Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
841
Views
0
Helpful
1
Replies

Ephemeral/ TCP + CUCM 8.5 AD integration + firewall

habouzyad
Level 1
Level 1

‎07-21-2011 04:45 AM - edited ‎03-16-2019 06:03 AM

Hi ,

I musing CUCM 8.5 , and i want to synchronize with Microsft AD.

I have configured LDAP on CUCM with Success " when i Perform a Full Sync Now "  I have a result " Update Successful".

But the problem , i cant import any user?

the CUCM and The AD are in the different VLANs separtaed by a Firewall. Form the CUCM i can ping the AD.

My question is about the  ports that i must open betwenn CUCM and the AD . i found the information on the folowing document :

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/port/8_5_1/portlist851.html   but, i dont understand the port :

Ephemeral/ TCP   for connection betwenn CUCM 8.5 and the AD ?

Please would someone help?

Thanks in advance

Hicham

Labels:
0 Helpful
1 Reply 1

William Bell
VIP Alumni
VIP Alumni

‎07-23-2011 04:32 PM

Hicham,

Ephemeral ports refers to temporary ports that are opened when establishing a connection. The port used is dynamically chosen and can come from a broad range. The range used depends on the OS (typically). I thought it interesting that the CUCM port reference says that UCM communications to LDAP would use an ephemeral range. I haven't look at 8.5 closely but in previous versions the UCM is the client side of the LDAP communication. With Microsoft AD the server/listening ports would be:

TCP 389 For Domain Controllers (non-secure)

TCP 636 For Domain Controllers (over SSL or TLS if you prefer)

TCP 3268 For Global Catalog servers (non-secure)

TCP 3269 For Global Catalog servers (over SSL)

Depending on the size of your AD environment you may or may not want to prefer GC connections over DC. You have to make that design choice based on your environment.

In regards to where conversation may be failing, you can figure this out easy enough by:

a. Inserting a sniffer in the traffic stream to see what is happening.

b. Capturing a trace on the UCM server directly (via a SSH connection) OR

c. Logging on your FW

HTH.


Regards,

Bill

HTH -Bill (b) http://ucguerrilla.com (t) @ucguerrilla

Please remember to rate helpful responses and identify

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents