cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1657
Views
45
Helpful
22
Replies

Meeting Place 8.5.3.4 - Change Directory Service Configuration

Carl Ratcliffe
Level 3
Level 3

Hi Support Community

 

  • We have 3 CUCM clusters version 8.6.2
  • We have 1 Meeting Place 8.5.3.4 cluster with a primary and standby server
  • Meeting Place has directory service integration with 1 of the CUCM clusters and performs all user sync and authentication via AXL / LDAP
  • We now need to change the Meeting Place configuration for AXL server, used for authentication and sync, to another CUCM cluster, this will use exactly the same LDAP search base so all users and details will remain the same in CUCM and therefore we want nothing to change in Meeting Place so all users should remain the same with the same configuration and all meetings should remain the same.

It looks straight forward to change the AXL URL but then we discovered the below from the Meeting Place configuration guide :

" user updates, imports, and deletions are not supported from a redundant Cisco Unified Communications Manager, even if it is integrated with the same LDAP directory as the primary Cisco Unified Communications Manager. This is because Directory Service user updates are tied to a field that is unique to each Cisco Unified Communications Manager server."

 

So we need to know how we go about changing the directory service configuration to point to another CUCM cluster for authentication and synchronization whilst keeping Meeting Place users and meetings in the Database unchanged.

 

Any help will be greatly appreciated.

Thanks, Carl Ratcliffe

1 Accepted Solution

Accepted Solutions

Hi Carl,

 

I've just received a final update. If you want to point your Directory Integration to a different CUCM server that is holding the same user database and runs AXL service, you should be able to just change the AXL URL on MP and point to this new server. After this change is made and saved, we recommend restarting services on MeetingPlace (SSH to the server with mpxadmin account, changing to 'root', and running 'mpx_sys restart' command). Once the services are restarted and system comes back up, go to User Configuration > Directory Service > Directory Service Configuration and perform a Full Sync (make sure that Profile Number setting under Profile Number Configuration section is set to New users only in order to avoid any profile # change if any of the user profiles in CUCM was updated in the meantime)

 

Please, let me know of any questions you might have.

 

Thank you.

-Dejan

View solution in original post

22 Replies 22

dpetrovi
Cisco Employee
Cisco Employee

Hi Carl,

 

I've been working with MeetingPlace for a long time, but honestly, haven't encountered this scenario. This statement in the documentation sounds very serious and restrictive, but I am sure I had customers that changed URL to point to different CUCM servers for AXL and had no issues with updates and syncs. Still, if documentation states this, there might be something there. I will see if I can check on our end if the wording is missing some additional conditions or we really cannot do this.

I will post any updates as soon as I get them.

 

-Dejan

Hi Dejan Thanks for your response and for looking into this for me. The documentation does relate to using another axl server in case of a primary axl failure and for authentication only not sync however it may be different in my scenario in that I want to permanently change it. Reason for doing this is that cucm is 8.6.2 and we use ldap integration. The ou used basically covers our whole user domain and it's the same across 3 cucm clusters however we are going to be using cups inter cluster and emcc and both require unique users in each cucm so we have to change the ou search base however we can't do it until we get meeting place directory service axl uri pointing to another cucm cluster that will continue to use the same ou as meeting place pulls in users from now. Thanks, Carl Ratcliffe

Hi Dejan

I have been looking at the help documents located on the Meeting Place server and the below extract seems to indicate you can make a change to the AXL URL. This help file states you when you are required to perform a full sync with CUCM and it says "when you modify the AXL URL" which reads to me that you can change the URL you just need to perform a full sync where as normally it will be a scheduled partial sync only which isnt going to update existing users.

See attached screen shot.

 

Therefore is the previous extract from documentation just relating to failover meaning you shouldn’t allow a normal scheduled sync to take place in failover as its only partially synchronising as opposed to a full synchronisation when you change the AXL URL ?

 

Thanks, Carl Ratcliffe

Hi Carl,

 

Per my experience, I would say change of AXL URL and full sync is all that is needed. But the first referenced document is so specific that we need to check why this was noted and if it can really break something. I would really hate to tell you that based on my experience you should just change the AXL URL and sync, and then something breaks and you have to rebuild and restore, etc. 

We are checking internally these two statements and we'll see if we can test this in our or engineering lab. We will let you know as soon as we have an update. I would say by early next week.

 

-Dejan

 

Hi dejan Thanks for your help this is greatly appreciated. I also have a tac case raised with cisco and no definite answer as of yet. It sounds a simple question but but there is no clear documentation or answer as of yet. Cisco tac have advised that they don't know the answer themselves and have had to send the request to BU. Thanks, Carl Ratcliffe

Hi Carl,

 

That is the current status of our investigation. We need to identify the resources that tested this in QA and based on what this statement was made. TAC can base the answers on documentation available, and if we strictly followed it, what you wanted wouldn't be supported/possible. However, since per our experience it doesn't really sound correct, we want to verify this and if needed update the documentation to avoid this confusion. When is the deadline you need to do this?

 

Thank you.

-Dejan

Hi dejan We have an urgent requirement as whether we migrate 3000 users from Microsoft ocs to cisco jabber or upgrade to Microsoft lync is going to be based on what we can do with meeting place. Basically cisco jabber inter clustering requires unique users in each cucm cluster, we currently use the same ldap search base in each cucm cluster for corporate directory reasons. We now have a 3rd party directory server so we can now change each cucm ldap search base to create unique users however as meeting place points to one of these cucm clusters that is the reason we need to change it as we can only have the one axl reference. The plan is to build a separate cucm server to be used solely for meeting place axl so basically doing exactly as it does now. Thanks, Carl Ratcliffe

Hi Carl,

 

Just to let you know, we are finishing up some tests and should have a definitive answer by tomorrow the latest. 

 

-Dejan

Hi Carl,

 

I've just received a final update. If you want to point your Directory Integration to a different CUCM server that is holding the same user database and runs AXL service, you should be able to just change the AXL URL on MP and point to this new server. After this change is made and saved, we recommend restarting services on MeetingPlace (SSH to the server with mpxadmin account, changing to 'root', and running 'mpx_sys restart' command). Once the services are restarted and system comes back up, go to User Configuration > Directory Service > Directory Service Configuration and perform a Full Sync (make sure that Profile Number setting under Profile Number Configuration section is set to New users only in order to avoid any profile # change if any of the user profiles in CUCM was updated in the meantime)

 

Please, let me know of any questions you might have.

 

Thank you.

-Dejan

Excellent, thanks very much for your time and effort dejan. It sounds like it should be fairly straight forward was just a bit worried with the wording in the documentation. The new cucm server will have exactly the same ldap search base as the current cucm cluster so nothing will change on that side it literally is only because we need to change the ldap search base on the current clusters to more specific ou's for jabber inter clustering. I will let you know how I get on. Thanks, Carl Ratcliffe

Hi Dejan

I have been on annual leave from work and have been communicating to you via the support community so have not had access to my work emails and only just found out on my return that you were also the engineer Cisco passed my TAC case to so thanks on both counts.

I cannot complete the work for 3 weeks due to change control procedures however i have a few queries if i could ask your expert knowledge :

1 - We already run L0 L1 and L2 backups, when completing this work and in the worst case scenario that we lose all user profiles are these backups the best way to restore or am i better exporting user profile and meeting information that can be re-imported seen as this is the only real data affected by this procedure ?

2- If a user is removed via the sync do the scheduled meetings also get deleted or do they remain and accessible ?

Thanks, Carl Ratcliffe

Hi Carl,

Restore from backups is the best approach if any corruption of data occurs. Export/import of users won't preserve the Unique User ID that the system ties to meetings. With Export/Import, you can preserve the user name and profile #, but the system won't be able to tie the user to already scheduled meetings. So, best approach is with Backup/Restore.

 

If a user is deleted, the meetings will still stay on WebEx site but won't be accessible unless Join before host was allowed during scheduling of meeting, or an Alternate host is configured to allow another user to start the meeting.

 

I hope this helps.

 

-Dejan

 

Hi Dejan

A change is scheduled for this coming Saturday to complete the work.

I just have a query regarding high availability. We have 2 Meeting Place servers operating in Active and Standby. When we make the recommended changes should we do this on the active then standby or is it better to do it on the standby server first then at least we can check AXL is working as it should before we make any changes on the active server as the AXL chnage is not a replicated parameter so needs to be manually configured on both the active and standby.

I can also point my outlook client to the standby server IP instead of the virtual IP to confirm that i can authenticate.

 

Thanks, Carl Ratcliffe

Hi Carl,

 

Making changes to Standby server without making that server an ACTIVE server won't allow you to test anything. Most of the services are stopped on the STANDBY server including Directory Service. 

 

I advise you to follow the standard procedure and implement the changes to ACTIVE server first and then STANDBY. In any way, changes on STANDBY server won't take any effect until that server is made ACTIVE (in case of Primary server failure and manual failover to Secondary server).

 

Kind regards,

-Dejan

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: