We are currently integrating CCM4 and CRS4 with Active Directory.
The CCM integration was straight forward and functions, as one would expect, however we are experiencing problems with CRS.
CRS installs without any errors and accepts the LDAP / Directory information provided. However when trying to create a JTAPI trigger when configuring CRS, we receive an error message: 'can't update the user on the Callmanager server'.
We have followed the documentation and re-installed this several times now, trying something different each time. We've looked at altering permissions of CCMadmin CRASAmin user as well as pointing the CRS to a different user repository, but to no avail. I've also looked in the logs, but can't see an awful lot in these either.
Any help would be greatly appreciated.
That is exactly what I am talking about. Here is the exact process I followed:
1) Reverted publisher back to using DC directory (there is a walkthrough on Cisco's site which basically consists of changing the Directory registry settings).
2) Rebooted publisher
3) Ran directory integration wizard/plug-in (did not select schema update option as the schema has already been extended). At the end of the installation it warns you to set the CCMAdministrator, IPMAUser and SysUser account passwords before you install the plug-in on any subscribers.
4) Set CCMAdministrator, IPMAUser and SysUser account passwords using the password utility.
5) Set DIRACCESS key to true on publisher.
6) Rebooted publisher.
7) Installed plug-in on subscriber. Subscriber actually connects to publisher via remote registry to sync CCMAdministrator, IPMAUser and SysUser accounts/passwords. If the passwords don't exist the install will fail. You can check the existance of the passwords in the registry of the Publisher and changed them there if needed.
8) Set DIRACCESS key to true on subscriber.
9) Rebooted subscriber.
10) Tested the ability to browse and create AD users via CCM.
11) Configured RM JTAPI user in CRS. This took a long time (3-4 min) but it created the user in the containter that we specified for user creation in the integration plug-in. Like I stated before, CRS/CCM is smart enough to know that your directory is AD and tells you that you need to set the password for the user via AD.
Here are the things that I think got me into trouble with this on my inital CCM AD integration:
1) Only installed the plug-in on the publisher (doh!)
2) Ignored the prompt to set the passwords for the CCMAdministrator, IPMAUser and SysUser accounts.
3) Did a lot of browsing and associating users to phones/devices via CCM user administration before I set the DIRACCESS key to true.
What threw me for a loop? The fact that CRS releases previous to 4x you created the user and then told CRS what that user is. Now CRS actually wants (and has to) create the user.
Hope this helps. Have a good weekend and don't worry about your phones!