After an upgrade to Cisco CallManager 4.x, cannot modify users in the Active Directory or update dev...
After an upgrade to Cisco CallManager 4.x, cannot modify users in the Active Directory or update device associations with Cisco CallManager Administration, which results in the "1009: Could not update user" violation constraint error message
This can occur when the GUID is appended to an existing account that does not have the GUID, which means that the user is originally configured with a previous version of Cisco CallManager. For example, when the user profile Directory Number (DN) or the application profile DN does not contain the GUID appended in the end, but the ciscoAtGUID attribute is populated for the user or vice versa.
Consider the user profile and application profile DN to be as shown:
Every time a user is modified, the ciscoAtUserProfile and ciscoAtAppProfile attribute are created again and updated for the user. If the ciscoAtGUID attribute is not present, the new user profile DN is created as shown:
Since these DNs do not exist in the directory, a constraint violation error is thrown, and the user update fails.
This behavior also occurs when an attempt is made to update a device association for a user that is renamed in the Active Directory (AD). For example, the DNs do not contain the GUID attribute, but the ciscoAtGUID attribute is populated.
See if the users that experience the issue are renamed in the AD. If yes, rename the user back to the original user ID. If the same issue still occurs, complete these steps:
Launch ADSIEdit in order to look directly at the attributes in the AD for the user in question.
Navigate to the CN=user1,OU=evt,OU=avvid,DC=irvine,DC=com entry. Right click the object, and choose Properties. Under Select a property to view, select the ciscoatGUID. Take a backup of the value present for the ciscoatGUID attribute for this user. In order to do this, save the ciscoatGUID value in Notepad so that it can be put back, if required.
Remove the value present for the ciscoAtGUID attribute, from these three entries in the AD server:
Try to associate a device to the user1 user from the Cisco CallManager pages.
In order to resolve the second condition, complete these steps:
Launch ADSIEdit in order to directly look at the attributes in the AD for the user in question.
Navigate to the CN=user1,OU=evt,OU=avvid,DC=irvine,DC=com entry. Right click the object, and choose Properties. Under Select a property to view, select the ciscoatGUID.
Clear the current value present for the ciscoAtGUID attribute.
Choose the ciscoatUserProfile attribute for the same user, and clear it as well.
Choose the ciscoatUserProfileString attribute for the same user, and clear it.
(Optional) For housekeeping, delete the orphan profile entries for the user from the Cisco OU, such as OU=profiles, OU=CCN,OU=Cisco,DC=irvine,DC=com.
For example, if olduser1 is renamed to user1, the entries in the Cisco OU that start with user1 or olduser1 can be deleted. The new ones are recreated when the new device association is done. Refer to these examples:
Hi to all!I have 9 phones 7942G in same state while loading starts: first all LEDs are ON, then OFF. Next, the Headset, Microphone mute and Speaker indicators flash once in sequence and Speaker indicator remains ON. And there is no other indications...Two...
Hello there... We planning to run a series of virtual training sessions for groups of ~10 people. Part of the training is the display of videos currently hosted on Vimeo. In testing, having the leader run a video causes the video st...
Hi All, In our environment we have normal and IPPA agents logging in using finesse application. So is there option like report/ table to find out how many agent are in logged in as IPPA. please advise..
Hi,We are receiving report from one of our managers informing all chats are being handled. Can anyone inform on how to troubleshoot this matter? I have attached a screenshot provided by the system, are there specific logs etc that can be revie...