What is the error message you are getting ?

How about a detailed CUPC troublereport ?

Regards,

Christos

Hi Folks,

Thanks for your responses, the problem is resolved. Presence was not coming up because of wrong DNS lookup in the network.

And for the LDAP search the earlier search context for wrong.

Hi all,

I am experiencing a problem with CUPS and CUPC after changing the LDAP Authentication on CUCM from SAM to UPN. I proceeded with this change in order to support users on sub-domains under our AD Forest.

Please note that everything was working ok for users under the main domain before this change (LDAP Synch, LDAP search, IM, Video and Audio Calls).

The authentication part is ok – users need to add the “@maindomain.com” after their usernames.

The problems:

All previously added contacts appear offline on CUPC. When I try to re-add a contact (that is logged into the CUPC) via LDAP I have two results. The one is the user found from LDAP (like before) and appeared offline and the other something like user@maindomain.com@maindomain.com which is online.

I cannot send IM on the offline users but I can call him.

I can send IM on the online user (user@maindomain.com@maindomain.com) but I cannot call him – no phone associated.

Searching for the users (Contacts) on CUPS the location for user (user@maindomain.com@maindomain.com) is LOCAL while the other is LDAP…

I am really stack and help will be appreciated

Regarts

Hi,

To be honest this behaviour looks normal to me. By changing from sAMAccountName to UserPrincipalName you totally changed the userid mapping in CUCM / CUP. So not the userid for all the AD users is taken from UPN and not from sAMAccountName and from CUP / CUCM perspective those users are different.

It also looks normal the fact that for the user that you see the presence info, there is no phone. If there is no phone configured in LDAP there will be no phone showing up in CUPC LDAP search.

Can you delete the following folders which will delete the CUPC cache ? If you are having issues where the user appears twice this might solve it.

XP :  C:\Documents and Settings\\Local Settings\Application  Data\Cisco\Unified Communications\Client Services  Framework\Communication History

Vista : C:\Users\\AppData\Local\Cisco\Unified Communications\Client Services Framework\Communication History

Win7 : C:\users\\Local Settings\AppData\Local\Cisco\Unified Communications <<---- all the contents

C:\users\\Local Settings\AppData\Roaming\Cisco\Unified Communications <<--- all the contents

Let me know if I didn't understand correctly.

HTH,

Christos

Hi Christos,

I really appreciate your fast response.

I will try to explain you a little bit better what is going wrong..

Using SAM authentication the user logged into CUPC using the below credentials:

   Username: Name-Surname

   Password: *********

   The IM account for this user was Name-Surname@domain.com

The extension derived from LDAP

   His email from LDAP.

   When a user search LDAP to add a contact the result was something like that:

   “CName CSurname” including all information from LDAP (extension, email)

The IM account was CName-CSurname@domain.com

Now using UPN the use logged into CUPC using the below:

Username: Name-Surname@domain.com

Password: *********

The IM account changed to Name-Surname@domain.com@domain.com         

I think that this is normal however the account is not associated with the LDAP account.

If I search LDAP from CUPC to re-add a contact then I got two results (see attachment CUPC1).

One like the information above and another as Name-Surname@domain.com@domain.com but doesn’t include any info from LDAP. This user appears online if the user is logged into the CUPC…

But, no extension associated and no any other info from LDAP.

On CUPS administration if I select to view the watchers for example I get these duplicated users (see attachment cups_watcher):

Name-surname@domain.com as LDAP

Name-surname@domain.com@domain.com as LOCAL

Ok I think I understand what you mean. I did a quick test in my lab and used the UPN for directory sync but the IM status is still user@domain.com without the additional @domain.com part . I didn't have LDAP integration prior to this test.

I also cannot see how in the watchers page you can have a userid with user@domain.com@domain.com as this does not correspond to any user in AD right ?

In the end user page of CUCM and CUP do you see any others appearing as user@domain.com and as user@domain.com@domain.com ?

Regards,

Christos

Ok Christos, thank you for taking time to test it.

I believe that this has to do with LDAP integration....

I logged into my CUP user site.

The contact on the screenshot has duble the domain user@domain.com@domain.com

From CUPC I can exchange IM with this user and also I am able to monitor his status.

But I don't have any information from LDAP - extension, email

Another user that was added from LDAP has only one @domain.com but I cannot monitor his status and I cannot exchange IM. However i have all the information from LDAP (extension, email)

I added a new end user now and the still the same thing.

  The user is logged into CUPC. IM address is user@domain.com@domain.com

Searching on the CUPC i found the new contact from LDAP.

Availability is offline and I cannot exchage IM with him.

I think that this is happening - Users logged into CUPC but using CUPS local database and not LDAP.

I am thinking of building up the server from the begining, but I am not sure if this will solve the problem.

I think a sniffer trace on the PC where CUPC is installed will provide more info. IF you filter the LDAP traffic you will see how you perform searches.

As I said I use UPN to map to a userid but I still chose to use the samaccountname when doing searches with CUPC

Here one of the search filters I see in the sniffer capture

Filter: (|(displayName=christos*)(|(|(givenName=christos*)(sn=christos*))(sAMAccountName=christos*)))

You see that the CUPC is still searching with the sAMAccountName and there is a user found but infortunately this doesn't match the user that is in the cup database

Now if I go to the CUP Admin pages ---> Applications ---> CUPC ---- Settings and change the userid field to map to UPN  and not to sAMAccountName then one of the filters used when I search for users in CUPC is the following

Filter: (|(displayName=christos*)(|(|(givenName=christos*)(sn=christos*))(UserPrincipalName=christos*)))

You see now that the CUPC is search is different.

In the first case I could not get presence information as the mapping was not done but in the second case (when I changed the userid mapping in the above page) I could get the presence info and the IM is correct (username@domain.com@domain.com)

IM address is always derived from userid@domain.com (in this case the userid is user@domain.com)

Can you give this a try ?

Regards,

Christos

S'euxaristo Christo...

  thank you very much.

the problem was the CUPC LDAP Attribute Mapping.

I forgot to change the userid field to userPrincipleName instead of SAM....

and it was very easy...

I believe that i am ok now.

I will check it next week for all users and i will let you know if the problem persists.

se xereto...

  Elias

kanena provlima Elia!

The solution may have been simple but the problem is not that simple

Regards,

Christos

Hi Christos,

I am coming back to you regarding another problem I am getting after change to UPN authentication.

Previously I have our contact center (v. CCX 8.0.2 SU2) integrated with CUPS (v. 8.5). Agents using Cisco Agent Desktop were able to view the status of other non-Agent colleagues and exchange chat with them.

After changed the authentication to UPN the Agents are using the username@domain.com to login. CCX is working ok, but I am getting the following error during login: “An error has occurred communicating with the Cisco Unified Presence Service”.

I used a sniffer to see what is going wrong and this is what I am getting:

Session Initiation Protocol:

Request-Line: REGISTER sip:domain.com@domain.com

Method: REGISTER

Request-URI: sip:domain.com@domain.com

Request-URI User Part: domain.com

Request-URI Host Part: domain.com

Message Header:

Contact:ccxuser@pcIPaddress:5060

TO: <>ccxuser@domain.com@domain.com

SIP to address User Part: ccxuser

SIP to address Host Part: domain.com@domain.com

Note that the ccxuser is the user configured under CCX Desktop Administration for integration with CUPS.

Then I am getting the following:

Session Initiation Protocol

Status-Line: SIP/2.0 400 Bad or Missing From

Status-Code: 400

Do you have anything to suggest me regarding that?

Regards,

Elias

Hi Elias,

Good approach! From the sniffer traces I see you get

SIP/2.0 400 Bad or Missing From

So the Presence server doesn't probably like the 'From' header from the sip packet.

Upon some further investigation I have found the following defects

CSCtn20140

CSCtn50828

The first is duplicate of the latter.

So from the above defects I understand the CAD never checks if the domain is added and it was always append the @domain.com info in the username.

So if you have a user1@domain.com, instead of keeping it as it is, CAD appends @domain.com and therefore the username it sends is

user1@domain.com@domain.com which does not match with the UPN which is user1@domain.com

I believe you are hitting the above defects which are fixed in uccx 8.5(1)SU1

HTH,

Christos