I appreciate your help and patients for your replies and being kind.
I am using By existing Certificate (precedence to LSC) as the same i used for all of my phones and in device security profile i use the same.
It is working fine with null string i dont see any cross mark but also i dont see any lock ikon for encryption when i am in call.
Thanks you so much for your Interest and appreciation.
The Authentication Mode 'By Existing Certificate (Precedence to MIC)' and 'By Existing Certificate (Precedence to LSC)' is for phone and this is not yet supported for jabber. Already there is bug raised to remove this option for jabber: 'CSCut33555-Hide CAPF Authentication modes LSC and MIC for Jabber end-points'
When user selects these options for jabber, the cert operation will fail. So, for jabber desktop/mobile, use Null String as per the screenshot attached and then verify.
Now how can we verify the encryption for the calls initiating from jabber phones, i dont see any Lock ikon on the jabber when i m calling another user in the corporate, as it usually seen for the normal deskphone to deskphone.
If your CUCM version is 9 and above and jabber v9.7.1 and above and both calling and called device use security profile, then the lock icon has to come for jabber calls. If the icon still does not apper, need to investigate the logs.
CUCM 11.0 and jabber 11.0
from jabber for windows i am calling deskphone.
The deskphones is using device securtity profile with existing LSC and jabber is using the device security profile with authentication null string,
so how things will work?? can you brief me
actually with authentication null string how encryption is happening becz i am not using any certificate to trust so how encrytion will come in action.
Authentication Mode in CAPF Information section is for CAPF enrollment.
From Phone Security Profile, make sure to have Device Security Mode: Encrypted for CU CSF and it is responsible for secure signaling and SRTP. If you still did not see the lock icon, collect the logs and check that the signalling and RTP is secure or not.
Encrypted-Cisco Unified Communications Manager provides integrity, authentication, and encryption for the phone. A TLS connection that uses AES128/SHA opens for signaling, and SRTP carries the media for all phone calls.
For furthur queries, please post it in CUCM support forum.
which traces i have to collect from presence and cucm and can u send me a snap shot from j4W , or iphone,or samsung a lock ikon appearing during the call with the deskphone user or between j4W to J4W ,, or between J4W to jabber iphone,
I am asking becz i amy missing to visuallize that.
When you say communication is broken, your sync agent is not running? yes
when the password was changed the sync agent services were not coming up the communication btwn CUCM and CUP broke but the password was changed only on cucm not on the IM and i was not able to login in IM administration, so it shld be changed on both cucm and IM ??
I want to know the differnce between both below.
is it this the application username is that when we use to login in the GUI CM Administration
is it this the application password is that when we use to login in the GUI CM Administration
is it this is the OS administation username ??
is it this is the OS administation password
If the sync agent is up, then the password change will get propagated to IMP automatically. As your sync agent is down you can try the command "utils reset_application_ui_administrator_password" in IMP. Change it to the same password as in CUCM and try to start sync agent. Then you would be able to login to IMP admin page. If the issue persisted, then we need sync agant logs to be analysed.
Coming to the second concern of differnce between the commands:
They both does the same thing, which is changing Admin page login username.
Same with password command also. Just that the commands are put in a different way from 10.x onwards. Let us know for further clarification.
so here is the action plan for me to change the password.
Please confirm the step are correct
According to your issue, Sync agent is not up and you have already modified the CUCM UI admin password in CUCM, hence you can skip step 1 and 2.
3. Change the password in IMP using the command reset_application_ui_administrator_password
4. Start sync agent
5. Try login to IMP now.
thanks for reply[+5]
Our issue got resolved. the problem was this domain name under IM & Presence Administration ----Presence ---Advanced settings .It was showing as IP address of the Presence Server itself.The same was changed after deactivating the services in Presence , changing it back to domain name and re-starting the services.
we need to stop the services like SIP Proxy/XCP ervices/Presence Engine/Sync Agent/Client profile Agent since domain option is Disabled .change it and restart them.
Now in recent 10.X (or from v9) release we need to add IMP ip in the CUCM as like subscriber, inorder to proceed with IMP first node installation.
Does this count for maximum 20 server nodes (As per Colloboration SRND) ?
Thanks for your query. From v10.X onwards, we need to add IMP IP in CUCM but the IM and P node is not counted against 20 nodes. The Max 20 nodes is for CUCM cluster only (maximum of eight call processing subscribers and other server nodes within the cluster may be configured as a dedicated database publisher, dedicated TFTP subscriber, or media resource subscriber).