Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1079
Views
4
Helpful
3
Replies

RTMT ISSUE

rohit mishra
Level 1
Level 1

‎12-14-2014 07:19 PM - edited ‎03-18-2019 03:47 AM

In a scenario i have 1 publisher and 4 subscriber and 1 Moh server. It is a distributed architecture( IMAGE ATTACHED FOR REFERENCE) .

1. Pub , 1 Sub and Moh servers are installed at a single location connected to DMZ switch.

2. Similarly Sub 2, 3 and 4 are installed at geographically  different locations via DMZ.

* only relevant network elements are shown in fig. 

 Problem :

1. In RTMT  I am getting server down alert message for Subscriber 2, 3 and 4.

Action taken :

1. Ping reachability of  Subscriber 2, 3 and 4 from Management terminal is ok.

2. " Utils network connectivity " form PUB is ok.

3. " Utils network ping " from PUB to SUB and vice versa  is also ok .

Suspected problematic area :

1. Issue is occurring due to some policy deployed in IPS. 

2. Splunk is also not showing any IPS log regarding port blocking w.r.t this issue.( So not able to get the policy applied in ips which is  responsible for this issue)

Query.

1. Please suggest RTMT port used for this alert .

2. How to check IPS policy  responsible for creating this issue. ( as splunk logs indicates nothing )

 

 

 

Labels:
0 Helpful
3 Replies 3

Terry Cheema
VIP Alumni
VIP Alumni

‎12-15-2014 04:21 PM

Rohit - So the only issue is this alarm and the environment is operating normally otherwise? Are you seeing this alert continuously or only at certain times? Can you confirm you dont see SDLLinkOOS message when the server down alarm is generated.

Cisco AMC service is responsible for monitoring - if you are seeing the message continuously that means the firewalls are blocking AMC ports - so open the TCP ports 1090, 1099.

If you see it only during certain times/peak hours it means that during the congestion these packets are being dropped then you may need to adjust your QoS accordingly.

Whats the version of your CUCM?

Terry
 

Please Rate helpful posts.

0 Helpful

rohit mishra
Level 1
Level 1
In response to Terry Cheema

‎12-16-2014 07:19 AM

Hi Terry , thanx for replying.

 

1. Yes the only issue is this alarm otherwise the environment is operating normally.

2.  I am seeing this alert continuously.

3.  SDLLinkOOS message is not coming when the server down alarm is generated.

4. I allowed TCP ports 1090, 1099 in IPS from PUB sides but issue was not resolved i also tried ICCS port 8002 (SDL) but still got no luck on this issue.

5. This alert is generated for Subscribers not located at PUB location.

6.  I am using CUCM version 8.5.1.17125-1

7. I am not able to monitor my clusters genuinely. Even Spluk logs are not helping out.  In addition to that can you suggest any syslog server fruitful for monitoring CUCM clusters.

0 Helpful

Terry Cheema
VIP Alumni
VIP Alumni
In response to rohit mishra

‎12-16-2014 05:19 PM

Rohit - It means your SDL communication is working normal. Only the AMC ports are being blocked somewhere. Please recheck your firewalls/IPS configs.

 

Also review the documents for all the port requirements if not already done yet:

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/port/8_5_1/portlist851.html#wp48015

Regards to monitoring RTMT is the real time monitoring tool apart from that there are lot of other tools like Solarwinds, CA spectrum etc. that you can look to use.

-Terry

Please rate helpful posts.

Customers Also Viewed These Support Documents