Showing results for 
Search instead for 
Did you mean: 
Community Manager

Ask the Expert: Installing & Configuring Cisco Prime Collaboration 9.0

With Aashish Jolly and Abhijit Singh Anand


Aashish Jolly Abhijit Singh Anand

Welcome to the Cisco Support Community Ask the Expert conversation. Learn from experts Aashish Jolly and Abhijit Singh Anand about  installation best practices for Cisco Prime Collaboration 9.0 covering different deployment models available today. Also configuration best practices that customers and partners should follow in order to get the best out Cisco Prime Collaboration version 9.0 


Aashish Jolly  is a network consulting engineer who is currently serving as the Unified Communications (UC) consultant for the ExxonMobil Global account. Earlier at Cisco, he was part of the Cisco Technical Assistance Center, where he helped customers Cisco partners with installation, configuring, and troubleshooting UC products such as Cisco UC Manager and Manager Express, Cisco Unity solutions, Cisco Unified Border Element, voice gateways and gatekeepers, and more. He has been associated with Cisco UC for more than seven years. He holds a bachelor of technology degree as well as CCIE(Voice) # 18500, CCNP Voice,  CCNA,  VCP 5 and RHCE certifications. 


Abhijit Singh Anand is a network consulting engineer with the Cisco Advanced Services Field Delivery team in New Delhi. His current role involves designing, implementing, and optimizing large-scale collaboration solutions for enterprise and defense customers. He has also been an engineer at Cisco's Technical Assistance Center. Having worked on multiple technologies including wireless and LAN switching, he has been associated with Cisco Unified Computing technologies since 2006. He holds a master’s degree in computer applications and multiple certifications, including CCIE (Voice) #19590, RHCE, CWSP, and CWNP.


This event is a continuation of our Facebook Forum event.


Remember to use the rating system to let Aashish and Abhijit know if you have received an adequate response.  


Aashish and Abhijit might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Collaboration, Voice and Video sub-community   forum shortly after the event. This event lasts through June 28, 2013. Visit this forum often to view responses to your questions and the questions of other community members.

Novriadi .

Hi Experts

I have Prime Collaboration Assurance 9 on customer environment for PoC purposes, that was setup to monitor CUCM and VCS.

CPMA able to discover my CUCM & VCS server,

the state for VCS is managed and able to monitor the endpoint that registered to VCS.

but not for CUCM, for CUCM the state on the device work center is only accessible so maybe CPMA cannot discover the endpoint registered to CUCM.

I have verified the credential profiles for CUCM, and test credential result show passed for all connection type. (SNMP, HTTP, JTAPI).

What causes CPMA cannot discover CUCM endpoint ?

Is there any configuration required for managed CUCM ?



Hi Novriadi,

    The issue you mentioned seems quite wiered. Accessible is a transient state and typically means credentials are not an issue (as you can see in the screenshot), however it is supposed to move to a different state after accessible. Here's the device discovery lifecycle that I refer to

Additionally, I would recommend double checking the CUCM requirements for CPC 9.0 using this document

CUCM needs to be in monitored state before IP Phones or endpoints could be monitored.

Additionally, I would like to know if you've applied the latest patch for CPC 9.0 which fixes a lot of issues, you can download the patch and its read-me from this URL -

Please let us know if it resolves the issue.



Hi Aashish

Thanks for your information and guideline.

I have done an upgrade patch to the Cisco Prime Assurance, but the results remain the same when I did discover the Call Manager, the endpoint registers to the Call Manager can not be found and the status of the Call manager stopped in accessible.

In the device prereq :

- "If DNS is configured on a device, ensure that  Prime Collaboration can resolve the DNS name for that device. Check the  DNS Server configuration to make sure it is correct. This is critical  for Cisco Unified CM, Unified Presence Server, and Unity Connection  devices, since without DNS resolution certain monitoring features do not  work"

Whether the DNS caused Cisco Prime cannot complete the discovery step to managed state ?, because I'm using different DNS for both CUCM and Prime Server.



Hi Novriadi,

     I don't think usage of the same DNS is required as long as the forward & reverse lookups work for the devices (CUCM, CUC etc), you have to login to CPC via root and make use of host or dig commands to perform a lookup to find out if the DNS server you use is able to perform forward & reverse lookups.

    In case the DNS works good, I would recommend you to open a TAC case to drill a little deeper along with debug level logs for discovery as the process of discovery is getting stuck at Accessible step which is a transient step, we should ideally see the process move a little forward.




     I have Cisco Prime Collaboration Assurance 9.0.0-24376 with patch bundle 3, and although I added the LDAP successfully to CPCA server and when I perform test connection it gives me the connection is successful with the LDAP server, then I added the users from user managment using the same user name as per the user account on the LDAP and check the LDAP user check box.

but when the user try to login to the CPCA using his LDAP account an error message appear telling that either the username or password is incorrect.

so any ideas please ?

also another question, when adding a dial plan to CPCA 9.0 there is a certain set of allowed special characters which are (

A pattern may contain only the characters[T, t, G, g, X, x, !, +, #, *, @, 0-9].  For more information, see online help)

so from where we can understand the meaning of these characters so that we can use them in customizing our dial plan as they are different than thoses used in the UCM

Hi Ahmed,

   Regarding the LDAP authentication, could you please make sure you're not using special characters in the password such as + or %, there's a defect around the same, please have a look at CSCug54359 - Prime Collaboration allows passwords that don't work (view defects using bug toolkit; credentials required).

  For the dial plan query, you can refer to the CUSM documentation

Understanding the Default Dial Plan

Adding a Dial Pattern to a Dial Plan




Hi cpc-experts,

I have some questies/problems regarding our new installation of Prime Collaboration Assurance 9.0.0-24376 (with patch 1 and 3) and I hope you could give me a hint...

1. After install and first configurations in evaluation mode, we have uploaded 5000 mass endpoint license and the assurance base license files. After that, all menu options except the Administration>Licensing menu is gone. Logout/Login or restart of the server brings them not back. See screenshot attached.

And there are some problems, before problem 1 occours:

2. At the Device Work Center > Current Inventory, there all Phones at state "managed", but firmware version and serial is not shown of all 89/99xx phones and most of 7962/7911 phones, but at all of 7961 phones. Https web access is enabled at every phone and the phone website is reachable. How can I get these infos? The phone firmwares are CUCM version 9.1.1a default load.

3. The Presence Server 9.1.1a (cups) is still at state inaccessible. The snmp and http credentials for presence are ok at credential policy and matches cucm or unity connection, where it works well.

Thanks a lot in advance.

Many greetings, Chris

Hi Chris,

    For your queries

1. For the license issue, please send me the license files for me to review the format. Secondly, the order in which the licenses were uploaded is incorrect i.e. the Base license goes first and then the add-on, please refer to the following document -

We may need to access CPC A via root and delete license files from /opt/emms/emsam/conf/licenses folder and then try to add in correct order from GUI, however I strongly recommend you open a TAC case and let them perform the deletion via root.

2. When you click on IP Phone or select it, do switch details show up ? If yes, could you try and access the following URL's

http://IP-Add of Phone/DeviceInformationX

http://IP-Add of Phone/PortInformationX?1

Make sure you're able to see the following information - Serial Number, Switch IP, Switch Port etc

For 9971, it is possible that HTTPS is used, so you may want to test the above 2 URL's with HTTPS. Additionally verify ports 80 & 443 are open for HTTP & HTTPS traffic b/w CPC A & IP Phones, please refer to the following document on ports required by CPC

3. Inaccessible state mostly is a result of incorrect credentials, please try and login to CUPS server via the credentials you're using in CPC A to verify the credentials. Here's a handy url for CPC A Discovery Lifecycle



Hi Aashish,

thank you for your reply... here my results regarding you hints:

1. Yes, I had added the lic files in the wrong order. I deleted them at root cli and then I uploaded them in the correct order, but the result was the same. :-( After uploading in the correct order, all menu options gone.

2. The phone website is reachable and device/port information is shown too at https.... the phones are in the same subnet as cpcm is... so it could not be an port/ACL-problem I think.

3. Thats the problem... snmp credentials and cupadmin credentials are ok and the system is reachable because it is in the same subnet.

Thanks and greetings, Chris

Hi Chris,

   1. When you deleted the licenses, did you restart the Tomcat service ? You can do that using root

restart tomcat: /opt/emms/emsam/bin/ and

Please send me the license files you're using, I would like to check its format.

2.  For IP Phone information display, could you please enable debug level  logs for IP Phone Information Facility & IP Phone Information  Facility Server (Administation >> System Setup >> Assurance  Setup >> Log Settings). Force the IP Phone inventory collection by  editing an existing schedule (Administration >> System Setup  >> Assurance Setup >> IP Phone Inventory Collection Settings  & IP Phone XML Inventory Collection Settings). Once reproduced,  login to the root and gather logs from the following location  -/opt/CSCOpx/log/pif* (you'll have to use ssh on port # 26 and ftp the  logs to an ftp server). Along with the logs also mention the MAC  Address/IP Address of an example ip phone, so that I can track it.

3. For CUPS, could you run snmpwalk from CPC A via  root and make sure CUPS is responding to the requests ? Use this command  snmpwalk -v 2c  -c

use the same command against CUCM as it is in  managed state. See if CUPS is responding, if not, you may want to  restart SNMP Master Agent Service on CUPS (Network Services) and see if  you get a response. If it still fails, enable debug level logs for  discovery, inventory module, reproduce the issue and send me the logs.  Along with the logs, please send me the FQDN/IP Address of CUPS.



Hi Aashish,

1. Yes I had deleted the lic files at root and rebooted the whole machine... same behavior if I upload  the lics at right order. Stopping and starting the Tomcat doesn't work too. Same behavior. I sent you the base lic file as private message yesterday. Please take a look.

2. I looked at the pif.log and see following entry for all 89xx/99xx phones:

25-Jun-2013|15:00:36.117|ERROR|IPIUS|Thread-304|CallablePhoneDataPoller||null| Connection refused Error in getPhoneXMLData for: refused

25-Jun-2013|15:00:36.118|ERROR|IPIUS|Thread-304|CallablePhoneDataPoller||null| Connection refused Error in getPhoneXMLData for: refused

Now it is more clear, because we allow only https web access at cucm device configuration for security reasons. Is it possible to say cpcm, that he have to use https instead of http?

3. Strange things with cups... snmpwalk -v 2c -c prime brings:

Timeout: No Response from

But same subnet/vlan of both machines, communitystring, allowed ip of cpcm and readwrite access already configured at cups. SNMP Master Agent already restartet at cups after doing the snmp config. credentials at cpcm are correct. I will send you the logs with private message.

Thank you a lot.


Hi Chris,

     For 1, I would recommended opening a TAC case to troubleshoot the issue further, the license file seems good to me, however you only sent the base license file and not the endpoint license file.



Hi Chris,

   For 1 & 2, we're discussing internally and will get back to you soon.

3. I was able to get a CUPS 9.1.1 in my lab and I ran into the same issue as you, CUPS not responding to SNMP requests even though IP Prefs in OS Admin showed UDP 161 open. So here's what I did

admin:utils firewall ipv4 debug 0h15m

firewall (iptables) debugging will be turned off at Fri Jun 28, 2013 23:15:51

admin:utils firewall ipv4 debug off

firewall (iptables) debugging is now off


Basically, enabled and disabled debugging and now CUPS is working. I'm following up with the BU internally to figure this out, however it works for me now, you may want to give it a shot. Use the following command for SNMPWALK

snmpwalk.exe -v 2c -c .

The above will list all CUPS services and works on CUCM & CUC too.



Recognize Your Peers
Content for Community-Ad