cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3656
Views
30
Helpful
14
Replies
Beginner

Unity Connection - CUCM PIN synchronization is not enabled due to HttpsURLConnection response code: 401 : Unauthorized

Dear Coleagues,

I would like to setup the PIN synchronization between CUC and CUCM, but when I click to Enable End User Pin Synchronization on the Application Server Configuration page I got this error: 

Pin synchronization is not enabled due to HttpsURLConnection response code: 401 : Unauthorized

I have done the followings:

  • Started the AXL on CUCM
  • Created a new AXL related application user with Standard AXL API Access on CUCM
  • Imported the CUC tomcat certificate into the CUCM cert store as tomcat trust
  • Setup CUC as an Application server on CUCM with AXL application user
  • Setup CUCM under Telephony intergrations - Phone System - AXL Server on CUC (with the AXL application user credentials, SSL enabled and PIN sync)
  • Setup end users with primary extensions
  • Imported the users from CUCM

Is there anything I missed? Do I need to grant more privileges to the AXL application  user?

Thanks,

Laszlo

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Cisco Employee

I show the whole procedure in

I show the whole procedure in the video, I suggest you make sure everything is configured properly.

HTH

java

if this helps, please rate

View solution in original post

Everyone's tags (1)
14 REPLIES 14
Hall of Fame Cisco Employee

I don't see listed that you

I don't see listed that you imported the CUCM cert into CUC

https://youtu.be/p6m4gPv0ikE

FYI, this works for LDAP or AXL users, you don't have to use AXL integration to CUCM for this to work.

HTH

java

if this helps, please rate
Beginner

Hi! Thanks for the hint, but

Hi! Thanks for the hint, but unfortunately it did not solve the problem.

Hall of Fame Cisco Employee

I show the whole procedure in

I show the whole procedure in the video, I suggest you make sure everything is configured properly.

HTH

java

if this helps, please rate

View solution in original post

Everyone's tags (1)
Beginner

I had to create an CUC app

I had to create an CUC app user with admin privileges and then use it during the Application server setup on CUCM.

Thanks for the video,

Laszlo

Beginner

Hi Laszlo...

Hi Laszlo...

Thanks for this....i did work for me as well.....creating the CUC admin user to match the user from Application Server on CUCM.

Cisco Employee

Agreed. 

Agreed. 

In In my case, the AXL test passed on the telephony integration page without having the CUC user created.  But whenever I tried to enable the PIN sync checkbox in UCM, I would get the error:   "Pin synchronization is not enabled due to HttpsURLConnection response code: 401 : Unauthorized.”  Bunch of TAC case hits point to the following:

 For PIN synchronization to work, a user account (doesn't need to have a mailbox) must be configured in Unity with a password. This user account's alias and password must match that of whatever application user is configured on the Unity Connection server under System>Application Server in CUCM. If the alias and or password doesn't match, the following error is thrown in CUCM when enabling PIN synchronization checkbox: "Pin synchronization is not enabled due to HttpsURLConnection response code: 401 : Unauthorized"

So if you create a dedicated AXL application user it must be defined in three places:

UCM Application User:  CUC-AXL-User (AXL Role)

CUC User: CUC-AXL-User (No Mailbox, administrativetemplate)

CUC AXL Telephony Integration Page:  CUC-AXL-User

of course passwords should match in all three places.

Everyone's tags (1)

Re: Agreed.

Works for me !!! Many Thanks!
Beginner

Hello Jaime,

Hello Jaime,

can you list the steps required to download the certificate from CUC?

it's not clear in the video how you've done it...

Hall of Fame Cisco Employee

Go to OS admin, find the

Go to OS admin, find the tomcat certificate, click on it, click on download

HTH

java

if this helps, please rate
Beginner

just to make sure that we are

just to make sure that we are talking about the tomcat and not tomcat-trust certificate right?

Do i download it as .PEM or .DER? or it doesn't matter?

Hall of Fame Cisco Employee

Yes, you need the server

Yes, you need the server certificate.

It shouldn't matter, I usually use .pem

HTH

java

if this helps, please rate
Beginner

i've done this but it's still

i've done this but it's still not working... i deleted the app server and recreated again with no problem resolution. i'm getting the error:

Pin synchronization is not enabled due to Certificate not verified.

i will open a TAC case.

Highlighted
Enthusiast

Re: I show the whole procedure in

Not the real answer, see answer below by R. Clayton Miller Cisco Employee Cisco Employee
‎07-26-2017 09:53 PM because that is indeed the answer. You have to configure the user in 3 places, not two. Create a user and password combination, put in CUCM in one place (Application User) and then in CUC in two places (AXL and a admin user) to configure.

My theory: AXL is a one way thing, so if the user changes their PIN on CUC then AXL would be used by CUC to push the PIN to CUCM. If the user changes the PIN on CUCM then the CUC Administrative user is used to push it by CUCM to CUC. What Cisco needs to do is add a username and password option under the CUCM | System | Application Servers page for the third user field.
Beginner

Hello Lazlo,

Hello Lazlo,

what was the exact problem for that error?

THanks.

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards