Documente Academic
Documente Profesional
Documente Cultură
Troubleshooting
Collaboration Edge
Mobile and Remote
Access
Parteek Brar and Craig Cooper, Engineer
Customer Support
BRKUCC-3732
#CLMEL
Cisco Webex Teams
Questions?
Use Cisco Webex Teams (formerly Cisco Spark)
to chat with the speaker after the session
How
1 Open the Cisco Events Mobile App
2 Find your desired session in the “Session Scheduler”
3 Click “Join the Discussion”
4 Install Webex Teams or go directly to the team space
5 Enter messages/questions in the team space
cs.co/ciscolivebot#BRKUCC-3732
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Agenda • Mobile and Remote Access
Deployment
• Jabber for iOS with the Apple
Push Notification service
• Jabber Registration and Call
Flow
• Mobile and Remote Access
Troubleshooting and Monitoring
• Collaboration Solution Analyzer
Tool
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Mobile and Remote
Access
Deployment
Topology
CUCM
Unified CM
Expressway-C Expressway-E
Internet
IM&P
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Mobile and Remote Access
Deployment
• System configuration
• Firewall configuration
• Certificate configuration and deployment
• Traversal zone configuration
• UC server discovery
• DNS and domain configuration/deployment
• MRA Access Control
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Mobile and Remote
Access
System Configuration
Expressway Service Setup
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Expressway Service Setup
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
System Configuration – NTP, DNS and Clustering
• When NTP is not configured and synchronised on Expressway-C and Expressway-E,
Jabber Telephony registration to CUCM may not succeed.
• Expressway E must have forward and reverse DNS entries.
• Certificate CN validation through DNS reverse lookup
• Clustering peer addresses shall appear in the same order on all servers
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Mobile and Remote
Access
Firewall Configuration
Firewall Configuration
• What traffic does the firewall need to pass?
• HTTPS proxy for secure provisioning of endpoints
• SIP/TLS, RTP/SRTP for audio/video media
• XCP/XMPP for IM&P
• HTTPS Services
• Traversal Connection between ExpressWay-C and E
• SSH Tunnel : ClusterDB change notifications and HTTPS reverse proxy traffic
• ICE – TURN Media and Control
Unified Inside firewall Outside firewall
CUC (Intranet) DMZ (Public Internet)
Internet
Unified Unified
CUP CM Expressway- Expressway-E
C
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Firewall Configuration
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Firewall Setup
Port Status and Configuration
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Expressway E – Demultiplexing media ports
Small/medium deployment
->Configured Media Demultiplexing ports
Default : 2776 (RTP) – 2777 (RTCP)
or
->First 2 ports from Traversal Media port range
Default : 36000 (RTP) – 36001 (RTCP)
36000-36001
or
36000-59999 2776-2777
ExpressWay C ExpressWay E
36000-59999 36000-36011
ExpressWay C ExpressWay E
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Mobile and Remote
Access Certificates
Expressway Certificates
• > Maintenance > Security Certificate
- Server Certificate
• Certificate Creation
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Expressway-C Certificate
Where is it used?
CUCM
SIP MTLS
Expressway-C Expressway-E
Internet
SIP MTLS
Clustering
IM&P
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Expressway-C Certificate
Requirements
Extended Key Usage
CUCM
1. TLS Web Server Authentication
Unified CM 2. TLS Web Client Authentication
SIP MTLS
Expressway-C Expressway-E
SAN elements configured with :
3. FQDN Expressway C
4. IM and Presence chat node alias
5. Unified CM Security Profile names
6. Cluster Name
SIP MTLS
Clustering MTLS
IM&P Enterprise or Public CA
CA + Intermediate Upload
(incl. remote trust stores)
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Device Security Profile
TLS Client Hello
CUCM
Expressway-E Expressway-C
TLS Server Certificate
SIP REGISTER TLS Client Certificate
Finished
SIP REGISTER
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Expressway-E Certificate
Where is it used?
Domain XMPP
CUCM
XMPP TLS
Unified CM HTTPS
SIP TLS
Expressway-C Expressway-E
Internet
SIP TLS
SIP MTLS
Clustering MTLS XMPP TLS
XMPP TLS
HTTPS
IM&P
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Extended Key Usage
Expressway-E Certificate 1. TLS Web Server Authentication
Requirements 2. TLS Web Client Authentication
Public CA
Internet CA + Intermediate Upload
SIP TLS
SIP MTLS
Clustering XMPP TLS
HTTPS
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Mobile and Remote
Access Unified
Communications
Traversal Zone
Unified Communications Traversal Zone
• Expressway-E is traversal server in DMZ
• Expressway-C is traversal client inside the network
• Establish traversal link between both using traversal zone
configuration
CUCM
Internet
Expressway-C Expressway-E Endpoint
Traversal Client Traversal Server B
Traversal Link Management
Signal
Media Payload
Endpoint
A
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
UC Traversal Zone
ExpressWay E – Traversal Server
Select Type : Unified Communications traversal
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
UC Traversal Zone
ExpressWay E – Traversal Server
• Connection status
with Traversal Client
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
UC Traversal Zone
ExpressWay C – Traversal Client
Select ‘Unified Communications Traversal’ as Type
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
UC Traversal Zone
ExpressWay C – Traversal Client
Must resolve to Public IP address
Expressway E when
single NIC deployment
• Must be FQDN
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
UC Traversal Zone
ExpressWay C – Traversal Client
Peer Connectivity
Status
Zone Status
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Mobile and Remote
Access
UC Server Discovery
CUCM Server Discovery
• Discovers CUCM Nodes
• Discovers Version
• Discovers Cluster Security mode (Transport Protocols)
• Support for : AES GCM, SIP UPDATE (*) and ICE Passthrough (*)
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
CUCM Server Discovery – TLS verify mode
• Validates the CA from
the Trust store and the
SAN in the certificate
with the give address
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
CUCM Server Discovery – TLS verify mode
No requirements for
TOMCAT Certificate Publisher
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
CUCM Server Discovery
• Zone Configuration
Auto-Zone Configuration per node and per transport protocol
Syntax : ‘CEtcp-<UCMName>’ and ‘CEtls-<UCMName>’
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Troubleshooting - Search Rule matching for
Edge/MRA calls Set by client based on :
• Device Pool
|INVITE sip:2000@cucm10p.coluc.com;user=phone SIP/2.0
Via: SIP/2.0/TLS 10.48.55.93:7001;egress-zone=TraversalUC;branch=… • Device Security mode
Via: SIP/2.0/TLS 10.48.55.106:52008;branch=z9hG4bK000073dc;received=10.48.55.106;ingress-zone=CollaborationEdgeZone
Call-ID: 0050568a-003a0004-0000592c-00003095@10.48.55.106
CSeq: 101 INVITE
Remote-Party-ID: "5445" <sip:5445@cucm10p.coluc.com>;party=calling;id-type=subscriber;privacy=off;screen=yes
Contact: <sip:1622b86e-bc3b-fa8c-66d3-2d7a96c892bf@10.48.55.106:52008;transport=tls>;video;bfcp
From: "5445" <sip:5445@cucm10p.coluc.com>;tag=0050568a003a000800006fdd-00006fe8
To: <sip:2000@cucm10p.coluc.com>
Max-Forwards: 10
Route: <sip:cucm10p.coluc.com;transport=tls;lr>
Record-Route: <sip:proxy-call-id=a8c00915-9391-463a-a99d-fd511ca1ed85@10.48.55.93:7001;transport=tls;lr;zone-id=1>
Record-Route: <sip:proxy-call-id=a8c00915-9391-463a-a99d-fd511ca1ed85@10.48.55.93:5061;transport=tls;lr>
Allow: ACK,BYE,CANCEL,INVITE,NOTIFY,OPTIONS,REFER,REGISTER,UPDATE,SUBSCRIBE,INFO
User-Agent: Cisco-CSF
….
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Troubleshooting - Self Signed Certificates
• TLS verify + Self Signed CCM/Tomcat certificate
Either discovery will fail or TLS connections with CUCM will fail
With self-signed certificates use ‘TLS verify mode’ = ‘Off’
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Mobile and Remote
Access
DNS and Domain
Domain Configuration
DNS Configuration
• System > DNS
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Domain Configuration
ExpressWay C – Domain Configuration
• Configurations > Domains
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
ExpressWay – Mobile and Remote Access
Domain and DNS configuration
• Scenario 1
- Flat domain structure
- ExpressWay Servers : domain.com
- UC servers : domain.com
- IM&P domain : domain.com
cup.domain.com
IM&P Domain =
domain.com
External DNS Expressway E Expressway C Internal DNS CUCM Home UDS IM&P Server
Jabber Client
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
ExpressWay – Scenario 1
Domain and DNS configuration
Jabber Client External DNS Expressway E Expressway C Internal DNS CUCM Home UDS IM&P Server
Entry Resolves to
SRV record ‘_collab- expwyE.domain.com port
edge._tls.domain.com’ 8443
External IP address
A record ‘expwyE.domain.com’
ExpressWay E
Entry Resolves to
SRV record ‘_cisco- cucm.domain.com port
uds._tcp.domain.com’ 8443
A record ‘cucm.domain.com’ IP address CUCM
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
ExpressWay – Mobile and Remote Access
Domain and DNS configuration
• Scenario 2
- Mixed domain structure
- Expressway servers : domain2.com
- UC and CUP servers : domain1.com
- IM&P domain : domain1.com (internal) cup.domain1.com
IM&P Domain =
domain1.com
Jabber Client External DNS Expressway E Expressway C Internal DNS CUCM Home UDS IM&P Server
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
ExpressWay – Scenario 2
Domain and DNS configuration cup.domain1.com
IM&P Domain =
domain1.com
Jabber Client External DNS Expressway E Expressway C Internal DNS CUCM Home UDS IM&P Server
Entry Resolves to
SRV record ‘_collab-edge._tls.domain2.com’ xwayE.domain2.com port 8443
A record ‘xwayE.domain2.com’ External IP address ExpressWay E
<userid>@domain1.com (*)
* ‘voiceservicesdomain’ set to domain2.com
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
ExpressWay – Scenario 2
Domain and DNS configuration cup.domain1.com
IM&P Domain =
domain1.com
Jabber Client External DNS Expressway E Expressway C Internal DNS CUCM Home UDS IM&P Server
Entry Resolves to
SRV record ‘_cisco-uds._tcp.domain2.com’ cucm.domain1.com port 8443
A record ‘cucm.domain1.com’ IP address CUCM
• Domain ‘domain1.com’ enabled for ‘UCM registrations’ and ‘IM and Presence’
• Domain ‘domain2.com’ enabled for ‘UCM registrations’ and ‘IM and Presence’
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Mobile and Remote
Access
- Access Control
Access Control
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Login Scenario
“Authorise by OAuth token with refresh”
Expressway X8.10.1
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
Login Scenario
“Authorise by OAuth token with refresh”
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
Login Scenario
“Authorise by OAuth token with refresh”
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Login Scenario
“Authorise by OAuth token with refresh”
GET https:///ZGNsb3VkLmNpc2NvLmNvbQ/get_edge_sso
GET //ucm-pub.dcloud.cisco.com:8443/ssosp/ws/public/singleSignOn
200 OK
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
Login Scenario
“Authorise by OAuth token with refresh”
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
Login Scenario
“Authorise by OAuth token with refresh”
POST https:///ZGNsb3VkLmNpc2NvLmNvbQ/localauthentication
POST //ucm-pub.dcloud.cisco.com:8443/ssosp/token/authorize_proxy
200 OK
302 FOUND
{"redirect_uri":"https://ucm-pub:8443/ssosp/public/oauthcb#code=<CONCEALED>&
expires_in=300&realm=local&state=1807704808"}
GET https:///oauthcb
200 OK
Authorisation Code
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
Login Scenario
“Authorise by OAuth token with refresh”
POST https:///ZGNsb3VkLmNpc2NvLmNvbQ/access_token
POST //ucm-pub.dcloud.cisco.com:8443/ssosp/token/access_token
200 OK
{ "expires_in":300,
"token_type":"Bearer",
"refresh_token":"eyJhbGci...9qkn8hHhQUA",
"refresh_token_expires_in":86400,
"access_token":"eyJhbGciOiJSUzI1NiIsInR5c...ajRyLaxWSEQ" }
200 OK
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
Login Scenario
“Authorise by OAuth token with refresh”
GET https:///ZGNsb3VkLmNpc2NvLmNvbQ/get_edge_config?service_name=_cisco-uds&service_name=_cuplogin
Host: exp-e-1.dcloud.cisco.com:8443
Authorisation:<CONCEALED> Access Token Validated by Expressway-C
Accept: */*
Detail="Process request" Method="POST" URI="/oauthvalidator"
User-Agent: Jabber-Win-30
Detail="Inspecting Access Token"
Detail="Matched AuthZ key" Issuer="ucm-pub.domain.com"
Detail="Validating Access Token payload"
Detail="Access Token OK" Subject=”chris" Expiry="1516799325" Scope="[u'im & presence',
u'voice', u'video']"
Issuer="ucm-pub.domain.com" Issuertype="cucm" Deployment="1"
Detail="Token validation successful"
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
“Authorise by OAuth token with refresh”
Refresh CUCM and IM&P Registration
…Action="Received" Request-url="https://ucm-pub.dcloud.cisco.com:8443/ssosp/token/access_token"
HTTPMSG:
|HTTP/1.1 200 OK
{ "expires_in":3600,
"token_type":"Bearer",
"refresh_token":"eyJhbGciOiJSUzI1N...YmT4myINOOBqA2EQ",
"refresh_token_expires_in":5184000,
"access_token":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImt...gJcUyNlYCb5YZAEkkzIWHKg" }
|
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
“Authorise by OAuth token with refresh”
Refresh CUCM and IM&P Registration
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
“Authorise by OAuth token with refresh”
Recommended Deployment
• Token Refresh
• Fast Login
• Off-Line Login
• Access Policy Support
• Roaming Support
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
“Authorise by OAuth token with refresh”
Refresh CUCM and IM&P Registration
• Regenerate Tokens
• Encyrption Key - CLI
set key regen authz encryption
• Signing Key – CLI and OS Administration
set key regen authz signing
• Re-voke Tokens
curl -k -u "admin:password”
https://<UCMaddress:8443/ssosp/token/revoke?user_id=<end_user>
• You MUST refresh on Expressway-C the CUCM/IM&P servers!!
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
Jabber for iOS with the
Apple Push Notification
service
Optimised for Mobile
Apple iOS Push Notifications
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
Push Notifications
iOS Push Notification Flows
IM&P / IM&P /
UC Manager Node Messenger Messenger
Platform Platform
UC Manager
Node
Cisco
Collaboration
Apple APNs
Keep
Alive Incoming
Chat Notification/
Jabber call
Jabber Jabber
Process JABBER in Process JABBER in
FOREGROUND BACKGROUND & SUSPENDED
or KILLED
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
Communication with the cloud
UC Manager Connection to Cloud
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
How to configure
UC Manager Registration
Advanced Features> Cisco Cloud Onboarding
New configuration screen in
UC manager from 11.5SU2
Process creates machine
account based on UC
manager license.
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
How to configure
UC Manager Registration
• UC manager is used to generate “Machine” account
in Cisco cloud
• Smart Licensing requires Voucher be generated by PLM
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
Firewall Considerations
Getting Notifications to iOS Devices
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
How to Test
Call to see the Call Arrive
1. sign into the Jabber for iPhone app
2. wait for it to register with CUCM
3. either:
- double click the home button
- swipe up from bottom of screen
and pause halfway up screen
4. confirm it is not registered in CUCM
5. ...and flick it off the screen (to kill it)
6. then make a call to it or send IM
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
Troubleshooting
Trace from CUCM, IM&P & Jabber Problem Report
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
Troubleshooting
Push Notification Service (PNS) Trace
Request arrives from CallManager to the PNS and is sent on to
push.webexconnect.com:
[com.cisco.ccm.ccmpns.CCMPNSClientConnectionHandler@37f729 ReceiveThread] ccmpns.ReceiveThread (ReceiveThread.java:95) - run() ReceiveThread
waiting for message, socket closed:false
200 Response received back from cloud and confirmation sent to CallManager service:
[pool-3-thread-1] ccmpns.WorkerThread (WorkerThread.java:294) - handlePushNotificatonRequest() Response received : 200 Text:
[pool-3-thread-1] ccmpns.WorkerThread (WorkerThread.java:304) - handlePushNotificatonRequest() Response to client
{"MESSAGETYPE":"RESPONSE_PUSH_NOTIFICATION","TRACKINGID":"CUCMCallP_3e176d0f-1530-4897-9cb5-
adbf69d19b5a_deploy:onprem_clusterinfo:StandAloneCluster-1","STATUS":"200","TEXT":""}
[pool-3-thread-1] ccmpns.CCMPNSClientConnectionHandler (CCMPNSClientConnectionHandler.java:190) - addHeaderAndSendMessage()
{"MESSAGETYPE":"RESPONSE_PUSH_NOTIFICATION","TRACKINGID":"CUCMCallP_3e176d0f-1530-4897-9cb5-
adbf69d19b5a_deploy:onprem_clusterinfo:StandAloneCluster-1","STATUS":"200","TEXT":""}
[pool-3-thread-1] ccmpns.WorkerThread (WorkerThread.java:121) - run() WorkerThread: Done processing, exiting
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
Troubleshooting
Jabber Log Example
Before Jabber is killed:
[MessageConversationServiceImpl.cpp(2507)] [IMPServices-InstantMessageConversationServiceImpl] [IsPushEnabled] - <PUSH>
IS_PUSH_ENABLED: 1
The TCT device will then go through the normal registration process, including:
[p/sipcc/core/sipstack/ccsip_debug.c(337)] [csf.sip-call-control] [platform_print_sip_msg] - sipio-sent---> REGISTER sip:10.67.81.72
SIP/2.0
[p/sipcc/core/sipstack/ccsip_debug.c(337)] [csf.sip-call-control] [platform_print_sip_msg] - sipio-recv<--- SIP/2.0 100 Trying
[p/sipcc/core/sipstack/ccsip_debug.c(337)] [csf.sip-call-control] [platform_print_sip_msg] - sipio-recv<--- SIP/2.0 200 OK
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
Troubleshooting
XCP Config Manager trace
Message received from the XCP Router service for sending to APNS and is sent to push.webexconnect.com:
[Thread-50] xcpconfig.ConfigAPI$ConfigAPIListener - xcpconfig: Packet from Router<message xmlns="jabber:client"
from="ccooper@cooper.lab/jabber_860532993" to="xcpconfigmgr.cc-imp1-cooper-com" id="72f3dbbc-d141-4600-aa84-4b67227806ed"><publish
xmlns="http://protocols.cisco.com/push:2"><XXXXX/><session>5bae01ee-13c8-4fca-921e-7c35ed6e7a13</session><notify type="chat"
from="mtaylor@cooper.lab/jabber_2601" to="ccooper@cooper.lab" id="9bfcb078:4336:4a98:8226:f757367175a3" mid="0708d56e-1cb4-4574-8bba-
e263b2e7187e" body="XXXXXX" /><XXXXX/></publish></message>
[Thread-50] xcpconfig.ConfigAPI$ConfigAPIListener - xcpconfig: onPacket called
[Thread-50] xmlframework.XCPConfigMgr - PNS: Packet :<message xmlns="jabber:client" from="ccooper@cooper.lab/jabber_860532993"
to="xcpconfigmgr.cc-imp1-cooper-com" id="72f3dbbc-d141-4600-aa84-4b67227806ed"><publish
xmlns="http://protocols.cisco.com/push:2"><XXXXX/><session>5bae01ee-13c8-4fca-921e-7c35ed6e7a13</session><notify type="chat"
from="mtaylor@cooper.lab/jabber_2601" to="ccooper@cooper.lab" id="9bfcb078:4336:4a98:8226:f757367175a3" mid="0708d56e-1cb4-4574-8bba-
e263b2e7187e" body="XXXXXX" /><XXXXX/></publish></message>
….
[Thread-50] xmlframework.PushXMPP - PNS: onPacket: Sending packet to: https://push.webexconnect.com/jabber/apns/prod
[pool-4-thread-2] xmlframework.PushPacketHandler - PNS: Encrypt Successful
….
[pool-4-thread-2] xmlframework.PushXmppClientPool$Singleton - Stats: {}[leased: 0; pending: 0; available: 1; max: 10]
[pool-4-thread-2] xmlframework.PushPacketHandler - PNS: Cisco-Tracking-ID is IMPXCPConfigMgr_72f3dbbc-d141-4600-aa84-
4b67227806ed_mid:0708d56e-1cb4-4574-8bba-e263b2e7187e_oid:9bfcb078:4336:4a98:8226:f757367175a3_deploy:onprem
[pool-4-thread-2] xmlframework.PushPacketHandler - PNS: pushCall: Sending Push Notification for packet with Cisco Tracking ID:
IMPXCPConfigMgr_72f3dbbc-d141-4600-aa84-4b67227806ed_mid:0708d56e-1cb4-4574-8bba-
e263b2e7187e_oid:9bfcb078:4336:4a98:8226:f757367175a3_deploy:onprem
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
Jabber Registration and
Call Flow
<EnablePRT>
<EnableForensicsContactData>
Diagnostics <PrtLogServerURL>
<EnablePrtEncryption>
Problem Report Tool <PRTCertificateName>
<PRTCertificateUrl>
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
Diagnostics
Contact Resolution Tool
• Contact Resolution Tool
built into Jabber for
Windows
• Tool can be used to
test/troubleshoot
directory config
• Predictive search
• Number resolution
Diagnostics
Call Statistics
• Realtime call statistics from an active
softphone mode call
• Voice tx/rx
• Video tx/rx
• Share tx/rx
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
Jabber Diagnostics – Edge Configuration
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 80
SIP REGISTER
Jabber exp-e-1.dcloud.cisco.com
198.18.2.37 198.18.2.152 (external)
REGISTER sip:ucm-sub1.dcloud.cisco.com SIP/2.0
Via: SIP/2.0/TLS 198.18.2.37:51172;branch=z9hG4bK00001055
Call-ID: 005056b8-21130003-000062b1-000035fd@198.18.2.37
Path for SIP responds to
CSeq: 102 REGISTER REGISTER request
Contact: <sip:509764ed-5917-eb59-0bca-413a773223c9@198.18.2.37:51172;transport=tls>;+sip.instance="<urn:uuid:00000000-0000-0000-0000-
005056b82113>";+u.sip!devicename.ccm.cisco.com="cholland";+u.sip!model.ccm.cisco.com="503";video
From: <sip:+19725555018@ucm-sub1.dcloud.cisco.com>;tag=005056b82113000200001174-0000712a
Contact = Jabber IP
To: <sip:+19725555018@ucm-sub1.dcloud.cisco.com>
Max-Forwards: 70
Route: <sip:exp-e-1.dcloud.cisco.com;transport=tls;lr>,<sip:198.18.133.152:5061;transport=tls;zone-id=1;directed;lr>,<sip:ucm-
sub1.dcloud.cisco.com;transport=tcp;lr>
User-Agent: Cisco-CSF
Route for SIP REGISTER
Expires: 3600
Date: Wed, 20 Apr 2016 10:00:24 GMT
Proxy-Authorization: Digest username="cholland", realm="exp-e-1.dcloud.cisco.com", uri="sip:ucm-sub1.dcloud.cisco.com",
response="d8ad62d5f7555cd944f464b5d8f2a869", nonce="bc9fde6c224d6617f6dc4a6f8ae59a369c5f9ebcecb20220091dbf27ea75",
opaque="AQAAAEXd5mTRpkTDUddWM/ttJLnZZuOd", cnonce="0000654b", qop=auth, nc=00000001, algorithm=MD5
Supported: replaces,join,sdp-anat,norefersub,resource-priority,extended-refer,…
Reason: SIP ;cause=200;text="cisco-alarm:25 Name=cholland ActiveLoad=Jabber_for_Windows-10.6.2 InactiveLoad=Jabber_for_Windows-10.6.2 Last=initialized"
Mime-Version: 1.0
Content-Type: multipart/mixed;boundary=uniqueBoundary After ‘SIP 407 Proxy Authentication Required
Content-Length: 1271
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
SIP REGISTER
exp-e-1.dcloud.cisco.com exp-c-1.dcloud.cisco.com
198.18.1.152 (internal) 198.18.133.152
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
How to validate the registration?
Expressway
CUCM Registration
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 84
How to validate the registration?
Expressway
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
SIP Registration – SIP Path Headers Support
• Expressway X8.9
• CUCM 11.5(1)SU2
• Provides feature support for :
Shared line features 78XX and 88XX
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 86
SIP REGISTER
exp-c-1.dcloud.cisco.com ucm-sub1.dcloud.cisco.com
198.18.133.152
198.18.133.219
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 87
How to validate Calls? Expressway
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 90
Mobile and Remote
Access
Troubleshooting and
Monitoring
“Authorise by OAuth token
with refresh” - Monitoring
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 92
Unified Communications Status – Expressway E
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 93
Unified Communications Status – Expressway C
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 94
Unified Communications Status
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 95
Unified Communications Status (example1)
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 96
Unified Communications Status (example1)
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 97
Unified Communications Status (example1)
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 98
Unified Communications Status (example1)
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 99
Unified Communications Status (example1)
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 100
Alarms
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 101
DNS Lookup
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 102
Troubleshooting
CA Root not uploaded on ExpressWay E
Traversal Zone State Failed
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 103
Troubleshooting
Peer Address not matching CN
• Peer Address/FQDN not matching CN
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 104
Troubleshooting
Password incorrect
• Traversal Client will show for this zone
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 105
Password incorrect (contd…)
• ExpressWay C diagnostics logs
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 106
Password incorrect (contd…)
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 107
Expressway Diagnostic Logs
• Diagnostics logs
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 108
Collaboration Solution Analyzer
cs.co/csa
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 113
Conclusion & Key Takeaways
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 114
Q&A
#CLMEL
Visit the Customer Experience booth in the World of Solutions and
donate for charity!
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 116
Donate to
Charity!
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
#CLMEL BRKUCC-3732 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 118
Complete Your Online Session Evaluation
• Give us your feedback and receive a
complimentary Cisco Live 2019 Power
Bank after completing the overall event
evaluation and 5 session evaluations.
• All evaluations can be completed via the
Cisco Live Melbourne Mobile App.
• Don’t forget: Cisco Live sessions will be
available for viewing on demand after
the event at:
https://ciscolive.cisco.com/on-demand-library/
#CLMEL © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Thank you
#CLMEL
#CLMEL