Re: [cisco-voip] CUCM 11.5(1)SU6, Port 6972 and EC Certs
Im on the road, but there was a similar bug for this. Can’t seem to find it. It’s TFTP based issue from memory. You had to de-activate and re-activate the TFTP services. From: cisco-voip on behalf of Anthony Holloway Date: Wednesday, 4 September 2019 at 12:03 pm To: "cisco-voip@puck.nether.net" Subject: [cisco-voip] CUCM 11.5(1)SU6, Port 6972 and EC Certs So, I just ran into something interesting where someone else took care of the certs for a CUCM I now have access to, and while the main CCMAdmin pages load fine in my browser with a full chain of trust, the 6972 page(s) are being delivered as EC certs, which were not signed, and thus, I get a warning in my browser. Now, I have other CUCM deployments under my belt where the Tomcat RSA certs are signed and EC not, because the default setting for CUCM is to not use EC certs until you tell it to. These deployments still present the RSA cert to me for 6972. The only difference is the SU6 part. I couldn't find anything in the release notes nor in the bug search, and so I'm wondering if any of you know what might be happening. I tried toggling the HTTP Ciphers from RSA only to All and back again, but that didn't work. I tried re-uploading the RSA cert chain, starting from root, and then back through the 2 intermediates (yes, three layers deep, it's a public CA chain). I've restarted Tomcat, I've deactivated/reactivate TFTP, I've rebooted the cluster, and I'm just at a loss. It's not that big of a deal, it just bothers me that I don't know why it's doing this. ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] CUCM 11.5(1)SU6, Port 6972 and EC Certs
So, I just ran into something interesting where someone else took care of the certs for a CUCM I now have access to, and while the main CCMAdmin pages load fine in my browser with a full chain of trust, the 6972 page(s) are being delivered as EC certs, which were not signed, and thus, I get a warning in my browser. Now, I have other CUCM deployments under my belt where the Tomcat RSA certs are signed and EC not, because the default setting for CUCM is to not use EC certs until you tell it to. These deployments still present the RSA cert to me for 6972. The only difference is the SU6 part. I couldn't find anything in the release notes nor in the bug search, and so I'm wondering if any of you know what might be happening. I tried toggling the HTTP Ciphers from RSA only to All and back again, but that didn't work. I tried re-uploading the RSA cert chain, starting from root, and then back through the 2 intermediates (yes, three layers deep, it's a public CA chain). I've restarted Tomcat, I've deactivated/reactivate TFTP, I've rebooted the cluster, and I'm just at a loss. It's not that big of a deal, it just bothers me that I don't know why it's doing this. ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] UCCX 11.6 HA LAN to WAN
As with most things, I think you're safe doing what makes the most sense for your given set of requirements. The design guide does mention a few key points on the topic. https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cust_contact/contact_center/crs/express_11_6_2/design/guide/uccx_b_ccx-solution-design-guide-1162/uccx_b_ccx-solution-design-guide-1162_chapter_0101.html#UCCX_RF_U938BBDA_00 Have you read through this? E.g., "Set up Unified CCX to use the local Unified CM servers for both primary and secondary in the following configurations. If this is not possible, at least the primary Unified CM server should be local." On Tue, Sep 3, 2019 at 11:35 AM Michael Nickolich < michael.nickol...@gmail.com> wrote: > Thank you guys for all your feedback! This exactly what we were looking > for with this move.Based on the responses, we'll need to do the HA WAN and > new hostname. Current config has the device pool as UCCX_ABC, so the agents > would eventually fail-over to CUCM Sub C in DC2. CUCM Sub A and B, as well > as CUCM Pub are in DC1 and will be down for a majority of the day as they > upgrade power in DC1. Honestly, not sure that I prefer that they have to > prefer CUCM Sub in DC2, but I was worried about the agents ability to > authenticate with their local end user accounts. > > Could we just keep HA LAN and update the UCCX Unified CM Configuration to > include Sub C in DC2? Current AXL Service Providers only list the CUCM Pub, > and JTAPI and RmCm both have CUCM Sub A and B in DC1. Could I just add Sub > C as a secondary AXL Service Provider and then swap out one of the Subs > listed in DC1 to Sub C in DC2 for both JTAPI and RmCm? > > > On Fri, Aug 30, 2019 at 1:19 PM Brian Meade wrote: > >> Yea, I think the process would work fine with new hostname. I'm >> wondering if deleting a sub and re-adding/rebuilding with same hostname as >> WAN causes some issues which needed that cleanup script. >> >> On Fri, Aug 30, 2019 at 11:06 AM Anthony Holloway < >> avholloway+cisco-v...@gmail.com> wrote: >> >>> You can't convert the model from LAN to WAN, per se. You basically just >>> destroy your HA by deleting the Sub from the Pub GUI. Then delete your Sub >>> VM. Then, you rebuild the whole Sub integration from scratch, as if it was >>> new. >>> >>> On Fri, Aug 30, 2019 at 9:55 AM Brian Meade wrote: >>> HA over WAN allows each server to have different configurations for the Unified CM connection as well as your call control groups. So you could have the subscriber connect to a local CUCM subscriber and have different device pools for those CTI groups to use that local subscriber as well. I've definitely seen some bugs with HA over WAN in older versions but it should be pretty stable now. I've never tried to convert an existing subscriber from LAN to WAN. There may indeed be some database references that don't get fully cleaned up when deleting the subscriber from the publisher. You would probably have better luck using a different hostname for the new subscriber. On Fri, Aug 30, 2019 at 10:45 AM Michael Nickolich < michael.nickol...@gmail.com> wrote: > Hello all, > > We are looking to geographical separate our HA UCCX 11.6.1 nodes, > which are currently in "data center 1". We will be installing the UCCX Sub > at our other data center across campus, which is connected by 10Gb fiber. > "Data Center 2" already has two UCM Subscribers and this is where the UCCX > Sub will reside. My question is when we install the new Sub, will we > select > HA over LAN or HA over WAN? TAC said it needs to be HA over WAN as the Pub > and Sub will be on different networks. TAC also said they would need to > have root access to delete the Sub from the Pub and delete any traces of > the old Sub. Then add the Sub back to the Pub. The documentation does not > mention anything about contacting TAC to gain root access for Switching > Network Deployment from LAN to WAN. Just wondering if their documentation > needs updated or if the TAC engineer misspoke. > > We will be keeping the same hostname for the server. Going to have our > Sys Admins to lower the TTL on the original record prior to making these > changes. Once we remove the Sub, have the Sys Admin update the A and PTR > record to point to the new IP and set TTL back to the default. Then verify > DNS resolution to the new IP. > Then install the new UCCX Sub. Still not sure HA over LAN or WAN. > Then update AXL, JTAPI, and RmCM to include one UCM Sub from data > center 2 in case there is a total outage in data center 1. Currently AXL > only has the UCM Pub. > > Any guidance on any gotchas would be greatly appreciated. > > Thanks, > > ___ > cisco-voip mailing list > cisco-voip@puck.nether.net >
Re: [cisco-voip] Setup
I found what I needed on Youtube. There are some videos there that are from "NetworkChuck" that have good explanations and items that I captured and will make into slides. On Tuesday, September 3, 2019, 12:14:22 PM CDT, Charles Goldsmith wrote: Well, if your setup has 1 site, and all phone are setup the same, it is a simple process, you can even copy a phone. However, anything more complex than that, and you could get bad results, like if someone dialed emergency services and it went out the wrong location. If you have already setup all of the call routing details, then you know what is needed to setup a phone. On Tue, Sep 3, 2019 at 12:09 PM John Huston wrote: I have already done that which is why I am asking a question here for training. Thank you for the prompt reply. On Tuesday, September 3, 2019, 12:07:53 PM CDT, Charles Goldsmith wrote: John, the settings in your system are very specific to your site and setup. If you are not familiar with it, I'd advise you to reach out to your partner / VAR for assistance. On Tue, Sep 3, 2019 at 11:59 AM John Huston via cisco-voip wrote: Hello, Is there a location where I can find some slides on how to setup a phone in an existing system from start to finish? The Route Groups, Route Lists and Route Patterns are already setup. Thank you in advance for your help. ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Setup
Well, if your setup has 1 site, and all phone are setup the same, it is a simple process, you can even copy a phone. However, anything more complex than that, and you could get bad results, like if someone dialed emergency services and it went out the wrong location. If you have already setup all of the call routing details, then you know what is needed to setup a phone. On Tue, Sep 3, 2019 at 12:09 PM John Huston wrote: > I have already done that which is why I am asking a question here for > training. Thank you for the prompt reply. > > > > > On Tuesday, September 3, 2019, 12:07:53 PM CDT, Charles Goldsmith < > w...@woka.us> wrote: > > > John, the settings in your system are very specific to your site and > setup. If you are not familiar with it, I'd advise you to reach out to > your partner / VAR for assistance. > > > On Tue, Sep 3, 2019 at 11:59 AM John Huston via cisco-voip < > cisco-voip@puck.nether.net> wrote: > > Hello, > > Is there a location where I can find some slides on how to setup a phone > in an existing system from start to finish? The Route Groups, Route Lists > and Route Patterns are already setup. > > Thank you in advance for your help. > > > > > ___ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip > > ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Setup
I have already done that which is why I am asking a question here for training. Thank you for the prompt reply. On Tuesday, September 3, 2019, 12:07:53 PM CDT, Charles Goldsmith wrote: John, the settings in your system are very specific to your site and setup. If you are not familiar with it, I'd advise you to reach out to your partner / VAR for assistance. On Tue, Sep 3, 2019 at 11:59 AM John Huston via cisco-voip wrote: Hello, Is there a location where I can find some slides on how to setup a phone in an existing system from start to finish? The Route Groups, Route Lists and Route Patterns are already setup. Thank you in advance for your help. ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Setup
John, the settings in your system are very specific to your site and setup. If you are not familiar with it, I'd advise you to reach out to your partner / VAR for assistance. On Tue, Sep 3, 2019 at 11:59 AM John Huston via cisco-voip < cisco-voip@puck.nether.net> wrote: > Hello, > > Is there a location where I can find some slides on how to setup a phone > in an existing system from start to finish? The Route Groups, Route Lists > and Route Patterns are already setup. > > Thank you in advance for your help. > > > > > ___ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip > ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] Setup
Hello, Is there a location where I can find some slides on how to setup a phone in an existing system from start to finish? The Route Groups, Route Lists and Route Patterns are already setup. Thank you in advance for your help. ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] UCCX 11.6 HA LAN to WAN
Thank you guys for all your feedback! This exactly what we were looking for with this move.Based on the responses, we'll need to do the HA WAN and new hostname. Current config has the device pool as UCCX_ABC, so the agents would eventually fail-over to CUCM Sub C in DC2. CUCM Sub A and B, as well as CUCM Pub are in DC1 and will be down for a majority of the day as they upgrade power in DC1. Honestly, not sure that I prefer that they have to prefer CUCM Sub in DC2, but I was worried about the agents ability to authenticate with their local end user accounts. Could we just keep HA LAN and update the UCCX Unified CM Configuration to include Sub C in DC2? Current AXL Service Providers only list the CUCM Pub, and JTAPI and RmCm both have CUCM Sub A and B in DC1. Could I just add Sub C as a secondary AXL Service Provider and then swap out one of the Subs listed in DC1 to Sub C in DC2 for both JTAPI and RmCm? On Fri, Aug 30, 2019 at 1:19 PM Brian Meade wrote: > Yea, I think the process would work fine with new hostname. I'm wondering > if deleting a sub and re-adding/rebuilding with same hostname as WAN causes > some issues which needed that cleanup script. > > On Fri, Aug 30, 2019 at 11:06 AM Anthony Holloway < > avholloway+cisco-v...@gmail.com> wrote: > >> You can't convert the model from LAN to WAN, per se. You basically just >> destroy your HA by deleting the Sub from the Pub GUI. Then delete your Sub >> VM. Then, you rebuild the whole Sub integration from scratch, as if it was >> new. >> >> On Fri, Aug 30, 2019 at 9:55 AM Brian Meade wrote: >> >>> HA over WAN allows each server to have different configurations for the >>> Unified CM connection as well as your call control groups. So you could >>> have the subscriber connect to a local CUCM subscriber and have different >>> device pools for those CTI groups to use that local subscriber as well. >>> >>> I've definitely seen some bugs with HA over WAN in older versions but it >>> should be pretty stable now. >>> >>> I've never tried to convert an existing subscriber from LAN to WAN. >>> There may indeed be some database references that don't get fully cleaned >>> up when deleting the subscriber from the publisher. You would probably >>> have better luck using a different hostname for the new subscriber. >>> >>> On Fri, Aug 30, 2019 at 10:45 AM Michael Nickolich < >>> michael.nickol...@gmail.com> wrote: >>> Hello all, We are looking to geographical separate our HA UCCX 11.6.1 nodes, which are currently in "data center 1". We will be installing the UCCX Sub at our other data center across campus, which is connected by 10Gb fiber. "Data Center 2" already has two UCM Subscribers and this is where the UCCX Sub will reside. My question is when we install the new Sub, will we select HA over LAN or HA over WAN? TAC said it needs to be HA over WAN as the Pub and Sub will be on different networks. TAC also said they would need to have root access to delete the Sub from the Pub and delete any traces of the old Sub. Then add the Sub back to the Pub. The documentation does not mention anything about contacting TAC to gain root access for Switching Network Deployment from LAN to WAN. Just wondering if their documentation needs updated or if the TAC engineer misspoke. We will be keeping the same hostname for the server. Going to have our Sys Admins to lower the TTL on the original record prior to making these changes. Once we remove the Sub, have the Sys Admin update the A and PTR record to point to the new IP and set TTL back to the default. Then verify DNS resolution to the new IP. Then install the new UCCX Sub. Still not sure HA over LAN or WAN. Then update AXL, JTAPI, and RmCM to include one UCM Sub from data center 2 in case there is a total outage in data center 1. Currently AXL only has the UCM Pub. Any guidance on any gotchas would be greatly appreciated. Thanks, ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip >>> ___ >>> cisco-voip mailing list >>> cisco-voip@puck.nether.net >>> https://puck.nether.net/mailman/listinfo/cisco-voip >>> >> ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip