cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
17113
Views
45
Helpful
34
Replies

Corporate Directory on CUCM 8.6

Thiago Gandara
Level 1
Level 1

Hi voice team,

     I am with the following problem: Only the model 7942G does not access the corporate directory the message (host not found), the other models usually access. I realized that only this model tries to access the corporate directory via https://CUCM_IP:8443/ccmcip/authenticate.jsp, others access via http on port 8080. How to fix this?

Thanks.

1 Accepted Solution

Accepted Solutions

Thiago,

This is where the problem is. The TVS

2445

cur1sr07

The TVS entry is a hostname, which is why you're getting the host not found because your phone isn't configured for DNS or cannot resolve that name.  The fix is to change under System > Server, the hostname to an IP address there, save it, then restart th Trust Verification Service (TVS),

Please rate all useful posts

"There is a wideness in God's mercy Like the wideness of the sea.There's a kindness in His justice Which is more than liberty"

Please rate all useful posts

View solution in original post

34 Replies 34

William Bell
VIP Alumni
VIP Alumni

Thiago,

That is definitely interesting. One, that this phone model is going its own way and two that is going the authenticate.jsp application instead the correct corporate direct url (xmldirectory.jsp). My UCM 8.6 lab system is offline at the moment so I can't check locally. However, this is either a config issue or a bug.

First, if you have a 7962G, check that phone. The 7942G and 7962G run the same firmware. If the 7962G is OK, check the device defaults page to ensure you are using the same version of firmware across both platforms.

Next, check to see if your 7942G is configured to use a different provisioning model for services (Internal, External, Both). Compare it to a known good. Check the device level and the phone template assigned. Focus on differences.

Next, I would pull the 7942G's TFTP config file from the TFTP server. You can use any TFTP client that is allowed to communicate to your UCM. Pull the config down and look inside. Compare it to a known working config. The config file is a little bit of a beast but there is a section for phone services (like the directories) and you are basically comparing to see what's different there (if anything).

Finally, I would test a theory and see if you can get the 7942G working by bypassing the Enterprise Subscription. Provision a sample phone for External services provisioning. Then go to that phone and "hardcode" the directories URL to point to the correct application. You can copy from Enterprise Parameters, just make sure that you are using IP address or a hostname that the phone can resolve. See if that causes the phone to go where you want it to. This isn't a solution but a test that will help determine whether you are dealing with a software issue or not.

If you find strong indication of a software defect then Tac is where you should go. Or, if you wait a little while I am sure Mr. Huffman will come in with the bug ID (he is a master at the bug query).

HTH.

Regards,

Bill

http://ucguerrilla.com

HTH -Bill (b) http://ucguerrilla.com (t) @ucguerrilla

Please remember to rate helpful responses and identify

Ayodeji Okanlawon
VIP Alumni
VIP Alumni

Thiago,

Can you do the ff: From a windows machine run the following command

tftp -i 10.1.1.1 get SEP0000DEADBEEF.cnf.xml

change 10.1.1.1 to your cucm ip address, and sep00000..to one of the 7942 phone mac address.

If you are using windows 7 you will need to enable the tftp client feature...You can run this command to enable it if you have admin rights..

dism /online/enable-feature/featurename:TFTP

Please attach the config file.

Please rate all useful posts

"There is a wideness in God's mercy Like the wideness of the sea.There's a kindness in His justice Which is more than liberty"

Please rate all useful posts

Depending what model phones you have in your org, this may or may not be strange.

If it happens that the 7942/62 is the only model modern enough to support ITL then that's likely where the problem is.

It is possible to disable the https access, but not generally a good idea as you are only masking the problem.

Perhaps:

1) Respond with the list of other phone models that you have

2) Verify whether your 7942s trust the TFTP service (best way is to assign the phone a new CCM group, and then verify that it correctly registers to the new primary CUCM - if it does not, then you have a problem)

3) Try restarting the TVS (Trust Verification Service) on the server that the phone is registered to, restart the phone, and try it again.

Regards

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!

Hi, the models that I have here are: 7911, 7937, 7941 and 7921, these models the corporate directory works perfectly. Here in the company, we only have a CUCM, i restarted the TVS and the phone, but doesn´t work.

Thanks.

Hi, I use Win 7 and I have permission, but I could not run these commands.

Rob Huffman
Hall of Fame
Hall of Fame

Hi Thiago,

I'll just add one more note to the great tips from Bill, Deji and Aaron (+5 each guys )

In CUCM 8.x there is a new config setting for Secure Directories that it appears

the 7942 is trying to use. This is where I would start looking;

Overview

Prior to Cisco Unified Communications Manager Release 8.0, Cisco Unified  IP Phones and services did not support HTTPS communication over port  8443.

For Cisco Unified Communications Manager Release, the following features support HTTPS:

Extension Mobility

Extension Mobility Cross Cluster

Manager Assistant

IP Phone Services (See the "Phone Configuration Settings" section.

Personal Directory (CCMPD)

Change Credentials

Phone Configuration Settings

To support HTTPS in Cisco Unified Communications Manager Release 8.0(1),  the Phone Configuration Settings include the secure URL parameters  shown in Table 3-9.

Table 3-9     Phone Configuration Settings for Secure URLs 

Field
Description

Secure Authentication URL

Enter the secure URL that the phone uses to validate requests that are made to the phone web server.

Note If  you do not provide a Secure Authentication URL, the device uses the  nonsecure URL. If you provide both a secure URL and a nonsecure URL, the  device chooses the appropriate URL, based on its capabilities.

By default, this URL accesses a Cisco Unified CM User Options window that was configured during installation.

Leave this field blank to accept the default setting.

Maximum length: 255

Secure Directory URL

Enter the secure URL for the server from which the phone obtains  directory information. This parameter specifies the URL that secured  Cisco Unified IP Phones use when you press the Directory button.

Note If  you do not provide a Secure Directory URL, the device uses the  nonsecure URL. If you provide both a secure URL and a nonsecure URL, the  device chooses the appropriate URL, based on its capabilities.

Leave this field blank to accept the default setting.

Maximum length: 255

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/rel_notes/8_0_1/delta/security.html#wp1105189

Make sure this entry is not set as NULL

Cheers!

Rob

"Show a little faith, there's magic in the night" - Springsteen

Hi, follow the config:

Secure Authentication URL : https://CUCM_IP:8443/ccmcip/authenticate.jsp

Secure Directory URL: https://CUCM_IP:8443/ccmcip/xmldirectory.jsp

This right, or should I delete this information and let the 7942 using http 8080.

Thanks.

Rob Huffman
Hall of Fame
Hall of Fame

Hi Thiago,

I would copy the url into notepad to save a copy and then try deleting

this setting so the 7942 can use the 8080 non-secure setup

Cheers!

Rob

"Show a little faith, there's magic in the night" - Springsteen

OK Rob, I'll do it, I will do outside of working hours because the phone will restart to apply, but thanks for the help.

After I communicate if this action is worked.

Thanks.

Thiago,

Yes it is a good start to delete the secure url, but dont forget to restart tftp service so that the phone can downbload a new url. 

Please rate all useful posts

"There is a wideness in God's mercy Like the wideness of the sea.There's a kindness in His justice Which is more than liberty"

Please rate all useful posts

Ok, thanks a lot, as soon as possible, I will perform these procedures then I notice if it worked.

Thanks.

This thread has me pondering a couple of things. Perhaps I should load 8.6 sooner rather than later but here is my understanding of these various URLs from a 8.5 perspective.

First, if a phone is configured for "Internal" services provisioning then that station would not be using the directory URL (or SURL) configured on the device level or Enterprise parameter level. They would use the Corporate Directory that is configured with Enterprise Subscription.

Second, I have found that you can put a non-secure URL (i.e. http://blah:8080/xmldirectory.jsp) in a Secure URL parameter field and it will still work. The only think that makes it 'secure' is the label field;-) The phone uses the field (as provided in the TFTP config file) as-is. I found this out when deploying a custom Corp Directory application for  customer.

Maybe I am slightly off topic, but I felt inspired by the thread.

-Bill

http://ucguerrilla.com

HTH -Bill (b) http://ucguerrilla.com (t) @ucguerrilla

Please remember to rate helpful responses and identify

Ah, ok Willian, i will do that.

Thanks.

Hi voice team, i made a test, removing the Secure URL config on Enterprise Parameters, i reset the TFTP and the phones, but the model 7942G still can not access the corporate directory.

What i do now?

Thanks.