[cisco-voip] So Long And Thanks For All The Fish
I'm sad to say that I finally shut down our CallManager cluster after 15 years of totally unblemished service last week. My users are all migrated to MS Teams, and I'm handing over the service to a new member of staff as I move on to a new role, Thanks for all the help and advice from the list members over the years, it's been real! Gary Parker Networks, Datacentre & Telecoms Loughborough University, IT Services Phone - +441509635635 Teams - g.j.par...@lboro.ac.uk https://www.osx.ninja/pubkey.txt ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] SMS message
LMGTFY - https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/12x/administration/guide/b_12xcucsag/b_12xcucsag_chapter_01101.html#ID-2415-00d0 ;-) Alternatively, use an SMTP to SMS gateway, set up an SMTP Notification Device for each user, and send them via email Gary From: cisco-voip on behalf of harbor235 Date: Friday, 21 July 2023 at 14:20 To: Cisco VOIP Subject: [cisco-voip] SMS message ** THIS MESSAGE ORIGINATED OUTSIDE LOUGHBOROUGH UNIVERSITY ** ** Be wary of links or attachments, especially if the email is unsolicited or you don't recognise the sender's email address. ** Hi everyone, Is it possible to send an SMS message after receipt of a voicemail. I can scrape the mail relay to send a SMS message but was wondering how to do this on Unity? Mike ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Best Way To Bulk Update Lines/Directory Numbers?
Brilliant, thanks Nate. I can build the command lines in the spreadsheet I hold the data in. Nice one. Gary From: NateCCIE Date: Monday, 12 June 2023 at 15:08 To: Gary Parker Cc: voip puck Subject: Re: [cisco-voip] Best Way To Bulk Update Lines/Directory Numbers? ** THIS MESSAGE ORIGINATED OUTSIDE LOUGHBOROUGH UNIVERSITY ** ** Be wary of links or attachments, especially if the email is unsolicited or you don't recognise the sender's email address. ** SQL is the way to go here. Super easy to dump the commands into the cli, “run sql update numplan set fkroutepartition = ‘newguid’ where dnorpattern = ‘extension’” Call forward can be set the same way, but I don’t have that memorized still. Sent from my iPhone On Jun 12, 2023, at 6:41 AM, Gary Parker wrote: Hi folks, I’m migrating users from CUCM to Teams Phone and need to update: 1. Route Partition 2. Forward All Destination for a specific set of directory numbers that cannot be identified with a search based on CUCM data. The partition change will be to identify migrated numbers, the cfwdall will be to send calls out to a voice gateway that then sends the call to our Teams tenant via SIP. It looks like I can do the Route Partition with an export/update line appearance job, so that’s good/simple. The call forward details will be different for each line. If the DN is 123456, the cfwdall will be to 901509123456, so this must be done with a custom file. If I do Phones -> Export Phones -> All Details’ I can see the call forward details for the lines on those phones in there, but there doesn’t seem to be a way to import that data back in as an update, only as ‘Phones -> Insert Phones’ for new devices. I could delete the existing phones I want to update, then Insert the modified entries back again as new phones, but I’m worried what other interactions that may break. The other option seems to be to do a full ‘Export -> Device Data -> Phone’ for the database tar file, edit the required lines, then Import again, but as you have to do the whole database that is very time consuming and also, I’d imagine, service affecting? I explored the option in the past of trying to forward calls placed to a line in the migrated partition using a transformation pattern but could not get this to work (I believe I posted about it on this list). If anyone has an alternative suggestion for achieving the call forwarding I’d love to hear it. Is there a way to forward calls from all the DNs to a kind of pilot number that then forwards again to a new destination based on the forwarding station? So, say for example, I forward calls from 635635 to 22, some logic on 22 forwards the call to 901509635635; and for calls to 222333, forward to 22, which then forwards to 901509222333 -- Gary Parker Unified Communications Service Manager Loughborough University, IT Services Phone - +441509635635 Teams - g.j.par...@lboro.ac.uk https://www.osx.ninja/pubkey.txt ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] Best Way To Bulk Update Lines/Directory Numbers?
Hi folks, I’m migrating users from CUCM to Teams Phone and need to update: * Route Partition * Forward All Destination for a specific set of directory numbers that cannot be identified with a search based on CUCM data. The partition change will be to identify migrated numbers, the cfwdall will be to send calls out to a voice gateway that then sends the call to our Teams tenant via SIP. It looks like I can do the Route Partition with an export/update line appearance job, so that’s good/simple. The call forward details will be different for each line. If the DN is 123456, the cfwdall will be to 901509123456, so this must be done with a custom file. If I do Phones -> Export Phones -> All Details’ I can see the call forward details for the lines on those phones in there, but there doesn’t seem to be a way to import that data back in as an update, only as ‘Phones -> Insert Phones’ for new devices. I could delete the existing phones I want to update, then Insert the modified entries back again as new phones, but I’m worried what other interactions that may break. The other option seems to be to do a full ‘Export -> Device Data -> Phone’ for the database tar file, edit the required lines, then Import again, but as you have to do the whole database that is very time consuming and also, I’d imagine, service affecting? I explored the option in the past of trying to forward calls placed to a line in the migrated partition using a transformation pattern but could not get this to work (I believe I posted about it on this list). If anyone has an alternative suggestion for achieving the call forwarding I’d love to hear it. Is there a way to forward calls from all the DNs to a kind of pilot number that then forwards again to a new destination based on the forwarding station? So, say for example, I forward calls from 635635 to 22, some logic on 22 forwards the call to 901509635635; and for calls to 222333, forward to 22, which then forwards to 901509222333 -- Gary Parker Unified Communications Service Manager Loughborough University, IT Services Phone - +441509635635 Teams - g.j.par...@lboro.ac.uk https://www.osx.ninja/pubkey.txt ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Specific Off-net Called Numbers Being Dropped When Called From Jabber
Thanks Nate, that worked perfectly, and was what I suspected would be necessary, I just didn’t know the correct way to implement it in a SIP profile. Gary From: natec...@gmail.com Date: Friday, 27 January 2023 at 15:51 To: Gary Parker , 'voip puck' , 'Telecommunication Managers' Subject: RE: [cisco-voip] Specific Off-net Called Numbers Being Dropped When Called From Jabber ** THIS MESSAGE ORIGINATED OUTSIDE LOUGHBOROUGH UNIVERSITY ** ** Be wary of links or attachments, especially if the email is unsolicited or you don't recognise the sender's email address. ** voice-classs sip audio forced is cleaner, but as you said that needs a code upgrade. I would rock this until then. voice service voip sip sip-profiles inbound voice class sip-profiles 15 request ANY sdp-header Video-Attribute remove request ANY sdp-header Video-Media modify "m=video(.*)" "" request ANY sdp-header Video-Bandwidth-Info remove request ANY sdp-header Video-Session-Info remove request ANY sdp-header Video-Connection-Info remove dial-peer from CUCM voice-class sip profiles 15 inbound ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Specific Off-net Called Numbers Being Dropped When Called From Jabber
Thanks Mark, that looks really promising, but I’m on 15.5 and that feature doesn’t look to have been introduced until 15.6 I’ll get a change request for an IOS upgrade in, thanks for the tip Gary From: Mark Turpin Date: Friday, 27 January 2023 at 13:06 To: Gary Parker Cc: voip puck , Telecommunication Managers Subject: Re: [cisco-voip] Specific Off-net Called Numbers Being Dropped When Called From Jabber ** THIS MESSAGE ORIGINATED OUTSIDE LOUGHBOROUGH UNIVERSITY ** ** Be wary of links or attachments, especially if the email is unsolicited or you don't recognise the sender's email address. ** Try adding voice-classs sip audio forced on your ITSP facing dial-peer. Cisco Unified Border Element Configuration Guide Through Cisco IOS XE 17.5 - Video Suppression [Cisco Unified Border Element]<https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/voice/cube/configuration/cube-book/voi-audio-forced.html> cisco.com<https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/voice/cube/configuration/cube-book/voi-audio-forced.html> [favicon.ico]<https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/voice/cube/configuration/cube-book/voi-audio-forced.html> This will remove all m= lines like video and bfcp, etc. — Mark Turpin On Jan 27, 2023, at 06:44, Gary Parker wrote: Hi folks, we’re using CUCM 12.5.1.14900-63, and CUBE on a pair of 2921 routers running IOS 15.5(3)M2. We’ve been using this configuration to route inbound and outbound PSTN calls via our TSP in the UK, Gamma, for a few years now with no major problems. Recently, however, we changed our travel booking agent to a new company called Clarity BT and have found that none of our Cisco Jabber softphone users can call their number, 03330100045, which appears to be hosted with a company called Redcentric. Calls from any of our Cisco deskphones, and a small volume of users we have on MS Teams Voice, who also route out via Gamma using Direct Routing, can connect with no problems, as do calls from our mobiles. The calls from Jabber fail within a second or two of being placed, with no message or tone. Looking at the SIP traces, they’re rejected with “403 Forbidden”/” Reason: Q.850;cause=57“, the CDR records this as a destCause of 57, “Bearer capability not authorized” I’ve raised a support case with Gamma and they’re focussing on the fact that calls from Jabber clients appear to be including SDP video information in the call setup and have asked me if it’s possible to stop Jabber sending this. I’ve set my Jabber client to not “Always start my calls with video”, but this didn’t change anything, and it’s notable that I’m successfully placing calls to the problem number from a Cisco 8865 handset that is also video enabled and sends similar video SDP information. It's worth mentioning that the SIP sessions are all sending the bare minimum of g711ulaw, g711alaw and g729 annex b along with whatever else the device is capable of, so it’s not like it’s failing to negotiate and audio codec. So, has anyone had similar experience and know a solution? I tried looking for ways to filter out the SDP video stuff at the CUBE, but my Google-fu failed me (although I think this is a red herring due to the 8865 always connecting. Below is a capture of a failed call from a Jabber client to the problem number with the IP addresses obfuscated: Jan 23 11:06:03.383: //-1//SIP/Msg/ccsipDisplayMsg: Received: INVITE sip:903330100...@xxx.xxx.xxx.xxx:5060 SIP/2.0 Via: SIP/2.0/TCP xxx.xxx.xxx.xxx:5060;branch=z9hG4bK1ec5d7b7426e8 From: "Gary Parker" sip:+441509635635@ xxx.xxx.xxx.xxx ;tag=1460625~6c2496f4-28ae-4afc-bfa9-0620307b8c3e-103494796 To: sip:903330100045@ xxx.xxx.xxx.xxx Date: Mon, 23 Jan 2023 11:06:03 GMT Call-ID: ebb22500-1ee1b910-1cb56-87a27d9e@ xxx.xxx.xxx.xxx <mailto:ebb22500-1ee1b910-1cb56-87a27d9e@158.125.162.135> Supported: timer,resource-priority,replaces Min-SE: 1800 User-Agent: Cisco-CUCM12.5 Allow: INVITE, OPTIONS, INFO, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY CSeq: 101 INVITE Expires: 180 Allow-Events: presence, kpml Supported: X-cisco-srtp-fallback,X-cisco-original-called Call-Info: sip: xxx.xxx.xxx.xxx:5060;method="NOTIFY;Event=telephone-event;Duration=500" Call-Info: ;x-cisco-video-traffic-class=DESKTOP;x-cisco-qos-tcl=true Session-ID: 7b390f7500105000a000a860b63b96d1;remote= Cisco-Guid: 3954320640-065536-002092-2275573150 Session-Expires: 1800 P-Asserted-Identity: "Gary Parker" sip:+441509635635@ xxx.xxx.xxx.xxx Remote-Party-ID: "Gary Parker" sip:+441509635635@ xxx.xxx.xxx.xxx ;party=calling;screen=yes;privacy=off Contact: sip:+441509635635@ xxx.xxx.xxx.xxx:5060;transport=tcp;video;audio;+u.sip!devicename.ccm.cisco.com="JFWCCGJP";bfcp Max-Forwards: 69 Content-Type: application/sdp Content-Length: 1583 v=0 o=CiscoSystemsCCM-SIP 1460625 1 IN IP4 xxx.xxx.xxx.xxx s
[cisco-voip] Specific Off-net Called Numbers Being Dropped When Called From Jabber
Hi folks, we’re using CUCM 12.5.1.14900-63, and CUBE on a pair of 2921 routers running IOS 15.5(3)M2. We’ve been using this configuration to route inbound and outbound PSTN calls via our TSP in the UK, Gamma, for a few years now with no major problems. Recently, however, we changed our travel booking agent to a new company called Clarity BT and have found that none of our Cisco Jabber softphone users can call their number, 03330100045, which appears to be hosted with a company called Redcentric. Calls from any of our Cisco deskphones, and a small volume of users we have on MS Teams Voice, who also route out via Gamma using Direct Routing, can connect with no problems, as do calls from our mobiles. The calls from Jabber fail within a second or two of being placed, with no message or tone. Looking at the SIP traces, they’re rejected with “403 Forbidden”/” Reason: Q.850;cause=57“, the CDR records this as a destCause of 57, “Bearer capability not authorized” I’ve raised a support case with Gamma and they’re focussing on the fact that calls from Jabber clients appear to be including SDP video information in the call setup and have asked me if it’s possible to stop Jabber sending this. I’ve set my Jabber client to not “Always start my calls with video”, but this didn’t change anything, and it’s notable that I’m successfully placing calls to the problem number from a Cisco 8865 handset that is also video enabled and sends similar video SDP information. It's worth mentioning that the SIP sessions are all sending the bare minimum of g711ulaw, g711alaw and g729 annex b along with whatever else the device is capable of, so it’s not like it’s failing to negotiate and audio codec. So, has anyone had similar experience and know a solution? I tried looking for ways to filter out the SDP video stuff at the CUBE, but my Google-fu failed me (although I think this is a red herring due to the 8865 always connecting. Below is a capture of a failed call from a Jabber client to the problem number with the IP addresses obfuscated: Jan 23 11:06:03.383: //-1//SIP/Msg/ccsipDisplayMsg: Received: INVITE sip:903330100...@xxx.xxx.xxx.xxx:5060 SIP/2.0 Via: SIP/2.0/TCP xxx.xxx.xxx.xxx:5060;branch=z9hG4bK1ec5d7b7426e8 From: "Gary Parker" sip:+441509635635@ xxx.xxx.xxx.xxx ;tag=1460625~6c2496f4-28ae-4afc-bfa9-0620307b8c3e-103494796 To: sip:903330100045@ xxx.xxx.xxx.xxx Date: Mon, 23 Jan 2023 11:06:03 GMT Call-ID: ebb22500-1ee1b910-1cb56-87a27d9e@ xxx.xxx.xxx.xxx <mailto:ebb22500-1ee1b910-1cb56-87a27d9e@158.125.162.135> Supported: timer,resource-priority,replaces Min-SE: 1800 User-Agent: Cisco-CUCM12.5 Allow: INVITE, OPTIONS, INFO, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY CSeq: 101 INVITE Expires: 180 Allow-Events: presence, kpml Supported: X-cisco-srtp-fallback,X-cisco-original-called Call-Info: sip: xxx.xxx.xxx.xxx:5060;method="NOTIFY;Event=telephone-event;Duration=500" Call-Info: ;x-cisco-video-traffic-class=DESKTOP;x-cisco-qos-tcl=true Session-ID: 7b390f7500105000a000a860b63b96d1;remote= Cisco-Guid: 3954320640-065536-002092-2275573150 Session-Expires: 1800 P-Asserted-Identity: "Gary Parker" sip:+441509635635@ xxx.xxx.xxx.xxx Remote-Party-ID: "Gary Parker" sip:+441509635635@ xxx.xxx.xxx.xxx ;party=calling;screen=yes;privacy=off Contact: sip:+441509635635@ xxx.xxx.xxx.xxx:5060;transport=tcp;video;audio;+u.sip!devicename.ccm.cisco.com="JFWCCGJP";bfcp Max-Forwards: 69 Content-Type: application/sdp Content-Length: 1583 v=0 o=CiscoSystemsCCM-SIP 1460625 1 IN IP4 xxx.xxx.xxx.xxx s=SIP Call c=IN IP4 xxx.xxx.xxx.xxx b=TIAS:3968000 b=AS:3968 t=0 0 a=cisco-mari:v1 a=cisco-mari-rate m=audio 22946 RTP/AVP 114 9 104 105 0 8 18 111 101 a=extmap:14/sendrecv http://protocols.cisco.com/timestamp#100us a=rtpmap:114 opus/48000/2 a=rtpmap:9 G722/8000 a=rtpmap:104 G7221/16000 a=fmtp:104 bitrate=32000 a=rtpmap:105 G7221/16000 a=fmtp:105 bitrate=24000 a=rtpmap:0 PCMU/8000 a=rtpmap:8 PCMA/8000 a=rtpmap:111 X-ULPFECUC/8000 a=fmtp:111 max_esel=1420;m=8;max_n=32;FEC_ORDER=FEC_SRTP a=rtpmap:18 G729/8000 a=fmtp:18 annexb=no a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-15 a=trafficclass:conversational.audio.avconf.aq:admitted m=video 27310 RTP/AVP 126 97 111 b=TIAS:3968000 a=label:11 a=extmap:14/sendrecv http://protocols.cisco.com/timestamp#100us a=rtpmap:126 H264/9 a=fmtp:126 profile-level-id=42801F;packetization-mode=1;max-mbps=244800;max-fs=8161;max-rcmd-nalu-size=32000;level-asymmetry-allowed=1 a=imageattr:126 recv [x=[32:1:1920],y=[18:1:1080],par=1.7778,q=1.00] a=rtpmap:97 H264/9 a=fmtp:97 profile-level-id=42801F;packetization-mode=0;max-mbps=244800;max-fs=8161;level-asymmetry-allowed=1 a=imageattr:97 recv [x=[32:1:1920],y=[18:1:1080],par=1.7778,q=1.00] a=rtpmap:111 X-ULPFECUC/9 a=fmtp:111 max_esel=1420;m=8;max_n=32;FEC_ORDER=FEC_SRTP a=content:main a=r
Re: [cisco-voip] [External] Voice Gateway Dial-Peer Precedence/Processing Order
Thanks Tim, understood. Gary From: Johnson, Tim Date: Friday, 11 November 2022 at 13:17 To: Gary Parker , voip puck Subject: RE: [External] [cisco-voip] Voice Gateway Dial-Peer Precedence/Processing Order ** THIS MESSAGE ORIGINATED OUTSIDE LOUGHBOROUGH UNIVERSITY ** ** Be wary of links or attachments, especially if the email is unsolicited or you don't recognise the sender's email address. ** In the preference list on that page, they list “incoming uri” higher than “incoming called-number” for inbound H.323 call legs. So based on that, the “incoming uri” dial peer should be chosen first if the string is the same in each dial peer. The order in which it appears in the config or the dial peer number does not make any difference. From: Gary Parker Sent: Friday, November 11, 2022 8:05 AM To: Johnson, Tim ; voip puck Subject: Re: [External] [cisco-voip] Voice Gateway Dial-Peer Precedence/Processing Order Thanks Tim, I’m not sure fully understand the precedence, still. If I have to two dial-peers that both match a given inbound call, for example, and one is matching on ‘incoming uri’ and the other is matching on ‘incoming called-number’, for example, will the ‘incoming uri’ dial-peer always match first, regardless of the order it appears in the running config, or the dial-peer number? It’s the matches themselves that determine precedence in the matching order? I note that you can put multiple matches within a dial-peer and only one needs to match, it’s a shame that compound matches can’t be built. Gary From: Johnson, Tim mailto:johns...@cmich.edu>> Date: Friday, 11 November 2022 at 12:57 To: Gary Parker mailto:g.j.par...@lboro.ac.uk>>, voip puck mailto:cisco-voip@puck.nether.net>> Subject: RE: [External] [cisco-voip] Voice Gateway Dial-Peer Precedence/Processing Order ** THIS MESSAGE ORIGINATED OUTSIDE LOUGHBOROUGH UNIVERSITY ** ** Be wary of links or attachments, especially if the email is unsolicited or you don't recognise the sender's email address. ** I believe this is what you’re looking for. Order is based on how you have your DNIS/ANI pattern configured. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/voice/cube/configuration/cube-book/cube-dp.html#concept_1ACF9AAF93C24BB988E4A2EE3734C8A6 From: cisco-voip mailto:cisco-voip-boun...@puck.nether.net>> On Behalf Of Gary Parker Sent: Friday, November 11, 2022 7:39 AM To: voip puck mailto:cisco-voip@puck.nether.net>> Subject: [External] [cisco-voip] Voice Gateway Dial-Peer Precedence/Processing Order Hi folks, feel stupid asking what feels like a newbie question, but I can’t seem to find an answer online anywhere and I ‘ve never needed to worry about this in the past! In what order are dial-peers checked for a match for calls passing through a voice gateway? Is it simply the order they appear in the running-config, does the dial-peer number play any part, or is there something else influencing it? -- Gary Parker Unified Communications Service Manager Loughborough University, IT Services Phone - +441509635635 Teams - g.j.par...@lboro.ac.uk https://www.osx.ninja/pubkey.txt ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] [External] Voice Gateway Dial-Peer Precedence/Processing Order
Thanks Tim, I’m not sure fully understand the precedence, still. If I have to two dial-peers that both match a given inbound call, for example, and one is matching on ‘incoming uri’ and the other is matching on ‘incoming called-number’, for example, will the ‘incoming uri’ dial-peer always match first, regardless of the order it appears in the running config, or the dial-peer number? It’s the matches themselves that determine precedence in the matching order? I note that you can put multiple matches within a dial-peer and only one needs to match, it’s a shame that compound matches can’t be built. Gary From: Johnson, Tim Date: Friday, 11 November 2022 at 12:57 To: Gary Parker , voip puck Subject: RE: [External] [cisco-voip] Voice Gateway Dial-Peer Precedence/Processing Order ** THIS MESSAGE ORIGINATED OUTSIDE LOUGHBOROUGH UNIVERSITY ** ** Be wary of links or attachments, especially if the email is unsolicited or you don't recognise the sender's email address. ** I believe this is what you’re looking for. Order is based on how you have your DNIS/ANI pattern configured. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/voice/cube/configuration/cube-book/cube-dp.html#concept_1ACF9AAF93C24BB988E4A2EE3734C8A6 From: cisco-voip On Behalf Of Gary Parker Sent: Friday, November 11, 2022 7:39 AM To: voip puck Subject: [External] [cisco-voip] Voice Gateway Dial-Peer Precedence/Processing Order Hi folks, feel stupid asking what feels like a newbie question, but I can’t seem to find an answer online anywhere and I ‘ve never needed to worry about this in the past! In what order are dial-peers checked for a match for calls passing through a voice gateway? Is it simply the order they appear in the running-config, does the dial-peer number play any part, or is there something else influencing it? -- Gary Parker Unified Communications Service Manager Loughborough University, IT Services Phone - +441509635635 Teams - g.j.par...@lboro.ac.uk https://www.osx.ninja/pubkey.txt ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] Voice Gateway Dial-Peer Precedence/Processing Order
Hi folks, feel stupid asking what feels like a newbie question, but I can’t seem to find an answer online anywhere and I ‘ve never needed to worry about this in the past! In what order are dial-peers checked for a match for calls passing through a voice gateway? Is it simply the order they appear in the running-config, does the dial-peer number play any part, or is there something else influencing it? -- Gary Parker Unified Communications Service Manager Loughborough University, IT Services Phone - +441509635635 Teams - g.j.par...@lboro.ac.uk https://www.osx.ninja/pubkey.txt ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] Advice Re. Translation Patterns and Call Re-Routing
Hi folks, I’m in the process of planning a migration to MS Teams for voice. Don’t hate me! The discussions have been long and the decision is made, I’m just trying to lessen the pain now :-D We’re running CUCM 12.5 on-prem with a pair of CUBEs with SIP trunks to our TSP, Gamma, for external calling. Our Direct Routing SBCs into Teams are cloud hosted by Gamma, so calls between CUCM and Teams won’t cost me anything, even though both consider them external calls. I’m trying to figure out the simplest way possible, that will eventually scale to hopefully hundreds of users a day, to reroute calls made from a CUCM endpoint, to a DN that /was/ on CUCM, to Gamma instead and then to MS via DR as we migrate users from one system to the other. This is assuming I’ve already had Gamma move the subscriber number from our SIP service to Direct Routing, so all inbound PSTN calls hit Teams rather than CUCM. The simplest way, that I’ve already had working, is just to put a CFwdAll on the line in question, say 635000 to 901509635. 9 is our outside line prefix, and 01509 is the area code. That sends it out via the CUBE to Gamma, they recognise it as a number on my Direct Routing endpoint and send it to MS. The CUCM endpoint can still make internal and external calls, but any internal calls to it from another CUCM endpoint are sent to Teams instead. What I’ve been trying to figure out is something along the lines of moving the line into a different partition that’s not in a CSS available to other users not migrated to Teams yet. The endpoint will still be able to make calls but not receive them. This bit works okay. I then tried creating a partition at the bottom of the “internal” calling search space so that six digit calls that don’t match anything else fall into it, get a translation pattern applied to prefix the six digits with 901509, and the partition has a CSS that allows external calls. But the calls to six digit numbers never seem to match against this partition, which simply has a translation pattern with “!” as the matching pattern. Is it possible to have a “catch all” partition match like this, or does it have to be a more explicit match, meaning I’m back to building a list of migrated numbers rather than moving to a different partition? If anyone has a more elegant solution feel free to make a suggestion. --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University, IT Services | | tel:+441509635635 sip:g...@lboro.ac.uk o |https://www.osx.ninja/pubkey.txt | \r--d-/ ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] [External] Jabber Users Prompted To Accept Webex Cert
> On 30 Nov 2021, at 00:08, Gary_Bates_Command_Solutions > wrote: > > I was told by a Cisco rep its all to do with Cisco’s arrogant sales strategy, > trying to get all on-prem users to switchover to either Hybrid Jabber / > Hybrid Webex or full cloud connection with Webex. > > Unfortunately, it wasn’t communicated honestly and up front, my customer is > very annoyed with Cisco and is slowly migrating towards MS Teams calling For the benefit of anyone watching from Cisco: this is pretty much how our experience of this has played out. We were already considering a move to Teams and Direct Routing and this has simply accelerate that move. I’m about to start a proof of concept Direct Routing project and looking at the practicalities of a phased migration of users with help from our SIP TSP. --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University, IT Services | | tel:+441509635635 sip:g...@lboro.ac.uk o |https://www.osx.ninja/pubkey.txt | \r--d-/ ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Of Expressways and max-forwards...
> On 15 Nov 2021, at 15:34, Gary Parker wrote: > > ... > > So…question: why is the max hops set so low (15) on expressway zones by > default when it’s set to 70 on CUBEs, and is there anything this is likely to > break/that I should look out for now I’ve made the change? Thanks for all the feedback and taking the time to reply, folks. A few follow-ups below: > My expressways were set up by professional services with almost little to no > “learning” involved. Same here. It’s one of those things that’s “always worked” since it was put in so I’ve never had the impetus to learn about it, sadly :-/ > Isn't Calmanager Service Parameter for max-forwards 12? Says if QSIG set to > 15. Nothing about if SIP set to 70. Having just checked it, yes it is. Cisco seems to use “maximum hops” and “maximum forwards” interchangeably on different systems, which is less than helpful. In the CallManager Service Parameters we have “Forward Maximum Hop Count”, which controls the number of times a call can be *forwarded* within the cluster, ie. from one DN to another. I don’t believe this has an impact on SIP “max-forwards” when passing call from router to router when routing calls to PSTN. Damnit Cisco, pick a word and stick with it :-) (I know, I know…there’s history…) > is the value reset at CUBE to PSTN to 70 on outgoing? that is what logs seems > to show. Makes sense if CUBE is IP-IP gateway. Yes. I can see that the initial INVITE of a SIP call passed from CUCM to CUBE has Max-Forwards <70 (as it passes through my campus network), but the corresponding INVITE sent to my TSP has it reset to 70. > All the things Wes said Thanks, that all makes sense wrt to causing internal loops. I think the problem here, as alluded to earlier, is that Cisco mixes use of maximum “hops" and “forwards" in different contexts (no doubt IETF SIP standards are also partly to blame), and that the defaults on Expressways weren’t set up with SIP PSTN access in mind. I should also apologise at this point for an error in my previous post: it was not the “max hops” parameter that I had to change in the Zones on the core and edge expressways, but “Hop count”, which is somewhat unintuitive imho. It’s interesting that CUBE seems to respect and preserve the max-forwards field that’s set on calls via the expressways, but not on those from directly registered CUCM clients. FWIW I’ve not looked at the behaviour wrt to SCCP devices; that may be different again. Anyways, thanks again folks. Gary ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] Of Expressways and max-forwards...
Afternoon all, my team and I just got to the bottom of a particularly gnarly problem with a pair of new SIP trunks which I’ll explain in case it’s of use to others, but I have a question at the end regarding SIP configuration on Expressways, particularly in traversal/MRA zones. In summary, a small but reproducible volume of calls were silently failing when routed over our new SIP trunks rather than our legacy ISDN30 circuits. We were getting a "483 Too Many Hops" error back from the TSP indication we’d reached the hop limit specified for connecting the call. Most calls were being set up with max-forwards=70 (the default) but certain calls were exiting our network through our CUBES with it set to 12 or 13. Calls from both physical and Jabber softphones where affected, although notably only newer 8800 series SIP handsets. I tried forcing max-forwards on the CUBEs to 70 but this didn’t change the outgoing calls that were already having problems. Eventually we narrowed it down to calls from MRA registered devices on our expressways (mostly Jabber but with a small number of 8845s in staff home offices), as all failed calls had the same source IP address when we looked at the corresponding CDRs; although this wasn’t visible in the SIP traces which made diagnosis harder (source IP address is the subscriber when looking at the CUBE’s SIP ). A quick look at edge and core expressways showed that “max hops” was to set to 15 in the relevant zones. Cisco documentation says this is the default, but suggests to set it higher if calls are failing with a 483 code. So we set the max hops to 70 and calls are now connecting as expected. So…question: why is the max hops set so low (15) on expressway zones by default when it’s set to 70 on CUBEs, and is there anything this is likely to break/that I should look out for now I’ve made the change? --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University, IT Services | | tel:+441509635635 sip:g...@lboro.ac.uk o |https://www.osx.ninja/pubkey.txt | \r--d-/ ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] [External] Jabber Users Prompted To Accept Webex Cert
Yeah, I had a suspicion at one point that this might be to do with the telemetry (which we’re sending), but the only reference I can find to the servers used for this is in the "Feature Configuration for Cisco Jabber 12.8” doc where it states that clients connect to "metrics-a.wbx2.com” (also mentioning that you must install a GoDaddy root cert). We’ve been sending telemetry for some time and have not had this problem before, and the cert the client is erroring on is idbroker.webex.com (with the IdenTrust root). Fwiw, metrics-a.wbx2.com is a cname for ha-a-main.wbx2.com, which in turn is a cname for achm-main-ha-a-nlb-1d0e22049c746ef1.elb.us-east-2.amazonaws.com metrics-a.wbx2.com *does* have a GoDaddy root cert, and a wildcard server cert. What a mess! That bug also says: "b) Disable the telemetry call to Webex in the jabber-config xml” …but then goes on to say: "This error/popup is not related to Telemetry. Even if you disable Telemetry on Jabber certificate pop up will continue to show.” ¯\_(ツ)_/¯ Gary > On 11 Nov 2021, at 22:57, Brian V wrote: > > Part of the workaround referenced in the Bug doesn't make sense. They > reference adding some GoDaddy certs, but when you look at the URL they > reference (*.wbx2.com) that is signed by Hydrant not Go Daddy. ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] [External] Jabber Users Prompted To Accept Webex Cert
Quick follow-up: I’ve heard from another site (off-list) suffering this now, too. Gary > On 11 Nov 2021, at 16:13, Gary Parker wrote: > > Thanks Tim, likewise: glad it’s not just us! ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] [External] Jabber Users Prompted To Accept Webex Cert
Thanks Tim, likewise: glad it’s not just us! I’m loathe to advise users to accept a certificate that’s flagged as bad for some reason, as that’s just bad security practice. As I mentioned earlier, I’ve added: WEBEX ...to our jabber-config.xml, and we’re advising users to reset their Jabber client to apply it, but that’s bound to upset a few who’ll lose their chat history and contacts. Gary > On 11 Nov 2021, at 15:30, Johnson, Tim wrote: > > I’ve heard from my help desk that they had a few users report the prompt for > accepting a cert. Unfortunately, they gathered zero details for me and just > had the users accept the cert… > > Good to know it’s not just us though. ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Jabber Users Prompted To Accept Webex Cert
Thanks Jason, I was aware of FN 72120 and figured that this may be associated (but not the cause); I guess Cisco have replaced a load of certs. However: - FN 72120 only relates to Android and iOS clients using push notifications, we’re only seeing this behaviour on Windows clients - these clients are connecting to on-prem services, either directly or via expressway/MRA with EXCLUDED_SERVICES=WEBEX declared at install. The clients should not be attempting to contact Webex servers - we’ve checked a number of clients and all have the correct IdenTrust root CA present (checked serial numbers) - viewing the offered certificate within Jabber shows root, intermediate and server all okay - browsing to https://idbroker.webex.com and examining the certificate shows the same, it’s only the Jabber application that rejects the certificate Gary > On 11 Nov 2021, at 15:12, Jason Aarons (Americas) > wrote: > > Webex clients update switched from the Quovadis Root CA which was older and > being retired, to the IdenTrust Root CA which it dates back to 2014. The > IdenTrust Root CA certificate is contained within the default trust store of > all major operating systems by default. > > Not clear why IdenTrust is missing on your computers. > > Guessing maybe you disabled automatic root updates at some point or don’t > have Windows updates running ? > https://serverfault.com/questions/752146/why-are-many-admins-using-turn-off-automatic-root-certificates-update-policy > > Cisco Field Notice we didn’t notice > https://www.cisco.com/c/en/us/support/docs/field-notices/721/fn72120.html ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] Jabber Users Prompted To Accept Webex Cert
Morning all, a few years back we had a problem where lots of our managed Windows service users were complaining that their Jabber clients had started rejecting a certificate offered by idbroker.webex.com This thread on community.cisco.com (https://community.cisco.com/t5/unified-communications/jabber-idbroker-webex-com-certificate-request-during-the-first/td-p/3216376) showed we weren’t the only ones, but that it seemed limited to managed clients. We solved this by adding the EXCLUDED_SERVICES=WEBEX flag to the installer on our managed clients. Fast forward to today and we suddenly have a load of service desk cases from users again. Nothing has changed in our configuration of Jabber client, IM&P servers or expressways. The clients haven’t been updated recently, and this time we’re also seeing the “Certificate not valid” pop-up on unmanaged Windows machines as well as our managed service. The cert that’s being rejected has validity start date of late September, so it doesn’t appear to be a cert that’s only just been brought into use. Is anyone else seeing this today? As a workaround I’ve added: WEBEX ...to our jabber-config.xml, but that will require users to manually reset their clients. Not sure why I hadn’t done earlier ¯\_(ツ)_/¯ ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Adding area code to local calls and digit manipulation at route list/route pattern level
Thanks Lelio, that was the problem. As per https://www.ciscopress.com/articles/article.asp?p=1745737&seqNum=8 " The three levels of digit manipulation are not cumulative. Only one level of digit manipulation will be applied. The hierarchy for these digit manipulations are as follows: • Digit manipulation settings on the route pattern take effect only when the route list details do not have any defined digit manipulations. A transformation CSS applied at the gateway/trunk or device pool will also cause the digit manipulations applied at the route pattern level to be skipped. • If the transformation CSS at the gateway or trunk matches, but the route list details have configured digit manipulations, the manipulations configured at the route list details are used. Route pattern digit manipulations are ignored. • If any manipulation matches through a gateway or trunk transformation CSS, all other digit manipulations are ignored. " I had assumed (wrongly) that changes were applied in order from route pattern, through route list/group and gateway/trunk, and were additive. My reading of the above suggests that a transformation at Route List level overrides both Route Pattern *and* gateway/trunk transformations. Which is odd to me as, from a call flow perspective, the Route List sits in between Route Pattern and gateway/trunk. Anyway, I set up a new route pattern, route list and route group specifically for these local calls that matched my LOCAL route filter and am applying the transformation successfully at the route group. One other wrinkle that turned up while applying this was that the dot and @ position indication seems to be lost when transforming at the route group level. While I could successfully apply GBNP:PreDot as a digit strip option at Route Pattern level, trying to do the same at Route List/Group removes *all* digits. As a consequence I’m instead using a Called Party Transform Mask to get the last six digits of the dialled string and prefixing that with the appropriate area code. It’s working, but it feels inelegant. Gary > On 21 May 2021, at 19:39, Lelio Fulgenzi wrote: > > I didn't go through your email in detail, but, just in case, it might help. > > I remember when I tried to do digit manipulation, I found that the > manipulation was always dropped before as it went to the next level. Or > something like that. Then, when I read the help pages, it spelled it out, > something like, this takes precedence over this. > > For example, on the route list detail: > > The settings on this page override the settings of the same name on the Route > Pattern/Route Pilot page. These settings are used for calls routed through > this member of the current Route List only. > > If you want the prefix digits to be seen by the TSP, then I think you have to > put them on the final egress, i.e. trunk. > > It's been a while though. ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] Adding area code to local calls and digit manipulation at route list/route pattern level
Afternoon all, I’ve got a problem I’ve been struggling with for a few days now. It’s bound to be something simple I’ve forgotten from my CCNA Voice days (a long time ago!). I’m running CUCM 12.5 SU4 with GBNP 1.1(31) and 2921 voice gateways operating as CUBE with IOS 15.5(3)M2 in the UK Background: I’m in the process of migrating our outbound PSTN dialling from our Virgin Media Business PRI circuits to SIP trunks provided by Gamma. The problem I’ve encountered is with local rate calls with no area code. Our PRIs will happily route outbound six digit dialled numbers but the SIP trunks will not. I suspect this is a common problem, and will only become more common in the UK as Ofcom removes the obligation on TSPs to provide local dialling: https://www.ispreview.co.uk/index.php/2021/04/ofcom-will-stop-requiring-uk-phone-providers-to-offer-local-dialling.html Problem: I though this would be a relatively simple task of adding Prefix Digits (Outgoing Calls) of my area code (01509) to all calls matching the LOCAL route filter using a Route Pattern. At first glance, Dialled Number Analyzer shows that Dialled Digits of eg. 9112233 gets transformed to Called Party Number of 01509112233 • Results Summary • Calling Party Information • Dialed Digits = 9112233 • Match Result = RouteThisPattern • Matched Pattern Information • Called Party Number = 01509112233 • Time Zone = Etc/GMT • End Device = Lboro_SIP_Test • Call Classification = OffNet • InterDigit Timeout = NO • Device Override = Disabled • Outside Dial Tone = NO • Call Flow • Alternate Matches However calls via the SIP TSP fail with a 404 as the dialled number is still “123456” when I look at debug on the voice gateway. Looking more closely at the DNA output it appears that the post-transform Called Number at the Route Pattern level isn’t being passed to the Route List: • Call Flow • Route Pattern :Pattern= 9.@ • Positional Match List = • DialPlan = United Kingdom Numbering Plan • Route Filter • Require Forced Authorization Code = No • Authorization Level = 0 • Require Client Matter Code = No • Call Classification = OffNet • PreTransform Calling Party Number = 445566 • PreTransform Called Party Number = 9112233 • Calling Party Transformations • External Phone Number Mask = YES • Calling Party Mask = XX • Prefix = • CallingLineId Presentation = Allowed • CallingName Presentation = Allowed • Calling Party Number = • ConnectedParty Transformations • ConnectedLineId Presentation = Default • ConnectedName Presentation = Default • Called Party Transformations • Called Party Mask = • Discard Digits Instruction = PreDot • Prefix = 01509 Correct here -> • Called Number = 01509112233 • Route List :Route List Name= Lboro_SIP_Test • RouteGroup :RouteGroup Name= LBORO_SIP_Gamma-TEST-RG • PreTransform Calling Party Number = 445566 Incorrect here -> • PreTransform Called Party Number = 9112233 Why are the transformations I make at the Route List level being dropped when the call gets to the Route Group? I understand that Route List/Group transformations override Route Pattern transformations, but I’m not doing any transformations at the Route List/Group level beside Discard Digits, GBNP: PreDot. This is necessary as, again, although PreDot is applied at the Route Pattern level the ‘9’ is back again when we get to the Route Group. FYI, I’m using "Use Calling Party's External Phone Number Mask” to correctly apply the area code to CallingPartyNumber in outgoing calls, but that’s not reflected in DNA. External calling party number is always 01509XXXXXX --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University, IT Services | | tel:+441509635635 sip:g...@lboro.ac.uk o |https://www.osx.ninja/pubkey.txt | \r--d-/ ___ cisco-voip mailing list cisco-voip@puck.nether.net https:/
[cisco-voip] dot1x, ISE, EAP-FAST and 69xx Phones
Morning all, our network team are moving to an SDA network using Cisco DNAC and ISE and have asked me to dot1x enable our phones to stop having to profile them and use plus license. I’m currently on CUCM 11.5.1 SU2 and the majority of our phones are 69xx, thus preventing us from using anything above TLS1.0 as I understand it. While ISE will do TLS1.0, it doesn’t support SHA-1, which the 69xx phones are stuck with for LSC auth. I’ve found some documentation suggesting these devices will do EAP-FAST (the same solution our networks guys used to get our Cisco APs on the wired network), but can’t find anything explaining how to configure enable this other than for phones with a wireless interface. - is anyone out there doing EAP-FAST with LSC to ISE with 69xx phones? - do 69xx phones support EAP-FAST on a wired interface? - can anyone point me at a resource explaining how to configure this? --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University, IT Services | | tel:+441509635635 sip:g...@lboro.ac.uk o |https://www.osx.ninja/pubkey.txt | \r--d-/ ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] room kits - smartnet or not?
> On 11 Jul 2019, at 16:02, Charles Goldsmith wrote: > > Video units are expensive, so you are gambling that nothing is going to go > wrong. In 2 years if something does go out on one, you have to buy another > one. That's a business decision and I just present the facts to the bean > counters and let them make it and take the heat :) I had the codec and the screen both fail on an MX800 within 12 months of each other. Very glad I had smartnet :-) --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University, IT Services | | tel:+441509635635 sip:g...@lboro.ac.uk o |https://www.osx.ninja/pubkey.txt | \r--d-/ ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Jabber For Mac Unable To Ad-Hoc Conference
> On 14 Nov 2018, at 14:22, Gary Parker wrote: > > > >> On 14 Nov 2018, at 13:41, Gary Parker wrote: >> >> CUCM 11.5.1-12900-21 >> IM&P 11.5.1.12900-25 >> Various Jabber clients (iOS, Mac, Windows tested with 12.1.1, 12.0, 11.9, >> 11.8.1) >> >> Afternoon all, I’ve had a call from a user stating that they’re unable to >> start ad-hoc audio conferences from their Jabber for Mac client. I’ve tested >> this on my own client (12.1.1 on macOS 10.14.1) and found that clicking the >> elipsis/more button during a call only gives me the option of Transfer, Hold >> and Merge (greyed out). >> >> Logging in with the same credentials (and, by extension, using the same >> Unified Client Services Framework device in CUCM) on Windows 10 (Jabber for >> Windows 12.1.1), placing a call and clicking the elipsis/more button gives >> me Transfer, Hold and Merge (greyed out) and Conference. >> >> The conference button is also visible when using the latest version of the >> iOS client. >> >> Observed behaviour on Mac clients is the same whether on the LAN, connected >> via VPN or MRA >> >> Another user reports that the Conference option used to be available on his >> Mac client but that it disappeared a number of revisions ago. >> >> - is this functionality still present in the Mac client? >> >> - any idea why it’s not showing up on my devices? > > One other thing: this is the same whether in soft phone or deskphone mode. > Conference option missing on Mac and present on all other platforms. Quick update on this, for the benefit of others. This was raised with TAC and they’ve informed me that this behaviour is by design. Ad-hoc conference calls on Mac should be created using the Merge function. Every other soft phone and desk phone uses the Conference option. Doesn’t seem right to me, but there you go… ¯\_(ツ)_/¯ --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University, IT Services | | tel:+441509635635 sip:g...@lboro.ac.uk o |https://www.osx.ninja/pubkey.txt | \r--d-/ signature.asc Description: Message signed with OpenPGP ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Jabber For Mac Unable To Ad-Hoc Conference
> On 14 Nov 2018, at 13:41, Gary Parker wrote: > > CUCM 11.5.1-12900-21 > IM&P 11.5.1.12900-25 > Various Jabber clients (iOS, Mac, Windows tested with 12.1.1, 12.0, 11.9, > 11.8.1) > > Afternoon all, I’ve had a call from a user stating that they’re unable to > start ad-hoc audio conferences from their Jabber for Mac client. I’ve tested > this on my own client (12.1.1 on macOS 10.14.1) and found that clicking the > elipsis/more button during a call only gives me the option of Transfer, Hold > and Merge (greyed out). > > Logging in with the same credentials (and, by extension, using the same > Unified Client Services Framework device in CUCM) on Windows 10 (Jabber for > Windows 12.1.1), placing a call and clicking the elipsis/more button gives me > Transfer, Hold and Merge (greyed out) and Conference. > > The conference button is also visible when using the latest version of the > iOS client. > > Observed behaviour on Mac clients is the same whether on the LAN, connected > via VPN or MRA > > Another user reports that the Conference option used to be available on his > Mac client but that it disappeared a number of revisions ago. > > - is this functionality still present in the Mac client? > > - any idea why it’s not showing up on my devices? One other thing: this is the same whether in soft phone or deskphone mode. Conference option missing on Mac and present on all other platforms. Gary ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] Jabber For Mac Unable To Ad-Hoc Conference
CUCM 11.5.1-12900-21 IM&P 11.5.1.12900-25 Various Jabber clients (iOS, Mac, Windows tested with 12.1.1, 12.0, 11.9, 11.8.1) Afternoon all, I’ve had a call from a user stating that they’re unable to start ad-hoc audio conferences from their Jabber for Mac client. I’ve tested this on my own client (12.1.1 on macOS 10.14.1) and found that clicking the elipsis/more button during a call only gives me the option of Transfer, Hold and Merge (greyed out). Logging in with the same credentials (and, by extension, using the same Unified Client Services Framework device in CUCM) on Windows 10 (Jabber for Windows 12.1.1), placing a call and clicking the elipsis/more button gives me Transfer, Hold and Merge (greyed out) and Conference. The conference button is also visible when using the latest version of the iOS client. Observed behaviour on Mac clients is the same whether on the LAN, connected via VPN or MRA Another user reports that the Conference option used to be available on his Mac client but that it disappeared a number of revisions ago. - is this functionality still present in the Mac client? - any idea why it’s not showing up on my devices? --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University, IT Services | | tel:+441509635635 sip:g...@lboro.ac.uk o |https://www.osx.ninja/pubkey.txt | \r--d-/ signature.asc Description: Message signed with OpenPGP ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] HELP
I need somebody… Gary > On 1 Nov 2018, at 13:27, Fry, John wrote: > > help > > > > State of Illinois - CONFIDENTIALITY NOTICE: The information contained in this > communication is confidential, may be attorney-client privileged or attorney > work product, may constitute inside information or internal deliberative > staff communication, and is intended only for the use of the addressee. > Unauthorized use, disclosure or copying of this communication or any part > thereof is strictly prohibited and may be unlawful. If you have received this > communication in error, please notify the sender immediately by return e-mail > and destroy this communication and all copies thereof, including all > attachments. Receipt by an unintended recipient does not waive > attorney-client privilege, attorney work product privilege, or any other > exemption from disclosure. > > ___ > cisco-voip mailing list > cisco-voip@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-voip ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Unity Call Handler recording upload
> On 12 Oct 2018, at 14:43, Anthony Holloway > wrote: > > In addition to Audacity, which I use myself, try this site out: > http://g711.org/ Neat idea, and well implemented, but obviously please be wary of sending your data to someone else’s site! --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University, IT Services | | tel:+441509635635 sip:g...@lboro.ac.uk o |https://www.osx.ninja/pubkey.txt | \r--d-/ signature.asc Description: Message signed with OpenPGP ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Unity Call Handler recording upload
> On 12 Oct 2018, at 10:56, James Dust wrote: > > I have created a call handler on our unity server for a number range we no > longer use. > > Our staff have created an mp4 file, with the desired recording on it which I > wish to upload to this call handler. > > I’ve converted the file to both .mp3 and .wav, however when I upload the file > I get an error message stating the format is oncorrect. > > Could someone tell me what format the file should be in please? Hi James, I found this article on using the free Audacity tool to convert very helpful: http://snafder.blogspot.com/2011/01/saving-wav-files-in-ccitt-u-law-format.html Long story short, you need a mono, 8-bit, 8kHz, u-law WAV. However, use Audiotext Manager and it does all the heavy lifting for you. Just drop any old wav file or MP3 and it converts it as it uploads. Definitely my recommended solution. https://www.ciscounitytools.com/Applications/CxN/ATM/ATM.html --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University, IT Services | | tel:+441509635635 sip:g...@lboro.ac.uk o |https://www.osx.ninja/pubkey.txt | \r--d-/ signature.asc Description: Message signed with OpenPGP ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Is It Possible To Dial A PLAR Configured Line?
> On 5 Oct 2018, at 11:10, daniele visaggio wrote: > > I think you should avoid placing your room's dn in the EAC_PLAR_PT partition. > Just use a regular partition: the EAC_PLAR_PT should be associated only to > the translation pattern with the blank translation pattern string. > > Place EAC_PLAR_PT inside a CSS called e.g. PLAR_to_Reception and give this > CSS to the phones. But dn stay in EAC_PT partition. > > Sounds good? Perfecto! So simple, hadn’t even considered that. Sometimes you get so deep into the guts of something the obvious solution eludes you. Thanks Daniele Gary signature.asc Description: Message signed with OpenPGP ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] Is It Possible To Dial A PLAR Configured Line?
Morning all, I'm setting up a bunch of phones for a new building on campus that's operating as a small hotel, for all intents and purposes. Here's a quick summary of the configuration: • two 8851s on reception, two 7841s in the office and a 7841 in the kitchen, two 7832s in meeting rooms • they want to be separate from the rest of campus, from a telephony point of view, so office, meeting room, kitchen and reception phones have all gone into their own partition (EAC_PT) • there's a hunt pilot for the main number (that distributes calls to reception and the office) • shared line on the two reception phones and shared line on the two office phones • BLFSD pickups on all those phones with a pickup group containing office, reception and kitchen phones (only reception has the meeting rooms) That's all working nicely. Now, the problem is that I also have 49x 6901s for the rooms and corridors. The client specified (against my better judgement) that they only be able to call reception, so I've configured them all for PLAR as per this guide. The PLAR is working fine, calls go to the reception hunt pilot as soon as the handset is lifted and reception can then forward them on to wherever they like, in our out of the organisation. They're in the EAC_PLAR_PT partition. My problem is that I'd also like to be able to call those rooms from the handsets in the EAC_PT partition. Adding the EAC_PLAR_PT to the CSS in use by those handsets, however, causes them to also behave as if they were PLAR configured. Just having the EAC_PLAR_PT (with its translation pattern) in the CSS, no matter its position in the partition order, causes the other handsets to replicate the room handset PLAR behaviour. This didn't immediately manifest itself, though. As the room/corridor phones are all SCCP I only did the SCCP part of the PLAR config. Consequently, going off-hook with the other phones (all SIP) didn't invoke the PLAR behaviour and calls could be made to EAC_PT, EAC_PLAR_PT and the wider world. Problems arose, however, when trying to use the pickup functionality within the office. As the phone essentially dials the pickup group number it was hitting the translation pattern in EAC_PLAR_PT and instead dialling the reception hunt pilot. Taking the EAC_PLAR_PT out of their CSS returns pickup functionality, but I can no longer dial the rooms. I replicated the config of one of the office 7841s to a 6921 in the EAC_PT and, with the EAC_PLAR_PT in its line CSS, observed automatic dialling to reception when the handset was lifted. Again, removing the EAC_PLAR_PT from its line CSS restored calling and pickup functionality, but I'm now unable to dial the handsets in EAC_PLAR_PT. How can I dial the lines in the EAC_PLAR_PT? Is it possible or is it a side-effect of PLAR that the lines become unreachable? Can anyone suggest a better way of doing this? I'd really like to avoid providing dial-tone to these rooms with a restricted CSS. --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University, IT Services | | tel:+441509635635 sip:g...@lboro.ac.uk o |https://www.osx.ninja/pubkey.txt | \r--d-/ signature.asc Description: Message signed with OpenPGP ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] Sennheiser TeamConnect Wireless USB Connection
Hi all, does anyone have experience of using the Sennheiser TeamConnect Wireless system with a Cisco handset? They seem like a great solution for covering small to medium sized meeting rooms where budget or physical constraints don’t allow for ceiling mounted speaker/mic systems. We had our Sennheiser rep on site recently to demo the kit and it worked excellently with bluetooth connection when we plugged the Sennheiser bluetooth dongle into an 8851 handset and paired it, but plugging the master unit into the 8851’s USB socket resulted in an error message on the handset something along the lines of the device not being supported “in this release”. I’d hoped it would present itself as USB audio device or headset and “just work” with the handset (it worked fine via USB with my Mac running Jabber) as many other devices do. We’re buying the TeamConnect gear regardless, but I’d prefer to use a cable connection (keep it simple) and keep the bluetooth available for pairing mobiles if necessary. Ideally I’d like to run it with an 8961. https://en-uk.sennheiser.com/teleconference-meeting-teamconnect-wireless-audio-solutions --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University, IT Services | | tel:+441509635635 sip:g...@lboro.ac.uk o |https://www.osx.ninja/pubkey.txt | \r--d-/ ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Cisco ATA Devices need reset
> On 18 Sep 2018, at 20:27, Lisa Notarianni > wrote: > > Does anyone else out there ever have to do a hard reset on Cisco ATA devices > because all of a sudden the ports are not registered in Call Manager? We > have a few buildings this happens often in. We have to walk to the device > and reset it. This happens for any type of ATA we use; 186, 187 or 190. Yup, we’re running 186s and 187s and had this constantly until I put a scheduled job on on the callmanager to restart all of them every Sunday morning at 3am. The weekly restart sorted the problem. --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University, IT Services | | tel:+441509635635 sip:g...@lboro.ac.uk o |https://www.osx.ninja/pubkey.txt | \r--d-/ signature.asc Description: Message signed with OpenPGP ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] Conference Phones w/Wireless Mic
Afternoon all, could someone please confirm my suspicion that Cisco no longer offers a conference phone with wireless expansion mics outside the US? It would appear that the 7832 doesn’t support expansion mics at all, but that the 8832 only has wireless mics for use in North America (CP-8832-MIC-WLS=) I’m struggling to cover a large conference room at the moment without cables dangling everywhere... (And don’t get me started on the mess that is the USB-C power and no-onboard wired ethernet situation *gr*) --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University, IT Services | | tel:+441509635635 sip:g...@lboro.ac.uk o |https://www.osx.ninja/pubkey.txt | \r--d-/ signature.asc Description: Message signed with OpenPGP ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] 7832 Real-time Device Status
> On 11 Jul 2018, at 23:20, Anthony Holloway > wrote: > > Put a piece of black tape on your monitor where the IP should be; that's what > my dad did to fix the check engine light. Well, we happened to have a complete shutdown of our datacenter last night, which meant the whole cluster was rebooted, and it’s working properly today. ¯\_(ツ)_/¯ Gary signature.asc Description: Message signed with OpenPGP ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] 7832 Real-time Device Status
> On 11 Jul 2018, at 14:44, Brian Meade wrote: > > You can try restarting RIS DC on all the nodes to fix this. Shouldn't be > impacting. Cheers Brian, that didn’t sort it, unfortunately. Gary signature.asc Description: Message signed with OpenPGP ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] 7832 Real-time Device Status
Morning all, I recently installed the latest device pack, 11.5(1.15078), to get support for the 7832 conference phones on our cucm cluster running 11.5.1.12900-21 The phone is registered and operating fine, able to make and receive calls and has received a firmware update. However, the device page’s “Real-time Device Status” section (both on the pub and the sub it’s registered to) shows Registration as unknown and IPv4 Address as none. I can get the IP address from the phone’s admin settings, ping it and access its web page and, as I say, it can make and receive calls. Making config changes in cucm and applying them also restarts the phone as you’d expect. Is this a known bug (I couldn’t find anything when searching) or does anyone know how to fix this? --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University, IT Services | | tel:+441509635635 sip:g...@lboro.ac.uk o |https://www.osx.ninja/pubkey.txt | \r--d-/ signature.asc Description: Message signed with OpenPGP ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Wireless Phones
> On 15 Mar 2018, at 21:00, Natambu Obleton wrote: > > What are people using for wireless phones? Any good experiences? Sadly only bad experience here. When we first moved to CUCM from an isdx 8 years ago our users where generally unhappy with the lack of DECT product from Cisco. We tried putting PSTN DECT basestations on ATAs but found those to be very unreliable. Cisco’s wifi handsets are prohibitively expensive and, last time we looked, had poor battery life and required per device certificates to get on our 802.1x wifi. We tried out the Cisco SMB offering, the SPA232D DECT/SIP bridge and handsets. They were able to register as “advanced SIP devices” in callmanager but we found them to be quite unreliable, the handsets were fragile and broke often, and Cisco eventually discontinued them. I’m aware of enterprise DECT/SIP gateways such as Aastra (which now appears to have been bought by Mitel) and we looked into this, but the initial investment to install was deemed to high for our site as user density in any one place wouldn’t justify the cost. I’m now recommending users make use of remote destination with their work mobiles. It’s a bit more management over head for me, but it’s the best we’ve been able to offer. I keep asking Cisco for cucm compatible DECT product but it seems they’re not interested. --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University, IT Services | | tel:+441509635635 sip:g...@lboro.ac.uk o |https://www.osx.ninja/pubkey.txt | \r--d-/ signature.asc Description: Message signed with OpenPGP ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] ISR Sizing Guide
On 21/09/2017 11:56, Gary Parker wrote: I just need to know what any limitations are for the platform regarding call capacity. *sigh* ...and, of course, as soon as I click I find it: https://www.cisco.com/c/en/us/products/collateral/unified-communications/tdm-gateways/data-sheet-c78-729824.html Gary ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] ISR Sizing Guide
Morning all, I'm currently running a pair of 2921 ISRs with 4x E1 on each and a small number of voice SIP trunks using CUBE (we do video, too, but have epxressways for that). The 2921 series are EOL now and the Cisco Router Selector (https://www.cisco.com/c/dam/assets/prod/routers/cisco-router-selector/index.html#/branch) suggests replacing them with a 4331 ISR. The marketting video suggests this is a very powerful and capable piece of equipment, far moreso than my current needs demand, and I'd expect it had a price tag (and maintenance cost) to match! I'm sure Cisco used to have a table somewhere for the 2900 series kit that simply and concisely showed you how many concurrent connections and DSP sessions each model could handle. Is there something similar for the 4000 series, because I can't find it anywhere! With two NIM slots and two RJ45 ethernet ports, from a connectivity perspective it looks like the 4321 would fit my needs so long as it runs CUBE. I just need to know what any limitations are for the platform regarding call capacity. -- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University, IT Services | | tel:+441509635635 sip:g...@lboro.ac.uk o | http://delphium.lboro.ac.uk/pubkey.txt | \r--d-/ ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Problems With Internation Dial Plan (GBNP)
> On 1 Sep 2017, at 15:43, Scott Voll wrote: > > Gary-- > >> Pattern:0+1[2-9][02-9]X+[2-9]X >> >> Failing number: 0 1 908 0 67000 >> ^ this is where the match fails, it’s not a >> digit between 2-9 > > could it be the 0 between the 8 and 6? Yes Scott, that’s definitely the issue. Sorry, I thought I’d made that clear. There are whole ranges of subscriber numbers in the 01908 area code that are now prefixed with 0 or 1 and none of these will match that pattern as it currently stands. I’ve added a route pattern on my system to match and allow them but this needs adding to the GBNP by Cisco. Is this something I should raise with TAC? Gary ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Problems With Internation Dial Plan (GBNP)
> On 1 Sep 2017, at 14:44, Scott Voll wrote: > > have you used DNA to confirm it's not matching something else? > > Scott Yes, definitely. DNA came back with “unallocated number”. Gary ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] Problems With Internation Dial Plan (GBNP)
Morning all, I came across a significant block of numbers in the UK that can’t be called by our cucm (11.5.1(SU2) with the 3.1.34-GB dialplan) due to them not being recognised as valid NATIONAL calls. Milton Keynes numbers (01908) hit the following rule: Pattern:0+1[2-9][02-9]X+[2-9]X Failing number: 0 1 908 0 67000 ^ this is where the match fails, it’s not a digit between 2-9 I’ve added a route pattern to allow the numbers to be called but I wondered if this was something that was worth/qualifed for being raised as a defect with TAC? --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University, IT Services | | tel:+441509635635 sip:g...@lboro.ac.uk o | http://delphium.lboro.ac.uk/pubkey.txt | \r--d-/ ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] CUCM 10.5 and Office 365
> On 6 Jul 2017, at 00:53, Terry Oakley wrote: > > We are currently working towards moving our MS office products to Office 365. > We have currently a hybrid 2013 Exchange server that is routing emails etc > to either our legacy system or the new Office 365 cloud. The part I am > working on is unified messaging and how to get the UM portion to function so > that voice mail is handled and the message waiting indicator is on or off. > Anyone had experience with this configuration? > > CUCM 10.5 > Exchange 2007 inhouse > Exchange 2013 hybrid > Office 365 hosted in the cloud > Expressway C > Expressway E Hi Terry, our setup is very similar to yours (except we’re on 11.5, as opposed to 10.5) with the addition of a Cisco Unity Connection server for voicemail. CUCM is configured with voicemail ports pointing to the CUC server which holds the voicemail, sets MWI state, and duplicates the messages to our O365 mailboxes. The O365 integration is configured as a “Unified Messaging Service” within CUC and obviously relies on proper LDAP integration to ensure your Directory Numbers match up properly with users you configure to have unified voicemail boxes. It appears you can do this without CUC, and connect directly to Exchange from CUCM via a SIP trunk (http://www.wavecoreit.com/blog/exchange/how-to-setup-cucm-10-5-for-exchange-2013-unified-messaging-voicemail/) but I don’t know if this will work with a hybrid O365 deployment and you get a *lot* more functionality from CUC (the main one being IVRs). Also, this from Cisco support communities (https://communities.cisco.com/thread/31729): If you are talking about using CUCM on premise and Exchange UM in the cloud then Cisco doesn't endorse or support it. MSFT has had an app note for it but it uses third party border controllers and you will have to work with two vendors support. --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University, IT Services | | tel:+441509635635 sip:g...@lboro.ac.uk o | http://delphium.lboro.ac.uk/pubkey.txt | \r--d-/ ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Is it possible to load balance ldap for directory lookup (Cisco Jabber)
> On 27 Jun 2017, at 15:39, Kuschnar, Serge > wrote: > > Hello, > > Was wondering if anyone know if it is possible to load balance ldap servers > for directory lookup using Cisco Jabber? We do it by pointing at a round robin DNS entry for multiple LDAP servers in our AD. --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University, IT Services | | tel:+441509635635 sip:g...@lboro.ac.uk o | http://delphium.lboro.ac.uk/pubkey.txt | \r--d-/ ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Cisco CUCM SSL Certificates Issues Resolved
> On 12 Jun 2017, at 15:47, Anthony Holloway > wrote: > > Thanks for the follow up to this original thread: > > http://cisco-voip.markmail.org/thread/u37mdgcoaizjmyzj > > Was there a defect ID given to you, or at least an understanding of how it > happened? Thanks for the link above, Anthony, I hadn’t thought of that. I’m afraid there was no defect ID given and, while the diagnosis and solution where very clear, there was nothing offered as to how it had come about, either by (my) user error or a software bug. The TAC case is still open so I’ll ask and let the list know if I hear anything. Gary ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] Cisco CUCM SSL Certificates Issues Resolved
Afternoon all, I finally got to the bottom of my SSL cert chain woes this morning so I thought I’d update you all and close the thread as I received so many helpful responses during my debugging. Also, apologies for cross-posting! Quick recap: Following a complicated roll-back and upgrade of our CUCM cluster with installation of fresh CA certs, the pub and 4x subs where all presenting a lone server cert to SSL connections on port 443 where they should have been presenting a minimum of intermediate and server. Jabber and other clients connecting to port 443 flagged an invalid certificate as they couldn’t create a full chain from server to root without the intermediate. Our support provider and TAC initially argued this was expected behaviour and suggested I manually, or via group policy, install the intermediate certificate on all client machines or else advise users to accept the invalid certificate(!). I rejected this assertion along with SSL documentation and feedback from these mailing lists showing other sites’ server infrastructure presenting a full certificate chain. Solution: The case was eventually escalated to the BU, a DE got root on our CUCM nodes and established that the CA certs I’d installed had, for some reason, only gone into the trust store on each of the servers and not the key store. I thought it was odd that the same thing had happened on all five servers but, hey, be thankful for small mercies: at least it failed consistently! From a root console the following commands were executed: rm -rf /usr/local/platform/.security/tomcat/certs/tomcat.keystore openssl pkcs12 -export -name tomcat -in /usr/local/platform/.security/tomcat/certs/tomcat.pem -chain -CApath /usr/local/platform/.security/tomcat/trust-certs -inkey /usr/local/platform/.security/tomcat/keys/tomcat_priv.pem -out /usr/local/platform/.security/tomcat/certs/tomcat.keystore -password file:/usr/local/platform/.security/tomcat/keys/tomcat.passphrase chown certbase:ccmbase /usr/local/platform/.security/tomcat/certs/tomcat.keystore chmod 755 /usr/local/platform/.security/tomcat/certs/tomcat.keystore This basically deletes the existing tomcat keystore, exports the contents of the truststore to a new keystore, and sets the correct permissions on it. The tomcat service was restarted and running openssl s_client -showcerts -connect :443 …showed all three certificates in the presented chain. This had to be carried out on each of the five servers but our Jabber and RTMT clients are now connecting without issue. Thanks again for everyone’s assistance on this one, particularly in carrying out testing on your infrastructure and reporting your findings. --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University, IT Services | | tel:+441509635635 sip:g...@lboro.ac.uk o | http://delphium.lboro.ac.uk/pubkey.txt | \r--d-/ ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] CDR on cucm analysis reports
> On 21 May 2017, at 22:34, Brian Meade wrote: > > CAR DB only holds up to 30 days. You need a billing server to offload CDR to > if you need to keep info longer than that. > > On Fri, May 19, 2017 at 4:29 PM, Jonatan Quezada > wrote: > does anyone have any insight on where to adjust how far back to report on. I > get a limit when I try a report older than a month. We should be able to go > back for a year? right. if this is a setting for how long to archive call > details, where do i change that? If you don’t already have billing server, can’t get the budget for one or want something a bit different to the regular packages, I can highly recommend Damien Hauser’s CUCM/ELK integration tools. You it’s free (all based on open source tools) and gives you a full elasticsearch database of CDR/CMR database with a Kibana frontend and logstash ingest. There’s even a load of pre-configured reports and visualisations for you to modify for your own needs. GitHub repo here: https://github.com/damhau/cucm-cdr Some more detailed installation instructions here: https://damienetwork.wordpress.com/2015/10/09/elk-setup-for-cucm-cdr/ You *will* need a working knowledge of linux to get this working but the results are worth it, imho. We get a lot more useful technical information out of this than we do our Tiger call logger/billing platform. --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University, IT Services | | tel:+441509635635 sip:g...@lboro.ac.uk o | http://delphium.lboro.ac.uk/pubkey.txt | \r--d-/ ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Identifying incoming Cell numbers - CM v8 and above
> On 19 May 2017, at 06:07, Gary_Bates_Command_Solutions > wrote: > > My client has a need to save the cell numbers in CM , when a caller calls in > from a known cell number , they want to display the persons name . > > > Can cell numbers be mapped to a name in CM ? I believe Florian’s response re. setting up your chose numbers as Remote Destinations would work, and is the only way to do it with just CUCM. The option, I was told back when I looked into the same some years ago, is a TCL script on your voice gateway that alphatags incoming calls form a list. Useful thread here: https://supportforums.cisco.com/discussion/11295276/cucm-86x-and-caller-name-incoming-external-calls Paolo’s scripts were well regarded back then, but not free (thought not expensive, either). --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University, IT Services | | tel:+441509635635 sip:g...@lboro.ac.uk o | http://delphium.lboro.ac.uk/pubkey.txt | \r--d-/ ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Import a group of users AD
> On 18 May 2017, at 12:54, Samadi boukil wrote: > > I want ask a question if someone can help me. > > I have an Active Directory with 2000 users but i want to import just a group > of these users. Hi Samadi, this is easy to do with LDAP Custom Filters and/or LDAP User Search Base. You just need to be able to select all your users based on one or more criteria and write a regex pattern that covers them all. http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/admin/10_0_1/ccmcfg/CUCM_BK_C95ABA82_00_admin-guide-100/CUCM_BK_C95ABA82_00_admin-guide-100_chapter_0.pdf Then specify the custom filter is in use on the LDAP Directory entry. http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/admin/11_5_1/sysConfig/CUCM_BK_SE5DAF88_00_cucm-system-configuration-guide-1151/CUCM_BK_SE5DAF88_00_cucm-system-configuration-guide-1151_chapter_0100101.html --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University, IT Services | | tel:+441509635635 sip:g...@lboro.ac.uk o | http://delphium.lboro.ac.uk/pubkey.txt | \r--d-/ ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] CUCM 11.5 Tomcat Service SSL Certificate Issue
> On 16 May 2017, at 21:22, NateCCIE wrote: > > I don't think you can upload a cert unless there is an active CSR for it. Correct: the CSR gets removed when you install a server cert that matches it. Brian > looking at 'OS Administration -> Security -> Certificate Management’ I can see the tomcat server certificate issued by “QuoVadis_Global_SSL_ICA_G2” and the intermediate with the same name issued by “QuoVadis_Root_CA_2” and that matching root certificate. Here’s a screen grab: https://www.osx.ninja/tomcat_certs.jpeg Looking at the cert info I can see the serial numbers match up for the chain, too. I’ll get a new cert issued for one of the servers today and install it out of hours, ensuring I install root, then intermediate, then server in the correct order. If it solves the problem for server I’ll repeat for the rest of them. I’ll let the list know how I get on. Gary ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] CUCM 11.5 Tomcat Service SSL Certificate Issue
> On 16 May 2017, at 20:42, Brian Meade wrote: > > Did you make sure to upload those certs in the right order so CUCM was able > to chain them? I’ve a feeling that may be the issue. Certs where installed towards the end of a very long weekend upgrading the cluster and I was losing consciousness through lack of caffeine :-) Strange thing is, if that’s my mistake I made it on the publisher and all four subs, but not the IM&P nodes and Unity Connection, which seems odd. Is there any way to check whether CUCM has the certificate relationship right? I mean, other than creating a CSR and getting and installing new certs. Gary ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] CUCM 11.5 Tomcat Service SSL Certificate Issue
> On 16 May 2017, at 19:27, Charles Goldsmith wrote: > > In addition to what Nate stated, the CCMCIP profile needs to be FQDN as well. > > On Tue, May 16, 2017 at 1:21 PM, NateCCIE wrote: > Are you using cuplogin or cisco-uds for discovery now? If your UC services > or system/server is not fqdn and is IP address then the client will complains > about the cert unless the ip is listed as a SAN. If cup login make sure your > tftp server is fqdn over in IM&P. Charles/Nate we’re all fqdn throughout our UC infrastructure (have been since we first started using CA certs on Jabber) and using UDS. We’re also using expressways/MRA for off-site and telepresence. MRA logins, predictably, don’t give a certificate error as the expressway is present them correctly and, essentially, MITM’ing the connection to the CUCM/IM&P nodes. Brian > curious one, that: browsers (at least Chrome and Safari in my testing) always show the full chain, even though it isn’t offered by the server. My more security minded colleagues believe this is because we use the same CA intermediate for many other servers throughout our enterprise and the browser caches them internally and reuses them. This caused a great deal of confusion initially as pointing a web browser at :8443 always showed a correct and full certificate chain in Chrome but Jabber was complaining. It wasn’t until we started pointing openssl at the server and looking at the returned certificates that we realised something was amiss. If I manually install the intermediate on a client, the problem goes away as the client can construct the full chain. My argument with TAC is that I shouldn’t have to do this, and that the tomcat server on CUCM should be presenting the full chain to any clients that connects, be it a browser, Jabber or RTMT (which also complains about an invalid certificate). Gary ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] CUCM 11.5 Tomcat Service SSL Certificate Issue
Afternoon all, I’ve got a problem here with Jabber and CUCM SSL certificates. Basic question: should the tomcat service on CUCM 11.5, with an installed CA root, intermediate and server certificate, be offering a full certificate chain on connection (in our case root, intermediate and server certificate) or just the server certificate? Until recently we were operating CUCM 8.6.2 with a pair of CUP servers and Jabber clients connecting for IM&P and softphone. All servers were configured with CA provided certs and working just fine. We recently upgraded our cluster to 11.5 and installed fresh CA certs, along with their respective root and intermediate certificates on publisher, subscribers and the two IM&P nodes. Everything is working fine except that our Jabber clients (both Mac and Windows) which now all complain that the CUCM subscribers handing out invalid certificates. Connecting to the tomcat service on our CUCM server with 'openssl s_client -showcerts -connect ’ clearly shows only the server certificate being returned. While issuing the same command against our IM&P and Unity Connection servers returns the full certificate chain. Running the testssl script (https://testssl.sh/) against the CUCM nodes also reports 'Chain of trust - NOT ok (chain incomplete)’, while it is successful against the CUC and IM&P nodes. I’ve raised this issue with our support provider, who has escalated to TAC. TAC report that this is expected behaviour and the fix is to install the intermediate certificate on all our clients (the root is already present as it’s a CA). This doesn’t work for me as: - the behaviour of the tomcat service on CUCM 11.5 with SSL cert chain handling is inconsistent with industry standard practices - while we could push out the intermediate certificates to our managed service, this still leaves potentially thousands of unmanaged machines needing the intermediate certificate (we are a large HE institution with many BYOD devices) - we would still be in a position of having to advise users to accept an untrusted certificate, which is bad security practice I’d really appreciate others’ experience in this area. Regardless of whether you’re running Jabber or not, do your CUCM nodes, with CA certs installed for tomcat, hand out a full certificate chain or just the server cert? My knowledge of SSL suggests that this is just plain broken, but TAC are trying to pass this off as expected behaviour. --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University, IT Services | | tel:+441509635635 sip:g...@lboro.ac.uk o | http://delphium.lboro.ac.uk/pubkey.txt | \r--d-/ ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] CCX and NTP
> On 8 May 2017, at 15:20, Haas, Neal wrote: > > Get an on-prem NTP server, if you cant spend the money, use: > > time.nist.gov global address for all servers Multiple locations > utcnist.colorado.edu 128.138.140.44 University of Colorado, Boulder > utcnist2.colorado.edu128.138.141.172University of > Colorado, Boulder > time-nw.nist.gov 131.107.13.100 Microsoft, Redmond, Washington > > Really, anything with a GOV, or EDU should be good. > > By the way, you should NEVER, EVER, EVER (can’t stress this enough) a Windows > Based NTP. Every place that I have went into and removed a Windows Time > server, everything has worked better! Windows just cant do time. I went into > a business with windows NTP, and the guy was checking time from about 100 NTP > servers, his time was off by three minutes. Took it down to 3 and everything > started to work. Even better than specifying individual hosts, use pool.ntp.org: http://www.pool.ntp.org/en/use.html You’ll get your minimum of three servers to query and they maintain the list you query from. You really should be running your own local ntp hosts, though, for continuation of service in the event of Internet outage. (Also, yes: NEVER use Windows for time services. It’s absolutely terrible!) --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University, IT Services | | tel:+441509635635 sip:g...@lboro.ac.uk o | http://delphium.lboro.ac.uk/pubkey.txt | \r--d-/ ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Jabber for Win / Alerting name
> On 27 May 2016, at 13:45, Ed Leatherman wrote: > > I had a report from a user this morning that they called someone using jabber > for win and the wrong name came up as the alerting name. The DN has the > correct alerting name for the person, so I am guessing jabber is doing a > lookup somewhere. > > I found the following doc about calling party name: > http://www.cisco.com/c/en/us/support/docs/unified-communications/jabber-windows/116433-probsol-jabber-00.html > > Anyone know if Jabber does the same shenanigans for alerting name? LDAP seems > to be correct so if this applies I'm guessing it's something wrong from > outlook stuck in jabber's name cache. It's a VP level so I don't have > immediate access to just go wipe it out and try it. > > I can't reproduce the issue calling the same number myself, so it appears to > be local to him. Jabber completely ignores the calling party name and, instead, does a kind of reverse-lookup of the DN against either ipPhone or telephoneNumber (I can’t remember which) in the AD (or your directory of choice) and give you the displayName data returned. This gives you problems in two scenarios: - your AD is out of sync with your corporate directory - you have more than one person in your AD with the same DN and Jabber displays the first hit it receives --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University, IT Services | | tel:+441509635635 im:cc...@lboro.ac.uk o | http://delphium.lboro.ac.uk/pubkey.txt | \r--d-/ signature.asc Description: Message signed with OpenPGP using GPGMail ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Jabber utilization report
> On 18 May 2016, at 16:36, Brian Meade wrote: > > There is a Presence Usage Report on the Cisco Unified IM and Presence > Reporting dropdown but it only gives you current logged in clients. > > On Tue, May 17, 2016 at 1:53 PM, Louis Koekemoer (ZA) > wrote: > > > Hi all, > > > > I have a customer where we deployed Jabber. The client now want a report on > the user take-on and utilization of Jabber after the deployment. Does anyone > know where one can get a report like that? NB. this is for 8.6, ymmv with later versions… If you login on the CLI and run this: run sql select e.userid, ex.firstname, ex.lastname, ex.department, DBINFO('utc_to_datetime', cd.timelastaccessed) AS lastaccess from enduser as e, credentialdynamic as cd, credential as cr, enduserex as ex where e.pkid = ex.fkenduser and e.pkid=cr.fkenduser and e.tkuserprofile=1 and e.primarynodeid is not null and cr.tkcredential=3 and cr.pkid=cd.fkcredential order by last access You’ll get a list of all presence users ordered by the last time they logged in. Run it periodically, log the data and build some usage stats. Not perfect, I know, but better than nothing... --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University, IT Services | | tel:+441509635635 im:cc...@lboro.ac.uk o | http://delphium.lboro.ac.uk/pubkey.txt | \r--d-/ signature.asc Description: Message signed with OpenPGP using GPGMail ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Jabber for Windows 11.x
> On 9 Oct 2015, at 14:46, Ed Leatherman wrote: > > What is supposed to break if they are both installed? > > The reason I ask is that I have Skype for Business and Jabber (phone only no > CUPS yet) both setup on my PC now and i'm having some trouble with outlook > integration and some directory strangeness (jabber displays my username@ in > the main window instead of name). From memory, the most recently installed application will take over handling of xmpp:// and tel:// URIs. --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University, IT Services | | tel:+441509635635 im:cc...@lboro.ac.uk o | http://delphium.lboro.ac.uk/pubkey.txt | \r--d-/ signature.asc Description: Message signed with OpenPGP using GPGMail ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] firefox upgrade causing issues with CUCM CCMadmin page
Hi folks, I spoke to our security guy about this this afternoon when a couple of my staff who run Firefox, ran afoul of the issue. He recommended the same workaround but advised that this option will be removed in future versions of Firefox (and likely Chrome and Mozilla, also). Cisco either need to release a patch to increase the Diffy-Hellman keysize for these servers or publish a hoot guide for us to do it ourselves. --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University, IT Services | | tel:+441509635635 im:cc...@lboro.ac.uk o | http://delphium.lboro.ac.uk/pubkey.txt | \r--d-/ > On 9 Jul 2015, at 21:07, Charles Goldsmith wrote: > > Thanks Ryan and Dennis, that did the trick! > > On Thu, Jul 9, 2015 at 1:55 PM, Heim, Dennis wrote: > > > > > Dennis Heim | Emerging Technology Architect (Collaboration) > > World Wide Technology, Inc. | +1 314-212-1814 > > > > > > “There is a fine line between Wrong and Visionary. Unfortunately, you have to > be a visionary to see it." – Sheldon Cooper > > > > Click here to join me in my Collaboration Meeting Room > > > > From: Ryan Huff [mailto:ryanh...@outlook.com] > Sent: Thursday, July 09, 2015 3:55 PM > To: Heim, Dennis; Charles Goldsmith; voip puck > Subject: RE: [cisco-voip] firefox upgrade causing issues with CUCM CCMadmin > page > > > > Here is a good explanation of the issue and how to work around it: > > http://eltonoverip.com/blog/2015/07/firefox-39-0-ssl-error-weak-ephemeral-diffie-hellman-key/ > > From: dennis.h...@wwt.com > To: wo...@justfamily.org; cisco-voip@puck.nether.net > Date: Thu, 9 Jul 2015 19:53:09 + > Subject: Re: [cisco-voip] firefox upgrade causing issues with CUCM CCMadmin > page > > There is a parameter for those the keys that you need to toggle to disable > and then it will work. Not sure of the true impact of that, but that is what > I changed. ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Priority of Calls To Hunt Pilot
> On 8 Jun 2015, at 15:45, Anthony Holloway > wrote: > > "via SIP from off-net via an MGCP connected CUBE” > What? Is that even possible? Sorry, that wasn’t very clear, was it! It’s a 2921 gateway, with a load of ISDN circuits on it, connected to CUCM with MGCP, but also running CUBE. It’s accepting inbound SIP calls from our SIP provider that are then routed to the hunt pilot. Our SIP provider is queueing calls off-campus for us and dequeuing them to our hunt pilot. > In 9x you get hunt pilot queuing. So, you'll have to upgrade to get that > feature. Yeah, as mentioned above, we want to do the queuing off-campus but also be able to connect internal calls to the hunt pilot, bypassing the off-campus queue. I’d like to know if there is any prioritisation carried out by CUCM as to whether the internal or external call gets connected to the hunt pilot first once a station becomes available. I realise this is probably no different two callers ringing the same number simultaneously and it’s probably all down to timing as to who gets connected. FWIW we’re upgrading to 10.5 later this year but after the period when I’ll be using this in anger. Gary ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] Priority of Calls To Hunt Pilot
Afternoon all, I wonder if anyone could shed some light on a query I have regarding my CUCM 8.6.2 system. I have a hunt pilot that is feeding into a small callcentre operation (6 DNs, one line group, longest idle distribution). The vast majority of calls to the hunt pilot will be coming via SIP from off-net via an MGCP connected CUBE. I will also be seeing a significantly smaller number of calls from on-net to the same hunt pilot. Assuming that all operators are busy and the hunt pilot is presenting an engaged tone, does CUCM perform any prioritisation over what calls get connected to the hunt group (on-net or off-net) first and is that configurable? I.e. can I prioritise internal calls getting connected to the hunt group over external? --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University, IT Services | | tel:+441509635635 im:cc...@lboro.ac.uk o | http://delphium.lboro.ac.uk/pubkey.txt | \r--d-/ signature.asc Description: Message signed with OpenPGP using GPGMail ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Auto-Create Conference Call
> On 12 Feb 2015, at 22:03, NateCCIE wrote: > > Can't do it natively, but there are apps that can do think kind of thing. > > I think singlewire is one. Thanks for all the feedback folks, appreciated. Gary signature.asc Description: Message signed with OpenPGP using GPGMail ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] Auto-Create Conference Call
Evening all, I’ve been given a requirement by a new group of users who will shortly be moving onto our campus. FYI, we’re running CUCM 8.6.2 and also have CUP and CUC available. A new medical centre is opening shortly and they have a requirement for users to be able to dial a well known number (in this case , common across all NHS sites I believe) and have this call answered by an emergency medical responder *and* local security at the same time. The emergency medical responder would provide medical assistance while security co-ordinate attendance by emergency medical services if necessary. It seems that they want to be able to dial a number that, in turn dials two other numbers and automatically brings up a conference call. I have no idea if this is possible, let alone how to do it so any and all suggestions would be appreciated! --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University IT Services | | Tel: +441509635635 Mob: +447989172258 o | http://delphium.lboro.ac.uk/pubkey.txt | \r--d-/ signature.asc Description: Message signed with OpenPGP using GPGMail ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Unity Connection and Office 365 for UM
> On 12 Feb 2015, at 20:49, Tim Frazee wrote: > > this page got me up and running. I'm in a hybrid configuration btw > > http://community.office365.com/en-us/f/158/t/46953.aspx That’s a really good thread Tim, thanks. We’re also using a hybrid deployment at our site using Unity Connection 8.6.2 and the voicemail integration is working great. The problem I have, however, is that as our users are migrated (the process is still ongoing at present) from on-site to off-prem I’ve noticed that we lose the calendar presence integration, i.e. Jabber no longer shows a user as being In A Meeting. Anyone got any bright ideas for this one? --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University IT Services | | Tel: +441509635635 Mob: +447989172258 o | http://delphium.lboro.ac.uk/pubkey.txt | \r--d-/ signature.asc Description: Message signed with OpenPGP using GPGMail ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Recommendation For Certificate Provider For Jabber/Presence Use
> On 5 Feb 2015, at 17:33, Kevin Przybylowski wrote: > > Are you using real FQDN's or internal FQDNs? > https://www.digicert.com/internal-names.htm Real FQDNs > > This has been a real pain point with recent Jabber/MRA rollouts. Tell me about it! Our CUCM/CUC/CUP cluster was built when Cisco still recommended everything be done with IP addresses and self-signed certs… > I would take the advice of Warcop and upgrade to the latest CUCM/IM&P if > possible. This will give you the ability to use multi server certs and may > save you some time/headaches. Although the upgrade to 10.5 from pre 9 can be > a headache as well. Yeah, that’s the plan for later in the year, but we’re doing things out of order :-/ > To answer your question - We've used Thawte, Godaddy and digicert without > much issue. Although godaddy seems to add a SAN to your UCC Cert now without > requesting it and the UC Appliances don't like he SANs in the cert to not > match the CSR precisely. Good to hear another vote for Digicert. I’ll be flexing the credit card tomorrow and getting something from them to test out, I think… --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University IT Services | | Tel: +441509635635 Mob: +447989172258 o | http://delphium.lboro.ac.uk/pubkey.txt | \r--d-/ signature.asc Description: Message signed with OpenPGP using GPGMail ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Recommendation For Certificate Provider For Jabber/Presence Use
> On 5 Feb 2015, at 16:51, NateCCIE wrote: > > Use DIGICERT! You can get a wildcard cert from them, and use it over and > over. So you just generate the cert based on the CSR from each app and it > loads right in. > > Works great on CUCM, CUC, CUP, & Expressway! Thanks Nate, good to know that Digicert can issue certs with the right extensions, but I’m running 8.6.x and I don’t believe I can do wildcard certs on anything less than 10.5.x As each server has it’s own private key they key either needs to be duplicated across all servers (I don’t believe you can do this on 8.6.x) or else the OS needs to support the feature natively (as it does in 10.5+) --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University IT Services | | Tel: +441509635635 Mob: +447989172258 o | http://delphium.lboro.ac.uk/pubkey.txt | \r--d-/ signature.asc Description: Message signed with OpenPGP using GPGMail ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] 10.5.1 UCCX Certificate for Finesse
> On 5 Feb 2015, at 16:37, Jose Colon II wrote: > > I am trying to generate certificate request from 10.5.1 UCCX box and the cert > it generates is not working with verasign. It tells me "The State Name in the > CSR cannot be abbreviated" > > Anyone have any suggestions? Hi Jose, have a look at your CSR using: openssl req -text -noout -verify -in CSR.csr where CSR.csr is your csr file. Mine, for example, reads: Subject: C=GB, ST=Leicestershire, L=Loughborough, O=Loughborough University, OU=ITS, CN=tainter.lboro.ac.uk/serialNumber=x On the “Subject:” line is the entry for ST= an abbreviated version of your State name? If so I’d imagine you’ll have to login on the command line for the server and use “set web-security” to change the State to a proper value. If I had ST=Leics it would also likely fail. Be aware that this *may* make you have to relicense the server (I’m not sure if changing state is enough to trigger this). --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University IT Services | | Tel: +441509635635 Mob: +447989172258 o | http://delphium.lboro.ac.uk/pubkey.txt | \r--d-/ signature.asc Description: Message signed with OpenPGP using GPGMail ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] Recommendation For Certificate Provider For Jabber/Presence Use
Hi folks, I’m in the process of replacing a load of self-signed certs on my 8.6.x CUCM, CUC and CUP servers. I’ve been having issues getting certs with the correct KeyUsage extensions from our current provider and wondered if anyone could recommend a company who can provide certificates that honour the requirements in the CSRs generated by the Cisco Unified Communications servers. I’m particularly interested in certificates that contain the "digitalSignature, nonRepudiation,keyEncipherment,dataEncipherment” extensions as per: http://blog.warcop.com/2015/01/22/cisco-jabber-certificate-warning-again/ Jabber for Windows clients 9.2.5 and greater are flagging invalid certificates on our currently installed TERENA certificates. --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University IT Services | | Tel: +441509635635 Mob: +447989172258 o | http://delphium.lboro.ac.uk/pubkey.txt | \r--d-/ signature.asc Description: Message signed with OpenPGP using GPGMail ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] IP Phone 7841 AUX Port and Credit Card Machine
Hi Anthony, a PDQ/credit card machine would never work plugged into the AUX port on a 7841. What I’d imagine is happening is that it’s an ethernet capable PDQ (we have many of them on our site) that’s been connected to the PC Port on the back of the phone and is connecting to the local network in this way. When our site moved to VOIP we had to upgrade all our POTS PDQs to ethernet. We didn’t want to continue to provide analogue lines at all on campus and we were old that banks wouldn’t be happy with financial data transiting our LAN if we used an ATA to provide an analogue line via the callmanagers. The ethernet PDQs, by contrast, bring up a heavily encrypted VPN tunnel back to the bank’s systems and they are more than happy for these to be connected to LANs and the public Internet. Hope that helps in some way. --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University IT Services | | Tel: +441509635635 Mob: +447989172258 o | http://delphium.lboro.ac.uk/pubkey.txt | \r--d-/ > On 22 Jan 2015, at 15:55, Anthony Holloway > wrote: > > Ben, > > Thanks for looking in to this with us. I appreciate your efforts. > > However, both of those links show that this device must be plugged into > Ethernet to work, and therefore is not reliant on the AUX port. In fact, no > where in those pages could I even find a reference to to the AUX port. > > I'll keep looking too. > > On Thu Jan 22 2015 at 9:39:21 AM Ben Story wrote: > http://www.cyberdata.net/products/voip/oemendpoints/cardreadernetwork/documentation/010903_930136E_VoIP_Card_Reader_Quick_Ref.pdf > > http://www.cyberdata.net/products/voip/oemendpoints/cardreadernetwork/ > > -- > Ben Story > CCSP, CCNA, CCNA Wireless, CCDA > ben.st...@gmail.com > @ntwrk80 > http://showbrain.blogspot.com > http://rand0mw0rds.blogspot.com > > > "From sour-faced saints and silly devotions, good Lord, preserve us!". -- St. > Teresa of Avila > > On Thu, Jan 22, 2015 at 9:33 AM, Anthony Holloway > wrote: > Thanks for the information Ben. > > I looked over that website and didn't find any product to suggest this was > possible, and a google search on their site provided no results either. > > https://www.google.com/#q=%22auxiliary+port%22+OR+%22aux+port%22+site:cyberdata.net > > It's be great to find evidence of this if you have it. > > > On Thu Jan 22 2015 at 8:43:15 AM Ben Story wrote: > I've seen such things at Cisco Live! before. Not much about it on their > website, but this place seems to have add ons for the Cisco phones including > card readers. http://www.cyberdata.net/products/voip/index.html > > -- > Ben Story > CCSP, CCNA, CCNA Wireless, CCDA > ben.st...@gmail.com > @ntwrk80 > http://showbrain.blogspot.com > http://rand0mw0rds.blogspot.com > > > "From sour-faced saints and silly devotions, good Lord, preserve us!". -- St. > Teresa of Avila > > On Wed, Jan 21, 2015 at 9:51 AM, Anthony Holloway > wrote: > All, > > I just ran into something very strange, were a customer is stating they are > able to use a credit card machine via the AUX port on the back of a 7841. > > The 7841 data sheet and admin guide would suggest that this is not possible, > as their only reference to this port is with the use of a headset. > > Now, I know these ports can be used for troubleshooting and/or hacking the > phones, but I have not heard of a legit use like this before. > > Can anyone comment on this? signature.asc Description: Message signed with OpenPGP using GPGMail ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Mac SoftPhone Headset Call-Control w/ Jabra
> On 16 Jan 2015, at 03:58, Chris Lee wrote: > > I'm not a MAC person nor have I tried this but could this be a piece of the > puzzle in providing a solution?: bottom of the page - > > http://www.headsetsdirect.com/cisco-headsets-everything-you-need-to-know-for-cisco-telephones > > Sorry, it's Plantronics but at the bottom of the webpage it mentions a > software load to make their headsets work with softphones on MAC... > > Can anyone confirm or are we still Mazerunning…. I’m pretty sure last time I looked as Spokes it didn’t work with Jabber, just Avaya, some IBM product and Lotus Notes. Gary signature.asc Description: Message signed with OpenPGP using GPGMail ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Mac SoftPhone Headset Call-Control w/ Jabra
> On 9 Jan 2015, at 15:19, Ryan Burtch wrote: > > According to Jabra, the only soft phones supported w/ call-ctrl are Avaya, > IBM, and Skype. Any other takers? I’ve been nagging our SE and various product managers about this for years now. Cisco *still* haven’t included the Accessory Manager API in the Jabber For Mac client so there is no way for headsets, speakerphones, etc. to directly interact with the client. I find this very frustrating as we have a lot of Mac users on campus. --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University IT Services | | Tel: +441509635635 Mob: +447989172258 o | http://delphium.lboro.ac.uk/pubkey.txt | \r--d-/ signature.asc Description: Message signed with OpenPGP using GPGMail ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] Anyone Using Cisco 8945 Handsets?
Thanks for all the feedback folks, very useful! To summarise: people don’t seem to have many problems with the 8945 but the difference in looks and UI could be a stumbling block. Bluetooth headsets are working well in one callcentre deployment and they’ve also been used specifically with bluetooth hearing aids (which was my requirement). I didn’t realise the 8851 and 8861 also had bluetooth so I’ll be investigating those as they have a more familiar appearance to users. Thanks again for all the replies. --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University IT Services | | Tel: +441509635635 Mob: +447989172258 o | http://delphium.lboro.ac.uk/pubkey.txt | \r--d-/ signature.asc Description: Message signed with OpenPGP using GPGMail ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] Anyone Using Cisco 8945 Handsets?
I was recently asked to procure a Cisco handset with bluetooth capability for a user with impaired hearing who uses bluetooth capable hearing aids. I was under the impression that high-end 9951 and 9971 units were the only handsets with this functionality, but it appears the much cheaper 8945 also features bluetooth. I have to say I'm suspicious of the relatively low price of the 8945 looking at its specs (colour screen, camera, GigE) so I'm interested to hear opinions from anyone with experience of deploying and using these devices. --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University IT Services | | Tel: +441509635635 Mob: +447989172258 o | http://delphium.lboro.ac.uk/pubkey.txt | \r--d-/___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Telecom
> On 21 Nov 2014, at 19:22, Lisa Notarianni > wrote: > > We are trying to gather some information on where Telecom exists in a higher > education environment. Most times it is in the Network department somewhere > in IT in general. > > One more question – for those in charge of Telecom who manage the VoIP > systems, etc… > > Is your background Telecom or Network? > > I think most on this list are in the Network environment. Hi Lisa, I run the UC infrastructure at Loughborough University in the UK as part of the IT support department. My background is in networking but I ran a small Realitis DX as part of a previous job so had some experience in telecoms. I took over from my predecessor, who’s background was firmly in telecoms and cabling infrastructure, as we started moving our Siemens iSDX estate over to Cisco Callmanager. Organisationally, my team is a subset of the network and security team within IT Services and we work very closely with them to ensure the telephones and network interoperate efficiently. Historically the telephone system was operated by our facilities management/estates department, but I believe that hasn’t been the case for at least 15 years. --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University IT Services | | Tel: +441509635635 Mob: +447989172258 o | http://delphium.lboro.ac.uk/pubkey.txt | \r--d-/ signature.asc Description: Message signed with OpenPGP using GPGMail ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] ISDN call takes long time before connecting
On 14 Oct 2014, at 18:49, Bill Paris wrote: > It sounds like Bell is waiting for more digits. Sending a # after sending the > number may resolve this issue. I was thinking the same thing. That figure of 11 seconds immediately jumped out at me as being the default inter-digit timeout on CUCM. --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University IT Services | | Tel: +441509635635 Mob: +447989172258 o | http://delphium.lboro.ac.uk/pubkey.txt | \r--d-/ signature.asc Description: Message signed with OpenPGP using GPGMail ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] 7800s ip phones 8.5
On 6 Oct 2014, at 11:57, abbas Wali wrote: > thanks Bala, > > so you have to upload/install that to all the nodes/subs and no reboot > required. I have also just seen a cop file for it. in which case, I can > upload the cop file to all the nodes again and restart the TFTP services?? I believe that if you’re installing a new device pack: - updates to existing devices do not require a reboot - adding *new* devices *does* require a reboot So, if the 7800s devices were not previously available, but you need to be able to register these devices, you will need to reboot the pub and subs. --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University IT Services | | Tel: +441509635635 Mob: +447989172258 o | http://delphium.lboro.ac.uk/pubkey.txt | \r--d-/ signature.asc Description: Message signed with OpenPGP using GPGMail ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] Expressway - XMPP - Google Chat
On 10 Sep 2014, at 16:33, Jason Aarons (AM) wrote: > I also understood that Google Chat/Talk is being replaced with Hangouts, > which will not support XMPP Server to Server (only client side). So what > might work now in Chat/Talk might eventually be depreciated by Google. > Google isn’t too clear on when Chat/Talk will go away. > > I haven’t setup what your asking about yet. I’m pretty sure I read somewhere that Google had stopped federating to other XMPP domains. Yup, here you go: https://www.eff.org/deeplinks/2013/05/google-abandons-open-standards-instant-messaging This is particularly annoying for me, managing our campus Cisco Unified Comms platform, as we’re moving to Office365 for our staff email provision, our students are already on Google and I'm running CallManager and trying to promote Jabber for IM&P. I’d love to be able to allow our staff on Jabber talk to students on Chat/Hangouts but it’s unlikely to happen. --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University IT Services | | Tel: +441509635635 Mob: +447989172258 o | http://delphium.lboro.ac.uk/pubkey.txt | \r--d-/ signature.asc Description: Message signed with OpenPGP using GPGMail ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] CUCM/CUBE Sip Issue - Anonymous Calls Dropped
On 14 Aug 2014, at 15:43, Brian Meade wrote: > This is a common issue if you're doing call blocking on CUCM. Are you using > that feature? Thanks for the reply, Brian. We don’t block calls on our CUCM (indeed, ISDN calls without caller ID come in just fine). I’ve also checked the SIP Profile for the trunk to the CUBE and the “Anonymous Call Block” is set to “Off”. --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University IT Services | | Tel: +441509635635 Mob: +447989172258 o | http://delphium.lboro.ac.uk/pubkey.txt | \r--d-/ signature.asc Description: Message signed with OpenPGP using GPGMail ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] CUCM/CUBE Sip Issue - Anonymous Calls Dropped
I’m currently having some problems with a Cisco 2921 with CUBE dropping inbound SIP calls with "Calling Number : anonymous” ...with a 404 disconnect cause. The gateway is well firewalled to only allow connections from our SIP provider so I’m happy to allow anonymous calls but I can’t figure out how to tell the CUBE software (or is it CUCM?) to do this. CUCM is 8.6.2, the gateway is running IOS 15.1(4)M3 Below is some example "debug ccsip calls" Aug 14 09:35:45.323: //531319/3358892B9F32/SIP/Call/sipSPICallInfo: The Call Setup Information is: Call Control Block (CCB) : 0x2BD826F0 State of The Call: STATE_DEAD TCP Sockets Used : NO Calling Number : anonymous Called Number: 01509277705 Source IP Address (Sig ): yy.yy.yy.yy Destn SIP Req Addr:Port : xx.xx.xx.xx:5060 Destn SIP Resp Addr:Port : xx.xx.xx.xx:5060 Destination Name : xx.xx.xx.xx Aug 14 09:35:45.323: //531319/3358892B9F32/SIP/Call/sipSPIMediaCallInfo: Number of Media Streams: 1 Media Stream : 1 Negotiated Codec : g711alaw Negotiated Codec Bytes : 160 Nego. Codec payload : 8 (tx), 8 (rx) Negotiated Dtmf-relay: 6 Dtmf-relay Payload : 101 (tx), 101 (rx) Source IP Address (Media): yy.yy.yy.yy Source IP Port(Media): 28718 Destn IP Address (Media): xx.xx.xx.xx Destn IP Port(Media): 54782 Orig Destn IP Address:Port (Media): [ - ]:0 Aug 14 09:35:45.323: //531319/3358892B9F32/SIP/Call/sipSPICallInfo: Disconnect Cause (CC): 1 Disconnect Cause (SIP) : 404 --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University IT Services | | Tel: +441509635635 Mob: +447989172258 o | http://delphium.lboro.ac.uk/pubkey.txt | \r--d-/ ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] CLI command to pull hunt groups?
On 27 Mar 2014, at 10:26, Erik Goppel wrote: > Gary, > > Please share on the list, or unicast to me, if you would? No problem Erik, I’ve just got to sanitise the code before I let it loose in the wild. Should have it available early next week when my code monkey is back in the office ;-) Gary signature.asc Description: Message signed with OpenPGP using GPGMail ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] CLI command to pull hunt groups?
On 25 Mar 2014, at 19:54, Scott Voll wrote: > Thanks for getting me going in the right direction Ryan. > > Found this great blog: > http://www.ucguerrilla.com/2012/03/cucm-sql-queries-series.html > > Command worked great for us: > > run sql select lg.name as LineGroup, n.dnorpattern, dhd.hlog from linegroup > as lg inner join linegroupnumplanmap as lgmap on lgmap.fklinegroup=lg.pkid > inner join numplan as n on lgmap.fknumplan = n.pkid inner join > devicenumplanmap as dmap on dmap.fknumplan=n.pkid inner join device as d on > dmap.fkdevice=d.pkid inner join devicehlogdynamic as dhd on > dhd.fkdevice=d.pkid order by lg. name We ran up a quick CGI script to display this sort of information for hunt groups on our system so that managers can see their respective groups’ status. Screen shot here: http://delphium.lboro.ac.uk/Hunt_Group.jpg It also shows if the DN in question is logged in via Extension Mobility or not (more for my benefit than the managers’). I’d be happy to share the code if anyone’s interested. --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University IT Services | | Tel: +441509635635 Mob: +447989172258 o | http://delphium.lboro.ac.uk/pubkey.txt | \r--d-/ signature.asc Description: Message signed with OpenPGP using GPGMail ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] List of VCIs for Cisco Handsets
Thanks for the advice David, > On 25 Mar 2014, at 16:38, "David Sullivan" > wrote: > > I don't know of one but if you're using ISC dhcp it's not too tricky to log: > > log (info, option vendor-class-identifier); I'd spotted that this info *wasn't* in our logs but I didn't know there was an option to enable it. I'll ask the guys who manage our DHCP (who are probably lurking on this list) if we can enable this. > I can certainly run this on some of my subnets to gather the strings for > 7912,7940s and 7960s but you'll probably have more luck doing this yourself. Thanks for the offer, but I should be able to get this myself now, thanks. We're mostly running 69xx devices anyways. Gary ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
[cisco-voip] List of VCIs for Cisco Handsets
Afternoon all, can anyone point me in the direction of a list of vendor-class-identifiers for Cisco VOIP handsets? We’re trying to lock down our DHCP servers to only hand out TFTP server details via option 150 to classes of devices we expect to see on our network. (Yes, I know we could/should lock it down to only supply option 150 to devices on the voice vlan but, alas, I can’t always guarantee our devices are on the “correct” vlan) --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University IT Services | | Tel: +441509635635 Mob: +447989172258 o | http://delphium.lboro.ac.uk/pubkey.txt | \r--d-/ signature.asc Description: Message signed with OpenPGP using GPGMail ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip
Re: [cisco-voip] CUPS Persistent Chat Setup
On 26 Feb 2014, at 17:06, Ruben Trujillo wrote: > Does anyone have any information on how to setup the Post GRE database that > CUPS needs for persistent chat? I’m not a DB guy so I don’t have any > experience on setting up this type of database. Hi Ruben, before you go down the road to setting up the db backend are you share you have a client that supports this functionality? Last time I checked (6 months ago?) Non of the Cisco Jabber clients actually supported persistent chat rooms and you had to use something like Pidgin to get the functionality. --- /-Gary Parker--f--\ | Unified Communications Service Manager | n Loughborough University IT Services | | Tel: +441509635635 Mob: +447989172258 o | http://delphium.lboro.ac.uk/pubkey.txt | \r--d-/ signature.asc Description: Message signed with OpenPGP using GPGMail ___ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip