Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1534
Views
0
Helpful
2
Replies

CSCvg93026 - CUCM 12 - SSO 403 For Platform Users Accessing DRS and OS Admin

Ciscollab_Amit
Level 4
Level 4

‎10-24-2020 11:47 AM

Hello Cisco Colleagues,

 

I have been trying to figure out the solution for the workaround suggested for the CSCvg93026.

After I migrated the CUCM Pub from 10.5.1 to 12.5.1(SU3), the OS Admin and DRS access has stopped. Web Admin via Single Sign on Works.

The migration from 10.5 to 12.5 has been a hell lot of headache so far.

 

As per the workaround suggested in the bug-id CSCvg93026 what exactly needs to be done is not clear.

 

Workaround:
After creating the account from the PUB CLI with command set account name

Run command show account to verify the account was created

Open a new SSH session to the PUB and login with the new created account in previous step.

Proceed to use the previously set password to log in and follow the instructions to reset your password.

 

My confusion is about the creation of platform user account. Should I set the same account name again for example if in CUCM 10.5, the username was ucosadmin, should the same name be set again with the command   set account name.

And should the privilege level be set to 1 or 0. This isn't mentioned here.

 

If I understand it correct, I can set the same account name as before and then use the old password and there shouldn't be any issue.

 

Thanks for the clarification.

Labels:
0 Helpful
2 Replies 2

Ciscollab_Amit
Level 4
Level 4

‎10-24-2020 12:08 PM

OK I can answer my own question after testing it in the lab. In case of SSO, after the upgrade to 12.5 all the ldap admins who have application administrator level access need to be manually provided with the platform admin access via CLI and recovery bypass url access for the /cmplatform. 

In our customer's case, the Application Administrator was ldap user but platform Admin(OS Admin) was the user that was created during CUCM installation. So I now need to modify the Application administrator access via CLI so that he can use SSO for the OS Admin/DRS.  

Unfortunately I didn't find this info in the upgrade guide or release notes. And this is something new. I believe @cisco should add it in the important notes section of the release notes or in the Upgrade and Migration guide. 

0 Helpful

RAustin70
Level 1
Level 1
In response to Ciscollab_Amit

‎01-11-2021 08:17 AM

Did This work for you?  We just upgraded from 11.5(1) over to 12.5(1)SU1 over the weekend and lost our OSAdmin and DRS as well.  The workaround is agreeably unclear on what is to be specifically done.  Hopefully we can get this up and running this week.

0 Helpful
Customers Also Viewed These Support Documents