Jul 10

Mobile Voice Access (MVA) – Setup Start to Finish

Posted on July 10, 2016 by ben

Mobile Voice Access (MVA) essentially allows authorised users to relay or bounce calls off a CUCM Cluster toward the PSTN. Benefits for this is the user’s calling number is masked by his/her office extension/DID phone number. MVA couple with Single Number Reach (SNR), also allows the called party to return the call to the masked office extension/DID phone number, the CUCM Cluster will then route the call to the mobile (SNR Destination).

User Requirements

1. Ensure the source PSTN phone is configured as a Remote Destination in CUCM.
2. The User PIN is known.
3. Mobile Voice Access is enabled for the User.

The workings of MVA

1. A call is placed from a mobile phone to the configured MVA Phone Number (0255551234).
2. This will match a pots dialpeer. This pots dialpeer will be associated to the MVA Service on the Cisco ISR.
3. The MVA service initiates the MVA IVR on CUCM. If the mobile phone number matches a remote destination, the IVR will prompt you a PIN.
4. Once authenticated, the user will have the option to Dial a number. (Generally this is option 1, following by the PSTN number).
5. CUCM now request that the Cisco ISR forward the call to the MVA phone number (extension 1234). Now if the Cisco ISR doesn’t have a dialpeer matching this MVA extension the Call will simply disconnect.
6. If the dialpeer matches the MVA extension, the call is forwarded. In debugs, you will see the called number being the MVA extension, with a diversion header containing the PSTN number the user called via the MVA IVR menu.
7. The Remote Destination Profile must have access to the called PSTN number. This is the DEVICE CSS field. The REROUTING CSS field is used for SNR.
8. When using SIP and the Cisco ISR is a CUBE, ensure the source interface is known to the CUCM Cluster.

Configuring MVA

CUCM side Configuration

Lets go through and set some of the Service Parameters.

Service Parameters -> Cisco CallManager -> Clusterwide Parameters (System – Mobility)

Enable Mobile Voice Access = “True”
Mobile Voice Access Number = “1234″
Matching Caller ID with Remote Destination = “Partial Match”
Number of Digits for Caller ID Partial Match = “7″
System Remote Access Blocked Numbers = “0000, 000″ (OPTIONAL)

Media Resources -> Mobile Voice Access

Mobile Voice Access Directory Number = “1234″
Mobile Voice Access Partition = “AU_PHONE_PT”
Selected Locales = “English United States”

User Management -> End User

Enable Mobility = “Checked”
Enable Mobile Voice Access = “Checked”

Device -> Device Settings -> Remote Destination Profile

Create a new Remote Destination Profile and completed the required fields. Important to note is the Calling Search Space and the User ID Field. The Line number should reflect the same extension as the User’s office extension. (Essentially this is a shared line setup)

Device -> Remote Destination

Create a new Remote Destination and associate to the Line configured on the Remote Destination Profile. Ensure the Destination Number is in the correct format, as you would when you dial the number from an Internal extension. As you can see I have prefixed a ’0′ to cater for my PSTN Access Code.

Cisco IOS Side

Steps are to configure the Application/Service. Then create two dialpeers, one for inbound and the second for outbound.

application
service mva http://10.10.10.1:8080/ccmivr/pages/IVRMainpage.vxml

dial-peer voice 10 pots
description ** MVA IVR **
service mva
direct-inward-dial
incoming called-number 0255551234$

dial-peer voice 100 voip
description ** CUCM MVA **
destination-pattern 1234
session protocol sipv2
session target ipv4:10.10.10.1
voice-class sip bind control source-interface FastEthernet0/0
voice-class sip bind media source-interface FastEthernet0/0
dtmf-relay rtp-nte
voice-class codec 6
no vad

NOTE: Don’t forget to check if the Mobile Voice Access service has been activated under Unified Serviceability. This service is not included in the “Set Default” services button, so you will have to manually click on the service radio button and activate.

Jun 30

Jabber – Cannot Communicate with Server

Posted on June 30, 2016 by ben

Deploying Cisco Jabber (MRA) to a CUCM Cluster can sometimes have its pitfalls especially when the firewall is managed by a third party vendor. Although, the all to common error message “Cannot Communicate with Server” can be frustrating to troubleshoot, the devil lies in the details. This can also be very useful when needing to provide debugs reports to third party firewall vendors to investigate further on your behalf.

1st step is to view the jabber log file, this can sometimes be a long file to extract the key bits of information you’re after.. One idea is just to find the “cannot communicate’ error message. Then reverse engineer the log file.

2nd step is open a wireshark session and attempt a jabber connection. This provides key details about the connection process and is very useful to pass onto the thirdparty firewall vendor. Analysing the packets will give you insights into the login process from the DNS SRV query to attempting connections to CUCM and Presence servers.

In the below example, I had to troubleshoot the “Cannot Communicate with Server” error message. This turned out to be a inbound Firewall Port issue. The vendor did not open TCP 5222 from Public to the Expressway-E device. I had to send the vendore this packet capture for evidence to investigate further into the issue. I’ve also included the error messages in the Jabber log file to complete the picture. TCP Port 5222 is used for XMPP connection to the Presence Server.

Putting the packet capture and the jabber log together, gives you a full picture of where Jabber is exactly failing in the connection process.

Jun 20

Wireshark – Cannot See Outbound Packets.

Posted on June 20, 2016 by ben

I installed Wireshark 2.02 on my Windows 10 laptop, all good. However I was actively troubleshooting a customer issue when I realised I couldn’t see my outbound packets. I could only see inbound packets. Same behaviour for both my ethernet and wireless connection. Found I had to disable the “DNE Light Weight Filter” from the network adapter.. Both my Ethernet and Wireless adapter..

May 25

Calabrio QM / AQM Certificates

Posted on May 25, 2016 by ben

Certificates are apart of every UC Install these days.. Even more so now with the introduction of Finesse and third-party gadgets. I recently had to install a certificate for the Calibrio AQM Server, rather than you dig through their guides.. I’ve listed the commands you’ll need below. Have fun.

1. Create the certificate signing request.

“C:\Program Files\Cisco\WFO_QM\Java\bin\keytool.exe” -keystore “C:\Program Files\Common Files\QM\config\.keystore” -storepass C@labr1o -certreq -alias jetty -file jetty.csr -ext san=dns:tg2aqm10.topgun2.uplinx

2. Install the CA Root or Chain Certificates.

“C:\Program Files\Cisco\WFO_QM\Java\bin\keytool.exe” -keystore “C:\Program Files\Common Files\QM\config\.keystore” -storepass C@labr1o -importcert -trustcacerts -alias TG2PDC -file root-cer.cer

3. Install the signed certificate for the AQM Server.

“C:\Program Files\Cisco\WFO_QM\Java\bin\keytool.exe” -keystore “C:\Program Files\Common Files\QM\config\.keystore” -storepass C@labr1o -importcert -alias jetty -file jetty.cer

UPDATE: To increase or specify the length of the key, use the attribute -keysize when generating a CSR.

May 15

Fax Not Answering on ATA190

Posted on May 15, 2016 by ben

Come across a fax issue with an ATA190 device. The issue was the fax machine wouldn’t answer any calls. I could see the ATA190 would be in a ‘ringing’ state, however the fax machine wouldn’t budge. The calling endpoint would just ring out.

Checking the setting on the ATA190 as per below, the Ring Voltage set to 85 V and Ring Frequency set to 20 Hz.

All that needed to be done in this case was to adjust both the Ring Voltage and Ring Frequency for the Fax Machine to essentially be compatible and pickup the incoming call. Thank you TAC.

On ATA190 web GUI, navigate to Voice -> Regional -> Ring and Call Waiting Tone Spec

Modify the below values, save the configuration, then reboot the ATA190 device.

Ring Voltage : 70V
Ring Frequency : 25 Hz

May 06

Cisco IPSEC VPN Client for Windows 10 – Painful Experience

Posted on May 6, 2016 by ben

As most of you know the Cisco IPSEC VPN Client is not officially supported on Windows 8+. I have Window 10, now that puts me in the not so friendly basket. After googling this, there a raft of blogs and websites advising you to install additional components and modify registry settings.. Not all of which are proven. I finally found a sequence that worked for me.. AND successfully connected to customer sites.

First thing is to get around this virtual adapter filter thing that doesn’t get installed with Windows 10.. The SonicWall VPN Client however does install the ‘DNE Lightweight filter network client’. Beautiful.. Job done.

Link to Sonicwall website for vpn client. http://help.mysonicwall.com/applications/vpnclient/

If the above link is not available and you cannot find it anyway.. Ping me and I’ll email it to you.

Right. Lets install the Cisco IPSEC VPN Client now.. No wait another error.. ‘This software doesn’t support Windows 10′, great. To get around this one.. Extract the install files and manually run the .msi file. Job done.

Now the client is installed and we are away and running.. Try to connect to a customer site and low and behold another error.. ‘Secure VPN Connection terminated locally by the client. Reason 442: Failed to enable Virtual Adapter.’ we are getting closer though right?

Here comes the infamous registry change.. Now I’ll add the general blurb that everyone would say… ‘Backup your registry settings in case you absolutely blunder this change’. Now lets get started.

Open registry and go to HKLM\SYSTEM\CurrentControlSet\Services\CVirtA look for the key ‘Display Name’. We want to modify this key from something like this ‘@oem47.inf,%CVirtA_Desc%;Cisco Systems VPN Adapter for 64-bit Windows‘ to ‘Cisco Systems VPN Adapter for 64-bit Windows‘ (screen shot below of change).

Now open the VPN Client again and try connecting to a customer site.. Whola! Job is now done. Thanks Internet.

May 04

Finesse Call Recording with Cisco Medisense 11

Posted on May 4, 2016 by ben

I’ll be going through the process to configure Call Recording using Cisco Mediasense with the UCCX Finesse Agent. The Mediasense Server itself requires a server license plus Media Port licenses, the port licenses can be either Audio Only or Audio/Video. As it stands the previously mentioned licenses are a ‘right use’ license. Cisco is trusting partners and customers to apply the correct amount of licenses for their installed instances. The Contact Centre though is different story. Additional Call Recording licenses need to be purchased as the Contact Centre product controls the call recording streams. These licenses must be uploaded to the Contact Centre server. We’ll discuss this further below.

Mediasense seems to work as expected and can record calls in a variety of ways (Phone, Gateway, CUBE) which gives flexibility to various customer requirements. The feature set however needs some more work. I found the Authorisation/Security component of Mediasense Call Recording is very basic compared to other products on the market. Hopefully Cisco is looking at RBAC for future releases.

Lets get to the configuration part, we’ll start with CUCM.

Create an End User either directly on CUCM or via Active Directory. Mediasense requires its API Users to be End Users in CUCM and not Application Users. When deploying Mediasense the initial wizard will ask for this Users details.

The End Use in my case ‘mediasense’ is required to have the AXL Role and be a member of the Standard CCM Admin Users group

CUCM communicates with the Mediasense server via a SIP Trunk, even with gateway recording it’s the CUCM Server that will send the INVITES to the Mediasense server.

So go ahead and setup the SIP Trunk configuration. We’ll start with the SIP Profile.

I always find it easier to copy the Standard SIP Profile then make any changes necessary, that way all SIP Profiles are isolated from each other making future changes easier with less impact to other SIP services.

In the Mediasense SIP Profile, I’ve enabled SIP Options. If I was to have more than one Mediasense server, this is where SIP Options would come in useful. CUCM polls each Mediasense server to determine if its down or up, and will only send INVITES to a Mediasense server in an operational state.

The default SIP Trunk Security is good enough for Mediasense. The main field to take not is the Outgoing Transport Type.. This must be TCP. So worth to check this setting. If its been set to UDP, then create a new SIP Trunk Security Profile.

Create a new SIP Trunk with the basic settings. Provide good descriptions and select the SIP Profile and SIP Trunk Security profile as created above. Can use either the IP Address or FQDN for the Destination. Port is SIP standard 5060.

Create a Route Pattern for the Call Recording profile to match. I’ve just selected the Mediasense_Recording SIP Trunk as the destination. You can also use Route Lists and Route Groups. Ive also placed this route pattern in the Global SYSTEM partition. You can create a new partition for Call Recording and place the pattern into this, then just allocate the Call Recording profile the CSS that has access to the specific partition.

Create a Recording Profile selecting the pattern defined above in the Route Pattern step. Also select the appropriate CSS that has access to the partition the call recording pattern is in.

Now we jump across to the Phones. In this blog I’ll be using the Phone Preferred architecture, hence the phones will be forking media to the Mediasense server. For this to happen the phones need to have the ‘Built In Bridge’ enabled. This is also a global setting if wish to blanket all phones.

Repeat the below steps for each phone/line that will have recording enabled in the Contact Centre.

Enable the Built In Bridge. Save and Apply Config.

Go to the Line of the Phone (or for the Device Profile). Navigate to the Line Settings for this Device area and select the Recording Option, Recording Profile and the Recording Media Source. In my case, I’ve enabled recording with Selective Call Recording enabled. The alternate option is automatic call recording. (Always On). In this blog, I want to control the Call Recording via UCCX Workflows.

Optional is to have a beep play to let the call party’s know the conversation is being recorded. Default is set to off.

Also optional is to assign a Call Recording Softkey to the phone or device profile. If pressed during a conversation, the CUCM actions to the call recording and not UCCX/Finesse.

Mediasense Configuration

The install for Mediasense is fairly straight forward. After deploying the correct OVA for your environment size and going through the initial CLI configuration wizard configuring IP Address details, DNS Servers etc Its time to browse to the Web GUI.

Log into the Web GUI using the user credentials configured in the CLI wizard. The first couple of screens are more or less notifications and information about mediasense. Click next through these.

The AXL Service Provider is the End User created during the CUCM configuration phase. The AXL provide IP Address is of course your CUCM Server (ensure you have the AXL Service activated)

The Mediasense will discover all the Call processing Servers in the environment. Funny enough, it also discovers the Presence Servers?

Click next through the summary page and you will end up at the Administration Console of the Mediasense server.

Navigate to the Cisco Finesse Configuration window and enter the UCCX Servers is the appropriate field. Ensure to FQDN for the UCCX Servers.

Navigate to the Mediasense API User Configuration window and search for the End User created in the CUCM phase. In my case its mediasense. Add the End User to the Mediasense API Users. Also, from the screen, add the users in that shall have GUI access to the search and play browser.

UCCX Configuration

Start by uploading the Call Recording Count Licenses for CCX. **NOTE Part Number required is “INCREMENT CRS_REC_PORT”

After uploading the licenses, the License Display Screen should look similar to the below.

Add the Mediasense Recording Server and API User to the CCX Server. This user was added to the Mediasense API User list in the Mediasense configuration phase.

UCCX Script

Now seeing that I’m going a step further with this configuration due to the customer requirements. I’ll add it all in for you to see. In this particular case the customer required to have an ‘opt-out’ menu for call recording. Hence the caller could select IVR Option ’9′ and essentially opt-out of call recording. For this to happen, we need to first create some script variables. I created a variable called ‘Do_Not_Record’ with a value of ‘Do Not Record’ and linked this String to Call Variable 5. I could’ve created an ECC Variable, however, Im working with UCCX 10.6 at the moment.. And there is a current bug preventing ECC Variables from being used in the Finesse Workflow filters.

I have also create a script variable called ‘Record_Call’ with a value of ‘Record Call’ and linked to Call Variable 2.

See below for Call Variable image along with script insertion.

Finesse Administration

We need to now create a workflow and utilise the variables created in the previous step. First step is to create a workflow action. See below for the workflow action created, this follows the standard procedure for invoking Mediasense.

We then need to create a Workflow filter or match condition. I’ve created a filter or match condition for Call Variable 2 (value = Record Call).

Hence the match condition is when the ‘Record Call’ is presented via Call Variable 2. Relating this to the above script, is when a caller does not press IVR option ’9′ to opt-out, the value ‘Record Call’ is inserted into Call Variable 2.

Add the workflow action and click SAVE.

No we can add the Workflow to a Team. Navigate to the Team configuration page and select the appropriate team. Now click the Workflow menu (lower right).

Click the Add button and browse or select the Workflow required.

Also worth mentioning is the MS AgentInfo gadget. This gadget inserts/passes metadata to the Mediasense engine. I’ve given two examples below, the first example is a call recording without the AgentInfo gadget, and the second example being with the MS AgentInfo gadget.

To apply the MS AgentInfo gadget, navigate to the Desktop layout configuration page (either Global or Team based). Add the below lines to the Agent Desktop layout. Agents then need to log out of Finesse then back in.

NOTE: Mediasense Play Back requires Java 1.7+.

Without the MS AgentInfo Gadget deployed in Finesse

With the MS AgentInfo Gadget deployed in Finesse

OPTIONAL: Unhide the Mediasense gadget for the Supervisor to allow the Supervisor to search and play call recordngs from the Finesse Agent window.

Apr 15

UCCX – Agents Stuck in Reserved State

Posted on April 15, 2016 by ben

UCCX Agents being stuck in a Reserved can be quite frustrating to both the customer and the Agent. An Agent is placed into a Reserved state when the UCCX Engine essentially reserves a inbound call to an Agent. Now that the Agent and the Inbound call are a ‘pair’ the system will try and push the call to the Agents phone.

To allow a customer to be pushed to an Agent immediately, the queue announcements, menu’s or timers must have the radio button “Interruptible” set to Yes. If this is set to No, the Customer will be forced to wait for the current announcement, menu prompt or timer to expire before being be connected with an Agent, this includes MoH.

Screen images or where you can find this parameter in the UCCX Script.

Apr 04

Wireless: One Way Audio for Start of Call

Posted on April 4, 2016 by ben

Investigated a strange UC issue involving the 7925G Wireless IP Phones, its always fun to troubleshoot wireless devices In short, the audio stream was not being sent to the 7925G wireless phone for a randomised period of time. Now, this only affected the call when the two device, such as an 8945 IP Phones and the 7925G wireless phone were on the same L2 network, so not traversing a L3 subnet.

All calls to the PSTN and to other L3 separated devices worked 100%. Below if what I captured during the investigation, I used an 8945 IP Phone for testing calls to the 7925G wireless phone.

In the example below, after 210 seconds, the 7925g wireless phone replies to the ARP request from the 8945 IP Phone.

Details:
8945 IP Phone is 10.2.110.121
7925g IP Phone is 10.2.110.171
CUCM IP is 10.2.110.20

Packets captured below

Screen shot of Call being established (SIP Side – 8945 IP Phone spanned to PC)

Screen shot of the ARP request from the 7925g wireless phone. (10.20.110.171). Also the 8945 IP Phone replying to the ARP request.

Screen shot of the ARP Request sent by the 8945 IP Phone. Note there is no Reply received.

Screen shot – After the 7925g receives the ARP reply, the audio stream starts to the 8945 IP Phone.

Screen shot – 210 seconds later, the 7925g replies to the 8945 IP Phone ARP request.

Screen shot – 8945 IP Phone starts to send audio stream to 7925g wireless phone.

The WLC was configured for flexconnect mode. The Flexconnect ARP Caching was not enabled on the WLC. When the flexconnect arp caching was enabled, this killed all audio sessions to and from the 7925g wireless phone.

I then upgrade the WLC and AP firmware to 8.0.121, this being the minumum version for compatibility with flexconnect arp caching feature.

Once upgraded, enabling the flexconnect arp caching feature resolved the issue. Note a reboot of APs was required in this case after the change the change had been made.

Mar 26

Cisco Jabber: Save Chat History to Outlook

Posted on March 26, 2016 by ben

To enable Cisco Jabber Chats to be saved to Outlook, you ‘ll need to modify the jabber-config.xml file. A subfolder called “Cisco jabber Chats” is created under the ‘Inbox’ folder in Outlook.

Note: Just like with emails, users are able to delete the chat folder and any chat conversation located inside. The deleted chat conversation will sit in the Deleted Items, when deleted from the Deleted Items, the chat conversation will site in the Recovered Deleted Items bin until Exchange purges the items.

Jabber for Windows 10.6 supports MS Exchange 2010 and Exchange 2013 and Jabber for Windows 11.0+ supports MS Office 365 as well.

In the example below, CUCM is selected for the authentication service, seeing that most (if not all) Cisco UC Implementation these days are sync’ed with Active Directory.

The Operation Mode “EnabledByPolicy” enables the option in Outlook “Save chat sessions to Cisco Jabber Chats Folder in MS Outlook”, and does not permit users to disable this option. If you wish for the users to enable/disable this feature as required, the Operation Mode must be “EnabledByDefault”.

Most Exchange Environments have autodiscover enabled and configured, hence the Domain Names (Internal/External) are configured for the Exchange Addresses. If autodiscover is not enabled, simply the enter the Internal/External Hostnames for the Exchange CAS Servers.

Jabber-config.xml snippet.
<?xml version=”1.0″ encoding=”utf-8″?>
<config version=”1.0″>
<Options>
<Start_Client_On_Start_OS>true</Start_Client_On_Start_OS>
<SaveChatHistoryToExchangeOperationMode>EnabledByPolicy</SaveChatHistoryToExchangeOperationMode>
<Exchange_UseCredentialsFrom>CUCM</Exchange_UseCredentialsFrom>
<ExchangeAutodiscoverDomain>Internal_Domain_Name</ExchangeAutodiscoverDomain>
<InternalExchangeServer>Internal_Domain_Name</InternalExchangeServer>
<ExternalExchangeServer>External_Domain_Name</ExternalExchangeServer>
</Options>
</config>

Cisco UC

Collaborate Anywhere

Author Archives: ben