12-20-2010 08:36 AM - edited 03-19-2019 02:06 AM
Hi,
I had recently ugraded to CUPS 8 and im facing issue with CUPC IM and LDAP search.
I had CUCM(7.1.5) integrated with CUPS 7.05. LDAP was integraded with CUCM and for user provisioning and authentication.
With CUPS 7 i could successfully use all features such as IM, LDAP directory search etc. I upgraded to CUPS 8.0.4 as per the CUPS 8 deployment guide.
* had the valid software version licence
* enough DLU's in CUCM
* deactivated Presence engine before upgrade
Now after upgrade all services are running,im able to login to cupc 8.0.3 with LDAP user name and pwd, however In CUPC client i could not search contact(Search string specified in ldap profile, this worked with CUPS 7) . I see an LDAP error symbol in server health but no info is available. I tried to add the contact manually with user.id@domain.com and i see a message "waiting for contact to respond". however the other person had not received any request.
Any help would be greatly appreciated.
12-20-2010 10:38 AM
I'd check the following first.
1. LDAP user account does not have an expired password in Active Directory.
2. No connectivity issues between the Presence server and LDAP server(s) (i.e. DNS, routing, etc).
In Presence Admin, go to Diagnostics > System Troubleshooter and review possible issues with LDAP.
12-21-2010 02:23 PM
What is the error message you are getting ?
How about a detailed CUPC troublereport ?
Regards,
Christos
12-21-2010 05:12 PM
Hi Folks,
Thanks for your responses, the problem is resolved. Presence was not coming up because of wrong DNS lookup in the network.
And for the LDAP search the earlier search context for wrong.
06-10-2011 12:06 AM
Hi all,
I am experiencing a problem with CUPS and CUPC after changing the LDAP Authentication on CUCM from SAM to UPN. I proceeded with this change in order to support users on sub-domains under our AD Forest.
Please note that everything was working ok for users under the main domain before this change (LDAP Synch, LDAP search, IM, Video and Audio Calls).
The authentication part is ok – users need to add the “@maindomain.com” after their usernames.
The problems:
All previously added contacts appear offline on CUPC. When I try to re-add a contact (that is logged into the CUPC) via LDAP I have two results. The one is the user found from LDAP (like before) and appeared offline and the other something like user@maindomain.com@maindomain.com which is online.
I cannot send IM on the offline users but I can call him.
I can send IM on the online user (user@maindomain.com@maindomain.com) but I cannot call him – no phone associated.
Searching for the users (Contacts) on CUPS the location for user (user@maindomain.com@maindomain.com) is LOCAL while the other is LDAP…
I am really stack and help will be appreciated
Regarts
06-10-2011 12:27 AM
Hi,
To be honest this behaviour looks normal to me. By changing from sAMAccountName to UserPrincipalName you totally changed the userid mapping in CUCM / CUP. So not the userid for all the AD users is taken from UPN and not from sAMAccountName and from CUP / CUCM perspective those users are different.
It also looks normal the fact that for the user that you see the presence info, there is no phone. If there is no phone configured in LDAP there will be no phone showing up in CUPC LDAP search.
Can you delete the following folders which will delete the CUPC cache ? If you are having issues where the user appears twice this might solve it.
XP : C:\Documents and Settings\
Vista : C:\Users\
Win7 : C:\users\
C:\users\
Let me know if I didn't understand correctly.
HTH,
Christos
06-10-2011 02:01 AM
Hi Christos,
I really appreciate your fast response.
I will try to explain you a little bit better what is going wrong..
Using SAM authentication the user logged into CUPC using the below credentials:
Username: Name-Surname
Password: *********
The IM account for this user was Name-Surname@domain.com
The extension derived from LDAP
His email from LDAP.
When a user search LDAP to add a contact the result was something like that:
“CName CSurname” including all information from LDAP (extension, email)
The IM account was CName-CSurname@domain.com
Now using UPN the use logged into CUPC using the below:
Username: Name-Surname@domain.com
Password: *********
The IM account changed to Name-Surname@domain.com@domain.com
I think that this is normal however the account is not associated with the LDAP account.
If I search LDAP from CUPC to re-add a contact then I got two results (see attachment CUPC1).
One like the information above and another as Name-Surname@domain.com@domain.com but doesn’t include any info from LDAP. This user appears online if the user is logged into the CUPC…
But, no extension associated and no any other info from LDAP.
On CUPS administration if I select to view the watchers for example I get these duplicated users (see attachment cups_watcher):
Name-surname@domain.com as LDAP
Name-surname@domain.com@domain.com as LOCAL
06-10-2011 03:37 AM
Ok I think I understand what you mean. I did a quick test in my lab and used the UPN for directory sync but the IM status is still user@domain.com without the additional @domain.com part . I didn't have LDAP integration prior to this test.
I also cannot see how in the watchers page you can have a userid with user@domain.com@domain.com as this does not correspond to any user in AD right ?
In the end user page of CUCM and CUP do you see any others appearing as user@domain.com and as user@domain.com@domain.com ?
Regards,
Christos
06-10-2011 04:29 AM
Ok Christos, thank you for taking time to test it.
I believe that this has to do with LDAP integration....
I logged into my CUP user site.
The contact on the screenshot has duble the domain user@domain.com@domain.com
From CUPC I can exchange IM with this user and also I am able to monitor his status.
But I don't have any information from LDAP - extension, email
Another user that was added from LDAP has only one @domain.com but I cannot monitor his status and I cannot exchange IM. However i have all the information from LDAP (extension, email)
I added a new end user now and the still the same thing.
The user is logged into CUPC. IM address is user@domain.com@domain.com
Searching on the CUPC i found the new contact from LDAP.
Availability is offline and I cannot exchage IM with him.
I think that this is happening - Users logged into CUPC but using CUPS local database and not LDAP.
I am thinking of building up the server from the begining, but I am not sure if this will solve the problem.
06-10-2011 06:28 AM
I think a sniffer trace on the PC where CUPC is installed will provide more info. IF you filter the LDAP traffic you will see how you perform searches.
As I said I use UPN to map to a userid but I still chose to use the samaccountname when doing searches with CUPC
Here one of the search filters I see in the sniffer capture
Filter: (|(displayName=christos*)(|(|(givenName=christos*)(sn=christos*))(sAMAccountName=christos*)))
You see that the CUPC is still searching with the sAMAccountName and there is a user found but infortunately this doesn't match the user that is in the cup database
Now if I go to the CUP Admin pages ---> Applications ---> CUPC ---- Settings and change the userid field to map to UPN and not to sAMAccountName then one of the filters used when I search for users in CUPC is the following
Filter: (|(displayName=christos*)(|(|(givenName=christos*)(sn=christos*))(UserPrincipalName=christos*)))
You see now that the CUPC is search is different.
In the first case I could not get presence information as the mapping was not done but in the second case (when I changed the userid mapping in the above page) I could get the presence info and the IM is correct (username@domain.com@domain.com)
IM address is always derived from userid@domain.com (in this case the userid is user@domain.com)
Can you give this a try ?
Regards,
Christos
06-10-2011 07:20 AM
S'euxaristo Christo...
thank you very much.
the problem was the CUPC LDAP Attribute Mapping.
I forgot to change the userid field to userPrincipleName instead of SAM....
and it was very easy...
I believe that i am ok now.
I will check it next week for all users and i will let you know if the problem persists.
se xereto...
Elias
06-10-2011 07:40 AM
kanena provlima Elia!
The solution may have been simple but the problem is not that simple
Regards,
Christos
06-16-2011 11:11 PM
Hi Christos,
I am coming back to you regarding another problem I am getting after change to UPN authentication.
Previously I have our contact center (v. CCX 8.0.2 SU2) integrated with CUPS (v. 8.5). Agents using Cisco Agent Desktop were able to view the status of other non-Agent colleagues and exchange chat with them.
After changed the authentication to UPN the Agents are using the username@domain.com to login. CCX is working ok, but I am getting the following error during login: “An error has occurred communicating with the Cisco Unified Presence Service”.
I used a sniffer to see what is going wrong and this is what I am getting:
Session Initiation Protocol:
Request-Line: REGISTER sip:domain.com@domain.com
Method: REGISTER
Request-URI: sip:domain.com@domain.com
Request-URI User Part: domain.com
Request-URI Host Part: domain.com
Message Header:
Contact:ccxuser@pcIPaddress:5060
TO: <>>ccxuser@domain.com@domain.com
SIP to address User Part: ccxuser
SIP to address Host Part: domain.com@domain.com
Note that the ccxuser is the user configured under CCX Desktop Administration for integration with CUPS.
Then I am getting the following:
Session Initiation Protocol
Status-Line: SIP/2.0 400 Bad or Missing From
Status-Code: 400
Do you have anything to suggest me regarding that?
Regards,
Elias
06-17-2011 04:13 PM
Hi Elias,
Good approach! From the sniffer traces I see you get
SIP/2.0 400 Bad or Missing From
So the Presence server doesn't probably like the 'From' header from the sip packet.
Upon some further investigation I have found the following defects
CSCtn20140
CSCtn50828
The first is duplicate of the latter.
So from the above defects I understand the CAD never checks if the domain is added and it was always append the @domain.com info in the username.
So if you have a user1@domain.com, instead of keeping it as it is, CAD appends @domain.com and therefore the username it sends is
user1@domain.com@domain.com which does not match with the UPN which is user1@domain.com
I believe you are hitting the above defects which are fixed in uccx 8.5(1)SU1
HTH,
Christos
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide