08-07-2023 10:22 PM
I try to get the registered phone information from CUCM(ver10.5 and 11.5), copied code from this thread
from zeep import Client
from zeep.cache import SqliteCache
from zeep.transports import Transport
from zeep.plugins import HistoryPlugin
from requests import Session
from requests.auth import HTTPBasicAuth
from lxml import etree
import urllib3
from urllib3 import disable_warnings
from urllib3.exceptions import InsecureRequestWarning
username = 'xxxx'
password = 'xxxx'
wsdl = 'https://x.x.x.x:8443/realtimeservice2/services/RISService70?wsdl'
session = Session()
session.verify = False
session.auth = HTTPBasicAuth(username, password)
transport = Transport(cache=SqliteCache(), session=session, timeout=20)
history = HistoryPlugin()
client = Client(wsdl=wsdl, transport=transport, plugins=[history])
factory = client.type_factory('ns0')
macs = ['*'] #'*' for all
item=[]
for mac in macs:
item.append(factory.SelectItem(Item=mac))
Item = factory.ArrayOfSelectItem(item)
stateInfo = ''
criteria = factory.CmSelectionCriteria(
MaxReturnedDevices = 1000,
DeviceClass='Phone',
Model=255, #255 for all
Status='Registered',
NodeName='',
SelectBy='Name',
SelectItems=Item,
Protocol='Any',
DownloadStatus='Any'
)
result = client.service.selectCmDevice(stateInfo, criteria)
I got below error message
Traceback (most recent call last):
File "C:\Users\user1\Desktop\deviceStatus.py", line 20, in <module>
client = Client(wsdl=wsdl, transport=transport, plugins=[history])
File "C:\Users\user1\AppData\Local\Programs\Python\Python311\Lib\site-packages\zeep\client.py", line 76, in __init__
self.wsdl = Document(wsdl, self.transport, settings=self.settings)
File "C:\Users\user1\AppData\Local\Programs\Python\Python311\Lib\site-packages\zeep\wsdl\wsdl.py", line 92, in __init__
self.load(location)
File "C:\Users\user1\AppData\Local\Programs\Python\Python311\Lib\site-packages\zeep\wsdl\wsdl.py", line 95, in load
document = self._get_xml_document(location)
File "C:\Users\user1\AppData\Local\Programs\Python\Python311\Lib\site-packages\zeep\wsdl\wsdl.py", line 155, in _get_xml_document
return load_external(
File "C:\Users\user1\AppData\Local\Programs\Python\Python311\Lib\site-packages\zeep\loader.py", line 89, in load_external
content = transport.load(url)
File "C:\Users\user1\AppData\Local\Programs\Python\Python311\Lib\site-packages\zeep\transports.py", line 123, in load
content = self._load_remote_data(url)
File "C:\Users\user1\AppData\Local\Programs\Python\Python311\Lib\site-packages\zeep\transports.py", line 135, in _load_remote_data
response = self.session.get(url, timeout=self.load_timeout)
File "C:\Users\user1\AppData\Local\Programs\Python\Python311\Lib\site-packages\requests\sessions.py", line 602, in get
return self.request("GET", url, **kwargs)
File "C:\Users\user1\AppData\Local\Programs\Python\Python311\Lib\site-packages\requests\sessions.py", line 589, in request
resp = self.send(prep, **send_kwargs)
File "C:\Users\user1\AppData\Local\Programs\Python\Python311\Lib\site-packages\requests\sessions.py", line 703, in send
r = adapter.send(request, **kwargs)
File "C:\Users\user1\AppData\Local\Programs\Python\Python311\Lib\site-packages\requests\adapters.py", line 517, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='10.10.10.150', port=8443): Max retries exceeded with url: /realtimeservice2/services/RISService70?wsdl (Caused by SSLError(SSLError(1, '[SSL: SSLV3_ALERT_ILLEGAL_PARAMETER] sslv3 alert illegal parameter (_ssl.c:1002)')))
It looks like the CM does not like the parameters provided by the script, but I could not find any useful information about how to correct it.
Solved! Go to Solution.
08-09-2023 10:52 AM
My next thought would be some kind of HTTPS SSL/TLS connection incompatibility between CUCM and your client. 11.5 is quite old - out of software support and nearing out of all support - and 10.5 is long obsolete. Assuming you're using a fully modern/updated OS/Python, which is going to default to/require modern TLS versions/ciphers, then the older set implemented by these old CUCM versions may not meet your client's requirements. Such an issue can probably be confirmed by obtaining a low-level packet capture of the HTTPS/SSL handshake between your client and the CUCM, and looking at the offered TLS versions/ciphers/etc. offered on either side - this will require some knowledge of SSL handshake sequences.
You may be able to force your client to use an older TLS version in order to connect (e.g. 1.1/1/2). Also, if the CUCM's don't have the latest (available) updates, installing those might help, as security updates usually drive the very last few patches in these software trains. Upgrading to a recent CUCM version (still under software support, e.g. 12.5/14) would likely be the primary recommendation.
08-08-2023 10:31 AM
This is likely due to a quirk of the RISService70.wsdl, where the binding location points to 'localhost' instead of the actual CUCM host:
In general, you will want to cache the WSDL server side and set the location dynamically at run-time, e.g.:
# Create the Zeep service binding to the Perfmon SOAP service at the specified CUCM
service = client.create_service(
'{http://schemas.cisco.com/ast/soap}RisBinding',
f'https://{ os.getenv( "CUCM_ADDRESS" ) }:8443/realtimeservice2/services/RISService70'
)
From a collection of serviceability API examples here: https://github.com/CiscoDevNet/serviceability-python-zeep-samples
08-08-2023 06:08 PM
Hi Dstaudt,
Thank you for your reply, I acutrally tested your code as well, but got the same error.
From my understanding, I can just use your code by change the WSDL file path in python code and add the login credentials and CUCM address as environment variables. I run the code on Windows 10, the WSDL file path is set as this. "WSDL_FILE = "file///c:\users\userid\Desktop\RISService70.wsdl".
The connection to the CUCM is via a jumpbox, at the beginning, I thought it may be related to firewall configuration, but my colleague did connect to it and get the data using SOAP instead of python, I assume that means firewall settings is the root cause.
Is there anything you can think that cause the problem.
08-09-2023 10:52 AM
My next thought would be some kind of HTTPS SSL/TLS connection incompatibility between CUCM and your client. 11.5 is quite old - out of software support and nearing out of all support - and 10.5 is long obsolete. Assuming you're using a fully modern/updated OS/Python, which is going to default to/require modern TLS versions/ciphers, then the older set implemented by these old CUCM versions may not meet your client's requirements. Such an issue can probably be confirmed by obtaining a low-level packet capture of the HTTPS/SSL handshake between your client and the CUCM, and looking at the offered TLS versions/ciphers/etc. offered on either side - this will require some knowledge of SSL handshake sequences.
You may be able to force your client to use an older TLS version in order to connect (e.g. 1.1/1/2). Also, if the CUCM's don't have the latest (available) updates, installing those might help, as security updates usually drive the very last few patches in these software trains. Upgrading to a recent CUCM version (still under software support, e.g. 12.5/14) would likely be the primary recommendation.
08-16-2023 07:27 PM
After test against CUCM12.5 and 14 from Sandbox, the same python code worked without any issue. It should be the compatibility issue between old CUCM and modern python.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide