With Aashish Jolly and Abhijit Singh Anand
Welcome to the Cisco Support Community Ask the Expert conversation. Learn from experts Aashish Jolly and Abhijit Singh Anand about installation best practices for Cisco Prime Collaboration 9.0 covering different deployment models available today. Also configuration best practices that customers and partners should follow in order to get the best out Cisco Prime Collaboration version 9.0
Aashish Jolly is a network consulting engineer who is currently serving as the Unified Communications (UC) consultant for the ExxonMobil Global account. Earlier at Cisco, he was part of the Cisco Technical Assistance Center, where he helped customers Cisco partners with installation, configuring, and troubleshooting UC products such as Cisco UC Manager and Manager Express, Cisco Unity solutions, Cisco Unified Border Element, voice gateways and gatekeepers, and more. He has been associated with Cisco UC for more than seven years. He holds a bachelor of technology degree as well as CCIE(Voice) # 18500, CCNP Voice, CCNA, VCP 5 and RHCE certifications.
Abhijit Singh Anand is a network consulting engineer with the Cisco Advanced Services Field Delivery team in New Delhi. His current role involves designing, implementing, and optimizing large-scale collaboration solutions for enterprise and defense customers. He has also been an engineer at Cisco's Technical Assistance Center. Having worked on multiple technologies including wireless and LAN switching, he has been associated with Cisco Unified Computing technologies since 2006. He holds a master’s degree in computer applications and multiple certifications, including CCIE (Voice) #19590, RHCE, CWSP, and CWNP.
This event is a continuation of our Facebook Forum event.
Remember to use the rating system to let Aashish and Abhijit know if you have received an adequate response.
Aashish and Abhijit might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Collaboration, Voice and Video sub-community forum shortly after the event. This event lasts through June 28, 2013. Visit this forum often to view responses to your questions and the questions of other community members.
I have Prime Collaboration Assurance 9 on customer environment for PoC purposes, that was setup to monitor CUCM and VCS.
CPMA able to discover my CUCM & VCS server,
the state for VCS is managed and able to monitor the endpoint that registered to VCS.
but not for CUCM, for CUCM the state on the device work center is only accessible so maybe CPMA cannot discover the endpoint registered to CUCM.
I have verified the credential profiles for CUCM, and test credential result show passed for all connection type. (SNMP, HTTP, JTAPI).
What causes CPMA cannot discover CUCM endpoint ?
Is there any configuration required for managed CUCM ?
The issue you mentioned seems quite wiered. Accessible is a transient state and typically means credentials are not an issue (as you can see in the screenshot), however it is supposed to move to a different state after accessible. Here's the device discovery lifecycle that I refer to
Additionally, I would recommend double checking the CUCM requirements for CPC 9.0 using this document
CUCM needs to be in monitored state before IP Phones or endpoints could be monitored.
Additionally, I would like to know if you've applied the latest patch for CPC 9.0 which fixes a lot of issues, you can download the patch and its read-me from this URL - http://tools.cisco.com/squish/Ee86b
Please let us know if it resolves the issue.
Thanks for your information and guideline.
I have done an upgrade patch to the Cisco Prime Assurance, but the results remain the same when I did discover the Call Manager, the endpoint registers to the Call Manager can not be found and the status of the Call manager stopped in accessible.
In the device prereq :
- "If DNS is configured on a device, ensure that Prime Collaboration can resolve the DNS name for that device. Check the DNS Server configuration to make sure it is correct. This is critical for Cisco Unified CM, Unified Presence Server, and Unity Connection devices, since without DNS resolution certain monitoring features do not work"
Whether the DNS caused Cisco Prime cannot complete the discovery step to managed state ?, because I'm using different DNS for both CUCM and Prime Server.
I don't think usage of the same DNS is required as long as the forward & reverse lookups work for the devices (CUCM, CUC etc), you have to login to CPC via root and make use of host or dig commands to perform a lookup to find out if the DNS server you use is able to perform forward & reverse lookups.
In case the DNS works good, I would recommend you to open a TAC case to drill a little deeper along with debug level logs for discovery as the process of discovery is getting stuck at Accessible step which is a transient step, we should ideally see the process move a little forward.
also another question, when adding a dial plan to CPCA 9.0 there is a certain set of allowed special characters which are (
A pattern may contain only the characters[T, t, G, g, X, x, !, +, #, *, @, 0-9]. For more information, see online help)
so from where we can understand the meaning of these characters so that we can use them in customizing our dial plan as they are different than thoses used in the UCM
Regarding the LDAP authentication, could you please make sure you're not using special characters in the password such as + or %, there's a defect around the same, please have a look at CSCug54359 - Prime Collaboration allows passwords that don't work (view defects using bug toolkit; cisco.com credentials required).
For the dial plan query, you can refer to the CUSM documentation
Understanding the Default Dial Plan
Adding a Dial Pattern to a Dial Plan
I have some questies/problems regarding our new installation of Prime Collaboration Assurance 9.0.0-24376 (with patch 1 and 3) and I hope you could give me a hint...
1. After install and first configurations in evaluation mode, we have uploaded 5000 mass endpoint license and the assurance base license files. After that, all menu options except the Administration>Licensing menu is gone. Logout/Login or restart of the server brings them not back. See screenshot attached.
And there are some problems, before problem 1 occours:
2. At the Device Work Center > Current Inventory, there all Phones at state "managed", but firmware version and serial is not shown of all 89/99xx phones and most of 7962/7911 phones, but at all of 7961 phones. Https web access is enabled at every phone and the phone website is reachable. How can I get these infos? The phone firmwares are CUCM version 9.1.1a default load.
3. The Presence Server 9.1.1a (cups) is still at state inaccessible. The snmp and http credentials for presence are ok at credential policy and matches cucm or unity connection, where it works well.
Thanks a lot in advance.
Many greetings, Chris
For your queries
1. For the license issue, please send me the license files for me to review the format. Secondly, the order in which the licenses were uploaded is incorrect i.e. the Base license goes first and then the add-on, please refer to the following document - http://www.cisco.com/en/US/docs/net_mgmt/prime/collaboration/9.0/administration/guide/licensemgmt.html#wp1063480
We may need to access CPC A via root and delete license files from /opt/emms/emsam/conf/licenses folder and then try to add in correct order from GUI, however I strongly recommend you open a TAC case and let them perform the deletion via root.
2. When you click on IP Phone or select it, do switch details show up ? If yes, could you try and access the following URL's
http://IP-Add of Phone/DeviceInformationX
http://IP-Add of Phone/PortInformationX?1
Make sure you're able to see the following information - Serial Number, Switch IP, Switch Port etc
For 9971, it is possible that HTTPS is used, so you may want to test the above 2 URL's with HTTPS. Additionally verify ports 80 & 443 are open for HTTP & HTTPS traffic b/w CPC A & IP Phones, please refer to the following document on ports required by CPC
3. Inaccessible state mostly is a result of incorrect credentials, please try and login to CUPS server via the credentials you're using in CPC A to verify the credentials. Here's a handy url for CPC A Discovery Lifecycle
thank you for your reply... here my results regarding you hints:
1. Yes, I had added the lic files in the wrong order. I deleted them at root cli and then I uploaded them in the correct order, but the result was the same. :-( After uploading in the correct order, all menu options gone.
2. The phone website is reachable and device/port information is shown too at https.... the phones are in the same subnet as cpcm is... so it could not be an port/ACL-problem I think.
3. Thats the problem... snmp credentials and cupadmin credentials are ok and the system is reachable because it is in the same subnet.
Thanks and greetings, Chris
1. When you deleted the licenses, did you restart the Tomcat service ? You can do that using root
restart tomcat: /opt/emms/emsam/bin/shutdown_tomcat.sh and start_tomcat.sh
Please send me the license files you're using, I would like to check its format.
2. For IP Phone information display, could you please enable debug level logs for IP Phone Information Facility & IP Phone Information Facility Server (Administation >> System Setup >> Assurance Setup >> Log Settings). Force the IP Phone inventory collection by editing an existing schedule (Administration >> System Setup >> Assurance Setup >> IP Phone Inventory Collection Settings & IP Phone XML Inventory Collection Settings). Once reproduced, login to the root and gather logs from the following location -/opt/CSCOpx/log/pif* (you'll have to use ssh on port # 26 and ftp the logs to an ftp server). Along with the logs also mention the MAC Address/IP Address of an example ip phone, so that I can track it.
3. For CUPS, could you run snmpwalk from CPC A via root and make sure CUPS is responding to the requests ? Use this command snmpwalk -v 2c -c
use the same command against CUCM as it is in managed state. See if CUPS is responding, if not, you may want to restart SNMP Master Agent Service on CUPS (Network Services) and see if you get a response. If it still fails, enable debug level logs for discovery, inventory module, reproduce the issue and send me the logs. Along with the logs, please send me the FQDN/IP Address of CUPS.
1. Yes I had deleted the lic files at root and rebooted the whole machine... same behavior if I upload the lics at right order. Stopping and starting the Tomcat doesn't work too. Same behavior. I sent you the base lic file as private message yesterday. Please take a look.
2. I looked at the pif.log and see following entry for all 89xx/99xx phones:
25-Jun-2013|15:00:36.117|ERROR|IPIUS|Thread-304|CallablePhoneDataPoller||null|java.net.ConnectException: Connection refused Error in getPhoneXMLData for:http://184.108.40.206/PortInformationX?1-Connection refused
25-Jun-2013|15:00:36.118|ERROR|IPIUS|Thread-304|CallablePhoneDataPoller||null|java.net.ConnectException: Connection refused Error in getPhoneXMLData for:http://220.127.116.11/NetworkConfigurationX-Connection refused
Now it is more clear, because we allow only https web access at cucm device configuration for security reasons. Is it possible to say cpcm, that he have to use https instead of http?
3. Strange things with cups... snmpwalk -v 2c -c
Timeout: No Response from cup-1.voip-iwz.fh-koeln.de
But same subnet/vlan of both machines, communitystring, allowed ip of cpcm and readwrite access already configured at cups. SNMP Master Agent already restartet at cups after doing the snmp config. credentials at cpcm are correct. I will send you the logs with private message.
Thank you a lot.
For 1, I would recommended opening a TAC case to troubleshoot the issue further, the license file seems good to me, however you only sent the base license file and not the endpoint license file.
For 1 & 2, we're discussing internally and will get back to you soon.
3. I was able to get a CUPS 9.1.1 in my lab and I ran into the same issue as you, CUPS not responding to SNMP requests even though IP Prefs in OS Admin showed UDP 161 open. So here's what I did
admin:utils firewall ipv4 debug 0h15m
firewall (iptables) debugging will be turned off at Fri Jun 28, 2013 23:15:51
admin:utils firewall ipv4 debug off
firewall (iptables) debugging is now off
Basically, enabled and disabled debugging and now CUPS is working. I'm following up with the BU internally to figure this out, however it works for me now, you may want to give it a shot. Use the following command for SNMPWALK
snmpwalk.exe -v 2c -c
The above will list all CUPS services and works on CUCM & CUC too.