Supporting Business Continuity During the COVID-19 Pandemic - Mobile and Remote Access Solution Resources

Available Languages

Download Options

  • PDF     (671.5 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (711.2 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (502.0 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:April 8, 2020
Document ID:215379

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes how to size, configure, and troubleshoot a Mobile and Remote Access (MRA) solution through Cisco Expressway.

    Size

    The MRA Scale Application Note summarizes how to optimize existing capacity in Cisco MRA deployments and includes guidance on how to assess additional capacity.

    Additionally, Cisco Expressway sizing information is available in Preferred Architecture for Cisco Collaboration 12.x Enterprise On-Premises Deployments, CVD, Tables 9-8 and 9-9.

    Configure

    Troubleshoot

    If Jabber log in over MRA fails, complete these steps in order to troubleshoot the issue:

    Step 1. Run Collaboration Solutions Analyzer (CSA) with a set of test credentials.

    CSA is a suite of tools for your collaboration solution. CSA helps during the different phases of a collaboration solution lifecycle, and specifically for MRA, the Collaboration Edge (CollabEdge) validator drastically reduces the time needed to troubleshoot the solution.

    CollabEdge validator is a tool that validates MRA deployments by simulating a client log in process. There are several checks done:

    • Public Domain Name System (DNS) entry validation
    • External connectivity checks
    • Expressway-E (Exp-E) SSL certificates
    • Unified Communications Manager (UCM) and IM & Presence server (IM&P) related application flow checks
      • User Data Services (UDS)
      • Extensible messaging and presence protocol (XMPP)
      • Session Inititation Protocol (SIP) registration

    Input

    At a minimum, the tool requires a domain to check the DNS configuration, Exp-E discovery, connectivity, and Exp-E SSL certificates. If a test username and password is provided, the tool will be able to retrieve the user and device configuration from UCM, attempt to authenticate against IM&P, and register an associated device. If you have a phone only deployment, check the checkbox and the IM&P checks will be skipped.

    Sample Output

    The first thing that is displayed is an overview of the log in attempt which gives an overview of what works and what fails. An example when everything works correctly:

    When something does not work, it is immediately visible in the section it fails. More details can be found in the specific sections in this document.

    Edge Domain Validation

    In the Edge domain validation all details are displayed with regards to DNS records. Click the question mark in order to display more details about the check.

    External Connectivity and Exp-E SSL Certificate Checks

    This section shows details about the connectivity and Exp-E certificate checks for each host discovered with the DNS records. The question mark is also available here to obtain more details on what checks are done and why.

    Click View next to host name in order to open the certificate detail view and have all details of the complete chain available.

    Edge Servers

    This section shows the Edge configuration details. This is done for every Exp-E discovered by DNS.

    The full content of the response can be expanded as well.

    UDS Servers

    For each Edge server which can be selected, the UDS servers which were returned in the get_edge_config are tested one by one until either a working one is found or all of them fail.

    IM&P Servers

    For each Edge server which can be selected in the Edge Servers section, the IM&P servers (fetched from the service profile) are tested one by one until either a working one is found or all fail.

    Softphone Registration

    For each Edge server which can be selected in the Edge Servers section, softphone registration is tested. The type of softphone tested depends on the devices associated to the user, and follow this prioritized list: CSF, BOT, TCT, TAB. For the selected Edge server, the Exp-C servers (as returned by get_edge_config) and Unified CM server (as configured in the CUCM Group) are tested until a combination works or all of them fail.

    Step 2. After you find out where the log in process fails, use Collaboration Edge Most Common Issues in order to see if it matches one of the known issues.

    Refer to Configure and Troubleshoot Collaboration Edge (MRA) Certificates or Installing a Server Certificate to an Expressway (video) if you find a certificate issue through CSA.

    If you use a single Network Interface Controller (NIC) with static Network Address Translation (NAT) on the Exp-E and you use an Adaptive Security Appliance (ASA), see Configure NAT Reflection On The ASA For The VCS Expressway TelePresence Devices in order to make sure NAT reflection is correctly configured.

    Step 3. If you were unable to resolve your issue, open a Technical Assistance Center (TAC) case with Expressway logs and a problem report.

    TAC Authored

    Contributed by Cisco Engineers

    • Ishan Sambhi
      Cisco TAC Engineer

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products