Introduction
This document describes how to size, configure, and troubleshoot a Mobile and Remote Access (MRA) solution through Cisco Expressway.
Size
The MRA Scale Application Note summarizes how to optimize existing capacity in Cisco MRA deployments and includes guidance on how to assess additional capacity.
Additionally, Cisco Expressway sizing information is available in Preferred Architecture for Cisco Collaboration 12.x Enterprise On-Premises Deployments, CVD, Tables 9-8 and 9-9.
Configure
Troubleshoot
If Jabber log in over MRA fails, complete these steps in order to troubleshoot the issue:
Step 1. Run Collaboration Solutions Analyzer (CSA) with a set of test credentials.
CSA is a suite of tools for your collaboration solution. CSA helps during the different phases of a collaboration solution lifecycle, and specifically for MRA, the Collaboration Edge (CollabEdge) validator drastically reduces the time needed to troubleshoot the solution.
CollabEdge validator is a tool that validates MRA deployments by simulating a client log in process. There are several checks done:
- Public Domain Name System (DNS) entry validation
- External connectivity checks
- Expressway-E (Exp-E) SSL certificates
- Unified Communications Manager (UCM) and IM & Presence server (IM&P) related application flow checks
- User Data Services (UDS)
- Extensible messaging and presence protocol (XMPP)
- Session Inititation Protocol (SIP) registration
Input
At a minimum, the tool requires a domain to check the DNS configuration, Exp-E discovery, connectivity, and Exp-E SSL certificates. If a test username and password is provided, the tool will be able to retrieve the user and device configuration from UCM, attempt to authenticate against IM&P, and register an associated device. If you have a phone only deployment, check the checkbox and the IM&P checks will be skipped.
Sample Output
The first thing that is displayed is an overview of the log in attempt which gives an overview of what works and what fails. An example when everything works correctly:
When something does not work, it is immediately visible in the section it fails. More details can be found in the specific sections in this document.
Edge Domain Validation
In the Edge domain validation all details are displayed with regards to DNS records. Click the question mark in order to display more details about the check.
External Connectivity and Exp-E SSL Certificate Checks
This section shows details about the connectivity and Exp-E certificate checks for each host discovered with the DNS records. The question mark is also available here to obtain more details on what checks are done and why.
Click View next to host name in order to open the certificate detail view and have all details of the complete chain available.
Edge Servers
This section shows the Edge configuration details. This is done for every Exp-E discovered by DNS.
The full content of the response can be expanded as well.
UDS Servers
For each Edge server which can be selected, the UDS servers which were returned in the get_edge_config are tested one by one until either a working one is found or all of them fail.
IM&P Servers
For each Edge server which can be selected in the Edge Servers section, the IM&P servers (fetched from the service profile) are tested one by one until either a working one is found or all fail.
Softphone Registration
For each Edge server which can be selected in the Edge Servers section, softphone registration is tested. The type of softphone tested depends on the devices associated to the user, and follow this prioritized list: CSF, BOT, TCT, TAB. For the selected Edge server, the Exp-C servers (as returned by get_edge_config) and Unified CM server (as configured in the CUCM Group) are tested until a combination works or all of them fail.
Step 2. After you find out where the log in process fails, use Collaboration Edge Most Common Issues in order to see if it matches one of the known issues.
Refer to Configure and Troubleshoot Collaboration Edge (MRA) Certificates or Installing a Server Certificate to an Expressway (video) if you find a certificate issue through CSA.
If you use a single Network Interface Controller (NIC) with static Network Address Translation (NAT) on the Exp-E and you use an Adaptive Security Appliance (ASA), see Configure NAT Reflection On The ASA For The VCS Expressway TelePresence Devices in order to make sure NAT reflection is correctly configured.
Step 3. If you were unable to resolve your issue, open a Technical Assistance Center (TAC) case with Expressway logs and a problem report.