cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6016
Views
409
Helpful
62
Replies

Hi Jack,When you say

Hi Jack,

When you say communication is broken, your sync agent is not running? i tried changing ui password in CUCM and IMP 11.0, when sync agent not running and here are the outcome:

I followed the below procedure and not sure if it matches your scenario:

1. Stopped sync agent in IMP

2. Changed ui admin password in CUCM

3. Later i started sync agent service in IMP

4. But i was not able to login to IMP using same ui credentials and it thowed me invalid userid and password error

5. I used the command "utils reset_application_ui_administrator_password" in IM&P CLI and entered the same password of CUCM UI admin that i changed to.

6. Now i was able to login to IMP admin page with same credentials

Apart from GUI login, there are no other imapct due to this as my sync agent started. If this is not your issue, please elaborate more.

Regards

Beginner

HI All,

HI All,

We are having an issue with Cisco Jabber(Version 9.7.0), We are unable to share screenshots in Cisco Jabber chat. we were able to do one month back. but not possible now. any inputs on How to CHeck.

FOr us the CIsco Jabber is cloud based , not on our Permises,

I saw port mentioning , Port 37200 needs to be allowed, Which seems not related to the problem, WHen i did wireshare capture during the screenshot paste. Nothing happens no traffic hitting 37200.

any inputs are welcome

Also Please note , it is global issue, all the users arounf 5000+ are not able to access it.

https://supportforums.cisco.com/discussion/12435986/unable-send-screen-captures-cisco-jabber-windows

Cisco Employee

Thanks for your interest.

Thanks for your interest. This session is for Cisco IM and Presence, as your Cisco jabber is in cloud, so IMP server does not involve here. It is out of this session's scope, please post your query in Jabber Support forum.

Advisor

Hi Team,

Hi Team,

We are facing issue of cal getting dropped after the user answer/picks up on Jabber Client ver 10.6.4 installed  on Windows and IMP/CUCM version 10.5.2

 

these Jabber Clients are working fine when they are on same subnet where call manager/IMP is placed.But face issue when they are on different.

So , we followed the document to open ports on Firewall.but still the status is same.When we make the rule as "ANY " on Firewall, calls get answered.

Is there any way to find in logs of Jabber installed on Windows , which port is required apart from using Wireshark? please advise.

we followed link for Jabber ports

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/10_5/CJAB_BK_D6497E98_00_deployment-installation-guide-ciscojabber/CJAB_BK_D6497E98_00_deployment-installation-guide-ciscojabber_chapter_011.html#CJAB_RF_P391FCAE_00

link on  to check logs:

https://supportforums.cisco.com/document/100531/how-provide-jabber-windows-logs-tac

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/port/10_0_1/CUCM_BK_T537717B_00_tcp-port-usage-guide-100/CUCM_BK_T537717B_00_tcp-port-usage-guide-100_chapter_010.html

regds,

aman

Hi Aman,

Hi Aman,

Analyses required based on what all calls dropped. Jabber to jabber internal calls or all the incoming calls or only external call to jabber. There may be a payload negotiation failing.

The document you have referred is the correct one on the port usuage. Better to have wireshark and CUCM logs analysed.

In all these scenario, CUCM log analyses is much more importanat for further troubleshooting. As this is out of this specific discussion, you may open up a discussion under unified communications.

Regards

Beginner

Dears,

Dears,

In CUP 11.0 do we need a trunk between CUP and CUCM ??  On my windows jabber i get CCMCIP not connected and deskphone not connected.The trunk is configured as a secure trunk with cup and ccm,,,  certificates are installed in the cup-trust & callmanager-trust and also i can see CUCM  in TLS Peer Subjects. Also the trunk security profile is secured with TLS.

The User Device Profile is associated in the end user controlled profile and user is also associated with jabber phone (line).

thanks

Hi Jack,

Hi Jack,

Trunk between CUCM and IMP is used only for the "on the phone" status. That is to exchange the phone status of jabber users.

For the issue of CCMCIP and deskphone, you can check on below points:

  • CCMCIP profile is configured in CUPS pointing to CUCM node
  • CCMCIP service is up and running in CUCM
  • CUCM server configured as CCMCIP is reachable, if FQDN or hostname used then it should be resolvable from the PC

For Deskphone control:

  • Make sure the phone line in CTI enabled
  • The deskphone's DN is associated with end user
  • The end user has required CTI permissions
  • Jabber user has the service profile with CTI server configured
  • CUCM has CTI manager service running

Please post jabber realated queries here

Regards

Beginner

Dear Expert,

Dear Expert,

I want to secure CTI through user using jabber windows, i have read below for the securing but i am little bit confused that do really i have to do that. and when i have to used the application/end user capf profile. also how i will come to know the validity of the LSC.

Securing CTI/JTAPI Connections.


In Cisco IP Telephony, Computer Telephony Integration (CTI) and Java TelephonyApplication Programming Interface (JTAPI) provide a means of communication betweenapplications and clients to CUCM. CUCM enables you to secure the signaling connectionsand media streams between CTIManager and CTI/JTAPI/TAPI applications.

While considering securing CTI/JTAPI applications in your Cisco IP Telephony network,a prerequisite is having the CUCM cluster in mixed mode and that you configured security settings during the Cisco JTAPI/TSP plug-in installation on the client machine/server.The Cisco CUCM CTIManager process and the CTI application verify each other’s identity through a mutually authenticated TLS handshake.

Note:   When a TLS connection occurs, CTIManager and the application exchange Quick Buffer Encoding (CTIQBE) messages via the TLS port, port 2749.


To secure the user/application connection to CTIManager, you must add the applicationuser or end users to the Standard CTI Secure Connection user group. If you want the application and CTIManager to secure the media streams, you must add the application user or end users to the Standard CTI Allow Reception of SRTP Key Material user group as shown in figure attached.9-41

Note You can assign a CTI application to either an application user or an end user.


To enable CTI security on your CUCM Cluster, follow these steps:
Step 1. On the Device > Phone page check Allow Control of Device from CTI for
the phone you want to monitor or control.
Step 2. Associate your end user or application user with the phone.
Step 3. Add the user to the groups CTI Enabled , CTI Secure Connection ,and CTI Allow Reception of SRTP Key Material .

Note Adding the user to the Secure CTI and SRTP Key Material groups means that this JTAPI user will be allowed to connect only on the secure port 2749.

Step 4. Under Users > End / Application User CAPF Profile , select the certificate
operation of Install / Upgrade for the JTAPI user (see Figure 9-42).

Step 5. Restart CUCM and CTIManager services. After restarting these services,
CTIManager should be listening on 2749 for secure JTAPI/QBE connections.

Cisco Employee

Hi Jack,

Hi Jack,

This scenario does not involve IMP server here. Though it is out of this session's scope, can give you few hints that may help,

If you would like to use the secure CTI, a prerequisite is having the CUCM cluster in mixed mode. If your CUCM is in Mixed mode, it will issue the CTL to the client.

The CTL, LSC and Private Key for devices are stored under the following location for jabber client: %appdata%\Cisco\Unified Communications\Jabber\CSF\Security

You can find the validity of the LSC by looking the CAPF certificate on the CUCM certificate management, since CAPF is the root for LSC. The default expiration of LSC is 5 years from the date of issue.

Beginner

Dear Expert,

Dear Expert,

My cluster is in mixed mode,

How we can secure the j4W,jabber on iphone,samsung phones, it is same as we do for the other phones such as device secuirty profile, capf certiifcate, the same has to be done for jabber phones also or apart from these there is another security for jabber.

you are confirming me i dont  need to do the below only for jabber which will be controlled through CTI also the user capf profile is not required.

To enable CTI security on your CUCM Cluster, follow these steps:
Step 1. On the Device > Phone page check Allow Control of Device from CTI for
the phone you want to monitor or control.
Step 2. Associate your end user or application user with the phone.
Step 3. Add the user to the groups CTI Enabled , CTI Secure Connection ,and CTI Allow Reception of SRTP Key Material .

thanks

Cisco Employee

Hi Jack,

Hi Jack,

If you would like to secure the jabber, you can create Security profile with below product type with secure SIP port -5061 with TLS for signaling.

  •    Cisco Dual Mode for Android => Android
  •    Cisco Unified Client Services Framework => Desktop
  •    Cisco Dual Mode for iPhone => iPhone

If you want to use secure CTI, yes, you need to add CTI Secure Connection and CTI Allow Reception of SRTP Key Material by following the steps given in 'Securing Cisco IP Telephony Networks' doc you are referring.

Beginner

Dear Sathish,

Dear Sathish,

After doing the above i see the red crossmark in the J4W right at the corner for deskphone calls and computer calls , and in the CSF phone device i see the capf operations failed invalid credentials , do i need to create a capf user profile also ???

thanks

Cisco Employee

Hi jack,

Hi jack,

Delete all existing logs located in below location and try to login back to the client.

    Win 7 C:\Users\<<username>>\AppData\Local\Cisco\Unified Communications\Jabber\CSF (this will delete IM history as well)

   Win 7 C:\Users\<<username>>\AppData\Roaming\Cisco\Unified Communications\Jabber\CSF

Beginner

Dear,Sathish

Dear,Sathish

The situation is same. in device capf section i see "Upgrade Failed: Invalid Credentials "

thanks

Cisco Employee

Dear Jack,

Dear Jack,

Though this is a jabber and CUCM related issue which is out of current IM&P discussion, however I am trying to help you out on this issue you are facing.

It seems like you have set the auth string on CSF. Could you please set Authentication Mode= By Null String (please see screenshot attached) and delete the jabber cache files and verify?

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards