Jun 20

Wireshark – Cannot See Outbound Packets.

I installed Wireshark 2.02 on my Windows 10 laptop, all good. However I was actively troubleshooting a customer issue when I realised I couldn’t see my outbound packets. I could only see inbound packets. Same behaviour for both my ethernet and wireless connection. Found I had to disable the “DNE Light Weight Filter” from the network adapter.. Both my Ethernet and Wireless adapter..


May 25

Calabrio QM / AQM Certificates

Certificates are apart of every UC Install these days.. Even more so now with the introduction of Finesse and third-party gadgets. I recently had to install a certificate for the Calibrio AQM Server, rather than you dig through their guides.. I’ve listed the commands you’ll need below. Have fun.

1. Create the certificate signing request.

“C:\Program Files\Cisco\WFO_QM\Java\bin\keytool.exe” -keystore “C:\Program Files\Common Files\QM\config\.keystore” -storepass C@labr1o -certreq -alias jetty -file jetty.csr -ext san=dns:tg2aqm10.topgun2.uplinx

2. Install the CA Root or Chain Certificates.

“C:\Program Files\Cisco\WFO_QM\Java\bin\keytool.exe” -keystore “C:\Program Files\Common Files\QM\config\.keystore” -storepass C@labr1o -importcert -trustcacerts -alias TG2PDC -file root-cer.cer

3. Install the signed certificate for the AQM Server.

“C:\Program Files\Cisco\WFO_QM\Java\bin\keytool.exe” -keystore “C:\Program Files\Common Files\QM\config\.keystore” -storepass C@labr1o -importcert -alias jetty -file jetty.cer

UPDATE: To increase or specify the length of the key, use the attribute -keysize when generating a CSR.

May 15

Fax Not Answering on ATA190

Come across a fax issue with an ATA190 device. The issue was the fax machine wouldn’t answer any calls. I could see the ATA190 would be in a ‘ringing’ state, however the fax machine wouldn’t budge. The calling endpoint would just ring out.

Checking the setting on the ATA190 as per below, the Ring Voltage set to 85 V and Ring Frequency set to 20 Hz.

Cisco ATA190
All that needed to be done in this case was to adjust both the Ring Voltage and Ring Frequency for the Fax Machine to essentially be compatible and pickup the incoming call. Thank you TAC.

On ATA190 web GUI, navigate to Voice -> Regional -> Ring and Call Waiting Tone Spec

Modify the below values, save the configuration, then reboot the ATA190 device.

Ring Voltage : 70V
Ring Frequency : 25 Hz

May 06

Cisco IPSEC VPN Client for Windows 10 – Painful Experience

As most of you know the Cisco IPSEC VPN Client is not officially supported on Windows 8+. I have Window 10, now that puts me in the not so friendly basket. After googling this, there a raft of blogs and websites advising you to install additional components and modify registry settings.. Not all of which are proven. I finally found a sequence that worked for me.. AND successfully connected to customer sites.

First thing is to get around this virtual adapter filter thing that doesn’t get installed with Windows 10.. The SonicWall VPN Client however does install the ‘DNE Lightweight filter network client’. Beautiful.. Job done.

Link to Sonicwall website for vpn client. http://help.mysonicwall.com/applications/vpnclient/

If the above link is not available and you cannot find it anyway.. Ping me and I’ll email it to you.

Right. Lets install the Cisco IPSEC VPN Client now.. No wait another error.. ‘This software doesn’t support Windows 10′, great. To get around this one.. Extract the install files and manually run the .msi file. Job done.

Now the client is installed and we are away and running.. Try to connect to a customer site and low and behold another error.. ‘Secure VPN Connection terminated locally by the client. Reason 442: Failed to enable Virtual Adapter.’ we are getting closer though right?

Here comes the infamous registry change.. Now I’ll add the general blurb that everyone would say… ‘Backup your registry settings in case you absolutely blunder this change’. Now lets get started.

Open registry and go to HKLM\SYSTEM\CurrentControlSet\Services\CVirtA look for the key ‘Display Name’. We want to modify this key from something like this ‘@oem47.inf,%CVirtA_Desc%;Cisco Systems VPN Adapter for 64-bit Windows‘ to ‘Cisco Systems VPN Adapter for 64-bit Windows‘ (screen shot below of change).

Cisco IPSEC VPN Client

Now open the VPN Client again and try connecting to a customer site.. Whola! Job is now done. Thanks Internet.

May 04

Finesse Call Recording with Cisco Medisense 11

I’ll be going through the process to configure Call Recording using Cisco Mediasense with the UCCX Finesse Agent. The Mediasense Server itself requires a server license plus Media Port licenses, the port licenses can be either Audio Only or Audio/Video. As it stands the previously mentioned licenses are a ‘right use’ license. Cisco is trusting partners and customers to apply the correct amount of licenses for their installed instances. The Contact Centre though is different story. Additional Call Recording licenses need to be purchased as the Contact Centre product controls the call recording streams. These licenses must be uploaded to the Contact Centre server. We’ll discuss this further below.

Mediasense seems to work as expected and can record calls in a variety of ways (Phone, Gateway, CUBE) which gives flexibility to various customer requirements. The feature set however needs some more work. I found the Authorisation/Security component of Mediasense Call Recording is very basic compared to other products on the market. Hopefully Cisco is looking at RBAC for future releases.

Lets get to the configuration part, we’ll start with CUCM.

Create an End User either directly on CUCM or via Active Directory. Mediasense requires its API Users to be End Users in CUCM and not Application Users. When deploying Mediasense the initial wizard will ask for this Users details.

Cisco Call Recording

The End Use in my case ‘mediasense’ is required to have the AXL Role and be a member of the Standard CCM Admin Users group

Cisco Call RecordingCUCM communicates with the Mediasense server via a SIP Trunk, even with gateway recording it’s the CUCM Server that will send the INVITES to the Mediasense server.

So go ahead and setup the SIP Trunk configuration. We’ll start with the SIP Profile.

I always find it easier to copy the Standard SIP Profile then make any changes necessary, that way all SIP Profiles are isolated from each other making future changes easier with less impact to other SIP services.

In the Mediasense SIP Profile, I’ve enabled SIP Options. If I was to have more than one Mediasense server, this is where SIP Options would come in useful. CUCM polls each Mediasense server to determine if its down or up, and will only send INVITES to a Mediasense server in an operational state.

Cisco Call RecordingThe default SIP Trunk Security is good enough for Mediasense. The main field to take not is the Outgoing Transport Type.. This must be TCP. So worth to check this setting. If its been set to UDP, then create a new SIP Trunk Security Profile.

Cisco Call RecordingCreate a new SIP Trunk with the basic settings. Provide good descriptions and select the SIP Profile and SIP Trunk Security profile as created above. Can use either the IP Address or FQDN for the Destination. Port is SIP standard 5060.

Cisco Call RecordingCisco Call RecordingCreate a Route Pattern for the Call Recording profile to match. I’ve just selected the Mediasense_Recording SIP Trunk as the destination. You can also use Route Lists and Route Groups. Ive also placed this route pattern in the Global SYSTEM partition. You can create a new partition for Call Recording and place the pattern into this, then just allocate the Call Recording profile the CSS that has access to the specific partition.

Cisco Call RecordingCreate a Recording Profile selecting the pattern defined above in the Route Pattern step. Also select the appropriate CSS that has access to the partition the call recording pattern is in.

Cisco Call RecordingNow we jump across to the Phones. In this blog I’ll be using the Phone Preferred architecture, hence the phones will be forking media to the Mediasense server. For this to happen the phones need to have the ‘Built In Bridge’ enabled. This is also a global setting if wish to blanket all phones.

Repeat the below steps for each phone/line that will have recording enabled in the Contact Centre.

Enable the Built In Bridge. Save and Apply Config.

Cisco Call RecordingGo to the Line of the Phone (or for the Device Profile). Navigate to the Line Settings for this Device area and select the Recording Option, Recording Profile and the Recording Media Source. In my case, I’ve enabled recording with Selective Call Recording enabled. The alternate option is automatic call recording. (Always On). In this blog, I want to control the Call Recording via UCCX Workflows.

Cisco Call RecordingOptional is to have a beep play to let the call party’s know the conversation is being recorded. Default is set to off.

Cisco Call RecordingAlso optional is to assign a Call Recording Softkey to the phone or device profile. If pressed during a conversation, the CUCM actions to the call recording and not UCCX/Finesse.

Cisco Call RecordingMediasense Configuration

The install for Mediasense is fairly straight forward. After deploying the correct OVA for your environment size and going through the initial CLI configuration wizard configuring IP Address details, DNS Servers etc Its time to browse to the Web GUI.

Log into the Web GUI using the user credentials configured in the CLI wizard. The first couple of screens are more or less notifications and information about mediasense. Click next through these.

Cisco Call RecordingCisco Call RecordingThe AXL Service Provider is the End User created during the CUCM configuration phase. The AXL provide IP Address is of course your CUCM Server (ensure you have the AXL Service activated)

Cisco Call RecordingThe Mediasense will discover all the Call processing Servers in the environment. Funny enough, it also discovers the Presence Servers?

Cisco Call RecordingClick next through the summary page and you will end up at the Administration Console of the Mediasense server.

Cisco Call Recording

Cisco Call RecordingNavigate to the Cisco Finesse Configuration window and enter the UCCX Servers is the appropriate field. Ensure to FQDN for the UCCX Servers.

Cisco Call RecordingNavigate to the Mediasense API User Configuration window and search for the End User created in the CUCM phase. In my case its mediasense. Add the End User to the Mediasense API Users. Also, from the screen, add the users in that shall have GUI access to the search and play browser.

Cisco Call RecordingUCCX Configuration

Start by uploading the Call Recording Count Licenses for CCX. **NOTE Part Number required is “INCREMENT CRS_REC_PORT”

After uploading the licenses, the License Display Screen should look similar to the below.

Cisco Call Recording

Add the Mediasense Recording Server and API User to the CCX Server. This user was added to the Mediasense API User list in the Mediasense configuration phase.

Cisco Call Recording

UCCX Script

Now seeing that I’m going a step further with this configuration due to the customer requirements. I’ll add it all in for you to see. In this particular case the customer required to have an ‘opt-out’ menu for call recording. Hence the caller could select IVR Option ’9′ and essentially opt-out of call recording. For this to happen, we need to first create some script variables. I created a variable called ‘Do_Not_Record’ with a value of ‘Do Not Record’ and linked this String to Call Variable 5. I could’ve created an ECC Variable, however, Im working with UCCX 10.6 at the moment.. And there is a current bug preventing ECC Variables from being used in the Finesse Workflow filters.

I have also create a script variable called ‘Record_Call’ with a value of ‘Record Call’ and linked to Call Variable 2.

See below for Call Variable image along with script insertion.

Cisco Call RecordingCisco Call RecordingFinesse Administration

We need to now create a workflow and utilise the variables created in the previous step. First step is to create a workflow action. See below for the workflow action created, this follows the standard procedure for invoking Mediasense.

Cisco Call RecordingWe then need to create a Workflow filter or match condition. I’ve created a filter or match condition for Call Variable 2 (value = Record Call).

Hence the match condition is when the ‘Record Call’ is presented via Call Variable 2. Relating this to the above script, is when a caller does not press IVR option ’9′ to opt-out, the value ‘Record Call’ is inserted into Call Variable 2.

Add the workflow action and click SAVE.

Cisco Call RecordingNo we can add the Workflow to a Team. Navigate to the Team configuration page and select the appropriate team. Now click the Workflow menu (lower right).

Click the Add button and browse or select the Workflow required.

Cisco Call RecordingAlso worth mentioning is the MS AgentInfo gadget. This gadget inserts/passes metadata to the Mediasense engine. I’ve given two examples below, the first example is a call recording without the AgentInfo gadget, and the second example being with the MS AgentInfo gadget.

To apply the MS AgentInfo gadget, navigate to the Desktop layout configuration page (either Global or Team based). Add the below lines to the Agent Desktop layout. Agents then need to log out of Finesse then back in.

Cisco Call Recording

Cisco Call RecordingNOTE: Mediasense Play Back requires Java 1.7+.

Without the MS AgentInfo Gadget deployed in Finesse

Cisco Call RecordingWith the MS AgentInfo Gadget deployed in Finesse

Cisco Call RecordingOPTIONAL: Unhide the Mediasense gadget for the Supervisor to allow the Supervisor to search and play call recordngs from the Finesse Agent window.

Cisco Call Recording

Apr 15

UCCX – Agents Stuck in Reserved State

UCCX Agents being stuck in a Reserved can be quite frustrating to both the customer and the Agent. An Agent is placed into a Reserved state when the UCCX Engine essentially reserves a inbound call to an Agent. Now that the Agent and the Inbound call are a ‘pair’ the system will try and push the call to the Agents phone.

To allow a customer to be pushed to an Agent immediately, the queue announcements, menu’s or timers must have the radio button “Interruptible” set to Yes. If this is set to No, the Customer will be forced to wait for the current announcement, menu prompt or timer to expire before being be connected with an Agent, this includes MoH.

Screen images or where you can find this parameter in the UCCX Script.


Apr 04

Wireless: One Way Audio for Start of Call

Investigated a strange UC issue involving the 7925G Wireless IP Phones, its always fun to troubleshoot wireless devices :) In short, the audio stream was not being sent to the 7925G wireless phone for a randomised period of time. Now, this only affected the call when the two device, such as an 8945 IP Phones and the 7925G wireless phone were on the same L2 network, so not traversing a L3 subnet.

All calls to the PSTN and to other L3 separated devices worked 100%. Below if what I captured during the investigation, I used an 8945 IP Phone for testing calls to the 7925G wireless phone.

In the example below, after 210 seconds, the 7925g wireless phone replies to the ARP request from the 8945 IP Phone.

8945 IP Phone is
7925g IP Phone is

Packets captured below

Screen shot of Call being established (SIP Side – 8945 IP Phone spanned to PC)


Screen shot of the ARP request from the 7925g wireless phone. ( Also the 8945 IP Phone replying to the ARP request.


Screen shot of the ARP Request sent by the 8945 IP Phone. Note there is no Reply received.


Screen shot – After the 7925g receives the ARP reply, the audio stream starts to the 8945 IP Phone.


Screen shot – 210 seconds later, the 7925g replies to the 8945 IP Phone ARP request.

w-05Screen shot – 8945 IP Phone starts to send audio stream to 7925g wireless phone.


The WLC was configured for flexconnect mode. The Flexconnect ARP Caching was not enabled on the WLC. When the flexconnect arp caching was enabled, this killed all audio sessions to and from the 7925g wireless phone.

I then upgrade the WLC and AP firmware to 8.0.121, this being the minumum version for compatibility with flexconnect arp caching feature.

Once upgraded, enabling the flexconnect arp caching feature resolved the issue. Note a reboot of APs was required in this case after the change the change had been made.

Mar 26

Cisco Jabber: Save Chat History to Outlook

To enable Cisco Jabber Chats to be saved to Outlook, you ‘ll need to modify the jabber-config.xml file. A subfolder called “Cisco jabber Chats” is created under the ‘Inbox’ folder in Outlook.

Note: Just like with emails, users are able to delete the chat folder and any chat conversation located inside. The deleted chat conversation will sit in the Deleted Items, when deleted from the Deleted Items, the chat conversation will site in the Recovered Deleted Items bin until Exchange purges the items.

Jabber for Windows 10.6 supports MS Exchange 2010 and Exchange 2013 and Jabber for Windows 11.0+ supports MS Office 365 as well.

In the example below, CUCM is selected for the authentication service, seeing that most (if not all) Cisco UC Implementation these days are sync’ed with Active Directory.

The Operation Mode “EnabledByPolicy” enables the option in Outlook “Save chat sessions to Cisco Jabber Chats Folder in MS Outlook”, and does not permit users to disable this option. If you wish for the users to enable/disable this feature as required, the Operation Mode  must be “EnabledByDefault”.

Most Exchange Environments have autodiscover enabled and configured, hence the Domain Names (Internal/External) are configured for the Exchange Addresses. If autodiscover is not enabled, simply the enter the Internal/External Hostnames for the Exchange CAS Servers.


Jabber-config.xml snippet.
<?xml version=”1.0″ encoding=”utf-8″?>
<config version=”1.0″>

Mar 18

Collaboration Systems Release 11 – Updates and Features

Have compiled a highlighted list of enhancements and features new to version 11 for the Cisco Unified Communications suite of products.

Cisco Unified CM Enhancements

Conference Now

Cisco have now closed the gap in the conference bridge market by introducing Conference Now into the CUCM Build. This allows users to create adhoc and scheduled conferences using a unique meeting ID and PIN. The Meeting ID will be tied to the Self-ID of the User. Meeting participants will wait in a lobby and will hear music (can be different stream to that of the standard phone MoH) until the host joins the meeting.

Jabber v11, also includes a single touch for chat/chat groups escalation into a conference now meeting.

Using the Self Care Portal, users can change/reset their conference PIN.CUCM Conference Now


QoS has been enhanced by including additional parameters in CUCM, allowing administrators to tag/mark audio packets within a video stream. Thus pulling the audio and video components apart.

Administrators can also customise video port range as well as the audio port range within a Video call, applies to both standard video and immersive video streams.



Cisco have enhanced the encryption for SIP and SRTP, now includes TLS 1.2 and AES-256 RSA / ECDSA based cipher support. Other security updates include login audits logs/report and Login Banner Display.


CUCM LDAP can now contain up to 20 sync agreements and include the synchronisation of Active Directory Distribution Groups. Support for open LDAP is now also supported in v11.

Unity Connection Enhancements

Video Auto Attendant

CUC V11 supports Video enabled call handlers in addition to Video Greetings (Supported in CUC 10.5). Videos can be recorded professionally then uploaded using via the Audio Text Manager Tool.

Missed Call Notifications

CUC v11 provides missed call notifications to a user’s mailbox, can be enabled/disabled on a per user basis. This is now at feature parity with MS Exchange UM solution.

CUC Missed Calls Notification

Summary Notifications

Cisco Have introduced an excellent feature detailing all voice messages logged in a summary email to the user. This can be scheduled daily etc. The user then has the ability to browse and select/listen/delete messages.

CUC Summary Notification

Expressway 8.7

Expressway 8.7 officially supports DX Phones and the 78/8800 series IP Phones over MRA. The feature set for MRA connectivity is almost on parity with Internally registered IP Phones.

DX and 7800/8800 IP Phones supported via MRA

Unified Contact Centre Express Enhancements

CAD/Finesse Agent

The CAD Agent has been officially retired. The Cisco Finesse Agent is now the only agent delivered with Contact Centre suite.

IP Phone Agent

The Finesse IP Phone Agent (IPPA) has been introduced in v11, the Standard License feature set unlocks the IPPA. The IPPA Provides basic IPCC functionality which incudes:

- Agents State changes and display
- Wrap Codes
- Display Context Data (Script Variables)

Finesse IP Phone Agent

Jabber Enhancements

In my opinion the Active Directory Groups integration into Jabber is a huge improvement. Also in v11 other features to be introduced include Far end camera control, the OPUS and G722 codec support, P2P Calling (not need for CUCM), integration into CMR Rooms, bridge escalations into the Conference Now Audio bridges.

Jabber Conference Escalation

Dial Via Office – Reverse (DVO-R) provides an alternative to mobile to mobile calling. This feature allows the Jabber device to use the CUCM server to fork out(establishe) two PSTN Call legs for audio quality.

Jabber DVO-R

CMR Cloud 3.0

New features include Proximity Join for mobiles apps and IOS and Android platforms, video callback to SIP URIs, enhanced Lync interoperability.

Collaboration Endpoint Software 8.0

The CE8.0 software now allows PC/MAC to share content (Static) from anywhere in a room without cables.

The Touch 10″ UI creates a unified experience with room based endpoints allowing drag and drop, move content/video between screens etc.

Touch 10 UI - Cisco Telepresence

CE 8.0 introduced Multistream for room based endpoints. This allows the room based endpoint to fully utilise both screens, in the past only screen was used for video and the second screen for content.

Cisco Multistream

Note: be sure to check compatibility guides before upgrading room based endpoints to CE8.0 software.

Mar 08

UCCX: Script Validation Failed: java.lang.NullPointerException

Come across a little error with UCCX Scripting. I had a working script configured. As the scripts are object based, sometimes the objects can be moved accidently while you are working on the script. Today I accidently moved the “Start” step and dropped it somewhere in the middle of the script. I moved this step back to beginning, however, the script would now fail. All the debugs would show java.lang.NullPointerException.

I ended up creating a new script and copy/paste the original to the new. Debugs then worked fine and the script was back in action.

Jave Exception Error

Cisco UCCX