Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1978
Views
15
Helpful
5
Replies

MRA Login streamlining with 7800/8800 IP Phones

zsmithtek
Level 1
Level 1

‎02-03-2021 12:54 PM

I have just finished setting up an MRA cluster C/E servers running 12.5.  I just tested a login from an out-of-the-box 7841 IP phone.  It auto registered and I was able to self provision the phone and make some test calls.  No issues.  Works great.

 

The phone booted up to asking for the activation code / service domain.  So I entered the <domain.com> service domain.  It prompted me for my username and password.  I entered my Active Directory username/password as I have LDAP integration on Call Manager.  No problems.

 

OK - now my question.  Has anyone found a decent way to streamline this and make it easier for the users.  I can see statements like "It's hard to enter my username/password on the keyboard"  or "I have a complicated AD password.  Everytime the phone reboots I have to enter this and it is annoying / time consuming / I lock my account out"

 

What do you all do for the authentication piece on the MRA phones?  I can pre-stage them in the office with the service domain.  But the end user will still have to login with their password when they take the phone home and every time it reboots.  

 

Do we just say "yea - tough.  That's the way it is" ?   Any tricks to enable a much easier for the end-users to login on the phone?  

 

Thanks for the help.

Labels:
0 Helpful
5 Replies 5

TomMar1
Level 3
Level 3

‎02-03-2021 01:25 PM

I would say making it simpler, using a user name of adgj (which is 2345) and password of adgj would be easier but certainly not secure.  I also doubt your AD admins would let that fly and create accounts like.

Unless their home connection stinks the phone should stay registered, mine has been registered for 10 months and I only needed to reconnect three times.

Bottom line they need to suck it up

0 Helpful

Nithin Eluvathingal
VIP
VIP

‎02-03-2021 07:56 PM - edited ‎02-03-2021 07:57 PM

Only alternative manually creating simple username and passwords in CUCM  and not using  AD if the passwords are complex in AD.

 

Otherwise  that's the way we do it.

 

 

 



Response Signature


0 Helpful

Roger Kallberg
VIP
VIP

‎02-03-2021 10:32 PM - edited ‎02-04-2021 01:29 AM

I would recommend you to use the registration code option instead of service domain and user name/password. However this is only available in the very latest versions of CM. The big upside of this, besides the simplified initial login experience, is that the phones will not need to have the password entered again when the user changes their password.

To use this function set this on the phone in CM.
image.png
To onboard a phone select the highlighted option, that will give you the ability to create a activation code.
Snag_7d7109.png
Once created share the code with the end user that should use the device.
Snag_7ef509.png
Please note that the code have a life span of 7 days. Once it's been used the checkbox in Require Activation Code for Onboarding will get unselected.



Response Signature


Nithin Eluvathingal
VIP
VIP
In response to Roger Kallberg

‎02-04-2021 02:00 AM

Device Onboarding Task Flow (MRA Mode)

Complete these tasks to onboard new phones using activation codes, in MRA mode.

Before you begin

The Cisco Device Activation Service must be running in Cisco Unified Serviceability (the service is running by default). To verify that the service is running, go to Activate the Device Activation Service.

Procedure

  Command or Action Purpose
Step 1

Enable Cisco Cloud Onboarding via MRA

Under Cloud Onboarding, generate voucher, enable Activation Code Onboarding and specify the MRA activation domain.
Step 2

MRA Service Domain Configuration (Optional)

Onboard the cluster to the cloud to allow remote MRA device onboarding to a specific MRA Activation Domain.
Step 3

Upload Custom Certificate (Optional)

Optional. If you want to use your own custom certificates, remote MRA endpoints will be able to download them from the cloud and use them to connect to Expressway.
Step 4

Provision phones with activation code requirement. Following are two provisioning sample options:

You must provision the phone in the Unified CM database. Unified CM has a variety of provisioning methods that you can use, including these sample options.
Step 5

Activate Phones

Distribute activation codes to users. Users must enter the code on the phone in order to use the phone.

 

Have a look on below guide.

.https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/admin/12_5_1SU1/systemConfig/cucm_b_system-configuration-guide-1251su1/cucm_b_system-configuration-guide-1251su1_restructured_chapter_0101110.html#task_FCFD7AE55F47903BFBFF83415B6E4CFA

 

 



Response Signature


George Sotiropoulos
Cisco Employee
Cisco Employee

‎02-03-2021 10:42 PM

In such cases (I have faced such issues plenty of times) I configure local users on CUCM with simple username/pass to bypass the complexity of the AD Passwords.

George

Please Rate Posts (by clicking on Star) and/or Mark Solutions as Accepted, when applies
0 Helpful
Customers Also Viewed These Support Documents