cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

AMA-CUCM Troubleshooting: Best Practices for Reading Trace Files

5850
Views
409
Helpful
62
Replies
Beginner

Dear Sathish,

Dear Sathish,

I appreciate your help and patients for your replies and being kind.

I am using By existing Certificate (precedence to LSC) as the same i used for all of my phones and in device security profile i use the same.

It is working fine with null string i dont see any cross mark but also i dont see any lock ikon for encryption when i am in call.

thanks

Cisco Employee

Dear jack,

Dear jack,

Thanks you so much for your Interest and appreciation.

The Authentication Mode 'By Existing Certificate (Precedence to MIC)' and 'By Existing Certificate (Precedence to LSC)' is for phone and this is not yet supported for jabber. Already there is bug raised to remove this option for jabber: 'CSCut33555-Hide CAPF Authentication modes LSC and MIC for Jabber end-points'

When user selects these options for jabber,  the cert operation will fail. So, for jabber desktop/mobile, use Null String as per the screenshot attached and then verify.

Beginner

Dear Satish,

Dear Satish,

Now how can we verify the encryption for the calls initiating from jabber phones, i dont see any Lock ikon on the jabber when i m calling another user in the corporate, as it usually seen for the normal deskphone to deskphone.

thanks

Cisco Employee

Dear jack,

Dear jack,

If your CUCM version is 9 and above and jabber v9.7.1 and above and both calling and called device use security profile, then the lock icon has to come for jabber calls. If the icon still does not apper, need to investigate the logs.

Beginner

Dear Sathish,

Dear Sathish,

CUCM 11.0 and jabber 11.0

from jabber for windows  i am calling deskphone.

The deskphones is using device securtity profile with existing LSC and jabber is using the device security profile with authentication null string,

so how things will work?? can you brief me

actually with authentication null string how encryption is happening becz i am not using any certificate to trust so how encrytion will come in action.

thanks

Cisco Employee

Authentication Mode in CAPF

Authentication Mode in CAPF Information section is for CAPF enrollment.

From Phone Security Profile, make sure to have Device Security Mode: Encrypted for CU CSF and it is responsible for secure signaling and SRTP. If you still did not see the lock icon, collect the logs and check that the signalling and RTP is secure or not.

Encrypted-Cisco Unified Communications Manager provides integrity, authentication, and encryption for the phone. A TLS connection that uses AES128/SHA opens for signaling, and SRTP carries the media for all phone calls.

For furthur queries, please post it in CUCM support forum.

Beginner

Dear Satish,

Dear Satish,

which traces i have to collect from presence and cucm and can u send me a snap shot from j4W , or iphone,or samsung a lock ikon appearing during the call with the deskphone user or between j4W to J4W ,, or between J4W to jabber iphone,

I am asking becz i amy missing to visuallize that.

thanks

Beginner

Dear Expert,

Dear Expert,

When you say communication is broken, your sync agent is not running?  yes

when the password was changed the sync agent services were not coming up  the communication btwn CUCM and CUP broke but the password was changed only on cucm not on the IM and i was not able to login in IM administration, so it shld be changed on both cucm and IM ??

I want to know the differnce between both below.

utils reset_application_ui_application_administrator_name

is it this the application username is that when we use to login in the GUI CM Administration

utils reset_application_ui_administrator_password

is it this the application password is that when we use to login in the GUI CM Administration

&

utils reset_ui_administrator_name

is it this is the OS administation username  ??

utils reset_ui_administrator_password

is it this is the OS administation password

Hi Jack,

Hi Jack,

If the sync agent is up, then the password change will get propagated to IMP automatically. As your sync agent is down you can try the command "utils reset_application_ui_administrator_password" in IMP. Change it to the same password as in CUCM and try to start sync agent. Then you would be able to login to IMP admin page. If the issue persisted, then we need sync agant logs to be analysed.

Coming to the second concern of differnce between the commands:

utils reset_application_ui_application_administrator_name  ----> This is applicable from 10.x onwards

utils reset_ui_administrator_name ---> Version prior to 10.x

They both does the same thing, which is changing Admin page login username.

Same with password command also. Just that the commands are put in a different way from 10.x onwards. Let us know for further clarification.

Regards

Beginner

Dear Expert,

Dear Expert,

so here is the action plan for me to change the password.

  1. . Stopped sync agent in IMP
  2. i will change the password of admin by end user>application user>admin change pasword.
  3. i will start sync agent service in IMP but if i start the service presence will attempt to login in the cucm and the admin account will get locked, so i will keep this on step 5 ----please confirm
  4. i will change the admin password of the cup by the command utils reset_application_ui_administrator_password
  5. start the sync agent service

Please confirm the step are correct

Highlighted

Hi Jack,

Hi Jack,

According to your issue, Sync agent is not up and you have already modified the CUCM UI admin password in CUCM, hence you can skip step 1 and 2.

3. Change the password in IMP using the command reset_application_ui_administrator_password

4. Start sync agent

5. Try login to IMP now.

Regards

Advisor

thanks for the same[+5]

thanks for the same[+5]

regds,

aman

Advisor

Hi Nagajothi,

Hi Nagajothi,

thanks for reply[+5]

 

Our  issue got resolved. the problem was this domain name under IM & Presence Administration ----Presence ---Advanced settings .It was showing as IP address of the Presence Server itself.The same was changed after deactivating the services in Presence , changing it back to domain name and re-starting the services.

 

we need to stop the services like SIP Proxy/XCP ervices/Presence Engine/Sync Agent/Client profile Agent since domain option is Disabled .change it and restart them.

 

regds,

aman

Beginner

Hi

Hi

Now in recent 10.X (or from v9) release we need to add IMP ip in the CUCM as like subscriber, inorder to proceed with IMP first node installation.

 Does this count for  maximum 20 server nodes (As per Colloboration SRND) ?

Thanks

Hari

Cisco Employee

Hi Hari,

Hi Hari,

Thanks for your query. From v10.X onwards, we need to add IMP IP in CUCM but the IM and P node is not counted against 20 nodes. The Max 20 nodes is for CUCM cluster only (maximum of eight call processing subscribers and other server nodes within the cluster may be configured as a dedicated database publisher, dedicated TFTP subscriber, or media resource subscriber).

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards