Dec 05

Cisco MRA Jabber – Cannot Communicate with Server – Reverse DNS

Another “Cannot Communicate with Server” error when logging into Cisco Jabber. This error can lead to many possibilities of where the actual error lies. You will need to do some digging. I come across a doozy and have documented below. But this relates to the newer version on Expressway 8.8+ which now also queries reverse DNS zones to confirm operations. If PTR records are missing or mis-configured you will know about it..

The symptoms I received were as follows:

- I could resolve the SRV record and A records
- I could log into Jabber from within the Corporate LAN
- If I typed an incorrect password, I would receive “Username or Password is incorrect” message
- If I typed in the correct password, I would receive the infamous “Cannot Communication with Server” error.

Versions I’m running:

- CUCM/IMP version
- Expressway version 8.8.1

Processes and Solution (to this particular scenario):

- Expressway-E Event Log showing Service Unavailable – 503 error.
MRA Jabber- Set the ‘network’, ‘network tcp’ and ‘network sip’ diagnostic logging to DEBUG.
- Attempted to log into Jabber. Captured and Downloaded logs.
- Analysed log file and found this line. “Detail=Certificate verification failed for host=X.X.X.X, additional info: Invalid Hostname”
- Discovered a PTR record for my exact Expressway-E’s A Record had been created somewhere on the Web, and when the Expressway-C was actioning a Reverse DNS Lookup Query, this PTR record was being found. What are the chances hey??
- I had to create a Reverse Lookup Zoen for the Expressway-E Public IP Address, add the correct PTR record. Once I flushed DNS.. Everything started to work fine and I could log into Jabber remote.

**Leaving Thoughts.. As I’ve also found in CUCM version 11.5, reverse DNS plays a very important role now.. Make sure all A records have PTR records and only one!

Nov 25

DNS Unreachable Warning – CUCM Version 11.x

Recently upgraded a UC environement from 10.5 to 11.5. After the upgrade was complete, the CUCM Publisher server displayed a “DNS Unreachable” error upon logging into the Administration webpage.


This warning message only appeared on the CUCM Publisher and not the subscriber etc. I confirmed DNS had been configured identically for both the publisher and subscriber. I read that CUCM Version 11.x no does a couple of more network tests that have a direct impact on warning/error messages being displayed on the GUI. One of these tests is against the DNS Reverse Lookup Zone. Pre 11.x versions.. The CUCM server would check to see if a PTR record existed for the hostname, in fact this is required for CUCM installation process to succeed. In version 11.x the CUCM now also continuously checks against the Reverse Lookup Zone for mismatches and displays a warning message on the GUI. In my case, the customer had created an additional A Record for user friendly purposes called, this automatically created a PTR record. So when CUCM ran checks against the Reverse Lookup Zone, the results displayed a mismatch. Hence the warning was raised and displayed. (Although DNS was functioning perfectly)

Removing this PTR Record resolved the issue with the warning message.

I ran the command “utils diagnose test” to pin point the issue.


Nov 20

Forward Voicemail Messages with Jabber 11.8+

From Cisco Jabber 11.8+, users can forward voice messages to other user mailboxes. One very good feature is Cisco Jabber also allows the user to record a header message that gets attached to the original voice message. This is also available for Jabber on mobile devices.

In Cisco Jabber navigate to the Voice Messages tab, then right click the voice message and select ‘Forward Voice Message’


A window now opens, which allows you to record a message. You can then playback the recorded message, re-record etc.


Once happy with the recorded voice message, search for users in the directory. (NOTE: users must have a voice mailbox). You can also select multiple recipients.


Nov 05

Cisco Mediasense 11.5(1) – Role Based Access for Finesse Agents

Mediasense 11.5(1) has introduced the long awaited role based access for Finesse Agent and Supervisors. Finesse Supervisors can monitor the recordings of only their assigned Teams, while Finesse Agents can only view their own recordings. Recordings include active recordings, associated recordings and archived recordings.

For the above to work, the Finesse AgentInfo gadget is required to be active for both Agents and Supervisors. This feature only applies to Finesse Integrated Contact Centres.

To reference additional 11.5(1) features for Mediasense, please use the below link.

Oct 25

Removed Old Device Firmware after CUCM Upgrade

CUCM v11+ allows the removal of old or unused device firmware easily. It’s a good practice to clean up unused device firmware after completing system upgrades or after succesful completion of device pack installs or individual device firmware installs.

Browse to the OS Administration page and navigated to Software Upgrades -> Device Load Management.
CUCM Device Firmware

Search the ‘Status’ column for the keyword ‘Not’. This lists all device firmware not is use.
CUCM Device Firmware

Select the Select All button (top left), then select Delete.
CUCM Device Firmware

You do get a grace warning message.. Click ok to continue.
CUCM Device Firmware

And now you are just left with device firmware that is currently in use.
CUCM Device Firmware

Make sure to repeat the above process for all Subscribers in the Cluster.

Oct 15

SIP VOIP Dial-Peer Resiliency on IOS Gateway

Configuring resiliency into UC Voice gateway connecting to a CUCM Cluster via SIP Trunks. Typically we would configure retry timers and counts to force the IOS Gateway to route via lower preference dial-peers. With the introduction of SIP Options, we can now effectively shut the dial-peer down (busy-out) if the IOS Gateway cannot reach the CUCM Server within the configured thresholds. This is a proactive method to ensure calls are not being delayed toward the CUCM Cluster. Change the SIP Options Keepalive Up/Down timers to suit your requirements.

I’ve listed below the general Voice Class and relevant dial-peer configuration.

Voice Class

voice class sip-options-keepalive 1
 down-interval 40
 up-interval 20

Dial Peer

dial-peer voice 10 voip
 preference 1
 destination-pattern 0212348[12]..
 session protocol sipv2
 session target ipv4:
 incoming called-number .
 voice-class codec 1
 voice-class sip options-keepalive profile 1
 dtmf-relay rtp-nte
 no vad
dial-peer voice 11 voip
 preference 2
 destination-pattern 0212348[12]..
 session protocol sipv2
 session target ipv4:
 incoming called-number .
 voice-class codec 1
 voice-class sip options-keepalive profile 1
 dtmf-relay rtp-nte
 no vad


To verify both dial-peers are operational run the below cmd.

show dial-peer voice summary

Cisco sip-options

Oct 10

Cisco Expressway 8.8 Features

There a couple of new features in version 8.8 for Cisco Expressway that is worth mentioning. One feature is the introduction of being able to register SIP Devices to the Expressway-C device. H323 is on the road map and will be introduced in a later release. Devices that can be registered include Desktop Endpoints such as the DX and EX Series and room based endpoints such as the SX and MX series. As well as third-party video SIP endpoints.

The licensing structure for such registrations will follow the same principles as CUCM. Desktop endpoints will require a UCL Enhanced or above and Telepresence endpoints will require a Room based license. Partners/Customers will be able to select what Call Control server (Expressway-C or CUCM) the license will be installed on at the time of registering the PAK.

This architecture will now complement Video only infrastructure where CUCM is not deployed in the organisation.

Cisco Expressway 8.8

The second is more a modification as opposed to a feature. The RMS License model has been revised and now the Expressway-E device is the only device required to host an RMS (Traversal) License. Pre 8.8 both the Expressway-C and Expressway-E devices were required to host RMS Licenses.

The one exception being is if the Expressway-C device is performing interoperability between Cisco registered endpoints and third-party standalone or registered endpoints. EG MS SFB Business endpoints.

Cisco Expressway 8.8

Cisco Expressway 8.8

These images were referenced from Cisco’s CCP Presentation.

Oct 01

Activating Services on IM&P – AXL Service

Little gotcha with activating services on the Cisco IM & Presence Server version 11.0.1.XXXXX-X. After selecting ‘Set to Default’ for Service Activation, we can see the Cisco AXL Web Server is indeed already activated – great. However when we go ahead and click ‘Save’, essentially activating the selected services, the Cisco AXL Web Server returns to ‘Deactivated’. This is a critical service to allow Jabber to connect to the IMP Cluster, so you’ll need to go back and check the Cisco AXL Web Service to activate the service.

This is easy to miss and can cause some pain when you try and connect Jabber for the first time..

As we can see below the Cisco AXL Web Service is showing as Activated.

Cisco AXL Web Service

After selecting SAVE, the Cisco AXL Web Service returns to Deactivated.
Cisco AXL Web Service

Sep 29

Cisco CSR 11.5.1 Feature Highlights

Corporate Directory Search for MRA Clients

Cisco Mobile Remote Access (MRA) clients are now able to search the Corporate Directory Servers for contacts. Pre v11.5, MRA clients were only able to search the UDS Contact database. The UDS service within CUCM now acts as a proxy between the MRA client and the Corporate Directory server. So no configuration necessary on the Expressway Devices.

To allow this feature, the below needs to be configured on the CUCM.

- Enable ‘user search to Enterprise Directory’ under System -> LDAP -> LDAP Search.
- Complete the required details and attribute mappings under System -> LDAP ->LDAP Search
- Configured a ‘Directory’ UC Service.
- Assigned the above configured Directory UC Service under the System -> LDAP -> LDAP Search

CLI Privilege Levels

The OS Administrator can now configure additional Administrators via the CLI and give the newly created Administrators either Read-Only access or Read & Write access privileges.

Read Only access is assigned to level 0 privilege
Read and Write access is assigned to level 1 privilege

Cisco Spark Remote Device

With the growth of Cisco Spark collaboration client, CUCM v11.5 has introduced a new Device Type for the Cisco Spark Client. The device type is called ‘Cisco Spark Remote Device’.

Configuring the Spark Device does consume an enhanced License unless the Owner already has ownership over other devices, in that case a device count witll be added to a CUWL or Enhanced Plus license for the user.

This device type is for the Cloud client to register to the CUCM via the Collaboration Edge architecture (v8.8+) and allow the ability to route calls out the local corporate voice gateways. Hence creating a Spark Hybrid environment.

The Spark hybrid environment does have some costs involved. Please refer to the Product information sheet for Spark Hybrid.

Deprecated Endpoints

Cisco has announced the below devices will no longer be supported moving forward in version 11.5 and beyond.

• Cisco IP Phone 12 SP+ and related models
• Cisco IP Phone 30 VIP and related models
• Cisco Unified IP Phone 7902
• Cisco Unified IP Phone 7905
• Cisco Unified IP Phone 7910
• Cisco Unified IP Phone 7910SW
• Cisco Unified IP Phone 7912
• Cisco Unified Wireless IP Phone 7920
• Cisco Unified IP Conference Station 7935

Phone Documents in Cisco Unified Communications Manager Self Care Portal

Cisco does a great job with documentation via the Help Menu in CUCM and relating products, this simply extends to the Self Care Portal now. Allows users to gain easy access to guides and references regarding devices and user relating features and processes.

Addition of AXL Read Access Role to a User

In addition to the CLI Read Only Administrators, Cisco has also create a Read Only access role for the AXL API. This Read Only access role can be safely given to developers knowing their applications can not adversely impact on the CUCM configuration.

The new role is called ‘Standard AXL Ready Only API Access

*Additional 11.5 features can be referenced from the below document.

Sep 25

Deploying Jabber MSI via Group Policy Without Arabic Language

Cisco Jabber is great collaboration tool for any organisation.. The install process for individual PCs is simple and quick.. However deploying Cisco Jabber via Microsoft’s Group Policy is a more painful process for the Windows Administrator. This is because for some unknown reason.. The Cisco Jabber MSI package selects the lowest language identifier to install, this turns out to be Arabic! Great, so how do we deploy Cisco Jabber in English. Well there are a couple of hoops to jump through to have English as the selected language and I’ve briefly documented how below. I’ve also included a link to good Cisco reference and the required EXE’s for Microsoft to play nice.

Download and extract and install WinSDKTools_amd64.msi on Server (you will need x86 installer if 32 bit). After installing this, go to C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin and double click on Orca.Msi. This will install the Orca application.

Open Orca and navigate to File > Open. Browse to and select the CiscoJabberSetup.msi.

Once the MSI is opened, navigate to View > Summary Information.

Cisco Jabber

Remove all language codes under languages except for 1033 (English).

Cisco Jabber Arabic Language

Click OK and go File > Save As and save over the top of the original CiscoJabberSetup.msi. Language of msi file has now been changed, set up GPO to deploy software.

Cisco Reference: