but only from inside one and only if customer inside called the remote client?
(b)
What is the reason for not being able to establish the media stream? I guess it's related to channel Express-C or the firewall between C and E, but am not sure.
Configuration:
My setup is a highway-C in the same domain as the CUCM and Server instant messaging & presence, with two settings properly and a TraversalZone work internally with the Expressway-E Interface through a firewall.
Highway-E: two Interfaces in different subnets (static routes are configured for internal traffic from the front) with static NAT is configured on the interface external face to handle the payload. Be connected to the Internet via a FW with static NAT from internal to external IP address.
Kind regards
Christoph
Hi Christoph,
It's normal, you won't see the three components of the call on the highway-E. Regarding UDP packets, are you sure the routes/IP settings are correct on the highway-E? Can you do a ping/traceroute of the highway-E to an IP address on the internet and to ensure that the work and you can see ICMP traffic, leaving the external interface. Test similar to the IP address of the Exp - C and if ensure that traffic leaves inside interface.
-
Jason
-
Dear,
I have two VCS-E and VCS - C and I followed the VCS - C and E Deployment guide please help me with the following:
1. in the SCV DNS deployment guide - area E string model ((?. * @% localdomains%.*$).*) what should I use instead of localdomain?) What is the domain DNS record?
2 - I did everything as the guide suggested, but I do not understand the DNS part can anyone briefly explain it to me, or give me an example, because I want units to be able to call me from outside and im not a expert in DNS, please help
If you have any SIP domains configured on your highway? You can leave % localdomains % as it is, as that will match all SIP domains configured on your Expressway. If you do not have any installation areas SIP, to replace it by whatever your field.
Insofar as the DNS records, I guess you're talking about SRV records? If so, see some of the discussions in the forums below.
VCS-Expressway-and-Endpoint-DNS-Registration
VCS-Expressway-cluster-DNS-SRV-Records
DNS-SRV-record-issue-VCS-Expressway
Essentially, you have an a record for your Expressway which will be that it is COMPLETE, and on your external domain, you create SRV records for each type of service that point to this FQDN Expressway.
-
Dear all
I'm testing the MRA of VCS - C and VCS-E feature
I use the firewall architecture 3 ports that the VCS - C and CUCM are placed inside with the same subnet.
The VCS-E is placed in the DMZ and static use of the ASA 5510 1-1 NAT to translate private IP address: 172.16.0.225 to the public IP address, for example 100.1.1.1
In the context of VCS - C, I use the FQDN of the SCV - F that map to the public IP of VCS-E (100.1.1.1)
And the VCS-E use the FQDN of the SCV - C to map to the IP private of VCS - C
Area traversed in VCS - C is active, but the area crossed in VCS - E is inactive, it is said that server inaccessible.
I found that my VCS-E is not the license of the Advanced Networking option.
In the VCS-E ip settings page, there is not any NAT setting
I want to ask if I need to use NAT, in addition to the NAT of firewall functionality, I need also the license of advanced networking option to activate NAT in VCS - E?
Or it may work to use only the function NAT firewall without NAT for the VCS - F?
Also, I put the reflection of the NAT to my ASA 5510
Hello
The option networking advanced to activate NAT on VCS - E or the edge of the highway is a requirement for the crossing of firewall deployment.
Useful guide:
Deployment Configuration Guide (Control with Expressway) Cisco VCS Basic (X8.7)
With your case about the progress of the deployments of networks, you will need to follow the 3 firewall ports using single VCS Expressway LAN Interface DMZ on the guide on page 60.
Kind regards
Acevirgil
-
Jabber client - encryption of VCS Expressway with MRA
Hi all
I'm working on the implementation of MRA for a video solution existing. Version CUCM is 9.1.2 (no IM & P server), vcs - c and vcs-e 8.2.2. Client Jabber is 11.5.x
I finished most of the introduction and I am able to call internally and externally through MRA.
I still have a few things to tweak. One is the encryption of video calling once jabber connects from outside. From my understanding, the thigh jabber call end point and VCS Expressway uses TLS. But when I run wireshark on the PC with Jabber client, I don't see the RTP stream as being encrypted.
CUCM my jabber device does not use a secure profile. Is it ok or not?
Please let me know if more are needed. Thank you
You can confirm the call is encrypted from the client of jabber MRA by doing as follows (I used 11.5 jabber client, if you are using an older client, I can't guarantee this method):
1. make a call from the client jabber ARM, once the call is configured and media is established, you can end the call.
2. create a jabber client problem report (help > report a problem...)
3. Enter the required details and save the .zip file.
4 extract the file "jabber.log" from the .zip file. Since this file (at least since the version of client jabber 11.5) has the SIP messaging included in this document, you can use TranslatorX to view the file (you can also use a text editor if you wish).
5 generate a diagram of the log file.6. in the diagram of the scale, you should be able to locate the origin of the call. Search for an invitation, in my case a "RE-INVITE" and select it. A pop-up window will appear with the details of the SIP message.
7. read the content of the message prompt of the SIP protocol (focusing on the SDP - the component of negotiating media). I won't go into detail about how to read SIP messages (there's a good article here, it is not for jabber specifically, but the same concepts apply).
8. close the prompt message and open the message 'OK w/SDP' to examine the response of the VCS-E. The SDP response, we can confirm that the encryption settings have been accepted for the media (media will be encrypted).
For re - apply point Jamie, unless you run CUCM in mixed mode and using security profiles, signalling/media encryption stops on the thigh of CUCM/endpoint and the VCS - C respectively. See the diagram below for reference (mixed mode not implemented).
You need not applied to the device of CSF security profiles to obtain the encryption between the client of jabber MRA and the VCS-E. If you can decode signaling and media packets in Wireshark your jabber client, you probably will not connect via ARM (ARM is always encrypted).
Please let us know if that helps.
-Jon
-
SX10 T7.1 with Expressway MRA
Hi all
Does anyone know if it is possible to make a SX10 on Internet with Expressway ARM activity?
The only options I get for the supply are "CUCM" and "VCS".
If I select "VCS" and enter the address of the highway e and I look in the log, I see the SX10 SRV _sip_ research, but not fundamentally a _collab-edge_tls.
SRV lookup. This makes me think that T7.1 does not work with Expressway - is that correct?
Thank you very much!
As mentioned in Jamie, you'll want to upgrade your SX10. You must run TC7.2 or higher to get the "CUCM" highway"option. It's in the TC7 Release Notes on pg 25.
-
Expressway MRA several clusters
Hello
I plan on the implementation of jabber for a client, but demand is not familiar to me:
2 groups:
(A.) -Cluster production xyz.com
(B) Dev-Cluster abc.com
The customer would like to know if it can connect Highway only to the Dev-Cluster and make jabber client to connect on the Internet via the Dev-Cluster for the Production Cluster to help THEY between the Cluster.
Jabber Client (External)---> Expy - E---> Expy - c---> Dev - Cluster---> Production-Cluster (Registers)
Jabber Client (External)---> Expy - E---> Expy - c---> Dev-Cluster (registers)
If not, is there another way to fix that tls between prod-cluster and highway communication.
I think that "Partitioned Unified Communications services deployment" is what you are looking for:
http://www.Cisco.com/c/dam/en/us/TD/docs/voice_ip_comm/Expressway/config...
-
Cisco softphone Expressway is not on the outside
Hi all
Recently, we have deployed Expressway C and E managed to get MRA completely well work
But after that we have to change the IP address from the highway E and now IM & P service and Directory works fine but telephone service does not register. Covered area is active. You have an idea about this problem? I completely blocked on this problem, I have tried everything that I could to resolve this problem. I have even done a factory reset to Expressway C and E and recreated crossing area. But the problem is always the same. Pls let me know any solution to this or how to fix it
Here is some info
CUCM and CIMP ver 10
See worm X8.5 Express (first I've deployed X8.2 but after this issue I upgraded to X8.5)
The highway is in mode single nic
Internal Jabber in network work quite well. External (public internet) IM & P service and Directory works but softphone does not register gives error on Jabber online status below
Softphone - unhealthy
Status: Not connected
Protocol: SIP
Address: 10.3.146.201 (CCMCIP - Expressway)
Error reason: connection. Make sure that the server information in the tab on the Options window telephone Services are correct. Contact your system administrator.Landline - no
Status: Not connected
Protocol: CTI
Address: 10.3.146.201 (CTI)Presence - healthy
Status: connected
Address: ExpresswayEdge.mydomain.com
Protocol: XMPP
Port: 5222Directory - healthy
Status: Last successful login.
Address: 10.3.146.201
Protocol: UDS (HTTPS)Thank you
I don't see the REGISTER message received in newspapers Expressway-E or C-Expressway. This suggests the following options:
(1) the Jabber client did not send it
(2) newspapers do not capture the time that the REGISTRY has been sent
(3) the firewall blocks tcp 5061.
I don't see the problem report Jabber that tell us what is happening. Can you provide this after you re-create the problem?
-
See Express vs VCS Control series &; Expressway
Hello
I am little bit confused what is the difference between the Expressway series and legacy VCS-C/E.
If I deploy series Expressway (X8.6) running on the virtual machine as traversal server for ARM, can I use that as same as VCS - C and VCS - E, the installation program.
By running the MRA, can I also used these local SIP/h.323 recording servers of the endpoints of SX and Jabber Video (Movi)? Can I need separate license to achieve?
On the two highways are the licenses ordered. Are these already for what I want to achieve, or this is just for the deployment of the ARM?
LIC-EXP-AN LIC-EXP-BASE-K9 LIC-EXP-E LIC-EXP-GW LIC-EXP-SERIES LIC-EXP-TOUR
LIC-EXP-RMS
Thank you
Sy
So I need instances of additional and separate VCS to support records the of the SIP/h.323 endpoints. And need additional licenses for the latter as Non-parcours/course would issue licenses, commissioning, FindMe.
OK, that all of these are specific to the series of VCS, while the freeway series does not have the provisioning and FindMe, it also has a system of license different call where it is a type of single license unlike licenses non-parcours course you have with VCS. The
TMS I 'LIC-TMS-PE-25' to activate the user commissioning for Movi so I want to use.
You must use the VCS-control/Highway if you want to use video telepresence Jabber (aka Movi).
Series Expressway (centre/periphery) are therefore only for ARM with CUCM deployment?
Yes, Expressway series was created to provide courses of firewall and external recording to CUCM via Mobile and remote access capability. It can also provide comments of Jabber, but MRA and Jabber comments cannot be run on the same server. On another note, the series of VCS can take all the series Expressway, because the latter is simply a subset of the functionality of VCS.
-
Hello
I am the expressway MRA Cluster design and I'm a little confused on the Expressway to Natting private dashboard Public.
Veuileez it correct me if I'm wrong.
Publish Srv DNS to ISP records:
_collab - edge.example.com
to point to "A" records the two expressway Edge host
Question?
I don't have a single public IP address, it is fine if the two hosts expressway-edges ' A' records are pointing to the same public IP address.
Name of the Expressway-Edge Cluster must be the same in the same domain as the Expressway-Edge servers
Question?
Where do I create the Cluster FQDN internal or external, and that it should resolve to?
Hello
If you have a public IP, single and multiple inside hosts to reach outside, you can use static NAT differentiating ports of destination outside
for example.
IP nat inside source static tcp 10.10.10.1 80 80.123.54.1 80
IP nat inside source static tcp 10.10.10. 2 80 80.123.54.1 8080
Although you can form a cluster, each E highway has its own ip address
Unfortunately, because a MRA session involves different TCP and UDP ports, this can not be done.
In this case, the use of a specific load balancer might be a solution, but the Cisco could not support it.
So the way forward is to set up a public ip address for each node E
Here's a post with a similar request.
https://supportforums.Cisco.com/discussion/12070126/VCs-Expressway-clust...
Concerning
Carlo
-
IP address component Expressway-C
A requirement to the composition of the IP route of CUCM recorded both internal endpoints H.323 endpoints and external H.323 endpoints.
Expressway-C and E and configured SIP 'IP address' model of routing to the highway-C.
Issue.
If I set "Calls to unknown IP addresses" live on the highway-C, I understand that Express-C can then reach out and the independent H.323 endpoint point of signals directly. However, how one also have the ability to route to unknown external IP via road Express-E addresses.
So, if I put the channel Express-c in Direct mode, is failover Indirect mode if it does not receive a response from an end point?
Thank you
Ben
The idea is not bad and it can be done in reality at work, especially if you can distinguish internal IPs / outside. (superficially tested in the laboratory, it worked)
As the search rules appear not to apply models comparison of IP addresses and CUCM supporting not IP composition anyway, I let the transformation of intellectual property "alias" used for circumvention of numbering CUCM IP for a real to the Exp-E/Exp-C IP (2) and then route be as model alias corresponds to an internal or external IP address.
For example, let's say you use
@ip.net as model of SIP URI for the composition of ownership intellectual of CUCM and your internal IP address are all in 10.0.0.0/8 Exp - c (1) create two rules of research, 10. [0 - 9.] [email protected]/ * /, pointing to the area of Exp - C (2) nearby, then a second rule [0 - 9.] [email protected]/ * / pointing to the crossing area of Exp - E.
Both Exp - C (2) and Exp - E have a transformation of regex for--------([0 - 9.] * \)@IP.net to replace with \1)
In addition, both will have the interoperability of SIP-H323 gateway license.
See you soon,.
Zoltán -
VCS Expressway &; movi 4.2 configuration
Hi all
I created movi account manually in the TMS and it work perfectly with VCS - control.
However, it cannot register for VCS expressway. Is it mandatory to have a name authority pointer record in DNS?
For example, configure us abc.com as the domain name SIP Highway VCS, is mandatory to fix abc.com as public highway VCS by DNS server IP address?
Thank you
Ben
That is to say you do not originate in the AMZ comes directly to the public IP address of the VCSE
If that's the case at least, you should see registration tent if nothing can be seen then you need to look at the firewall
is he ASA? try tp packets capture and see why you arew not hitting the VCSE using SIP
as it could be firewall issue!
HTH
-
Hello
I just put in place a control of VCS and a highway of VCS. I set up the traversal client on the VCS control using the port 6001 H.323 and SIP 7001. I set up the crossing on the VCS Exp server using the same ports. I get "H.323 could not not connect to x.x.x.x:6001 no response of the system.
The SIP will not connect either 'connection failed '.
There is no list of the control of VCS to VCS highway. Authentication is disabled. They are both pointed out the same NTP.
Any ideas?
Thank you!!
Rhonda,
In short, the configuration looks OK. Can specify you what other types of devices couche3 between the VCS - C and VCS-E outside the ASA?
If the firewall is not the issue, the problem may be caused by routing problems. If you allow ICMP from the command to the highway, you can check if the routing of the works by logging in as root (with SSH) for the VCS - C and launching the command
Traceroute x.x.x.x
where x.x.x.x is the IP address of your Expressway.
Thank you
Andreas
-
Highway-C &; E MRA connection TLS certificates
Unable to get X8.2.1 Expressway-C & E to form a TLS connection to the course of ARM. We have generated an SSL certificate using a client certificate template and server on a Windows Server CA and downloaded this certificate to the highway-C and the chain of authority to the express-E track, but the TraversalClient area is unable to establish a TLS connection. The event log shows "unable to get local issuer certificate". Yet the certificate Client test tool shows the certificate is good when checked. Under SIP of certificate revocation checking is set to Off. Can anyone tell why the TLS connection form? Thank you.
I'm pretty sure that one of the deployment guides (perhaps with respect to the certificates, perhaps with regard to the deployment of VCS) said that wildcard certificates are NOT supported. This seems to be common on another type (e.g. Lync) UC platform
Maybe you are looking for
-
So basically I end up with two tabs that do nothing.
-
Problem of Touchpad on Tecra S5 with Windows 7
Hi all I have a Toshiba laptop Tecra S5 model.When Windows Vista was installed on this subject, the touchpad went well.During the installation of the window 7 32 bit (clean install), the touchpad is not recognized. The keys fn + f9 does not change. W
-
This popular game does not work on our computer that works on Vista Business. Game specifications are Windows 98, Me, 2000, XP 640 x 480 16-bit color monitorm Help, please. Thank you.
-
How to print all the files in a folder without having to open each one?
Hello Can someone tell me how to print all the files in a folder? I often need to print multiple files in a folder and it would allow me to save a lot of time! Thank you!
-
Screen goes full screen as high bar disappears
I tried somehow enlarge characters on a page to print it and I clicked on something that says 'full page', now the top bar has disappeared and I have every minute right click to pick it up for a few seconds and then it disappears again. Help! Also, I