Solved: Cloud Connected UC Proxy Password Update without CLI

bspalmer1 · ‎03-18-2022

We have a strict password change policy and I need to know if there is anyway to change the proxy password other than through the CLI. Cisco TAC told me they hadn't ever heard of a 'service' account with such a policy and didn't have any advice on how to proceed in a more expeditious manner.

The number of servers will make it very cumbersome to make this adjustment on all of them for this product. I have looked through the AXL schema and didn't really see anything related to this at all. Does anybody know a way to speed up the process of running the CLI commands to clear out the proxy then re-add it with a different password?

bspalmer1 · ‎03-22-2022

You can do everything from the CLI. The feature is built into certain product versions which would eliminate the need for the COP file. Thou if you want to avoid some additional downloading/updating of the module then you could deploy a COP file.

After talking with TAC and some ASE/BU people at Cisco it appears they never considered that there might be password expiration policies on an account for the proxy. This means every time the password changes you have to go to every server with that feature and change it via the CLI via clearing the proxy then re-adding it.

The only solution I see at hand is to use something like a script within a SSH client like SecureCRT to basically program the code entry and run it against every server which would remove most of the manual work.

Of note is there was a concept for an on-prem aggregator/collector called CCUC edge. This would allow one connection to the Cloud while all on-premise devices would send data to it. That would be a solution as there is only one place to make the change versus what could be dozens for larger enterprises. This was only a concept in a presentation I saw from 12-13 months ago and I do not know if it got any farther than a mere concept.

View solution in original post

Roger Kallberg · ‎03-18-2022

Don’t you need to create a new CCUC installation file to update this setting and them run the COP file installation on each node to change this?

bspalmer1 · ‎03-22-2022

You can do everything from the CLI. The feature is built into certain product versions which would eliminate the need for the COP file. Thou if you want to avoid some additional downloading/updating of the module then you could deploy a COP file.

After talking with TAC and some ASE/BU people at Cisco it appears they never considered that there might be password expiration policies on an account for the proxy. This means every time the password changes you have to go to every server with that feature and change it via the CLI via clearing the proxy then re-adding it.

The only solution I see at hand is to use something like a script within a SSH client like SecureCRT to basically program the code entry and run it against every server which would remove most of the manual work.

Of note is there was a concept for an on-prem aggregator/collector called CCUC edge. This would allow one connection to the Cloud while all on-premise devices would send data to it. That would be a solution as there is only one place to make the change versus what could be dozens for larger enterprises. This was only a concept in a presentation I saw from 12-13 months ago and I do not know if it got any farther than a mere concept.