Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
12217
Views
15
Helpful
7
Replies

Traces for Call Manager Authentication attempts

Go to solution
neilobrien
Level 1
Level 1

‎10-07-2010 11:55 AM - edited ‎03-16-2019 01:13 AM

Hi Guys,

I have a user who’s Active Directory account is continuously being locked out by our CCM Publisher.  We use LDAP authentication but we’re not quite sure what device or where the authentication attempts are coming from.

What trace would I need to run on Call Manager in order to see the authentication attempts??

Thanks in advance,

Neil

2 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
htluo
Level 9
Level 9

‎10-07-2010 01:13 PM

Since you said "I have a user who’s Active Directory account is continuously being locked out by our CCM Publisher", you must have known the user ID.

There are only two components on CUCM will initiate authentication request against LDAP - Tomcat and CTIManager.

You may get "Tomcat Security Logs" and "CTIManager logs" from CUCM and search for the user ID in problem.  Then cross reference the timestamp with your Active Directory event logs.

Michael

http://htluo.blogspot.com

View solution in original post

7 Replies 7

Go to solution
htluo
Level 9
Level 9

‎10-07-2010 01:13 PM

Since you said "I have a user who’s Active Directory account is continuously being locked out by our CCM Publisher", you must have known the user ID.

There are only two components on CUCM will initiate authentication request against LDAP - Tomcat and CTIManager.

You may get "Tomcat Security Logs" and "CTIManager logs" from CUCM and search for the user ID in problem.  Then cross reference the timestamp with your Active Directory event logs.

Michael

http://htluo.blogspot.com

Go to solution
neilobrien
Level 1
Level 1
In response to htluo

‎10-08-2010 03:31 AM

thanks Michael, that's exactly what I was looking for.

0 Helpful

Go to solution
Stuart Lane
Level 1
Level 1
In response to htluo

‎11-27-2012 07:31 AM

Hello,

I'm having a similar issue to this one and was wondering if you could shed some light on it. I examined the logs mentioned above and can see where the authentication attempt is failing every 10 minutes. However, I dont see anything that indicates what app/service/device the authentication request is originating from. Would you know where I could look for some more information?

Thanks in advance!

Stuart

0 Helpful

Go to solution
JFerello
Level 1
Level 1
In response to Stuart Lane

‎05-30-2019 12:46 PM

Stuart,

Did you ever figure this out?

Thanks,

Justin

Thanks,
Justin Ferello
0 Helpful

Go to solution
Jose Mendez
Level 1
Level 1

‎10-07-2010 01:14 PM

Try these, the bold letters represent the checkboxes when downloading the traces from RTMT, the rest is how to configure the debug filter level:

Cisco Serviceability > Trace > Configuration > Server IP > Directory Services > Cisco DirSync > Detailed

Cisco Serviceability > Trace > Configuration > Server IP > Database and Administration Services > Cisco CallManager User Web Service > Detailed

Collecting traces:

http://supportforums.cisco.com/docs/DOC-11588

Please rate useful posts

Go to solution
htluo
Level 9
Level 9
In response to Jose Mendez

‎10-07-2010 01:21 PM

Unfortunately, neither "DirSync logs" nor "CallManager User Web Service" will show you authentication information. 

Michael

0 Helpful

Go to solution
Jose Mendez
Level 1
Level 1
In response to htluo

‎10-07-2010 01:26 PM

Nice.

0 Helpful
Customers Also Viewed These Support Documents