From the list, select SSL, click Apply and close the window.
#WEBEX TEAMS TROUBLESHOOTING HOW TO#
option is selected, you see a list where you can select how to Decode the stream you've selected. After this, right-click the first packet in the stream and select Decode As. as shown in the image.ī. When you analyze the Mutual TLS handshake, first filter the capture by tcp.port=5062. There are two methods that you can use the decode this traffic so that you can more easily see the certificate information and any error messages that are present.Ī. However, you can't determine that without the traffic being decoded. Packet number 175 is the certificate the Expressway sends to Cisco Webex. Here is an example of the Mutual TLS handshake that's occurring over port 5062 as shown in the image.Īs you can see, this is how the handshake looks with the default settings in Wireshark. What this means is that any time you want to analyze a (mutual) TLS handshake that occurs over port 5062, Wireshark will not know how to decode the traffic properly. If the Expressway-E does not use a publicly signed certificate, was the Expressway certificate along with any root and intermediate certificates uploaded to the Cisco Webex Control Hub ( )?īy default, Wireshark marks SIP TLS traffic as port 5061.Has the Expressway-E certificate been signed by one of the Public CAs that Webex trusts? ( Cisco Webex Trusted CA List).Is present in the Subject Alternate Name field of the Cisco Webex certificate?.Was the Cisco Webex certificate signed by a Public CA that is listed in the Expressway-E Trusted CA list?.Since mutual TLS issues are so prevalent during new deployments of the Expressway servers and the enablement of solutions such as Hybrid Call Service Connect, this section provides useful information and tips for troubleshooting certificate-based issues between the Expressways and Cisco Webex. This means that both the Expressway-E and Cisco Webex check and inspect the certificate that each other present. Hybrid Call Service Connect uses mutual transport layer security (mutual TLS) for authentication between Cisco Webex and the Expressway-E. Call Set-Up Issues Mutual TLS Handshake Failures
Additionally, this document assumes that the Expressway connector host and Hybrid Call Service activation were completed. This troubleshooting guide covers Firewall/NAT considerations along with Expressway design in both Appendix 3 & 4. For customers and partners who deploy an Expressway pair for use with Call Service Connect, the Cisco VCS Expressway and VCS Control Basic Configuration guide must be referenced before you attempt to deploy Hybrid Call Service Connect. Since Hybrid Call Service Connect runs over the same Expressway E & C pair as other solutions such as Mobile and Remote Access and Business to Business calls, issues with the other solutions can affect Hybrid Call Service Connect. The scope of this guide is to cover issues that are unique to Hybrid Call Service Connect.
Use the Webex app as a mobile soft client for audio and video calls.If your network is live, ensure that you understand the potential impact of any command. All of the devices used in this document started with a cleared (default) configuration. The information in this document was created from the devices in a specific lab environment.
#WEBEX TEAMS TROUBLESHOOTING SOFTWARE#
The information in this document is based on these software and hardware versions: Expressway (Connector Host) - see Expressway Connector Host Support for Cisco Webex Hybrid Services for the currently supported versions.Expressway (B2B) version X8.7.1 or later (X8.9.1 is recommended).Knowledge of Cisco Unified Communications Manager (Unified CM) and its integration with Expressway.Knowledge of the Expressway solution (B2B).Prerequisites RequirementsĬisco recommends that you have knowledge of these topics: This document describes the Cisco Webex Hybrid Call Service Connect solution that allows your existing Cisco call control infrastructure to connect to the Cisco Collaboration Cloud so that they can work together.