12-14-2014 07:19 PM - edited 03-18-2019 03:47 AM
In a scenario i have 1 publisher and 4 subscriber and 1 Moh server. It is a distributed architecture( IMAGE ATTACHED FOR REFERENCE) .
1. Pub , 1 Sub and Moh servers are installed at a single location connected to DMZ switch.
2. Similarly Sub 2, 3 and 4 are installed at geographically different locations via DMZ.
* only relevant network elements are shown in fig.
Problem :
1. In RTMT I am getting server down alert message for Subscriber 2, 3 and 4.
Action taken :
1. Ping reachability of Subscriber 2, 3 and 4 from Management terminal is ok.
2. " Utils network connectivity " form PUB is ok.
3. " Utils network ping " from PUB to SUB and vice versa is also ok .
Suspected problematic area :
1. Issue is occurring due to some policy deployed in IPS.
2. Splunk is also not showing any IPS log regarding port blocking w.r.t this issue.( So not able to get the policy applied in ips which is responsible for this issue)
Query.
1. Please suggest RTMT port used for this alert .
2. How to check IPS policy responsible for creating this issue. ( as splunk logs indicates nothing )
12-15-2014 04:21 PM
Rohit - So the only issue is this alarm and the environment is operating normally otherwise? Are you seeing this alert continuously or only at certain times? Can you confirm you dont see SDLLinkOOS message when the server down alarm is generated.
Cisco AMC service is responsible for monitoring - if you are seeing the message continuously that means the firewalls are blocking AMC ports - so open the TCP ports 1090, 1099.
If you see it only during certain times/peak hours it means that during the congestion these packets are being dropped then you may need to adjust your QoS accordingly.
Whats the version of your CUCM?
Terry
Please Rate helpful posts.
12-16-2014 07:19 AM
Hi Terry , thanx for replying.
1. Yes the only issue is this alarm otherwise the environment is operating normally.
2. I am seeing this alert continuously.
3. SDLLinkOOS message is not coming when the server down alarm is generated.
4. I allowed TCP ports 1090, 1099 in IPS from PUB sides but issue was not resolved i also tried ICCS port 8002 (SDL) but still got no luck on this issue.
5. This alert is generated for Subscribers not located at PUB location.
6. I am using CUCM version 8.5.1.17125-1
7. I am not able to monitor my clusters genuinely. Even Spluk logs are not helping out. In addition to that can you suggest any syslog server fruitful for monitoring CUCM clusters.
12-16-2014 05:19 PM
Rohit - It means your SDL communication is working normal. Only the AMC ports are being blocked somewhere. Please recheck your firewalls/IPS configs.
Also review the documents for all the port requirements if not already done yet:
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/port/8_5_1/portlist851.html#wp48015
Regards to monitoring RTMT is the real time monitoring tool apart from that there are lot of other tools like Solarwinds, CA spectrum etc. that you can look to use.
-Terry
Please rate helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide