Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1797
Views
0
Helpful
13
Replies

Cisco TMS provisioning problem

David Anstee
Level 4
Level 4

‎02-09-2012 12:57 AM - edited ‎03-17-2019 10:48 PM

Having an issue with a TMS/VCS installation.

Have followed the provisioning guide and setup provisioning for use with Movi/Jabber.

Using TMS to import users from AD, all appears to work and can see users in the TMS provisioning directory.

However these users do not show in VCS? And logins fail. However if we create a static user from TMS (not AD imported) the user account appears in both TMS and VCS and can login ok from jabber client?

I'm struggling to understand why the imported AD accounts are not replicating to the VCS?

We are using TMS 13.1.2 and VCS x7.0.3

All TMS agent diagnostics run without errors.

Any guidance/assistance is much appreciated

Thanks

Sent from Cisco Technical Support iPhone App

Labels:
0 Helpful
13 Replies 13

Jens Didriksen
Level 9
Level 9

‎02-09-2012 01:42 AM

Might pay to take a look at the Authenticating Devices Deployment Guide:

http://www.cisco.com/en/US/docs/telepresence/infrastructure/vcs/config_guide/Cisco_VCS_Authenticating_Devices_Deployment_Guide_X7-0.pdf

Please rate replies and mark question(s) as "answered" if applicable.
0 Helpful

David Anstee
Level 4
Level 4
In response to Jens Didriksen

‎02-09-2012 01:51 AM

At this stage I wasnt looking at 'Authenticating' with LDAP/AD - purely using it to pull User configuration for provisioning.

0 Helpful

Magnus Ohm
Cisco Employee
Cisco Employee

‎02-09-2012 01:56 AM

Hi David

Did you add the VCS to the domain so that the Movi users are logging in with domain\username? There is a process for setting this up. If not please see below:

On a regular basis you can import users from AD to the provisioning directory, but it will never import the AD password and the VCS will not forward the authentication to the AD unless this is setup.

So try to edit one of the imported AD users and change the password for that user, then try to log in with that user just as a test.

The users will never show up in the directory unless they have logged in at least once to get an assigned contact method / device. So when users start to log in they will start to show up in the directory. If you can log in with the manually created user, replication is working and phonebooks is working if this user shows up in the directory.

Hope this helps!

/Magnus

0 Helpful

Magnus Ohm
Cisco Employee
Cisco Employee

‎02-09-2012 02:00 AM

Another thing can be registration issues, i.e if the imported AD users has a "firstname" and not a lastname and the device uri pattern is i.e {firstname}.{lastname}@domain.com. If this is the case the user won't be able to register to the VCS.

Just as a check if my previous post was not of any help.

/Magnus

0 Helpful

gthaliwal
Level 1
Level 1
In response to Magnus Ohm

‎02-09-2012 02:34 AM

Hi Magnus,

I am working with David on this issue.

Yes that's very helpful!  Once I changed the password of the AD user from within TMS the user was able to login and authenticate!

The user however still does not appear in VCS control under users?  Is that normal?  Also is it possible to have password authentication backed off to AD?  It seems unusual that the the movi user name can be verified by AD but the password cannot.

Many thanks for your assistance on this!

regards

Gurp

0 Helpful

Magnus Ohm
Cisco Employee
Cisco Employee
In response to gthaliwal

‎02-09-2012 03:04 AM

Good!

So are you using findme and for the VCS address (SIP Server address) in the provisioning directory is this a DNS name or ip?

/Magnus

0 Helpful

gthaliwal
Level 1
Level 1
In response to Magnus Ohm

‎02-09-2012 03:17 AM

Hey there,  The VCS server is an IP address and yes, we shall be using find me.

thanks

Gurp

0 Helpful

Magnus Ohm
Cisco Employee
Cisco Employee
In response to gthaliwal

‎02-09-2012 03:19 AM

What happens if you enable findme and change the ip to the FQDN of the VCS? Do the users populate?

/Magnus Ohm

0 Helpful

David Anstee
Level 4
Level 4
In response to Magnus Ohm

‎02-09-2012 05:58 AM

Hi Magnus,

TMS is configured to communicate to the VCS using Hostname. FindMe is already enabled.

However the users do not appear in the FindMe search in VCS? Even users that have succesfully logged in, still do not appear in VCS?

Only entries that were manually created in TMS appear in the VCS FindMe Search, none of the LDAP/AD imported users?

Any ideas

Thanks,

David

0 Helpful

Alok Jaiswal
Cisco Employee
Cisco Employee
In response to Magnus Ohm

‎02-09-2012 03:23 AM

Hi Gurp,

My understanding is that If you are talking about Find me device uri's provisioned through TMS then yes you would be able to see the accounts under users.

Also you can authenticate the MOVI users using the AD password as well. Please refer the document for more details.

http://www.cisco.com/en/US/docs/telepresence/infrastructure/vcs/config_guide/Cisco_VCS_Authenticating_Devices_Deployment_Guide_X7-0.pdf

Thanks

Alok

0 Helpful

Magnus Ohm
Cisco Employee
Cisco Employee

‎02-09-2012 07:49 AM

Hi

I just have to confirm, but you have set a findme uri pattern in the tms provisioning directory right?

/magnus

Sent from Cisco Technical Support iPhone App

0 Helpful

David Anstee
Level 4
Level 4
In response to Magnus Ohm

‎02-09-2012 08:43 AM

Yes in TMS --> Provisioning --> Directory we have configured a Sub-Folder under 'root' and in this Sub Folder are the account imported from AD.

Also we have configured FindMe URI in the format of {username}@domain.com and FindMe Caller ID also the same.Device URI as {username}.{device.model}@domain.com

With the FindMe Templates - are these only applied at 'root' level?

0 Helpful

Magnus Ohm
Cisco Employee
Cisco Employee

‎02-09-2012 07:52 AM

Adding to my last post:

And the findme template is setup in the prov dir?

Sent from Cisco Technical Support iPhone App

0 Helpful
Customers Also Viewed These Support Documents