cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
828
Views
0
Helpful
18
Replies
Highlighted
Beginner

Creating users in Jabber video for telepresence (TMSPE)

Hi,

 

Here's the situation.

Few days ago, I set my provisionned group to NOT import users from the AD.

But it seems that the users are still synchronized with it...  

Even after a password change, people have to use the old pwd to sign-in.  

Furthermore, I cannot create users on the TMS only... Jabber will not connect if the account is not also created, active AND member of a certain group in the AD (as before when import from it was configured) An other thing is, that the password use by Jabber, will be the one configure on my AD account, no matter if my user on the TMS have one...

 

Am I missing somethin' ?

3 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted

I think you are trying to find path on TMS server, instead i asked to check on VCS-C.

 

In any case, make sure you have TMSPE option key on TMS and Device provisioning key on (VCS-C) and then you can integrate it. 

 

How are you able to login to Jabber For Telepresence even lets says with AD without any provisioning available on TMS end ? That's so weird or may be you had it earlier and you did some upgrade or some sort of it and now its not there. But you have that residual data on VCS-C from previous provisioning. 

 

Start of verifying that keys are available, next check TMS PE service, if not enabled already may be you have to install TMSPE. Best go in the windows installed program and check TMSPE shows up there or not. If not install the compatible TMSPE version and enable the services.  Then on the VCS-C in TMS configure the provisioning.

 

Regards,

Alok

View solution in original post

Highlighted

Hi Patrick,
For now, I have my Provisionning Extension option key installed on my TMS, but ain't have the Device Provisionning option key on my VCS, and this is why i'm unable to use my Jabber clients with manually created account I guess ?...

View solution in original post

Highlighted

Hi Louis,

 

Device provisioning key is a zero dollar item, when you order the VCS-C you include that SKU that's all.

 

So just check your licensing and you might be haivng the license already. Add it your VCS-C and then setup the provisioning extension replication on VCS-C under TMS. 

 

Regards,

Alok

View solution in original post

18 REPLIES 18
Highlighted

Even if you set TMSPE to not import from AD, setting the user import type to "None", the users will still be present in TMSPE until you delete the group or sync with an empty AD group etc.


TMSPE doesn't import passwords from AD, it sounds as if you have your VCS configured to authenticate endpoints via AD and not the auto-generated or manually entered passwords TMSPE stores within it's database, check your VCS under Configuration > Authentication > Devices > Active Directory Service.

Highlighted

Hi Patrick,

 

First of all, thanks for the info...again ! :-P

 

Second, I'm a little confused here... I mean, when I look in the AD config. as you suggest, within the VCS-control, I saw, on the top of the page, a little yellow marquee "Not joined to AD domain ..."

Then, further, it's indicate that the connection to AD is 'ON' and the NTLM protocole is set to 'AUTO'

Lower in the page, credentials for the domain admin are blank and the status is of course 'Failed' and 'not joined' ...

 

What should I do ?  will I lost all my connections if I set connection to 'OFF' ?

 

Thnx in advance :-)

 

Highlighted

If you turn it to OFF, what you basically saying is that don't user AD for authentication. You would not loose any contacts, but what that means is all the Jabber users needs to authenticate with the password assigned from the TMS. 

 

Regards,

Alok

Highlighted

still don't works :-(
Highlighted

It sounds as if your VCS isn't configured to authenticate endpoints to AD, but from what you describe in your orginal post, you're logging in with your password configured in AD - is that correct?

What if you set "Connect to Active Directory Service" to Off on your VCS, and you create a manual TMSPE user, does it let you login with the password you manually entered for the user?

Highlighted

Exactly,
When I try to connect a user on Jabber VfT (which is a manually created TMSPE) and setting the "Connect to Active Directory Service" to Off on my VCS-C, it cannot loggon and we still have to use the AD pwd...
Highlighted

Can you verify what is the "Default zone" setting is ? It must be "check credentials", however i believe it should already be set properly but no harm in checking again. 

 

Also can you check if any changes you make on TMSPE is actually getting replicated across VCS-C ? ON the VCS-C go to status-->Applictions-->TMS PE services.

 

And there you can see all the phone book user accounts you create etc. Verify that the new user you created is acutally replicated across. If not then there is some issue with the replication and it can potentially explain the issue that you still have the old provisioning data in the provisioning server (VCS-C) and you are not able to authenticate with password you configured in TMSPE. 

 

Run the TMS PE diagnostic on TMS and check if all the services are showing as green. If not then replication is broken.

 

Regards,

Alok

Highlighted

oh ok !...All this makes sense !... :-D

 

first, on my VCS-c, the 'DefaultZone' authentication policy is set to 'do not check...'


second, did you mean System-->TMSPE services instead of status-->Applictions-->TMS PE services, because I don't have that one.
If so, all I get on that page is a marquee indicate : 'TMS Provisioning Extension services are not available:[...]'

From there, it seems to be like I will have to buy that option key to link the VCS with the TMS and set my defaultZone authentication policy to 'check...' instead, am I correct ?

Highlighted

You need Provisioning Extenstion option keys installed on TMS, and a Device Provisioning option key on the VCS.

Is TMSPE configured on your VCS, or it is that your VCS just can't connect to the server where TMSPE is installed?

Here are the guides that can help you check your TMSPE and VCS configuration, as well as how devices authenticate when using TMSPE.

TMSPE Deployment Guides

VCS Authenticating Devices Deployment Guide (X8.7)

Highlighted

Hi Patrick,
For now, I have my Provisionning Extension option key installed on my TMS, but ain't have the Device Provisionning option key on my VCS, and this is why i'm unable to use my Jabber clients with manually created account I guess ?...

View solution in original post

Highlighted

I think you are trying to find path on TMS server, instead i asked to check on VCS-C.

 

In any case, make sure you have TMSPE option key on TMS and Device provisioning key on (VCS-C) and then you can integrate it. 

 

How are you able to login to Jabber For Telepresence even lets says with AD without any provisioning available on TMS end ? That's so weird or may be you had it earlier and you did some upgrade or some sort of it and now its not there. But you have that residual data on VCS-C from previous provisioning. 

 

Start of verifying that keys are available, next check TMS PE service, if not enabled already may be you have to install TMSPE. Best go in the windows installed program and check TMSPE shows up there or not. If not install the compatible TMSPE version and enable the services.  Then on the VCS-C in TMS configure the provisioning.

 

Regards,

Alok

View solution in original post

Highlighted

Hi Alok,
For now, I have my Provisionning Extension option key installed on my TMS, but ain't have the Device Provisionning option key on my VCS, and this is why i'm unable to use my Jabber clients with manually created account I guess ?...
Highlighted

If you don't have the provisioning option key installed on your VCS, you shouldn't be able to provision any endpoints at all using TMSPE, regardless of creating them manually or via AD import.
Highlighted

Patrick, 

 

what i feel is that he might be having the replication setup earlier, but during upgrade or someone has intentionally deleted the key, while at TAC i used to receive some cases where when people leave the organization they breaks such things before leaving :).

 

Not sure how he ran into this kind of scenario, but i think there is a residual provisioning data in the VCS-C. 

 

-Alok

 

Regards,

Alok

 

 

Content for Community-Ad