Sep 15

CUCM and CUC LDAP Sync Error, null

Posted on September 15, 2016 by ben

Recently tried to connect to a customer’s Active Directory Server to sync users and groups as per normal.. However this occasion I received a Error While connecting to LDAP… , null. I tried entering a different password to see if I was actually getting into the LDAP server, I was received a username/password error. I also tried modifying the port to 3268 as this Domain Controller I was trying to access was also a Global Catalog Server.. However I received the same null error.

I started digging around and what I found two things.. The Domain Controller had been moved to another general OU and was not sitting in the default Domain Controllers OU, where the Domain Controllers GPO could be applied, surely this can’t be right. The GPO being applied to the Domain Controller had a few Security Options manually configured, the one I was interested in was the Domain Controller: LDAP server signing requirements had been configured to “Require Signing”. Why this had been manually configured , I have no idea.

I had the Domain Controller object returned back into the Domain Controllers OU.. The Default Domain Controller’s GPO had the above setting defined as NONE. This was the default setting.

After forcing the update GPUPDATE /FORCE then logging off and back on.. Wholla! .. I could now sync my CUCM and CUC servers to the Active Directory OU Structure.

Also check the local security policy (gpedit.msc) on the Domain Controller to confirm the above setting was being applied and as it was greyed out, this meant the governing GPO had been pushed down.

Jul 24

Uplinx Group Deploys Cisco UC for Six NSW Councils

Posted on July 24, 2016 by ben

Read Full CRN Article

Jul 20

Cisco’s Conference Now

Posted on July 20, 2016 by ben

Conference Now is new to Cisco Collaboration starting from release 11. The old Meet Me conference in CUCM (still exists by the way in version 11) didn’t meet the audio conferencing needs for many organisations, especially around security and having that conference menu and feel. Hacks had to be put in place, which typically involved UCCX scripting.

The Conference Now feature strongly competes with many of the audio conferencing bridges in the marketplace and best all of all, this feature is standard with CUCM, so no additional licensing is required. The Conference Now feature includes a standard single Meeting Phone Number while allowing multiple Meetings to be hosted simultaneously without the risk of barging into a uninvited meeting room. The Host can choose their own Attendee Access Code aswell, giving control to the user and not relying on IT Administrators to make these simple changes. The Conference Now feature allows includes a lobby room, where attendees can listen to selected music while they wait for the Host to join the meeting. This is a great enhancement for Cisco UC platform.

Configuring Conference Now

Conference Now uses the IVR media resources in CUCM. As we know Media Resources are enabled by activating the Cisco IP Voice Media Streaming App. Usually, you will enable this service as one of the first tasks you undertake when configuring a new CUCM build.

Additional Info. Can disable/enable the IVR media resource by navigating to the Service Parameters -> Cisco IP Voice Media Streaming App configuration window. Simply change the “Run Flag” setting.

So now, we should be seeing the IVR media resources successfully registered.

Next is to configure the Conference Now Meeting Number. This is found under Call Routing -> Conference Now. Assign a DN and Partition. Also allows for two parameters to be modified being Music on Hold and Maximum Wait Time (default 15mins).

Allowing access to host conferences is configured via the End User page. The Meeting Number is populated by the Self-Service User ID. Then check the “Enable End User to Host Conference Now” checkbox and allocate a Attendees Access Code. (The user can change this later).

I’ve also captured the PIN field for the end user, the PIN field is used by the Host to unlock the Meeting Room. I strongly recommend the PIN and Access Code by at least 8 digits in length.

The end user can now call into the Meeting Room phone number and follow the prompts to start a Conference. Attendees will be able to dial in anytime and join a meeting room, providing they know the Meeting Room ID and Access Code. If the Host has not joined the meeting within 15 minutes (default) the attendees will be disconnected from the lobby area.

Self Administering the Conference Settings.

Users can change the Meeting Room Access Code at anytime, using the Self Care Portal. URL is https://cucm_ip_address_or_hostname/ucmuser

Navigate to General Settings, then scroll to the bottom of the page where you will find the Conference Now Settings.

Modifying Announcements

For those Administrators who feel the need to tinker with the default Conference Now announcements, all the announcements are located under the Media Resources -> Announcements Menu. Click on the required announcement and either upload a new wav file or select as existing audio file to use.

Jul 10

Mobile Voice Access (MVA) – Setup Start to Finish

Posted on July 10, 2016 by ben

Mobile Voice Access (MVA) essentially allows authorised users to relay or bounce calls off a CUCM Cluster toward the PSTN. Benefits for this is the user’s calling number is masked by his/her office extension/DID phone number. MVA couple with Single Number Reach (SNR), also allows the called party to return the call to the masked office extension/DID phone number, the CUCM Cluster will then route the call to the mobile (SNR Destination).

User Requirements

1. Ensure the source PSTN phone is configured as a Remote Destination in CUCM.
2. The User PIN is known.
3. Mobile Voice Access is enabled for the User.

The workings of MVA

1. A call is placed from a mobile phone to the configured MVA Phone Number (0255551234).
2. This will match a pots dialpeer. This pots dialpeer will be associated to the MVA Service on the Cisco ISR.
3. The MVA service initiates the MVA IVR on CUCM. If the mobile phone number matches a remote destination, the IVR will prompt you a PIN.
4. Once authenticated, the user will have the option to Dial a number. (Generally this is option 1, following by the PSTN number).
5. CUCM now request that the Cisco ISR forward the call to the MVA phone number (extension 1234). Now if the Cisco ISR doesn’t have a dialpeer matching this MVA extension the Call will simply disconnect.
6. If the dialpeer matches the MVA extension, the call is forwarded. In debugs, you will see the called number being the MVA extension, with a diversion header containing the PSTN number the user called via the MVA IVR menu.
7. The Remote Destination Profile must have access to the called PSTN number. This is the DEVICE CSS field. The REROUTING CSS field is used for SNR.
8. When using SIP and the Cisco ISR is a CUBE, ensure the source interface is known to the CUCM Cluster.

Configuring MVA

CUCM side Configuration

Lets go through and set some of the Service Parameters.

Service Parameters -> Cisco CallManager -> Clusterwide Parameters (System – Mobility)

Enable Mobile Voice Access = “True”
Mobile Voice Access Number = “1234″
Matching Caller ID with Remote Destination = “Partial Match”
Number of Digits for Caller ID Partial Match = “7″
System Remote Access Blocked Numbers = “0000, 000″ (OPTIONAL)

Media Resources -> Mobile Voice Access

Mobile Voice Access Directory Number = “1234″
Mobile Voice Access Partition = “AU_PHONE_PT”
Selected Locales = “English United States”

User Management -> End User

Enable Mobility = “Checked”
Enable Mobile Voice Access = “Checked”

Device -> Device Settings -> Remote Destination Profile

Create a new Remote Destination Profile and completed the required fields. Important to note is the Calling Search Space and the User ID Field. The Line number should reflect the same extension as the User’s office extension. (Essentially this is a shared line setup)

Device -> Remote Destination

Create a new Remote Destination and associate to the Line configured on the Remote Destination Profile. Ensure the Destination Number is in the correct format, as you would when you dial the number from an Internal extension. As you can see I have prefixed a ’0′ to cater for my PSTN Access Code.

Cisco IOS Side

Steps are to configure the Application/Service. Then create two dialpeers, one for inbound and the second for outbound.

application
service mva http://10.10.10.1:8080/ccmivr/pages/IVRMainpage.vxml

dial-peer voice 10 pots
description ** MVA IVR **
service mva
direct-inward-dial
incoming called-number 0255551234$

dial-peer voice 100 voip
description ** CUCM MVA **
destination-pattern 1234
session protocol sipv2
session target ipv4:10.10.10.1
voice-class sip bind control source-interface FastEthernet0/0
voice-class sip bind media source-interface FastEthernet0/0
dtmf-relay rtp-nte
voice-class codec 6
no vad

NOTE: Don’t forget to check if the Mobile Voice Access service has been activated under Unified Serviceability. This service is not included in the “Set Default” services button, so you will have to manually click on the service radio button and activate.

Jun 30

Jabber – Cannot Communicate with Server

Posted on June 30, 2016 by ben

Deploying Cisco Jabber (MRA) to a CUCM Cluster can sometimes have its pitfalls especially when the firewall is managed by a third party vendor. Although, the all to common error message “Cannot Communicate with Server” can be frustrating to troubleshoot, the devil lies in the details. This can also be very useful when needing to provide debugs reports to third party firewall vendors to investigate further on your behalf.

1st step is to view the jabber log file, this can sometimes be a long file to extract the key bits of information you’re after.. One idea is just to find the “cannot communicate’ error message. Then reverse engineer the log file.

2nd step is open a wireshark session and attempt a jabber connection. This provides key details about the connection process and is very useful to pass onto the thirdparty firewall vendor. Analysing the packets will give you insights into the login process from the DNS SRV query to attempting connections to CUCM and Presence servers.

In the below example, I had to troubleshoot the “Cannot Communicate with Server” error message. This turned out to be a inbound Firewall Port issue. The vendor did not open TCP 5222 from Public to the Expressway-E device. I had to send the vendore this packet capture for evidence to investigate further into the issue. I’ve also included the error messages in the Jabber log file to complete the picture. TCP Port 5222 is used for XMPP connection to the Presence Server.

Putting the packet capture and the jabber log together, gives you a full picture of where Jabber is exactly failing in the connection process.

May 25

Calabrio QM / AQM Certificates

Posted on May 25, 2016 by ben

Certificates are apart of every UC Install these days.. Even more so now with the introduction of Finesse and third-party gadgets. I recently had to install a certificate for the Calibrio AQM Server, rather than you dig through their guides.. I’ve listed the commands you’ll need below. Have fun.

1. Create the certificate signing request.

“C:\Program Files\Cisco\WFO_QM\Java\bin\keytool.exe” -keystore “C:\Program Files\Common Files\QM\config\.keystore” -storepass C@labr1o -certreq -alias jetty -file jetty.csr -ext san=dns:tg2aqm10.topgun2.uplinx

2. Install the CA Root or Chain Certificates.

“C:\Program Files\Cisco\WFO_QM\Java\bin\keytool.exe” -keystore “C:\Program Files\Common Files\QM\config\.keystore” -storepass C@labr1o -importcert -trustcacerts -alias TG2PDC -file root-cer.cer

3. Install the signed certificate for the AQM Server.

“C:\Program Files\Cisco\WFO_QM\Java\bin\keytool.exe” -keystore “C:\Program Files\Common Files\QM\config\.keystore” -storepass C@labr1o -importcert -alias jetty -file jetty.cer

UPDATE: To increase or specify the length of the key, use the attribute -keysize when generating a CSR.

May 15

Fax Not Answering on ATA190

Posted on May 15, 2016 by ben

Come across a fax issue with an ATA190 device. The issue was the fax machine wouldn’t answer any calls. I could see the ATA190 would be in a ‘ringing’ state, however the fax machine wouldn’t budge. The calling endpoint would just ring out.

Checking the setting on the ATA190 as per below, the Ring Voltage set to 85 V and Ring Frequency set to 20 Hz.

All that needed to be done in this case was to adjust both the Ring Voltage and Ring Frequency for the Fax Machine to essentially be compatible and pickup the incoming call. Thank you TAC.

On ATA190 web GUI, navigate to Voice -> Regional -> Ring and Call Waiting Tone Spec

Modify the below values, save the configuration, then reboot the ATA190 device.

Ring Voltage : 70V
Ring Frequency : 25 Hz

May 04

Finesse Call Recording with Cisco Medisense 11

Posted on May 4, 2016 by ben

I’ll be going through the process to configure Call Recording using Cisco Mediasense with the UCCX Finesse Agent. The Mediasense Server itself requires a server license plus Media Port licenses, the port licenses can be either Audio Only or Audio/Video. As it stands the previously mentioned licenses are a ‘right use’ license. Cisco is trusting partners and customers to apply the correct amount of licenses for their installed instances. The Contact Centre though is different story. Additional Call Recording licenses need to be purchased as the Contact Centre product controls the call recording streams. These licenses must be uploaded to the Contact Centre server. We’ll discuss this further below.

Mediasense seems to work as expected and can record calls in a variety of ways (Phone, Gateway, CUBE) which gives flexibility to various customer requirements. The feature set however needs some more work. I found the Authorisation/Security component of Mediasense Call Recording is very basic compared to other products on the market. Hopefully Cisco is looking at RBAC for future releases.

Lets get to the configuration part, we’ll start with CUCM.

Create an End User either directly on CUCM or via Active Directory. Mediasense requires its API Users to be End Users in CUCM and not Application Users. When deploying Mediasense the initial wizard will ask for this Users details.

The End Use in my case ‘mediasense’ is required to have the AXL Role and be a member of the Standard CCM Admin Users group

CUCM communicates with the Mediasense server via a SIP Trunk, even with gateway recording it’s the CUCM Server that will send the INVITES to the Mediasense server.

So go ahead and setup the SIP Trunk configuration. We’ll start with the SIP Profile.

I always find it easier to copy the Standard SIP Profile then make any changes necessary, that way all SIP Profiles are isolated from each other making future changes easier with less impact to other SIP services.

In the Mediasense SIP Profile, I’ve enabled SIP Options. If I was to have more than one Mediasense server, this is where SIP Options would come in useful. CUCM polls each Mediasense server to determine if its down or up, and will only send INVITES to a Mediasense server in an operational state.

The default SIP Trunk Security is good enough for Mediasense. The main field to take not is the Outgoing Transport Type.. This must be TCP. So worth to check this setting. If its been set to UDP, then create a new SIP Trunk Security Profile.

Create a new SIP Trunk with the basic settings. Provide good descriptions and select the SIP Profile and SIP Trunk Security profile as created above. Can use either the IP Address or FQDN for the Destination. Port is SIP standard 5060.

Create a Route Pattern for the Call Recording profile to match. I’ve just selected the Mediasense_Recording SIP Trunk as the destination. You can also use Route Lists and Route Groups. Ive also placed this route pattern in the Global SYSTEM partition. You can create a new partition for Call Recording and place the pattern into this, then just allocate the Call Recording profile the CSS that has access to the specific partition.

Create a Recording Profile selecting the pattern defined above in the Route Pattern step. Also select the appropriate CSS that has access to the partition the call recording pattern is in.

Now we jump across to the Phones. In this blog I’ll be using the Phone Preferred architecture, hence the phones will be forking media to the Mediasense server. For this to happen the phones need to have the ‘Built In Bridge’ enabled. This is also a global setting if wish to blanket all phones.

Repeat the below steps for each phone/line that will have recording enabled in the Contact Centre.

Enable the Built In Bridge. Save and Apply Config.

Go to the Line of the Phone (or for the Device Profile). Navigate to the Line Settings for this Device area and select the Recording Option, Recording Profile and the Recording Media Source. In my case, I’ve enabled recording with Selective Call Recording enabled. The alternate option is automatic call recording. (Always On). In this blog, I want to control the Call Recording via UCCX Workflows.

Optional is to have a beep play to let the call party’s know the conversation is being recorded. Default is set to off.

Also optional is to assign a Call Recording Softkey to the phone or device profile. If pressed during a conversation, the CUCM actions to the call recording and not UCCX/Finesse.

Mediasense Configuration

The install for Mediasense is fairly straight forward. After deploying the correct OVA for your environment size and going through the initial CLI configuration wizard configuring IP Address details, DNS Servers etc Its time to browse to the Web GUI.

Log into the Web GUI using the user credentials configured in the CLI wizard. The first couple of screens are more or less notifications and information about mediasense. Click next through these.

The AXL Service Provider is the End User created during the CUCM configuration phase. The AXL provide IP Address is of course your CUCM Server (ensure you have the AXL Service activated)

The Mediasense will discover all the Call processing Servers in the environment. Funny enough, it also discovers the Presence Servers?

Click next through the summary page and you will end up at the Administration Console of the Mediasense server.

Navigate to the Cisco Finesse Configuration window and enter the UCCX Servers is the appropriate field. Ensure to FQDN for the UCCX Servers.

Navigate to the Mediasense API User Configuration window and search for the End User created in the CUCM phase. In my case its mediasense. Add the End User to the Mediasense API Users. Also, from the screen, add the users in that shall have GUI access to the search and play browser.

UCCX Configuration

Start by uploading the Call Recording Count Licenses for CCX. **NOTE Part Number required is “INCREMENT CRS_REC_PORT”

After uploading the licenses, the License Display Screen should look similar to the below.

Add the Mediasense Recording Server and API User to the CCX Server. This user was added to the Mediasense API User list in the Mediasense configuration phase.

UCCX Script

Now seeing that I’m going a step further with this configuration due to the customer requirements. I’ll add it all in for you to see. In this particular case the customer required to have an ‘opt-out’ menu for call recording. Hence the caller could select IVR Option ’9′ and essentially opt-out of call recording. For this to happen, we need to first create some script variables. I created a variable called ‘Do_Not_Record’ with a value of ‘Do Not Record’ and linked this String to Call Variable 5. I could’ve created an ECC Variable, however, Im working with UCCX 10.6 at the moment.. And there is a current bug preventing ECC Variables from being used in the Finesse Workflow filters.

I have also create a script variable called ‘Record_Call’ with a value of ‘Record Call’ and linked to Call Variable 2.

See below for Call Variable image along with script insertion.

Finesse Administration

We need to now create a workflow and utilise the variables created in the previous step. First step is to create a workflow action. See below for the workflow action created, this follows the standard procedure for invoking Mediasense.

We then need to create a Workflow filter or match condition. I’ve created a filter or match condition for Call Variable 2 (value = Record Call).

Hence the match condition is when the ‘Record Call’ is presented via Call Variable 2. Relating this to the above script, is when a caller does not press IVR option ’9′ to opt-out, the value ‘Record Call’ is inserted into Call Variable 2.

Add the workflow action and click SAVE.

No we can add the Workflow to a Team. Navigate to the Team configuration page and select the appropriate team. Now click the Workflow menu (lower right).

Click the Add button and browse or select the Workflow required.

Also worth mentioning is the MS AgentInfo gadget. This gadget inserts/passes metadata to the Mediasense engine. I’ve given two examples below, the first example is a call recording without the AgentInfo gadget, and the second example being with the MS AgentInfo gadget.

To apply the MS AgentInfo gadget, navigate to the Desktop layout configuration page (either Global or Team based). Add the below lines to the Agent Desktop layout. Agents then need to log out of Finesse then back in.

NOTE: Mediasense Play Back requires Java 1.7+.

Without the MS AgentInfo Gadget deployed in Finesse

With the MS AgentInfo Gadget deployed in Finesse

OPTIONAL: Unhide the Mediasense gadget for the Supervisor to allow the Supervisor to search and play call recordngs from the Finesse Agent window.

Apr 15

UCCX – Agents Stuck in Reserved State

Posted on April 15, 2016 by ben

UCCX Agents being stuck in a Reserved can be quite frustrating to both the customer and the Agent. An Agent is placed into a Reserved state when the UCCX Engine essentially reserves a inbound call to an Agent. Now that the Agent and the Inbound call are a ‘pair’ the system will try and push the call to the Agents phone.

To allow a customer to be pushed to an Agent immediately, the queue announcements, menu’s or timers must have the radio button “Interruptible” set to Yes. If this is set to No, the Customer will be forced to wait for the current announcement, menu prompt or timer to expire before being be connected with an Agent, this includes MoH.

Screen images or where you can find this parameter in the UCCX Script.

Apr 04

Wireless: One Way Audio for Start of Call

Posted on April 4, 2016 by ben

Investigated a strange UC issue involving the 7925G Wireless IP Phones, its always fun to troubleshoot wireless devices In short, the audio stream was not being sent to the 7925G wireless phone for a randomised period of time. Now, this only affected the call when the two device, such as an 8945 IP Phones and the 7925G wireless phone were on the same L2 network, so not traversing a L3 subnet.

All calls to the PSTN and to other L3 separated devices worked 100%. Below if what I captured during the investigation, I used an 8945 IP Phone for testing calls to the 7925G wireless phone.

In the example below, after 210 seconds, the 7925g wireless phone replies to the ARP request from the 8945 IP Phone.

Details:
8945 IP Phone is 10.2.110.121
7925g IP Phone is 10.2.110.171
CUCM IP is 10.2.110.20

Packets captured below

Screen shot of Call being established (SIP Side – 8945 IP Phone spanned to PC)

Screen shot of the ARP request from the 7925g wireless phone. (10.20.110.171). Also the 8945 IP Phone replying to the ARP request.

Screen shot of the ARP Request sent by the 8945 IP Phone. Note there is no Reply received.

Screen shot – After the 7925g receives the ARP reply, the audio stream starts to the 8945 IP Phone.

Screen shot – 210 seconds later, the 7925g replies to the 8945 IP Phone ARP request.

Screen shot – 8945 IP Phone starts to send audio stream to 7925g wireless phone.

The WLC was configured for flexconnect mode. The Flexconnect ARP Caching was not enabled on the WLC. When the flexconnect arp caching was enabled, this killed all audio sessions to and from the 7925g wireless phone.

I then upgrade the WLC and AP firmware to 8.0.121, this being the minumum version for compatibility with flexconnect arp caching feature.

Once upgraded, enabling the flexconnect arp caching feature resolved the issue. Note a reboot of APs was required in this case after the change the change had been made.

Page 6 of 17« First ‹ Previous 3 4 567 8 9 Next ›Last »

Cisco UC

Collaborate Anywhere

Category Archives: Cisco UC