Oct 10

Cisco Expressway 8.8 Features

There a couple of new features in version 8.8 for Cisco Expressway that is worth mentioning. One feature is the introduction of being able to register SIP Devices to the Expressway-C device. H323 is on the road map and will be introduced in a later release. Devices that can be registered include Desktop Endpoints such as the DX and EX Series and room based endpoints such as the SX and MX series. As well as third-party video SIP endpoints.

The licensing structure for such registrations will follow the same principles as CUCM. Desktop endpoints will require a UCL Enhanced or above and Telepresence endpoints will require a Room based license. Partners/Customers will be able to select what Call Control server (Expressway-C or CUCM) the license will be installed on at the time of registering the PAK.

This architecture will now complement Video only infrastructure where CUCM is not deployed in the organisation.

Cisco Expressway 8.8

The second is more a modification as opposed to a feature. The RMS License model has been revised and now the Expressway-E device is the only device required to host an RMS (Traversal) License. Pre 8.8 both the Expressway-C and Expressway-E devices were required to host RMS Licenses.

The one exception being is if the Expressway-C device is performing interoperability between Cisco registered endpoints and third-party standalone or registered endpoints. EG MS SFB Business endpoints.

Cisco Expressway 8.8

Cisco Expressway 8.8

These images were referenced from Cisco’s CCP Presentation.

Oct 01

Activating Services on IM&P – AXL Service

Little gotcha with activating services on the Cisco IM & Presence Server version 11.0.1.XXXXX-X. After selecting ‘Set to Default’ for Service Activation, we can see the Cisco AXL Web Server is indeed already activated – great. However when we go ahead and click ‘Save’, essentially activating the selected services, the Cisco AXL Web Server returns to ‘Deactivated’. This is a critical service to allow Jabber to connect to the IMP Cluster, so you’ll need to go back and check the Cisco AXL Web Service to activate the service.

This is easy to miss and can cause some pain when you try and connect Jabber for the first time..

As we can see below the Cisco AXL Web Service is showing as Activated.

Cisco AXL Web Service

After selecting SAVE, the Cisco AXL Web Service returns to Deactivated.
Cisco AXL Web Service

Sep 29

Cisco CSR 11.5.1 Feature Highlights

Corporate Directory Search for MRA Clients

Cisco Mobile Remote Access (MRA) clients are now able to search the Corporate Directory Servers for contacts. Pre v11.5, MRA clients were only able to search the UDS Contact database. The UDS service within CUCM now acts as a proxy between the MRA client and the Corporate Directory server. So no configuration necessary on the Expressway Devices.

To allow this feature, the below needs to be configured on the CUCM.

- Enable ‘user search to Enterprise Directory’ under System -> LDAP -> LDAP Search.
- Complete the required details and attribute mappings under System -> LDAP ->LDAP Search
- Configured a ‘Directory’ UC Service.
- Assigned the above configured Directory UC Service under the System -> LDAP -> LDAP Search

CLI Privilege Levels

The OS Administrator can now configure additional Administrators via the CLI and give the newly created Administrators either Read-Only access or Read & Write access privileges.

Read Only access is assigned to level 0 privilege
Read and Write access is assigned to level 1 privilege

Cisco Spark Remote Device

With the growth of Cisco Spark collaboration client, CUCM v11.5 has introduced a new Device Type for the Cisco Spark Client. The device type is called ‘Cisco Spark Remote Device’.

Configuring the Spark Device does consume an enhanced License unless the Owner already has ownership over other devices, in that case a device count witll be added to a CUWL or Enhanced Plus license for the user.

This device type is for the Cloud client to register to the CUCM via the Collaboration Edge architecture (v8.8+) and allow the ability to route calls out the local corporate voice gateways. Hence creating a Spark Hybrid environment.

The Spark hybrid environment does have some costs involved. Please refer to the Product information sheet for Spark Hybrid.

Deprecated Endpoints

Cisco has announced the below devices will no longer be supported moving forward in version 11.5 and beyond.

• Cisco IP Phone 12 SP+ and related models
• Cisco IP Phone 30 VIP and related models
• Cisco Unified IP Phone 7902
• Cisco Unified IP Phone 7905
• Cisco Unified IP Phone 7910
• Cisco Unified IP Phone 7910SW
• Cisco Unified IP Phone 7912
• Cisco Unified Wireless IP Phone 7920
• Cisco Unified IP Conference Station 7935

Phone Documents in Cisco Unified Communications Manager Self Care Portal

Cisco does a great job with documentation via the Help Menu in CUCM and relating products, this simply extends to the Self Care Portal now. Allows users to gain easy access to guides and references regarding devices and user relating features and processes.

Addition of AXL Read Access Role to a User

In addition to the CLI Read Only Administrators, Cisco has also create a Read Only access role for the AXL API. This Read Only access role can be safely given to developers knowing their applications can not adversely impact on the CUCM configuration.

The new role is called ‘Standard AXL Ready Only API Access

*Additional 11.5 features can be referenced from the below document.


Sep 25

Deploying Jabber MSI via Group Policy Without Arabic Language

Cisco Jabber is great collaboration tool for any organisation.. The install process for individual PCs is simple and quick.. However deploying Cisco Jabber via Microsoft’s Group Policy is a more painful process for the Windows Administrator. This is because for some unknown reason.. The Cisco Jabber MSI package selects the lowest language identifier to install, this turns out to be Arabic! Great, so how do we deploy Cisco Jabber in English. Well there are a couple of hoops to jump through to have English as the selected language and I’ve briefly documented how below. I’ve also included a link to good Cisco reference and the required EXE’s for Microsoft to play nice.

Download and extract WinSDKTools.zip and install WinSDKTools_amd64.msi on Server (you will need x86 installer if 32 bit). After installing this, go to C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin and double click on Orca.Msi. This will install the Orca application.

Open Orca and navigate to File > Open. Browse to and select the CiscoJabberSetup.msi.

Once the MSI is opened, navigate to View > Summary Information.

Cisco Jabber

Remove all language codes under languages except for 1033 (English).

Cisco Jabber Arabic Language

Click OK and go File > Save As and save over the top of the original CiscoJabberSetup.msi. Language of msi file has now been changed, set up GPO to deploy software.

Cisco Reference:


Sep 15

CUCM and CUC LDAP Sync Error, null

Recently tried to connect to a customer’s Active Directory Server to sync users and groups as per normal.. However this occasion I received a Error While connecting to LDAP… , null. I tried entering a different password to see if I was actually getting into the LDAP server, I was received a username/password error. I also tried modifying the port to 3268 as this Domain Controller I was trying to access was also a Global Catalog Server.. However I received the same null error.


I started digging around and what I found two things.. The Domain Controller had been moved to another general OU and was not sitting in the default Domain Controllers OU, where the Domain Controllers GPO could be applied, surely this can’t be right. The GPO being applied to the Domain Controller had a few Security Options manually configured, the one I was interested in was the Domain Controller: LDAP server signing requirements had been configured to “Require Signing”. Why this had been manually configured , I have no idea.

I had the Domain Controller object returned back into the Domain Controllers OU.. The Default Domain Controller’s GPO had the above setting defined as NONE. This was the default setting.


After forcing the update GPUPDATE /FORCE then logging off and back on.. Wholla! .. I could now sync my CUCM and CUC servers to the Active Directory OU Structure.

Also check the local security policy (gpedit.msc) on the Domain Controller to confirm the above setting was being applied and as it was greyed out, this meant the governing GPO had been pushed down.


Jul 20

Cisco’s Conference Now

Conference Now is new to Cisco Collaboration starting from release 11. The old Meet Me conference in CUCM (still exists by the way in version 11) didn’t meet the audio conferencing needs for many organisations, especially around security and having that conference menu and feel. Hacks had to be put in place, which typically involved UCCX scripting.

The Conference Now feature strongly competes with many of the audio conferencing bridges in the marketplace and best all of all, this feature is standard with CUCM, so no additional licensing is required. The Conference Now feature includes a standard single Meeting Phone Number while allowing multiple Meetings to be hosted simultaneously without the risk of barging into a uninvited meeting room. The Host can choose their own Attendee Access Code aswell, giving control to the user and not relying on IT Administrators to make these simple changes. The Conference Now feature allows includes a lobby room, where attendees can listen to selected music while they wait for the Host to join the meeting. This is a great enhancement for Cisco UC platform.

Configuring Conference Now

Conference Now uses the IVR media resources in CUCM. As we know Media Resources are enabled by activating the Cisco IP Voice Media Streaming App. Usually, you will enable this service as one of the first tasks you undertake when configuring a new CUCM build.

Cisco Conference NowAdditional Info. Can disable/enable the IVR media resource by navigating to the Service Parameters -> Cisco IP Voice Media Streaming App configuration window. Simply change the “Run Flag” setting.

Cisco Conference Now

Cisco Conference NowSo now, we should be seeing the IVR media resources successfully registered.

Cisco Conference NowNext is to configure the Conference Now Meeting Number. This is found under Call Routing -> Conference Now. Assign a DN and Partition. Also allows for two parameters to be modified being Music on Hold and Maximum Wait Time (default 15mins).

Cisco Conference NowAllowing access to host conferences is configured via the End User page. The Meeting Number is populated by the Self-Service User ID. Then check the “Enable End User to Host Conference Now” checkbox and allocate a Attendees Access Code. (The user can change this later).

I’ve also captured the PIN field for the end user, the PIN field is used by the Host to unlock the Meeting Room. I strongly recommend the PIN and Access Code by at least 8 digits in length.

Cisco Conference NowThe end user can now call into the Meeting Room phone number and follow the prompts to start a Conference. Attendees will be able to dial in anytime and join a meeting room, providing they know the Meeting Room ID and Access Code. If the Host has not joined the meeting within 15 minutes (default) the attendees will be disconnected from the lobby area.

Self Administering the Conference Settings.

Users can change the Meeting Room Access Code at anytime, using the Self Care Portal. URL is https://cucm_ip_address_or_hostname/ucmuser

Navigate to General Settings, then scroll to the bottom of the page where you will find the Conference Now Settings.

Cisco Conference NowCisco Conference NowModifying Announcements

For those Administrators who feel the need to tinker with the default Conference Now announcements, all the announcements are located under the Media Resources -> Announcements Menu. Click on the required announcement and either upload a new wav file or select as existing audio file to use.

Cisco Conference Now

Jul 10

Mobile Voice Access (MVA) – Setup Start to Finish

Mobile Voice Access (MVA) essentially allows authorised users to relay or bounce calls off a CUCM Cluster toward the PSTN. Benefits for this is the user’s calling number is masked by his/her office extension/DID phone number. MVA couple with Single Number Reach (SNR), also allows the called party to return the call to the masked office extension/DID phone number, the CUCM Cluster will then route the call to the mobile (SNR Destination).

User Requirements

1. Ensure the source PSTN phone is configured as a Remote Destination in CUCM.
2. The User PIN is known.
3. Mobile Voice Access is enabled for the User.

The workings of MVA

1. A call is placed from a mobile phone to the configured MVA Phone Number (0255551234).
2. This will match a pots dialpeer. This pots dialpeer will be associated to the MVA Service on the Cisco ISR.
3. The MVA service initiates the MVA IVR on CUCM. If the mobile phone number matches a remote destination, the IVR will prompt you a PIN.
4. Once authenticated, the user will have the option to Dial a number. (Generally this is option 1, following by the PSTN number).
5. CUCM now request that the Cisco ISR forward the call to the MVA phone number (extension 1234). Now if the Cisco ISR doesn’t have a dialpeer matching this MVA extension the Call will simply disconnect.
6. If the dialpeer matches the MVA extension, the call is forwarded. In debugs, you will see the called number being the MVA extension, with a diversion header containing the PSTN number the user called via the MVA IVR menu.
7. The Remote Destination Profile must have access to the called PSTN number. This is the DEVICE CSS field. The REROUTING CSS field is used for SNR.
8. When using SIP and the Cisco ISR is a CUBE, ensure the source interface is known to the CUCM Cluster.

Configuring MVA

CUCM side Configuration

Lets go through and set some of the Service Parameters.

Service Parameters -> Cisco CallManager -> Clusterwide Parameters (System – Mobility)

Enable Mobile Voice Access = “True”
Mobile Voice Access Number = “1234″
Matching Caller ID with Remote Destination = “Partial Match”
Number of Digits for Caller ID Partial Match = “7″
System Remote Access Blocked Numbers = “0000, 000″ (OPTIONAL)

Cisco Mobile Voice AccessMedia Resources -> Mobile Voice Access

Mobile Voice Access Directory Number = “1234″
Mobile Voice Access Partition = “AU_PHONE_PT”
Selected Locales = “English United States”

Cisco Mobile Voice AccessUser Management -> End User

Enable Mobility = “Checked”
Enable Mobile Voice Access = “Checked”

Cisco Mobile Voice AccessDevice -> Device Settings -> Remote Destination Profile

Create a new Remote Destination Profile and completed the required fields. Important to note is the Calling Search Space and the User ID Field. The Line number should reflect the same extension as the User’s office extension. (Essentially this is a shared line setup)

Cisco Mobile Voice AccessDevice -> Remote Destination

Create a new Remote Destination and associate to the Line configured on the Remote Destination Profile. Ensure the Destination Number is in the correct format, as you would when you dial the number from an Internal extension. As you can see I have prefixed a ’0′ to cater for my PSTN Access Code.

Cisco Mobile Voice AccessCisco IOS Side

Steps are to configure the Application/Service. Then create two dialpeers, one for inbound and the second for outbound.

  service mva

dial-peer voice 10 pots
  description ** MVA IVR **
  service mva
  incoming called-number 0255551234$

dial-peer voice 100 voip
  description ** CUCM MVA **
  destination-pattern 1234
  session protocol sipv2
  session target ipv4:
  voice-class sip bind control source-interface FastEthernet0/0
  voice-class sip bind media source-interface FastEthernet0/0
  dtmf-relay rtp-nte
  voice-class codec 6
  no vad

NOTE: Don’t forget to check if the Mobile Voice Access service has been activated under Unified Serviceability. This service is not included in the “Set Default” services button, so you will have to manually click on the service radio button and activate.

Jun 30

Jabber – Cannot Communicate with Server

Deploying Cisco Jabber (MRA) to a CUCM Cluster can sometimes have its pitfalls especially when the firewall is managed by a third party vendor. Although, the all to common error message “Cannot Communicate with Server” can be frustrating to troubleshoot, the devil lies in the details. This can also be very useful when needing to provide debugs reports to third party firewall vendors to investigate further on your behalf.

1st step is to view the jabber log file, this can sometimes be a long file to extract the key bits of information you’re after.. One idea is just to find the “cannot communicate’ error message. Then reverse engineer the log file.

2nd step is open a wireshark session and attempt a jabber connection. This provides key details about the connection process and is very useful to pass onto the thirdparty firewall vendor. Analysing the packets will give you insights into the login process from the DNS SRV query to attempting connections to CUCM and Presence servers.

In the below example, I had to troubleshoot the “Cannot Communicate with Server” error message. This turned out to be a inbound Firewall Port issue. The vendor did not open TCP 5222 from Public to the Expressway-E device. I had to send the vendore this packet capture for evidence to investigate further into the issue. I’ve also included the error messages in the Jabber log file to complete the picture. TCP Port 5222 is used for XMPP connection to the Presence Server.

Putting the packet capture and the jabber log together, gives you a full picture of where Jabber is exactly failing in the connection process.