Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
687
Views
5
Helpful
4
Replies

CWMS 2.6 - after upgrade - user authentication is too long and failed

Go to solution
Philippe PREVOST
Level 1
Level 1

‎12-07-2015 01:25 AM - edited ‎03-17-2019 05:43 PM

Hi all,

Thank for the webex team for this great job!

I had upgrade a cwms on prem to 2.6 version.

The access to the cwms user page is ok but when they want to authenticate it's failed.

Any idea ?

Regards

Philippe

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
dpetrovi
Cisco Employee
Cisco Employee
In response to Philippe PREVOST

‎12-11-2015 09:41 AM

Hi Philippe,

When you integrate CWMS with CUCM for Directory Integration (LDAP authentication), you point CWMS to a single CUCM server. However, CUCM cluster has a processnode table of all CUCM nodes involved with AXL service sorted in a non-editable order. This list can include many different Subs that might not be reachable by CWMS.

If that is the case, during authentication process, CWMS first tries to send request to the first node in the list provided by CUCM. If that node is not accessible it will take a long time until the request times out and CWMS uses a different CUCM in the list. 

If the network were to Deny the connection attempt to unreachable SUB (with RST, similar to what a subscriber not running AXL would do), then there would not be such a long TCP resend.
Besides making the subscriber accessible to CWMS over the network, this is the only short term solution available.

But it looks like you ensured all CUCM servers are reachable by CWMS and that resolved the issue.

Thank you for the update.

-Dejan

View solution in original post

0 Helpful
4 Replies 4

Go to solution
bvanturn
Cisco Employee
Cisco Employee

‎12-07-2015 04:42 AM

Hi Philippe,

I'm not aware of a known issue like that after upgrade to 2.6.

The authentication is either done locally or if LDAP Authentication is enabled, the request gets forwarded to CUCM via the AXL interface. Then CUCM will use the authentication method configured there to either authenticate the user locally or if ldap authentication is configured, it will forward it to the ldap server. Make sure that the user is Active in CWMS and that ,if configured, the ldap sync is working.

What authentication is configured on CWMS?

If ldap authentication, what authentication is configured on CUCM?

If ldap authentication, check if the user can log in to the ccmuser web page from the server CWMS is pointing to.

If ldap authentication, you can see the request in the AXL Logs (you may need to increase logging level).

Hope that helps!

Thanks,

Bruno

Go to solution
Philippe PREVOST
Level 1
Level 1
In response to bvanturn

‎12-07-2015 07:34 AM

Hi Bruno,

Thank for answering,

Ldap authentication is enable and the last sync is OK with the axl user of cucm.

The user (is active) can log in ccmuser with no latency ...

The issue a just a big latency but the authentication, now, is OK

Regards

0 Helpful

Go to solution
Philippe PREVOST
Level 1
Level 1
In response to Philippe PREVOST

‎12-11-2015 08:10 AM

Now it's work fine !

Not All the sub of CUCM cluster are reachable , and it's mandatory !

Regards

0 Helpful

Go to solution
dpetrovi
Cisco Employee
Cisco Employee
In response to Philippe PREVOST

‎12-11-2015 09:41 AM

Hi Philippe,

When you integrate CWMS with CUCM for Directory Integration (LDAP authentication), you point CWMS to a single CUCM server. However, CUCM cluster has a processnode table of all CUCM nodes involved with AXL service sorted in a non-editable order. This list can include many different Subs that might not be reachable by CWMS.

If that is the case, during authentication process, CWMS first tries to send request to the first node in the list provided by CUCM. If that node is not accessible it will take a long time until the request times out and CWMS uses a different CUCM in the list. 

If the network were to Deny the connection attempt to unreachable SUB (with RST, similar to what a subscriber not running AXL would do), then there would not be such a long TCP resend.
Besides making the subscriber accessible to CWMS over the network, this is the only short term solution available.

But it looks like you ensured all CUCM servers are reachable by CWMS and that resolved the issue.

Thank you for the update.

-Dejan

0 Helpful
Customers Also Viewed These Support Documents