While working with a client this week, I encountered an undocumented bug with secure LDAP authentication. My client was doing an upgrade from CSR11.5 to CSR 12.5 and in conjunction with this upgrade, moving to a new domain and active directory. With these changes, I decided to assist by ensuring they were compliant with Microsoft’s recommendation that secure ldap is used.
After reading this, look at the bug I discovered when enabling secure LDAP on UC applications [here][1]. As many of you are aware, Microsoft began the process to deprecate LDAP access into Active Directory back in March. You can read cisco’s advisory here: [https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/trouble/12_5_1/fieldNotice/cucm_b_fn-secure-ldap-mandatory-ad.html][2] Basically, this means we need to do a fairly simple swap from LDAP to LDAPS. I just completed one for a client’s CUC and CUCM and it took about 30 minutes start to finish.
In this article, I discuss how to get root access to Cisco UC Applications, without leveraging TAC. This is NOT a supported process.
Sometimes when you’re in a client environment, you just need something you don’t have access to. That could be NTP, DNS, gateways, an internal CA, or even just an SFTP server. I encounter this all the time and my solution is almost always to simply get an IP from the client and spin up a linux server.
With Call Manager 11x we saw the deprecation of Meet Me conferences begin. Meetme conferences were great, but many users had issues with using them. This is likely what led to the mass exodus of users to things like webex, zoom, and bluejeans. Today was the first time I’ve ever had the opportunity to work on Conference Now, so I will run through what I did to get this all working. The photos I will use in the guide are from UCM 12.5, but the process is the same in 11x. )
Today I was cleaning up some CSSs for a client. I came across a particular css that had been erroneously assigned as the line css for a bunch of unassigned DNs (they were precreated to show they were already in use). Of course, I went to BAT first to see if I could just update the line css of the lines, but I discovered that I couldn’t affect the unassigned DNs (even though there is an option for searching unassigned dns…) Anyway, as you can guess, I jumped into SQL to see what I could do.
If you’ve been following me in this 3 part series, you know we started off with around 700 dependencies on a CSS that no longer fits our standard. It was in use by various things and we leveraged SQL to quickly, efficiently, and safely remove it from use. When we finished part 2, the only things still referencing our css were directory numbers. Well, we actually have 2 CSSs we’re going to clean up today.
Previously we had around 700 dependencies on a CSS that no longer fits our standard. This CSS was in use by lines, devices, and users throughout the system. In part 1 we removed this css from the users, now we need to do the same for the devices. As before, we’ll start with a count.
So, at a client of mine that we will call PRO, we had a Device-CSS which seemed to be the default css for pretty much everything, including presence subscription, even though PRO-Subscribe-CSS exists. Well the PRO-Device-css also used a lot of legacy stuff from the PRI days. I wanted to clean it up and swap things to follow the standards we had implemented, which required naming based on the line of business, location, and use. First I modified all the templates to remove the PRO-Device-CSS usage and replace it with the appropriate css. Next I check dependencies, assuming there couldn’t be that many things…
A client was facing some licensing issues with shared devices. After a discussion, we decided to create a local user account for this particular location. Using this local user account, we would assign all generic shared devices (waiting room, lobby, hallway) to this user and save a bunch of enhanced licenses by properly utilizing CUWLs. I provided some guidance and a local admin began the process of clicking a phone, setting the user, saving and picking the next. Obviously this is pretty painful and slow. I decided to see what we could do to speed the process up.