Re: [cisco-voip] multiple domain support for jabber (both)

[Lelio Fulgenzi]

Whoa. That’s just weird. A login should be an identical match. Looks like the 
SQL statement being used is a “like” or “subset”.

---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca

www.uoguelph.ca/ccs | @UofGCCS on Instagram, 
Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

From: Anthony Holloway 
Sent: Tuesday, June 19, 2018 3:40 PM
To: Lelio Fulgenzi 
Cc: Pawlowski, Adam ; cisco-voip@puck.nether.net
Subject: Re: [cisco-voip] multiple domain support for jabber (both)

To add something to what Adam was saying about looking up different formats of 
user names, I have a customer using flexible JID, because their User IDs are 
numeric.

E.g., 45633 is Anthony Holloway

And their email addresses are alpha character based.

E.g., Anthony Holloway is at ahollo...@company.com

No where in the current environment does the user use the User ID (45633) with 
the domain (company.com).

E.g., This would be out of place: 45...@company.com.

So, we switched them to flexible JID, so we could leverage email like 
formatting for JIDs, though I must admit, since the introduction of Automatic 
UPN discovery, it's kind of pointless.

For contractors, they do not get a numeric User ID (which is based on the 
employee ID), and instead get the alpha User ID.  So say Alexander Holloway was 
a contractor, then his User ID would be aholloway (no conflict with Anthony 
[45633]), but his email would be 
ahollow...@company.com, since Anthony Holloway, 
the employee, already has ahollo...@company.com.

Now, when Anthony goes to login to Jabber, he cannot, because Jabber strips the 
user portion of the UPN when performing a lookup on the user, and returns a 
conflict.  In the logs you will see this when Anthony tries to login:

12:24:30.333 | debug| TokenAuthUtils::executeUserFromIMaddressQuery: IMDB 
(userid) query successful: [SELECT pkid, userid FROM validendusers WHERE 
userid='aholloway';]
12:24:30.333 | error| TokenAuthUtils::executeUserFromIMaddressQuery: imaddress 
and userid queries returned conflicting rows. Returning error

When Alex the contractor's account is deleted, you will instead see this in the 
logs when Anthony logs in successfully:

11:47:51.505 | debug| TokenAuthUtils::executeUserFromIMaddressQuery: IMDB 
(userid) query successful: [SELECT pkid, userid FROM validendusers WHERE 
userid='aholloway';]
11:47:51.505 | debug| TokenAuthUtils::executeUserFromIMaddressQuery: imaddress 
query returned row but not userid.
11:47:51.505 | debug| TokenAuthUtils::executeUserFromIMaddressQuery: userid set 
as [45633]

Jabber no longer has a conflict with Alex's username, but it does notice that 
the user portion of the UPN is not the userid for Anthony, and then progresses 
the login, using the now discovered user id.

Summary
You have two users, you're using flexible JID based on Directory URI, and 
Directory URI is based on email address.  User 1 cannot login, because the user 
portion of their UPN matches User 2's User ID.  User 2 can login, since the 
user portion of their UPN does not match any user's User ID in the system.

User 1
Name = Anthony Holloway
User ID = 45633
Email = ahollo...@company.com

User 2
Name = Alexander Holloway
User ID = aholloway
Email = ahollow...@company.com

At least, that was my experience pre-fast login.  Jabber is ever changing, and 
so who knows how it behaves at any given point in time? Certainly not me.

On Thu, May 24, 2018 at 3:57 PM Lelio Fulgenzi 
mailto:le...@uoguelph.ca>> wrote:
Thanks for the feedback. It will take me a while to digest. But very good info!

The one thing I will comment on is your approach regarding everyone seeing the 
collab edge. I thought about this for a while, basically making everyone 
"off-prem" regardless of whether they were on-prem or not. I decided against 
this design for a few reasons: (a) it's not the norm, (b) it took some 
finagling of DNS to get to work, and (c) MRA feature parity was not quite there 
when we were looking at it (it's getting better, but still not there).

The biggest reason I wanted to explore MRA Everywhere (tm) was to avoid having 
to worry about network access control lists. Right now, that's a big issue for 
us. Depending on how things go, I may have to suggest the MRA Everywhere (tm) 
option again.

Thinking about it though, I was pretty sure there was a stumbling block 
somewhere along the way with the separate DNS servers for the C servers. I'm 
not quite sure what it was, but I think it had something to do with additional 
entries needed, i.e. you couldn't set up a 

Re: [cisco-voip] multiple domain support for jabber (both)

[Anthony Holloway]

To add something to what Adam was saying about looking up different formats
of user names, I have a customer using flexible JID, because their User IDs
are numeric.

E.g., 45633 is Anthony Holloway

And their email addresses are alpha character based.

E.g., Anthony Holloway is at ahollo...@company.com

No where in the current environment does the user use the User ID (45633)
with the domain (company.com).

E.g., This would be out of place: 45...@company.com.

So, we switched them to flexible JID, so we could leverage email like
formatting for JIDs, though I must admit, since the introduction of
Automatic UPN discovery, it's kind of pointless.

For contractors, they do not get a numeric User ID (which is based on the
employee ID), and instead get the alpha User ID.  So say Alexander Holloway
was a contractor, then his User ID would be aholloway (no conflict with
Anthony [45633]), but his email would be ahollow...@company.com,
since Anthony Holloway, the employee, already has ahollo...@company.com.

Now, when Anthony goes to login to Jabber, he cannot, because Jabber strips
the user portion of the UPN when performing a lookup on the user, and
returns a conflict.  In the logs you will see this when Anthony tries to
login:

12:24:30.333 | debug| TokenAuthUtils::executeUserFromIMaddressQuery: IMDB
(userid) query successful: [SELECT pkid, userid FROM validendusers WHERE
userid='aholloway';]
12:24:30.333 | error| TokenAuthUtils::executeUserFromIMaddressQuery: imaddress
and userid queries returned conflicting rows. Returning error

When Alex the contractor's account is deleted, you will instead see this in
the logs when Anthony logs in successfully:

11:47:51.505 | debug| TokenAuthUtils::executeUserFromIMaddressQuery: IMDB
(userid) query successful: [SELECT pkid, userid FROM validendusers WHERE
userid='aholloway';]
11:47:51.505 | debug| TokenAuthUtils::executeUserFromIMaddressQuery: imaddress
query returned row but not userid.
11:47:51.505 | debug| TokenAuthUtils::executeUserFromIMaddressQuery: userid
set as [45633]

Jabber no longer has a conflict with Alex's username, but it does notice
that the user portion of the UPN is not the userid for Anthony, and then
progresses the login, using the now discovered user id.

*Summary*
You have two users, you're using flexible JID based on Directory URI, and
Directory URI is based on email address.  User 1 cannot login, because the
user portion of their UPN matches User 2's User ID.  User 2 can login,
since the user portion of their UPN does not match any user's User ID in
the system.

*User 1*
Name = Anthony Holloway
User ID = 45633
Email = ahollo...@company.com

*User 2*
Name = Alexander Holloway
User ID = aholloway
Email = ahollow...@company.com

At least, that was my experience pre-fast login.  Jabber is ever changing,
and so who knows how it behaves at any given point in time? Certainly not
me.

On Thu, May 24, 2018 at 3:57 PM Lelio Fulgenzi  wrote:

> Thanks for the feedback. It will take me a while to digest. But very good
> info!
>
> The one thing I will comment on is your approach regarding everyone seeing
> the collab edge. I thought about this for a while, basically making
> everyone "off-prem" regardless of whether they were on-prem or not. I
> decided against this design for a few reasons: (a) it's not the norm, (b)
> it took some finagling of DNS to get to work, and (c) MRA feature parity
> was not quite there when we were looking at it (it's getting better, but
> still not there).
>
> The biggest reason I wanted to explore MRA Everywhere (tm) was to avoid
> having to worry about network access control lists. Right now, that's a big
> issue for us. Depending on how things go, I may have to suggest the MRA
> Everywhere (tm) option again.
>
> Thinking about it though, I was pretty sure there was a stumbling block
> somewhere along the way with the separate DNS servers for the C servers.
> I'm not quite sure what it was, but I think it had something to do with
> additional entries needed, i.e. you couldn't set up a pointer on the
> isolated DNS server to point to your general DNS servers, so any address
> you needed would have to be populated on the isolated DNS, i.e. syslog
> hosts, ntp hosts, etc. Or just use IP addresses?
>
> But I swear there was something else a circular reference issue I
> couldn't resolve.
>
> I might have to bug you about this later. 
>
> ---
> Lelio Fulgenzi, B.A. | Senior Analyst
> Computing and Communications Services | University of Guelph
> Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON |
> N1G 2W1
> 519-824-4120 Ext. 56354 <(519)%20824-4120> | le...@uoguelph.ca
>
> www.uoguelph.ca/ccs | @UofGCCS on Instagram, Twitter and Facebook
>
>
>
> -Original Message-
> From: cisco-voip  On Behalf Of
> Pawlowski, Adam
> Sent: Thursday, May 24, 2018 3:47 PM
> To: cisco-voip@puck.nether.net
> Subject: Re: [cisco-voip] multiple domain support for jabber (both)
>
> > We use a special discovery domain in order 

Re: [cisco-voip] 8832s

[DJ Lundberg]

I had a similar issue with 8832s not getting an IP address running any
firmware lower than 12.0.1SR2.  Give this a shot:


*   On CUCM Upgrade the firmware to the latest release.
  *   Boot the 8832 phone from inactive load.
 *   Hold the * key while connecting the power to the 8832.
 *   After the LED bar light turns ON green and then OFF, you can
release the * key.
 *   The 8832 should proceed to boot from the image in the alternate
partition.

Thanks,
DJ

On Sun, Jun 10, 2018 at 9:54 AM, Jason Aarons (Americas) <
jason.aar...@dimensiondata.com> wrote:

> I would only deploy a device pack on new cluster build.  All else per
> device update.  I used to like to hardcode the load field on a per phone
> basis to prevent them from changing.  Been doing less of that.
>
>
>
> The cmterm CE (Collaboration Endpoint) loads of 1.8GB are ridiculous, in
> DRS .tar backups too.
>
>
>
> *From:* cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] *On Behalf
> Of *Anthony Holloway
> *Sent:* Monday, April 30, 2018 9:07 AM
> *To:* Charles Goldsmith 
> *Cc:* cisco-voip (cisco-voip@puck.nether.net) 
> *Subject:* Re: [cisco-voip] 8832s
>
>
>
>
>
> I wish CUCM didn't ship with newer phone firmware.
>
>
>
> Since Cisco already drops support for all firmware older than the most
> recent firmware:
>
>
>
> - For each IP Phone model, once Cisco releases a new firmware version, the
> older versions are no longer supported.
>
> - Cisco expects customers who encounter a problem on an older version of
> firmware to test the latest firmware on a subset of phones in order to
> confirm that the problem still exists.
>
> Source: http://www.cisco.com/c/en/us/support/docs/collaboration-
> endpoints/unified-ip-phone-7900-series/116684-technote-ipphone-00.html
>
>
>
> And most people agree that you should upgrade firmware before a CUCM
> upgrade anyway, just remove firmware from CUCM.
>
>
>
> Not too mention it clutters up TFTP.
>
>
>
> I also think that the firmware should be decoupled from the Device Packs.
> When adding support for a single model phone, rarely am I also trying to
> upgrade 100% of the phones in the environment too.
>
>
>
> On Sun, Apr 29, 2018 at 8:22 PM Charles Goldsmith 
> wrote:
>
> Since the 8832 is a dual bank phone, shouldn't it have the old image on it
> in the backup bank?  Maybe hardcoding the old image on the phone
> configuration and doing a reset will cause it to boot from it?
>
>
>
>
>
> On Sun, Apr 29, 2018 at 7:06 PM Ryan Huff  wrote:
>
> Sounds like the ole’ ‘step upgrade’ issue that plagued the 79xx series
> back in the 8.x days 
>
>
>
> My guess is they don’t actually need RMA’ed, just the easiest way to deal
> with it 
>
>
>
> I’d flash the phones and advertise an isolated tftp server to them with
> the firmware load and XML bootstrap file. The phones aren’t working now, so
> flashing them and then still not getting them to load right isn’t going to
> make it any worse.
>
>
>
> Use DNS in the DHCP scope in your isolation network with the TFTP server
> and pcap/debug the DNS queries to see the bootstrap and load files it’s
> looking for.
>
>
>
> In the 79xx series back in the day when I would perform this Lazarus trick
> for some lucky customers; the bootstrap filename was
> *XMLDefault.cnf.xml. *Not sure if it’s the same nowadays though.
>
>
>
> Here is the Cisco doc on the procedure for the older stuff  worth a
> shot but not sure if it still works on the newer gear.
>
>
>
> https://www.cisco.com/c/en/us/support/docs/unified-communications/unified-
> communications-manager-callmanager/200582-Update-Cisco-IP-Phone-Firmware-
> through-T.html
>
>
>
>
>
> -Ryan-
>
>
> On Apr 29, 2018, at 18:53, Jason Aarons (Americas) <
> jason.aar...@dimensiondata.com> wrote:
>
>
>
>
>
> I have a customer with four 8832 conference room phones. Their CUCM was
> running version 12.0.1 of the 8832 firmware. These phones shipped with
> version 12.0.1SR2. When they registered the first two phones they
> downgraded from 12.0.1SR2 to 12.0.1 and are now unusable. They sit on
> “Connecting” after booting up. They do not get an IP address. You cannot
> set an IP address manually. If you reset the phone it doesn’t fix it, nor
> does a factory reset
> 
>  allow
> the phone to revert to the firmware they shipped with. Cisco TAC says they
> must be RMA’d. We upgraded CUCM to 12.0.1SR3 and the other two phones
> upgraded fine from 12.0.1SR2 to 12.0.1SR3.
>
>
>
> Does anyone have any ideas on what we could do to fix these phones other
> than RMAing them?
>
>
>
>
>
> Get Outlook for Android 
>
>
>
>
>
> This email and all contents are subject to the following disclaimer:
> "http://www.dimensiondata.com/emaildisclaimer;
> 
>
> 

Re: [cisco-voip] Cisco Webex Spark Room Kit

[Anthony Holloway]

You will likely need 10.5(2) and a device pack to add support for this
device.  Have you gotten that far in your research?

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/compat/matrix/CMDP_BK_CCBDA741_00_cucm-device-package-compatibility-matrix/CMDP_BK_CCBDA741_00_cucm-device-package-compatibility-matrix_chapter_00.html#reference_C67FF54CF76D6B85FED05DC56940C5B0

On Fri, Jun 15, 2018 at 3:30 PM Arun Kumar  wrote:

> Hi Team,
>
> I have new Device Cisco Webex spark room kit to install in CUCM 10.5, may
> i know how can i add this device in cucm is there any compatibility issue.
> Please share your Valuable feedback
>
> --
>
> *Thanks,Arun*
> ___
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Looking for a recommendation for Voice Lab SIP Trunk Provider

[Anthony Holloway]

I use Twilio, but it looks very similar to the other two already
mentioned.  I'd have no reason to argue one way or the other.

The other two did not mention cost, but I can tell you Twilio is not free;
it's $1/mo. per DID, and then starts at $0.0045/min for origination and
$0.007/min for termination.

https://www.twilio.com/sip-trunking/pricing

You don't need to speak to anyone to sign up, just create an account,
supply a credit card, and start building the far end side of the trunk
yourself.  You also automatically get API access too, which is pretty
cool.  They have an online IVR builder, and an online scripting
environment, so you don't have to host your own code.

Best of luck.

On Tue, Jun 19, 2018 at 10:51 AM Schlotterer, Tommy <
tschlotte...@presidio.com> wrote:

> I use flowroute.com
>
>
>
> Thanks
>
>
> Tommy
>
>
>
>
> Tommy Schlotterer | Systems Engineer - Collaboration
> Presidio (NASDAQ: PSDO) | presidio.com
> 20 N Saint Clair 3rd Floor, Toledo, OH 43604
> D: 419.214.1415 <(419)%20214-1415> | C: 419.706.0259 <(419)%20706-0259> |
> tschlotte...@presidio.com
>
>
>
> [image: Future. Built.] 
>
>
> Follow us:
>
> [image: Follow Presidio on Twitter] 
>
>
>
> *From:* cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] *On Behalf
> Of *Wagner, Fredrich
> *Sent:* Monday, June 18, 2018 4:24 PM
>
>
> *To:* cisco-voip@puck.nether.net
> *Subject:* [cisco-voip] Looking for a recommendation for Voice Lab SIP
> Trunk Provider
>
>
>
> *EXTERNAL EMAIL*
>
>
>
>
>
> Hello everyone, does anyone have a recommendation for a free, or very
> affordable SIP Trunk Provider for my Voice Lab?
>
>
>
> I would like to be able to do both inbound and outbound testing with it,
> hopefully change caller ID, etc.
>
>
>
>
>
>
>
> Thank you in advance!
>
>
>
> /FW
>
>
>
> This communication is the property of CenturyLink and may contain
> confidential or privileged information. Unauthorized use of this
> communication is strictly prohibited and may be unlawful. If you have
> received this communication in error, please immediately notify the sender
> by reply e-mail and destroy all copies of the communication and any
> attachments.
>
>
> *This message w/attachments (message) is intended solely for the use of
> the intended recipient(s) and may contain information that is privileged,
> confidential or proprietary. If you are not an intended recipient, please
> notify the sender, and then please delete and destroy all copies and
> attachments. Please be advised that any review or dissemination of, or the
> taking of any action in reliance on, the information contained in or
> attached to this message is prohibited.*
>
> ___
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Looking for a recommendation for Voice Lab SIP Trunk Provider

[Schlotterer, Tommy]

I use flowroute.com

Thanks

Tommy


Tommy Schlotterer | Systems Engineer - Collaboration
Presidio (NASDAQ: PSDO) | presidio.com
20 N Saint Clair 3rd Floor, Toledo, OH 43604
D: 419.214.1415 | C: 419.706.0259 | 
tschlotte...@presidio.com



[Future. Built.]


Follow us:

[Follow Presidio on Twitter]



From: cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] On Behalf Of 
Wagner, Fredrich
Sent: Monday, June 18, 2018 4:24 PM
To: cisco-voip@puck.nether.net
Subject: [cisco-voip] Looking for a recommendation for Voice Lab SIP Trunk 
Provider

EXTERNAL EMAIL




Hello everyone, does anyone have a recommendation for a free, or very 
affordable SIP Trunk Provider for my Voice Lab?

I would like to be able to do both inbound and outbound testing with it, 
hopefully change caller ID, etc.



Thank you in advance!

/FW

This communication is the property of CenturyLink and may contain confidential 
or privileged information. Unauthorized use of this communication is strictly 
prohibited and may be unlawful. If you have received this communication in 
error, please immediately notify the sender by reply e-mail and destroy all 
copies of the communication and any attachments.


This message w/attachments (message) is intended solely for the use of the 
intended recipient(s) and may contain information that is privileged, 
confidential or proprietary. If you are not an intended recipient, please 
notify the sender, and then please delete and destroy all copies and 
attachments. Please be advised that any review or dissemination of, or the 
taking of any action in reliance on, the information contained in or attached 
to this message is prohibited.
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Looking for a recommendation for Voice Lab SIP Trunk Provider

[Benjamin Turner]

Telnyx



Get Outlook for Android


From: cisco-voip  on behalf of Wagner, 
Fredrich 
Sent: Monday, June 18, 2018 4:23:47 PM
To: cisco-voip@puck.nether.net
Subject: [cisco-voip] Looking for a recommendation for Voice Lab SIP Trunk 
Provider

Hello everyone, does anyone have a recommendation for a free, or very 
affordable SIP Trunk Provider for my Voice Lab?

I would like to be able to do both inbound and outbound testing with it, 
hopefully change caller ID, etc.



Thank you in advance!

/FW

This communication is the property of CenturyLink and may contain confidential 
or privileged information. Unauthorized use of this communication is strictly 
prohibited and may be unlawful. If you have received this communication in 
error, please immediately notify the sender by reply e-mail and destroy all 
copies of the communication and any attachments.
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

[cisco-voip] Looking for a recommendation for Voice Lab SIP Trunk Provider

[Wagner, Fredrich]

Hello everyone, does anyone have a recommendation for a free, or very 
affordable SIP Trunk Provider for my Voice Lab?

I would like to be able to do both inbound and outbound testing with it, 
hopefully change caller ID, etc.



Thank you in advance!

/FW

This communication is the property of CenturyLink and may contain confidential 
or privileged information. Unauthorized use of this communication is strictly 
prohibited and may be unlawful. If you have received this communication in 
error, please immediately notify the sender by reply e-mail and destroy all 
copies of the communication and any attachments.
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip