Re: CUPC DeskPhone Invalid Credentials - Page 2

tmoore · ‎11-04-2010

I have an end users that when he tries to set his deskphone for audio get the error notifications

Device Error. Invalid credentials [801]

The user is able to login to CCMUser on the CM and CUPS without an issue. We are using LDAP Authentication and have changed the port to use 3268 and restarted CTIManager. The wireshark capture shows

7.1.5.30000-1.Directory login failed - credential has been locked due to no activity

Since we are using LDAP authentication there is no option to unlock credential on the CM and the user is not locked in AD. Any suggestions?

htluo · ‎11-09-2010

Try to use the publisher CTIManager for desk phone control. See if you got the same problem?

Michael

tmoore · ‎11-09-2010

On CUPS, changed the CTI Gateway Profile to move the CM Publisher up as the Primary CTI Gateway Server and moved the CM Subscriber as the backup server. Restarted the Sync Agent. But still same problem, the capture is showing the ip address of the Publisher now but same error.

htluo · ‎11-09-2010

Looks like something's wrong with this particular user in the CM database.

Try to run the following SQL query from the CM command line:

run sql select status from enduser where userid='renaghanmg'

Then run it against a good user:

run sql select status from enduser where userid='mooretm'

Michael

tmoore · ‎11-09-2010

Ran the commands on the CM Publisher. The 'mooretm' AD account is in all uppercase so when I ran it in lower case it did not give a status. I ran another userid that I know works which is in all lower case in AD, all report Status=1.

admin:run sql select status from enduser where userid='renaghanmg'
status
======
1
admin:run sql select status from enduser where userid='mooretm'
status
======
admin:run sql select status from enduser where userid='MOORETM'
status
======
1
admin:run sql select status from enduser where userid='perryv'
status
======
1

htluo · ‎11-09-2010

You may tried to disable LDAP, delete the problem user, then re-enable LDAP.

Or you may open a TAC case and quote the following messages from CTIManager SDI logs:

11/08/2010 14:46:39.603 CTI|userid is renaghanmg|<:STANDALONECLUSTER><:10.86.97.131><:ALL><:FFFF>
11/08/2010 14:46:39.603 CTI|CCMEncryption::DecryptText:enter|<:STANDALONECLUSTER><:10.86.97.131><:ALL><:FFFF>
11/08/2010 14:46:39.603 CTI|CCMEncryption::DecryptText (Exit) (Success))|<:STANDALONECLUSTER><:10.86.97.131><:ALL><:FFFF>
11/08/2010 14:46:39.603 CTI|AuthenticationImpl::login (Auth with password. Calling authenticateUserWithPassword)|<:STANDALONECLUSTER><:10.86.97.131><:ALL><:FFFF>
11/08/2010 14:46:39.603 CTI|authenticationDB::authenticateUserWithPassword():enter|<:STANDALONECLUSTER><:10.86.97.131><:ALL><:FFFF>
11/08/2010 14:46:39.603 CTI|Credential Length is: 32|<:STANDALONECLUSTER><:10.86.97.131><:ALL><:FFFF>
11/08/2010 14:46:39.603 CTI|authenticationConnector::getReadDSN:enter|<:STANDALONECLUSTER><:10.86.97.131><:ALL><:FFFF>
11/08/2010 14:46:39.603 CTI|authenticationConnector  ReadDSN is:DSN=ccm2;uid=dbims|<:STANDALONECLUSTER><:10.86.97.131><:ALL><:FFFF>
11/08/2010 14:46:39.603 CTI|authenticationConnector  WriteDSN is:DSN=ccm;uid=dbims|<:STANDALONECLUSTER><:10.86.97.131><:ALL><:FFFF>
11/08/2010 14:46:39.620 CTI|Setting Fields|<:STANDALONECLUSTER><:10.86.97.131><:ALL><:FFFF>
11/08/2010 14:46:39.620 CTI|userType is: 1|<:STANDALONECLUSTER><:10.86.97.131><:ALL><:FFFF>
11/08/2010 14:46:39.621 CTI|timeOfLockout is: 0|<:STANDALONECLUSTER><:10.86.97.131><:ALL><:FFFF>
11/08/2010 14:46:39.621 CTI|timeHackedLockout is: 0|<:STANDALONECLUSTER><:10.86.97.131><:ALL><:FFFF>
11/08/2010 14:46:39.621 CTI|hackCount is: 0|<:STANDALONECLUSTER><:10.86.97.131><:ALL><:FFFF>
11/08/2010 14:46:39.621 CTI|daysToExpiry is: -216|<:STANDALONECLUSTER><:10.86.97.131><:ALL><:FFFF>
11/08/2010 14:46:39.621 CTI|doesNotExpire is: 0|<:STANDALONECLUSTER><:10.86.97.131><:ALL><:FFFF>
11/08/2010 14:46:39.621 CTI|useExpiryWarning is: 1|<:STANDALONECLUSTER><:10.86.97.131><:ALL><:FFFF>
11/08/2010 14:46:39.621 CTI|isInactive is: 1|<:STANDALONECLUSTER><:10.86.97.131><:ALL><:FFFF>
11/08/2010 14:46:39.621 CTI|userMustChange is: 1|<:STANDALONECLUSTER><:10.86.97.131><:ALL><:FFFF>
11/08/2010 14:46:39.621 CTI|endUserStatus is: 1|<:STANDALONECLUSTER><:10.86.97.131><:ALL><:FFFF>

Michael

tmoore · ‎11-09-2010

Michael - Thanks for your assistance.

I may try and disable LDAP over the weekend and if no success will open a TAC case.

jeffkelso · ‎12-22-2010

I'm having the same problem with CUCILync with one of my users. Did you ever find a solution?

Yorick Petey · ‎02-11-2011

We have more than 800 users running CUPC 8.0.3 here and we got a lot of this 801 error.

Very often it is due to complex password (containing accents or special characters). It is a known bug of the CTIManager of CUCM. CUCM 8.5 seems to fix this issue.

Another possible cause is a corruption of the local cache on the workstation. Deleting all files from user profile fixes the issue of failing call control.

Delete all Cisco folders in ApplicationData, LocalSettings/ApplicationData.

I hope that CUPC 8.5 will solve all these issues.

Yorick

Paul Miller · ‎06-02-2011

Check the users password characters. We had a user with an = sign that caused the deskphone to be grayed out.

Neck

sufle · ‎03-19-2012

Hi,

Did anyone find out what the problem was here?

I'm facing the same issue.

and I don't have any special characters in the password.

And it's not Microsoft AD, it's AD LDS - ADAM integration .

So I don't have global catalogue port. from what I understand it's a bug on CUCM.

Please let me know.

MIgumenov_2 · ‎01-24-2014

Same situation with Jabber and LDS, have you solved an issue?