Re: [cisco-voip] Cube Recording Configuration
Hi All, I think the config looks correct; - Dial-peer 1 is the dial-peer you want to record so you apply media-class 30 - Media-class 30 is associated with recorder 400 - Recorder 400 is associated with media-recording 3 (in other words dial-peer 3) - Dial-peer 3 is the 'SIP Trunk' towards MediaSense On MediaSense you would need to make sure 450123 is configured to record but I'm sure you've configured that already. I've had some really weird issues with MediaSense in the past where CUCM was sending TCP SYN on port 5060 but MediaSense never responded. A cluster reboot of MediaSense solved that issue. Perhaps take an IP Traffic Export on the router to see if it is sending TCP SYN and if MediaSense is responding. Sent from my iPhone > On 2 Apr 2016, at 02:02, Anthony Holloway > wrote: > > First of all, be careful doing this in production: > > voice service voip > ip address trusted list > ipv4 0.0.0.0 0.0.0.0 > > That is just reducing the security of your application and opening you up to > abuse. It's fine for troubleshooting and eliminating it as root cause, but > then remove it and add addresses/subnets in there to lock down from where you > will accept control traffic from. > > One last thing on this topic, since your dial-peers 2 and 3 already point to > IP addresses of SIP peers, you don't need to even do anything more. That > simple fact already permits those IP addresses to send you control traffic. > > Ok, on to the recording bit. I have not done this task myself, but looking > quickly through the following document: > > http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/voice/cube/configuration/cube-book/voi-ntwk-based.html > > ...it looks like you might have at least one error in your configuration. > > The one error I think you have: Your "media-class 30" dial-peer command > should be on dial-peer 3, not dial-peer 1. > >> On Fri, Apr 1, 2016 at 3:56 AM, daniele visaggio >> wrote: >> Good morning, >> >> I'm trying to record calls via CUBE. It doesn't work. This means that on the >> recording server I can't see any SIP invite incoming from CUBE. >> >> Scenario: >> >> Phone --- CUCM --- SIP --- CUBE ITSP PSTN >> | >> | >> Recording Server >> >> >> Let's say I want to record all calls going to the PSTN. >> >> This is my config: >> >> # >> ! >> voice service voip >> ip address trusted list >> ipv4 0.0.0.0 0.0.0.0 >> allow-connections sip to sip >> ! >> media profile recorder 400 >> media-recording 3 >> ! >> media class 30 >> recorder profile 400 >> ! >> ! >> dial-peer voice 1 voip >> description :: Incoming calls from CUCM :: >> session protocol sipv2 >> incoming called-number . >> media-class 30 >> codec g711ulaw >> ! >> dial-peer voice 2 voip >> description :: To ITSP/PSTN :: >> destination-pattern 0T >> session protocol sipv2 >> session target ipv4:10.128.179.12 >> codec g711ulaw >> ! >> dial-peer voice 3 voip >> description :: To Recorder Server :: >> destination-pattern 450123 >> session protocol sipv2 >> session target ipv4:10.130.221.218 >> codec g711ulaw >> ! >> >> >> I double checked the configuration and it seems correct to me. >> >> Is there something else I need to do? Can someone spot an error? >> >> >> Thank you, >> >> Daniele >> >> >> ___ >> cisco-voip mailing list >> cisco-voip@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-voip > > ___ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip > ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] bandwidth restrictions for MRA clients - necessary or not?
You can set up Device Mobility for the Expressway-C /32 address which means if anything is registered in CUCM with the -C IP, it will be placed in a Device Pool of your choosing. We have implemented this and it works great. Sent from my iPhone > On 4 Apr 2016, at 23:39, Lelio Fulgenzi wrote: > > > quick question... how are people restricting the video/audio bandwidth for > Jabber MRA clients or physical phone MRA clients for that matter? > > we have not had to use locations or enabled mobility (i think that's the IP > Address based feature) since we have high speed, low latency WAN links to our > locations. > > is it even a problem that I need to consider? > > i'd like to make sure we have the best video quality while on-campus > (including those connected via high speed WAN links), so i've set the default > bw to 10mbps. > > i'm wondering how that will impact MRA clients. > > --- > Lelio Fulgenzi, B.A. > Senior Analyst, Network Infrastructure > Computing and Communications Services (CCS) > University of Guelph > > 519‐824‐4120 Ext 56354 > le...@uoguelph.ca > www.uoguelph.ca/ccs > Room 037, Animal Science and Nutrition Building > Guelph, Ontario, N1G 2W1 > > ___ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip > ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Cube Recording Configuration
I'll test it in the lab some time this week but I'm not sure what the problem could be. Sent from my iPhone > On 4 Apr 2016, at 23:27, daniele visaggio wrote: > > Thank you for all of your responses. > > Sadly i'm still not able to get this working. > > @daniel > > for the time being I have no mediasense server. It's just a microsip client + > wireshark (this is to simulate the recorder and look up the signaling). The > problem is that I can't see any signaling whatsoever reaching my fake > recorder. dial-peer on cube are all using udp, so in wireshark/microsip I > expect to see at least an incoming invite. > > Btw I tried with tcp too and even then I couldn't spot any incoming SYN > packet. > > It seems the dial-peer pointing the fake recorder simply doesn't get matched > (so no signaling). > > 2016-04-01 21:59 GMT+02:00 : >> Hi All, >> >> I think the config looks correct; >> >> - Dial-peer 1 is the dial-peer you want to record so you apply media-class 30 >> - Media-class 30 is associated with recorder 400 >> - Recorder 400 is associated with media-recording 3 (in other words >> dial-peer 3) >> - Dial-peer 3 is the 'SIP Trunk' towards MediaSense >> >> On MediaSense you would need to make sure 450123 is configured to record but >> I'm sure you've configured that already. >> >> I've had some really weird issues with MediaSense in the past where CUCM was >> sending TCP SYN on port 5060 but MediaSense never responded. A cluster >> reboot of MediaSense solved that issue. Perhaps take an IP Traffic Export on >> the router to see if it is sending TCP SYN and if MediaSense is responding. >> >> Sent from my iPhone >> >>> On 2 Apr 2016, at 02:02, Anthony Holloway >>> wrote: >>> >> >>> First of all, be careful doing this in production: >>> >>> voice service voip >>> ip address trusted list >>> ipv4 0.0.0.0 0.0.0.0 >>> >>> That is just reducing the security of your application and opening you up >>> to abuse. It's fine for troubleshooting and eliminating it as root cause, >>> but then remove it and add addresses/subnets in there to lock down from >>> where you will accept control traffic from. >>> >>> One last thing on this topic, since your dial-peers 2 and 3 already point >>> to IP addresses of SIP peers, you don't need to even do anything more. >>> That simple fact already permits those IP addresses to send you control >>> traffic. >>> >>> Ok, on to the recording bit. I have not done this task myself, but looking >>> quickly through the following document: >>> >>> http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/voice/cube/configuration/cube-book/voi-ntwk-based.html >>> >>> ...it looks like you might have at least one error in your configuration. >>> >>> The one error I think you have: Your "media-class 30" dial-peer command >>> should be on dial-peer 3, not dial-peer 1. >>> On Fri, Apr 1, 2016 at 3:56 AM, daniele visaggio wrote: Good morning, I'm trying to record calls via CUBE. It doesn't work. This means that on the recording server I can't see any SIP invite incoming from CUBE. Scenario: Phone --- CUCM --- SIP --- CUBE ITSP PSTN | | Recording Server Let's say I want to record all calls going to the PSTN. This is my config: # ! voice service voip ip address trusted list ipv4 0.0.0.0 0.0.0.0 allow-connections sip to sip ! media profile recorder 400 media-recording 3 ! media class 30 recorder profile 400 ! ! dial-peer voice 1 voip description :: Incoming calls from CUCM :: session protocol sipv2 incoming called-number . media-class 30 codec g711ulaw ! dial-peer voice 2 voip description :: To ITSP/PSTN :: destination-pattern 0T session protocol sipv2 session target ipv4:10.128.179.12 codec g711ulaw ! dial-peer voice 3 voip description :: To Recorder Server :: destination-pattern 450123 session protocol sipv2 session target ipv4:10.130.221.218 codec g711ulaw ! I double checked the configuration and it seems correct to me. Is there something else I need to do? Can someone spot an error? Thank you, Daniele ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip >>> >>> ___ >>> cisco-voip mailing list >>> cisco-voip@puck.nether.net >>> https://puck.nether.net/mailman/listinfo/cisco-voip > ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/c
Re: [cisco-voip] Cisco UCM with Skype for Business
You have a few options but none will suit your needs: - Partitioned Intra-Domain Federation from CUPS to Lync will provide IM/Presence - Direct SIP Trunk to Lync Mediation Server will provide the ability to call Enterprise Voice enabled Lync clients (no video) - VCS/Expressway to Lync Mediation Server with/without Media Bypass will provide voice and video to Enterprise Voice enabled Lync clients - RCC (with Enterprise Voice disabled) will give you deskphone control of your Cisco phones from Lync client - CUCILync (with Enterprise Voice disabled) will give you voice/video softphone as well as deskphone control All of the above solutions cater different needs but you are limited with mobile support. You can run Jabber on mobile devices in Phone-only mode and then have separate Lync client for IM but that would be a bad user experience. Unless there is a specific reason to use Lync/SFB, if you already have a CUCM you may want to go Jabber and choose one of the above options. This is always a good read: https://social.technet.microsoft.com/Forums/office/en-US/cef0dd13-1092-46ec-9d1c-6679511d2206/lync-cisco-cucm-rcc?forum=ocsvoice and: http://www.justin-morris.net/cuci-lync-and-why-you-should-think-twice/ and finally: https://supportforums.cisco.com/discussion/11500646/cupsjabberlynccucilynciphoneandriod-head-spinning Sent from my iPhone > On 6 Apr 2016, at 17:06, Ki Wi wrote: > > Hi Group, > anyone have experience integrating ? > > The objective is to use Skype for business client for IM & voice/video call. > > It seems like the legacy approach is to use CUCILYNC. However, that's for > windows desktop. If we use Skype for mobile clients, there's no such plug in. > > Is there a way to achieve presence synchronization between UCM and Skype > presence service? > Assuming they are using the same URI ? > + > Able to leverage on UCM to receive and initial calls. > > Regards, > Ki Wi > ___ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip > ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] bandwidth restrictions for MRA clients - necessary or not?
Lelio, Jabber has been using something call CPVE for a while; Cisco Precision Video Engine. CPVE comes from the Tandberg acquisition and was mainly used in Tandberg Movi (later Jabber Video). CPVE indeed starts at a low quality bitrate and then assesses the network using RTCP and other technologies to up-scale and down-scale as needed. You stated your requirement in your initial email - "i'd like to make sure we have the best video quality while on-campus". While it's fine to assume that over 3G/4G video may be disabled or perhaps a low bandwidth, what about MRA clients using home or cafe WiFi? If said WiFi has a fast bandwidth e.g. 50 Mbps and your Jabber MRA device calls an on-prem video device, you have no control over the bandwidth. The idea behind Device Mobility is quite simple, for your case you could do it like this; - Create a Device Pool named Internet_DP - Create Internet_RG region and assign Internet_RG to Internet_DP (Internet_RG has region relationships to your on-campus regions limiting the bandwidth e.g. 512 Kbps max video) - Create a Physical Location Internet_PL and Device Mobility Group Internet_DMG and assign both to Internet_DP - Create a Device Mobility Info (basically a subnet) called Internet_DMI and give it the IP of your Expressway-C with subnet mask of 32 e.g. 10.10.10.100/32 - Associate Internet_DP with the Internet_DMI - Enable Device Mobility from CallManager Service Parameters (enabled Device Mobility for all phones) or enable on a per-phone basis via BAT or individually What happens now is that anytime a BOT/TCT/TAB/CSF/78XX/88XX phone registers via Expressway, it's registration IP will always be the IP of Expressway-C. CUCM realizes this and essentially changes the DP to Internet_DP where you have defined your lower bandwidth region relationships. Once that device comes back to the corporate network it will no longer have a registration IP of the Expressway-C, rather a normal DHCP IP and will of course use the normal Device Pool which you configured which may have a maximum BW of 10 Mbps. Hope this helps! On 2016-04-07 00:05, Lelio Fulgenzi wrote: > I honestly don't know. > > I'm new to the whole Jabber world, as well as to video codecs and bit rates. > > I could be worrying about something that I don't need to be, i.e. a 10 minute > Jabber video call will never use more than X megabytes of data. > > Then again, it's only a matter of time until clients will want to use the > quality that comes with a mobile phone front facing camera to have a HD video > call from anywhere. > > --- > Lelio Fulgenzi, B.A. > Senior Analyst, Network Infrastructure > Computing and Communications Services (CCS) > University of Guelph > > 519‐824‐4120 Ext 56354 > le...@uoguelph.ca > www.uoguelph.ca/ccs > Room 037, Animal Science and Nutrition Building > Guelph, Ontario, N1G 2W1 > > - > > FROM: "Dennis Heim" > TO: "Lelio Fulgenzi" , cisco-voip@puck.nether.net > SENT: Wednesday, April 6, 2016 10:00:11 AM > SUBJECT: RE: [cisco-voip] bandwidth restrictions for MRA clients - necessary > ornot? > > Can many mobile jabber devices with cellular connectivity do more than 360p? > > FROM: cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] ON BEHALF OF > Lelio Fulgenzi > SENT: Wednesday, April 06, 2016 9:53 AM > TO: cisco-voip@puck.nether.net > SUBJECT: Re: [cisco-voip] bandwidth restrictions for MRA clients - necessary > or not? > > Thanks Eric. > > I had a similar discussion with a Cisco engineer. Basically, let Jabber > figure things out. Which is all fine and dandy, until you read that Canada > pays some of the highest fees for mobile data in the world. lol. > > There are not many unlimited data plans available, and a simple 10 minute > video call at 10mbps (using 5mbps for calc) could probably use up 3gb of data > traffic. > > But then, I don't want to impact quality for Jabber clients on wifi > connections. > > I'm guessing that I might go with leaving device mobility out of the picture > for now and ensuring video calling is disabled while on mobile networks. > > - > > FROM: "Eric Pedersen" > TO: "Lelio Fulgenzi" , cisco-voip@puck.nether.net > SENT: Monday, April 4, 2016 11:00:36 AM > SUBJECT: RE: [cisco-voip] bandwidth restrictions for MRA clients - necessary > ornot? > > Jabber apparently monitors packet loss and sets the video rate accordingly, > which is why the quality starts out really low and them improves with the > call. I don't think any of the phones do that, but I believe the 8845 maximum > bandwidth is 2mpbs. > > FROM: cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] ON BEHALF OF > Lelio Fulgenzi > SENT: 04 April 2016 7:40 AM > TO: cisco-voip@puck.nether.net > SUBJECT: [cisco-voip] bandwidth restrictions for MRA clients - necessary or > not? > > quick question... how are people restricting the video/audio bandwidth for > Jabber MRA clients or ph
Re: [cisco-voip] Cisco UCM with Skype for Business
No Worries KiWi Regarding Presence, Partitioned Intra-Domain Federation supports two-way IM and Presence so you should be covered there. Regarding your security concerns, this can also be done. For example, you can achieve Multi-Factor Authentication out of the box using SAML SSO products (ADFS 3.0 and OpenAM both support MFA) which is supported over Expressway. If using Client Certificates for said authentication, you could have an MDM solution like Mobile Iron be the only way to distribute the certificates using SCEP. DDoS protection can always be achieved by ASA or 3rd Party Firewall. On 2016-04-07 13:08, Ki Wi wrote: > Hi Matt, Alastair & Daniel, > thanks! > > Looks like the deployment choices doesn't change much since OCS days except > the additional of VCS option now only. > For presence, seems like there's this product but I'm not sure it is 1 way or > 2 way sync. Seems like UCM to Lync only. > > http://www.bridgeoc.com/products/licc/licc.htm [1] > > Jabber is a fantastic application which client is using now. However, when it > comes to Jabber on mobile via expressway. It is lacking of security measures > in place. > > The client I have is very concern about identify theft for higher management. > Therefore, single factor authentication is not sufficient. They wanted every > client authenticating via expressway to be MDM managed. This is not available > today and SFB apparently have a lot of 3rd party applications doing this. One > of them is skypeshield which I found online. > > Jabber for everyone users are able to use expressway for free right? I saw on > other threads here. Someone answered yes. > > Regards, > Ki Wi > > On Wed, Apr 6, 2016 at 9:15 PM, Matt Slaga (AM) > wrote: > > Another option, although not perfect, is using a hardware device like a > Kuandobox. > > http://www.plenom.com/products/kuandobox/ > > Works well in cube environments, but not so well in offices, or places where > users use speakerphone often. > > FROM: cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] ON BEHALF OF > Alastair Watts > SENT: Wednesday, April 6, 2016 8:28 AM > TO: kiwi.vo...@gmail.com; dan...@ohnesorge.me > CC: cisco-voip@puck.nether.net > SUBJECT: Re: [cisco-voip] Cisco UCM with Skype for Business > > I echo Daniel's comments below regarding the Lync/SfB integration, and > recommend that you look at the reasons why you're choosing to integrate SfB - > particularly with voice/video or with SfB mobile clients. > > In the last few months, Cisco acquired Acano, whose portfolio of products can > assist with bridging SfB and CUCM when joining the two is required. > > I strongly recommend reviewing the Cisco Live talk that was presented earlier > this year in Melbourne (available at > https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=89886 > [2]) , which goes into integration options between Lync/SfB and Cisco, > including limitations, and includes the Acano product set and how it can > assist with the integration. > > Al > > On 6 Apr 2016, at 17:10, Daniel Ohnesorge via cisco-voip > wrote: > > You have a few options but none will suit your needs: > > - Partitioned Intra-Domain Federation from CUPS to Lync will provide > IM/Presence > > - Direct SIP Trunk to Lync Mediation Server will provide the ability to call > Enterprise Voice enabled Lync clients (no video) > > - VCS/Expressway to Lync Mediation Server with/without Media Bypass will > provide voice and video to Enterprise Voice enabled Lync clients > > - RCC (with Enterprise Voice disabled) will give you deskphone control of > your Cisco phones from Lync client > > - CUCILync (with Enterprise Voice disabled) will give you voice/video > softphone as well as deskphone control > > All of the above solutions cater different needs but you are limited with > mobile support. You can run Jabber on mobile devices in Phone-only mode and > then have separate Lync client for IM but that would be a bad user > experience. > > Unless there is a specific reason to use Lync/SFB, if you already have a CUCM > you may want to go Jabber and choose one of the above options. > > This is always a good read: > https://social.technet.microsoft.com/Forums/office/en-US/cef0dd13-1092-46ec-9d1c-6679511d2206/lync-cisco-cucm-rcc?forum=ocsvoice > > > and: http://www.justin-morris.net/cuci-lync-and-why-you-should-think-twice/ > > and finally: > https://supportforums.cisco.com/discussion/11500646/cupsjabberlynccucilynciphoneandriod-head-spinning > > > Sent from my iPhone > > On 6 Apr 2016, at 17:06, Ki Wi wrote: > >
Re: [cisco-voip] Cisco UCM with Skype for Business
Hi KiWi, Intra-domain federation definitely covers the scenario where some users are on 1 system while others are on another. In-fact it was designed more as a migration tool to eventually migrate everyone to Cisco. If user kiwi is IM enabled on SfB/Lync, he/she must not be IM enabled on Cisco IM/Presence. If the hard phone is controlled by CUCI-Lync, then CUCI-Lync can instruct Lync to change to status to Orange/Busy but that is coming from Lync and nothing to do with CUPS. MFA on ADFS 3.0 works really well as does OpenAM - you could have 1st factor as username/password, 2nd factor as TOTP time based token code (like Google Authenticator). With regards to Client Certificates, they themselves should be treated as a 2nd factor as if you were to logon to another device that did not have the cert, login would fail. But more traditional 2FA would use TOTP which can be integrated with both ADFS and OpenAM. On 2016-04-07 15:48, Ki Wi wrote: > Daniel, > for 2 ways intra-domain federation. I suppose if covers scenario whereby some > users are on Jabber and some users are on SfB as documented. > > For example user "Ki Wi, k...@mycompany.com" uses SfB clients and uses cisco > hardphone. I answered on my hardphone. Will IM&P update SfB that Ki Wi is > busy/on the phone? > > If everyone is using SfB clients only then it will be fine but most of the > time, the client already have a lot of hard phones deployed or they simply > prefers hardphone. > > Multi-factor authentication via ADFS 3.0 . Anyone tried it? What is choosen? > I believe on mobile client, it might be a challenge to present additional > "factor" such as client certificate. > > Regards, > Ki Wi > > On Thu, Apr 7, 2016 at 12:01 PM, wrote: > > No Worries KiWi > > Regarding Presence, Partitioned Intra-Domain Federation supports two-way IM > and Presence so you should be covered there. Regarding your security > concerns, this can also be done. For example, you can achieve Multi-Factor > Authentication out of the box using SAML SSO products (ADFS 3.0 and OpenAM > both support MFA) which is supported over Expressway. If using Client > Certificates for said authentication, you could have an MDM solution like > Mobile Iron be the only way to distribute the certificates using SCEP. DDoS > protection can always be achieved by ASA or 3rd Party Firewall. > > On 2016-04-07 13:08, Ki Wi wrote: > > Hi Matt, Alastair & Daniel, > thanks! > > Looks like the deployment choices doesn't change much since OCS days except > the additional of VCS option now only. > For presence, seems like there's this product but I'm not sure it is 1 way or > 2 way sync. Seems like UCM to Lync only. > > http://www.bridgeoc.com/products/licc/licc.htm [1] > > Jabber is a fantastic application which client is using now. However, when it > comes to Jabber on mobile via expressway. It is lacking of security measures > in place. > > The client I have is very concern about identify theft for higher management. > Therefore, single factor authentication is not sufficient. They wanted every > client authenticating via expressway to be MDM managed. This is not available > today and SFB apparently have a lot of 3rd party applications doing this. One > of them is skypeshield which I found online. > > Jabber for everyone users are able to use expressway for free right? I saw on > other threads here. Someone answered yes. > > Regards, > Ki Wi > > On Wed, Apr 6, 2016 at 9:15 PM, Matt Slaga (AM) > wrote: > > Another option, although not perfect, is using a hardware device like a > Kuandobox. > > http://www.plenom.com/products/kuandobox/ > > Works well in cube environments, but not so well in offices, or places where > users use speakerphone often. > > FROM: cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] ON BEHALF OF > Alastair Watts > SENT: Wednesday, April 6, 2016 8:28 AM > TO: kiwi.vo...@gmail.com; dan...@ohnesorge.me > CC: cisco-voip@puck.nether.net > SUBJECT: Re: [cisco-voip] Cisco UCM with Skype for Business > > I echo Daniel's comments below regarding the Lync/SfB integration, and > recommend that you look at the reasons why you're choosing to integrate SfB - > particularly with voice/video or with SfB mobile clients. > > In the last few months, Cisco acquired Acano, whose portfolio of products can > assist with bridging SfB and CUCM when joining the two is required. > > I strongly recommend reviewing the Cisco Live talk that was presented earlier > this year in Melbourne (available at > https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=89886 > [2]) , which goes into inte
Re: [cisco-voip] cisco prime collaboration provisioning
Greenfield deployment? It's awesome, will use it every time. Brownfield deployment? No where near production ready. TAC typically escalate every case to the BU if anything goes wrong and most cases end up with you, TAC and developers on a WebEx. I see a lot of potential with the product and at Live they market it as the new interface for everything which is fine but it still needs to mature and needs more development attention. Sent from my iPhone > On 8 Apr 2016, at 05:53, Scott Voll wrote: > > Anybody using it? worth my time? personal opinions? > > Scott > ___ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip > ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Digicert Wildcard cert
Jose, A few things to know; most wildcard certs from Verisign, GoDaddy etc. generate a key pair (private and public key) for you and send you a passphrase protected .pfx or .p12 file which can then be imported to IIS, Apache or any application (even Expressway for that matter). CUCM however does not allow private key import as it sees it a security risk and mandates that keys must be generated on CUCM via CSR. The next thing to know is how CUCM deals with changes between its CSR and the certificate. The rule is that the Common Name of the CSR doesn't have to match but the SAN entries must match. So if you generate a Multi-SAN certificate CSR, CUCM will automatically put all CUCM/CUPS nodes in the list and you/the CA are expected to ensure those entries match. Theoretically, the CA could change the Common Name to *.domain.com during signing and you could actually import it in to CUCM. The challenge here is a) finding a CA which allows distinct individual keys/certs for the same wildcard Common Name and b) finding a CA that allows multiple SAN entries although the Common Name is a wildcard. You would be better off to work with the CA to refund the Wildcard certificate and swap it with a Multi-SAN product. Sent from my iPhone > On 8 Apr 2016, at 07:34, Ryan Huff wrote: > > As far as I am aware, true wildcard certificates (*.domain.tld) are not > supported with UCOS (despite whether they work or not). > > Thanks, > > Ryan > > On Apr 7, 2016, at 5:30 PM, Jose Colon II wrote: > >> After reading the numerous posts saying that the wildcard certs would work I >> purchased the wild card cert. Just wondering how people got them to work. >> >> Thanks >> >>> On Thu, Apr 7, 2016 at 4:24 PM, Ryan Huff wrote: >>> Jose, >>> >>> I believe what you want are multi server (SAN) certificates for tomcat. You >>> specify the distribution when generating the CSR. >>> >>> Thanks, >>> >>> Ryan >>> >>> > On Apr 7, 2016, at 5:21 PM, Jose Colon II wrote: >>> > >>> > I have read a lot on forums that the digicert wildcard certs work great >>> > for UC apps as long as I am on 10.5 which I am. >>> > >>> > Can someone lay out the process of uploading these certs as I am having a >>> > hard time with them. What format do I need them. What cert goes where etc. >>> > >>> > Thanks in advance. >>> > >>> > Jose >>> > ___ >>> > cisco-voip mailing list >>> > cisco-voip@puck.nether.net >>> > https://puck.nether.net/mailman/listinfo/cisco-voip > ___ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip > ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Cisco inbound Calls to Lync EV User Call shows as "Anonymous"
Hi Joel A good start would be to run a PCAP on CUCM: utils network capture eth0 size all count 10 file lync While that's running, make the test call. Once completed press CTRL+C and collect the PCAP via CLI (file get activelog platform/cli/lync.cap) or RTMT choosing 'Packet Capture Logs'. From there you can use wireshark to filter for the IP address of your Lync and SIP port (ip.addr==1.2.3.4&&tcp.port==5060). Check the SIP headers from there to see if there are any references to Anonymous or if you can see a name/number. Other things to check would be the SIP Profile associated with the trunk and if there are any SIP Normalization Scripts applied. Thanks, Daniel Sent from my iPhone > On 14 Apr 2016, at 10:30, joel wrote: > > So running into a strange issue, inbound calls from a Cisco IP phone to a > pure Lync 2013 EV user show the caller id as “Anonymous”. Running SIP trunks > from CUCM 10.5.2 to the Lync mediation servers to route those calls over to > that environment. If a call comes in from the PSTN the caller ID shows, but > if it is an internal call from a Cisco phone there is no CLID. Looked at the > Lync client log and I can see the SIP invite come across from > anonym...@domain.com for those calls in question. Anyone ever experience this > or have any suggestions, I did follow the Cisco integration guide on how to > build out the SIP trunk profiles and parameters that needed to be configured > for this integration. > > > -- > Joel Davila > 321.246.7704 > ___ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip > ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Constantly having db replication issues
Hi Nick, At the time of failure, I like to tail the dbl logs to see whats happening. First, run the command to see which log is the latest; file list activelog cm/trace/dbl/sdi date detail. That output will list the last written log file at the bottom for example log16.log. Then you can tail file using the command; file tail activelog cm/trace/dbl/sdi/log16.log. This will give you some idea of what is happening at that time. On 2016-04-21 07:20, Nick Barnett wrote: > Thanks James > Ok, yes, there's a lot in rhosts. They are all identical, and each of them > has forward and reverse lookups. > > On Wed, Apr 20, 2016 at 12:39 PM, James Buchanan > wrote: > > Hello, > > Even though you are not using DNS, do you have DNS servers and a domain name > configured? If so, you should have forward and reverse entries configured for > all servers. When you look in Unified Reporting, do you see anything about > the rhosts under Database Status? > > Thanks, > > James > > On Wed, Apr 20, 2016 at 1:07 PM, Nick Barnett wrote: > > Thanks Ryan. > > We have 3 CCM and 1 TFTP node in each of our two data centers. The main data > center is here, and that is where our DRS sftp server (and publisher) is > located. Nothing is using DNS right now, all of the servers are entered into > CUCM as IP addresses... this cluster has been around for years. It was > upgraded from 7.BeforeMyTime to 8.6 to 10.0. > > On Wed, Apr 20, 2016 at 11:54 AM, Ryan Huff wrote: > > Hi Nick. > > Let me ask you a few things; > > - How is the cluster laid out (how many nodes in the cluster and what nodes > are in which DC)? > > - Are you using DNS and if so, where is the DNS server located and do you > have redundant DNS in both DCs? > > - Where is your DRS server in relation to the cluster publisher (same DC or > no)? > > Thanks, > > Ryan > > On Apr 20, 2016, at 11:09 AM, Nick Barnett wrote: > > I'm wondering how many others have had as many issues with db replication? It > seems that any time we lose a connection to our 2nd data center (even a 2 > minute MPLS planned maintenance outage causes the issue), our database > synchronization has errors. After a WAN blip, within an hour or so, I get a > message from RTMT about a subscriber being in "blocked" state: > > %[AppID=Cisco Database Layer > Monitor][ClusterID=ProdVoiceCluster][NodeID=XXX1]: A change notification > client is busy (blocked). If the change notification client continues to be > blocked for 10 minutes, the system automatically clears the block and change > notification should resume successfully." > > After that, if I run utils dbreplication status, it will have errors... so > then I run the "repair all" option and it fixes it. Then I'm good for a few > weeks until something else happens that starts the whole cycle over. > > Something else that happens after a WAN blip is that DRS begins to fail, so > we have to restart the master DRS and the subsequent DRS services on the > subs. Am I doing something wrong? Is this normal? > > I'm on CUCM 10.0.1.12900-2. > > Thanks, > Nick > ___ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] Jabber Directory Groups over port 3268
Hi Guys, Just as a quick FYI, Jabber 11.0 - 11.5 doesn't seem to be able to search for Directory Groups over port 389. CUCM>System>LDAP>Directory is currently synced with port 389 and all User Groups (distribution groups from AD) sync over fine. However when searching in Jabber using EDI over port 389, the Groups don't show up. This is what we see in the logs; _2016-04-21 13:00:52,505 DEBUG [0x2358] [rdsource\ADPersonRecordSourceLog.cpp(50)] [csf.person.adsource] [WriteLogMessage] - ConnectionManager::ExecuteQueryOnGroupSearchers - Succeeded - Query string: [(&(objectCategory=group)(!(groupType:1.2.840.113556.1.4.803:=2147483648))(sAMAccountName=test group*))], Attributes: [sAMAccountName]_ _2016-04-21 13:00:52,505 DEBUG [0x2358] [rdsource\ADPersonRecordSourceLog.cpp(50)] [csf.person.adsource] [WriteLogMessage] - QueryManager::ExecuteQuery - Query executed - about to convert the results_ _2016-04-21 13:00:52,505 DEBUG [0x2358] [rdsource\ADPersonRecordSourceLog.cpp(50)] [csf.person.adsource] [WriteLogMessage] - QueryResultsConverter::ConvertResultSet - processing handle [162896744]_ _2016-04-21 13:00:52,521 WARN [0x2358] [rdsource\ADPersonRecordSourceLog.cpp(42)] [csf.person.adsource] [WriteLogMessage] - QueryResultsConverter::ConvertResultSet - Query Results Failed - COMException [0x80072030]_ 0x80072030 means 'There is no such object on the server'. However, if I use any LDAP Explorer and use the filter (&(objectCategory=group)(!(groupType:1.2.840.113556.1.4.803:=2147483648))(sAMAccountName=test group*)) the result comes up fine. Based on some research, I think the relevant Bug ID's are CSCuu47641, CSCuu48043 and CSCuu48329 with the last 2 being internal bugs. All bugs have little to no useful information. Work around is to use port 3268 and the Groups show up straight away. ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Admin for this email address?
Hi Jamin, ja...@puck.nether.net or svoll.v...@gmail.com Cheers, Daniel Sent from my iPhone > On 22 Apr 2016, at 08:11, Horton, Jamin wrote: > > Gentlemen, > > Who is the Admin for this address and how can I get in touch with him/her? > Thanks! > > > Jamin Horton – Collaboration Practice Manager > CCIE Collaboration #39988 > Direct: 303-734-4048 > Cell: 720-401-8340 > Email: jamin.hor...@oneneck.com > > > > > - This email may contain confidential and privileged material > for the sole use of the intended recipient. Any review or distribution by > others is strictly prohibited. If you are not the intended recipient, please > contact the sender and delete all copies. > > ___ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip > ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] IM&P, Jabber, Presence Redundancy Groups, Assigned Presence Server
Hi Anthony, I dare say that the CUPS BU did not give user assignment much thought with regards to geographical regions. What I would do in this instance (and may or may not be possible for you to re-design) is to have separate clusters for your East Coast and West Coast. This would be achieved by changing the LDAP to point 1 cluster to a more specific geographical OU. For CUCM you can easily set up ILS/GDPR to exchange your extensions between cluster and EMCC (Extension Mobility Cross Cluster) is fairy trivial. This setup would also support centralised TFTP for phone registration and centralised Jabber login. Now when it comes to CUPS, you will of course be using Inter-cluster Peering. The downside to this for both CUCM and CUPS, there is no redundancy between East Coast and West Coast (between your DC's) but this can still be achieved with subscribers in each DC. Sent from my iPhone > On 26 Apr 2016, at 04:51, Anthony Holloway > wrote: > > All, > > My specific environment is > CUCM 11.0(1a)SU1 > IM&P 11.0(1) > Jabber for Windows 11.5(2) > > Clustering over the WAN with local failover > 2x CUCM nodes and 2x IM&P nodes in DC1 (east coast) > 2x CUCM nodes and 2x IM&P nodes in DC2 (west coast) > > The Challenge > I need to *easily* assign users to the proper Presence Redundancy Group, > based on geographic region of the user. > > My Thoughts > First off, I needed to change the CUCM > Enterprise Parameters > User > Assignment Mode for Presence Server setting to None, so that if someone > clicks the CUCM > User Management > Assign Presence Users > Rebalance Users > button, it doesn't destroy the geographic assignments I'll have worked so > hard to maintain. > > Second, I know that the CUCM > User Management > Assign Presence Users > setting takes precedence over the CUCM > User Management > User Settings > > Service Profile > IM and Presence Profile. Otherwise, I'd just assign users > to Service Profiles by way of Feature Group Templates assigned to different > LDAP Directory sync agreements. > > Third, BAT > Users > Update Users > Query has very little fields to filter > on. How hard would it be to add a few more fields in here Cisco? There's > just no way this is useful. BAT > Users > Update Users > Custom File has > promise, but because of its mandatory User Template usage, it'll need some > careful testing with the Ignore Fields option. I'm not excited about that > method, unless one of you calms my fears. > > What I would like to ask the group is, how are you doing this, or how would > you suggest doing this? I.e., Your process to assign users, both existing in > the system today, and newly synced from LDAP, to their geographic IM&P nodes > and therefore Presence Redundancy Groups? I'm not quite looking for a SQL > query method, or an AXL method, something a operations person could manage > through the GUI. > > Thanks. > ___ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip > ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Add CPU on UC infrastructure
Conveniently the DE's are stating that the minimum size for the CUCM database after v10.5 is 110GB yet the smaller size templates in even the latest version of the OVA is 80GB. So the OVA's are not perfect that's for sure. Sent from my iPhone > On 28 May 2016, at 00:01, Ryan Ratliff (rratliff) wrote: > > CUCM and IMP won’t have an issue and will pick up the new vCPUs during boot, > though you really shouldn’t have any performance issues if you are sized > appropriately and honoring what the OVA configures. > > From what I recall CUC sets the number of CPUs during install and won’t use > any additional ones added afterwards. > > -Ryan > > On May 26, 2016, at 5:56 PM, Alessandro Bertacco > wrote: > > Because After Upgrade to V11 from V10.5, and moving Virtual Machine to ESXi5 > to ESX6, during boot and during service start up CPU are always 100%, and > booting Up are Slow as Old Snail!! > > Note that Virtul Machine now Run on SSD Disk Storage!! > > AB > > Da: Ryan Huff [mailto:ryanh...@outlook.com] > Inviato: giovedì 26 maggio 2016 23:44 > A: Alessandro Bertacco > Cc: cisco-voip@puck.nether.net > Oggetto: Re: [cisco-voip] Add CPU on UC infrastructure > > I would first answer your question, with a question of my own. Why do you > need to add additional CPUs to your UC virtual? > > Thanks, > > Ryan > > > > Thanks, > > Ryan >> On May 26, 2016, at 4:33 PM, Alessandro Bertacco >> wrote: >> >> Hi Guys, >>I need to give more CPU resource to my CUCM, CUC, and IM&presence version >> 11. >> >> Which will be the impact of modifying virtual hardware of the Machine? >> >> Thank you >> Regards >> >> Alessandro Bertacco >> ___ >> cisco-voip mailing list >> cisco-voip@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-voip > ___ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip > > ___ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip > ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] need help in configuring TP conductor and TP server
Hi Muneeb, Jason Murray from Cisco recorded this excellent YouTube video back in 2014, the foundations are still very much the same, with a few differences if you are deploying the latest versions. https://www.youtube.com/watch?v=jGzNLqDVs60 Thanks, Daniel On 2016-06-03 15:19, Muneeb khan wrote: > Hi, > > Can any one help me configuring TP conductor and TP server, and how it will > reflect cucm connectivity? > > Please guide me on it. > > Regards > Muhammad Muneeb Khan > > ___ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Unity Connection vs Exchange UM
Hi George, When Unified Messaging (Single Inbox) is enabled on Unity Connection, the features are pretty much the same across both platforms. Right now I could call in in to my external unity connection voicemail IVR and listen to my appointments and emails. The same could be done with Exchange UM. Go Unity :) Sent from my iPhone > On 12 Jul 2016, at 00:55, > wrote: > > Guys, > > I have searched for a recent comparison of Unity Connection and MS Exchange > UM. Does anyone have info on this? I personally prefer to keep VOICE in > VOICE and not depend on MS, but also would like to see a recent side by side > comparison of these solutions. > > > Thanks, > Bill > > ___ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip > ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] Serious 11.5 installation defect
Hi All, Just wanted to make you all aware of a serious installation defect with 11.5 that the Cisco DE's are currently investigating and will soon be raising a new defect against. Basically, the CUCM Publisher installation goes ahead fine but once you try to install any subscriber (including the CUPS DB PUB), the installation will fail after all Network and Connectivity checks passed. It has taken TAC, BU and DE's 2 weeks to figure out what was going wrong, it turns out that the password used for the Application User is too long (even though it is withing documentation guidelines). The password I used was 1 Uppercase, 14 lowercase, 1 number and 1 special character (underscore). DE's have been able to replicate the issue in the lab using the same complexity. When using a password such as ipcbu123 the installation is successful. This affects CUCM, CUPS and CUC. Thanks, Daniel ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Serious 11.5 installation defect
In this case, the customer has a strict password policy and the password was generated via an internal web app. Normally I would also not use one that long! On 2016-08-22 13:57, Anthony Holloway wrote: Wow, good to know, but I cannot say that I have ever seen a password that long on a server before. That's a first for me. I tend to still use 8 character length. Old habit, I'm sure. Are you consistently deploy 16+ character passwords now a days? On Sun, Aug 21, 2016 at 5:54 PM, Daniel Ohnesorge via cisco-voip wrote: Hi All, Just wanted to make you all aware of a serious installation defect with 11.5 that the Cisco DE's are currently investigating and will soon be raising a new defect against. Basically, the CUCM Publisher installation goes ahead fine but once you try to install any subscriber (including the CUPS DB PUB), the installation will fail after all Network and Connectivity checks passed. It has taken TAC, BU and DE's 2 weeks to figure out what was going wrong, it turns out that the password used for the Application User is too long (even though it is withing documentation guidelines). The password I used was 1 Uppercase, 14 lowercase, 1 number and 1 special character (underscore). DE's have been able to replicate the issue in the lab using the same complexity. When using a password such as ipcbu123 the installation is successful. This affects CUCM, CUPS and CUC. Thanks, Daniel ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Serious 11.5 installation defect
This is going to cause problems for US Government customers that are wanting to deploy FedRAMP mode... From http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/security/11_5_1/secugd/CUCM_BK_SEE2CFE1_00_cucm-security-guide-1151/CUCM_BK_SEE2CFE1_00_cucm-security-guide-1151_chapter_011010.html "Credential Policy When FedRAMP mode is enabled, the following credential policy takes effect automatically for new passwords and password changes. After FedRAMP mode is enabled, administrators can use the set password *** series of CLI commands to modify any of these requirements: Password Length should be between 14 to 127 characters. Password should have at least 1 lowercase, 1 uppercase, 1 digit and 1 special character. Any of the previous 24 passwords cannot be reused. Minimum age of the password is 1 day and Maximum age of the password is 60 days. Any newly generated password's character sequence will need to differ by at least 4 characters from the old password's character sequence." On 2016-08-23 00:33, Scott Voll wrote: Sounds like one we had with Cisco Security Manager. it would send a password under 15 characters correct because it encrypted the whole password. but after 15 characters it would encrypt the 15 characters and add padding to the addition characters after the encryption. rather than sending the password with padding than encrypting it. Reminder that if it's Cisco to make sure your password is less than 16 characters ;-) Scott On Sun, Aug 21, 2016 at 10:43 PM, Daniel Ohnesorge via cisco-voip wrote: In this case, the customer has a strict password policy and the password was generated via an internal web app. Normally I would also not use one that long! On 2016-08-22 13:57, Anthony Holloway wrote: Wow, good to know, but I cannot say that I have ever seen a password that long on a server before. That's a first for me. I tend to still use 8 character length. Old habit, I'm sure. Are you consistently deploy 16+ character passwords now a days? On Sun, Aug 21, 2016 at 5:54 PM, Daniel Ohnesorge via cisco-voip wrote: Hi All, Just wanted to make you all aware of a serious installation defect with 11.5 that the Cisco DE's are currently investigating and will soon be raising a new defect against. Basically, the CUCM Publisher installation goes ahead fine but once you try to install any subscriber (including the CUPS DB PUB), the installation will fail after all Network and Connectivity checks passed. It has taken TAC, BU and DE's 2 weeks to figure out what was going wrong, it turns out that the password used for the Application User is too long (even though it is withing documentation guidelines). The password I used was 1 Uppercase, 14 lowercase, 1 number and 1 special character (underscore). DE's have been able to replicate the issue in the lab using the same complexity. When using a password such as ipcbu123 the installation is successful. This affects CUCM, CUPS and CUC. Thanks, Daniel ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Are there any gotchas to watch out for switching to FQDN server names from IP address server names?
One of the most important points that people tend to forget when changing the processnode (System>Server) entries is that MGCP and SCCP gateways will download a config file (like a phone) and will need to resolve these entries. For what ever reason I've seen so many customers not add any ip name server to their routers so this one can bite you in the ass. Now with regards to actually changing the entries, I have done this way too many times. What you REALLY need to do is change the entry one by one, then restart all the nodes in the cluster one by one. Then change the next entry and repeat! I know this sounds totally unnecessary but the processnode has the ability to stuff up your dbreplication to the point where TAC will suggest a rebuild. Thanks, Daniel Sent from my iPhone > On 1 Sep 2016, at 06:39, Ryan Huff wrote: > > Nick, > > > If the UC servers already have DNS entries (means they already have a domain > name too); then the servers are already using FQDNs, at least for internal > referencing. If you're saying the you want to change the processNode names > (the CM Server references) then as long as the FQDNs are resolvable in the > forward and reverse direction, it should be fine. > > > If you need to change the hostname or domain names of the servers to > something more palatable (a crossroads often encountered when dealing with > Jabber and end users and UC servers that were IP addresses first); that is a > horse of a much different color; please carefully consult > http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/install/10_0_1/ipchange/CUCM_BK_C3782AAB_00_change-ipaddress-hostname-100/CUCM_BK_C3782AAB_00_change-ipaddress-hostname-100_chapter_0100.html > (especially in the case of IM & Presence HA) > > If you are also talking about changing the IP Phone URL references under > Enterprise Parameters (from IP address to FQDN); your phone networks will > need DNS capabilities to resolve those FQDNs as well. As a matter of > practice, I always ensure IP phone networks have DNS capabilities, but it can > be uncommonly found out in the wild. > > > Beyond that, if you are simply just changing the processNode references for > IP addresses to FQDNs (presumably, so CUCM requests come from an FQDN and not > an IP address) and everything is already resolving correctly, you should be > g2g. > > Thanks, > > = Ryan = > > > > From: cisco-voip on behalf of Nick > Barnett > Sent: Wednesday, August 31, 2016 4:13 PM > To: Cisco VoIP Group > Subject: [cisco-voip] Are there any gotchas to watch out for switching to > FQDN server names from IP address server names? > > We are on 10.0 and this cluster has been upgraded over the years from 8.0 to > 8.6 to 10.0. I know it used to be common practice to rip the host name out > of a new node and put in the IP address. That's how we are set up... but now > that I need to do some work with certs so that jabber and cucilync work > properly, it's time to fix this. > > Is there anything I should watch out for? Anything that may bite me in rare > cases? We have CER, CVP, CUC, UCCE and a rarely used IMP. > > I checked that each node has DNS enabled by looking at "show network eth0" on > each sub. I also then looked up each FQDN from each node and they all resolve > properly. As far as I know, that's about it. > > Thanks in advance! > > nick > ___ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip > ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] MRCP TTS Provide still showing in list after deleting from Provider Page
Hi All, Running UCCX 11.0.1.1-75. When adding a new MRCP TTS Provider e.g. "MRCP Test 1" and then deleting it, upon adding a new Provider again, "MRCP Test 1" is showing from the Provider Name list (alongside IBM, Nuance and Scansoft). Is there any way of deleting the custom entries from the list after the actual Provider has been deleted? Thanks, Daniel ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] Fax topology with ITSP/CUBE and VG310
Hi All, Just wanted to confirm my understanding with regards to which Fax topology to shoose. Some key points: - The ITSP network to the customer is over a dedicated WAN link with QoS enabled - The ITSP does not support any kind of Fax Relay - The ITSP uses G711 ulaw for all calls Topology: ITSP---SIP---CUBE---SIP---CUCM---SCCP---VG310---FXS---FAX_Machine So the goal here is to ensure reliable fax messaging between CUBE and VG310. From my understanding, VG310 can only support NSE-based Modem Passthrough, NSE-based T.38 relay and Cisco Fax Relay hence I would need to enable the same on CUBE. What would be the best topology to choose in this scenario? Appreciate any feedback. Thanks, Daniel ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Fax topology with ITSP/CUBE and VG310
Sorry I should specify I meant "VG310 in SCCP mode can only support NSE-based Modem Passthrough, NSE-based T.38 relay and Cisco Fax Relay". On 2017-02-15 10:25, dan...@ohnesorge.me wrote: Hi All, Just wanted to confirm my understanding with regards to which Fax topology to shoose. Some key points: - The ITSP network to the customer is over a dedicated WAN link with QoS enabled - The ITSP does not support any kind of Fax Relay - The ITSP uses G711 ulaw for all calls Topology: ITSP---SIP---CUBE---SIP---CUCM---SCCP---VG310---FXS---FAX_Machine So the goal here is to ensure reliable fax messaging between CUBE and VG310. From my understanding, VG310 can only support NSE-based Modem Passthrough, NSE-based T.38 relay and Cisco Fax Relay hence I would need to enable the same on CUBE. What would be the best topology to choose in this scenario? Appreciate any feedback. Thanks, Daniel ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] srtp packets
Section 3.1 of RFC3711 states: The "Encrypted Portion" of an SRTP packet consists of the encryption of the RTP payload (including RTP padding when present) of the equivalent RTP packet. The Encrypted Portion MAY be the exact size of the plaintext or MAY be larger. Figure 1 shows the RTP payload including any possible padding for RTP [RFC3550]. None of the pre-defined encryption transforms uses any padding; for these, the RTP and SRTP payload sizes match exactly. New transforms added to SRTP (following Section 6) may require padding, and may hence produce larger payloads. RTP provides its own padding format (as seen in Fig. 1), which due to the padding indicator in the RTP header has merits in terms of compactness relative to paddings using prefix-free codes. This RTP padding SHALL be the default method for transforms requiring padding. Transforms MAY specify other padding methods, and MUST then specify the amount, format, and processing of their padding. It is important to note that encryption transforms that use padding are vulnerable to subtle attacks, especially when message authentication is not used [V02]. Each specification for a new encryption transform needs to carefully consider and describe the security implications of the padding that it uses. Message authentication codes define their own padding, so this default does not apply to authentication transforms. Hope that helps. On 2017-02-16 14:58, cisco.voip wrote: All, can somebody tell me the typical srtp packet size and format vs rtp packet size and format of a g711 encoded call. I cannot find these number anywhere. Thanks ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Home Cluster in User management
Hi Scott, On the LDAP Directory page you can specify a Feature Group Template. This applies only to new users and does not affect existing already imported users. Within the Feature Group Template (User Management>User/Phone Add) you specify the 'Home Cluster' tick box as well as IM&P, Service Profile and User Profile. Thanks, Daniel On 2017-05-24 08:31, Scott Voll wrote: > Is there a way to tick the check mark on Home Cluster automatically with each > new user? we are running 11.5. > > TIA > > Scott > > ___ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip