Process Summary for Cisco VPNless Jabber (MRA) Certification

Dear all,

You will face lots of issue and problems on Jabber, if your certification process not completed correctly.
Please easily follow up below steps to be sure that your certificates are correct and fulfill Jabber requirements.

1. Download CA Root or Whole Chain certificate from CA Server as "Base64"
2. Upload "no1" CA Root or Whole Chain certificates to CUCM and IM&P servers as "tomcat-trust"
3. Generate "tomcat" CSR at CUCM server and download it
4. Request a "Tomcat Signed CA" certificate with "WebServer" template as "Base64" from CA Server while using "no3" CSR
5. Upload "no4" CA certificate to CUCM server as "tomcat"
6. Upload "no1" CA Root or Whole Chain Certificates to IM&P server as "CUP-XMPP-Trust"
7. Generate "cup-xmpp" CSR at IM&P server and download it
8. Request "cup-xmpp" certificate with "WebServer" template as "Base64" from CA Server while using "no7" CSR 
9. Upload "no8" CA certificate to IM&P server as "cup-xmpp"
10. Install CA Root or Whole Chain certificates to Expessway E and C (or VCS Control - Expressway) servers as "Trusted CA Certificate"
11. Generate a CSR on Expressway C server and download it
12. Request CA Signed Certificate for Expressway C server with "ServerClient" template as "Base64" from CA Server while using "no11" CSR   
13. Upload "no12" certificate to Expressway C server 
14. Generate a CSR on Expressway E server and download it (remember adding alternative names)
15. Request CA Signed Certificate for Expressway E server with "ServerClient" template as "Base64" from CA Server while using "no14" CSR   
16. Upload "no15" certificate to Expressway E server
17. Restart both Expressway C and E servers
18. Restart Tomcat service on CUCM server and XCP Router service on IM&P server
19. Deactive - active TFTP service on CUCM server

Hope these steps will help you on your Jabber deployments.

Best Regards,

Mesut

PS : happy Labout Day and wish an equal world for every employees

Cisco UCM (CUCM) Cluster Upgrade Fails from 10.5.1 to 11.0.1 with "DBUtil::BlockCopyTable *ERROR* Violation of the REFERENTIAL" Message

Everything starts at a rainy evening.
All plans has been completed before starting CUCM Cluster Upgrade from 10.5.1 to 11.0.1, but it seems one is missing.

If your CUCM Cluster is integrated with LDAP and your AD contains non-English characters (Like ş,Ş,ç,Ç,İ,ü,Ü,ğ,Ğ,ö,Ö exc.), you will probably face same issue.

After uploading "UCSInstall_UCOS_11.0.1.21900-11.sgn.iso" upgrade file to CUCM Pub server via SFTP or DVD, you will click on "Next" button while choosing "Switch Version after Upgrade" or not.

It will take approximately one hour to get first "DBUtil::BlockCopyTable *ERROR*   Violation of the REFERENTIAL constraint" message on OS Administration GUI of CUCM Publisher server.

This means you do not need to keep on waiting to finish Cluster upgrade, because it is impossible.

Other Error logs are kindly below;

- DBUtil::DoSQLCommand ### *ERROR* ###:  SQL Exception detected while Enabling Target Indexes
- DBUtil::BlockCopyTable ### *ERROR* ###:  SQL Exception Detected:   ErrorCode=-212
- DBUtil::BlockCopyTable *ERROR*   (diagnosis):  Unexplained SQL Exception processing table enduser
- DBUtil::BlockCopyTable ### *ERROR* ###:  (diagnosis):  Bulk Data Migration for table callerfilterlist

Firstly be sure that you already uploaded correct version of CUCM Locale Installer to all nodes.
If this issue occurs in spite of uploading Locale Installer, this is a bug anymore.

CSCux51818 - Upgrade or sync fails with certain Unicode capital letters
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCux51818/?reffering_site=dumpcr

Symptom:
Cisco UCM upgrade from 10.x to 11.0(1) or later fails due to database errors. Message similar to the following appears in logs:
SQL Error (-271): Could not insert new row into the table.
An illegal character has been found in the statement.

May also be seen during LDAP sync causing some users not to be inserted into the UCM database.

Conditions:
Certain uppercase characters in Unicode may cause the error if used in fields that are being indexed for localized sort order. The following data from the EndUser table is impacted:

FirstName
LastName
Userid
Department
Mailid

In addition, the Description field in the Device table may also trigger the error.

Only a one character that triggers the error has been found to date (capital i with dot above). There may be other characters although testing with similar characters in the Unicode range where the error happens are able to be inserted.

Workaround:
Convert the uppercase i with dot above to lowercase or another equivalent character in the database or directory.

There is no fixed release for this bug yet on 26th March 2016.

Thats why, please be sure about your AD entries before starting CUCM Cluster Upgrade from 10.5.1 to 11.0.1.

Best Regards,
Mesut

PS : a group of suicide bombers attacked Brussel, Belgium last week on 22th March 2016. We are together with Brussel. As Atatürk said " Peace at Homeland, Peace in the World."

Upgrading Cisco Jabber Guest Server (from 10.5.3 to 10.6.7)

Dear all,

Firstly download "JabberGuest-10.x.x.x-Upgrade-Only.iso" file and mount this file to DVD Rom of Jabber Guest server via vSphere.

Then follow this steps;
1.  connect Jabber Guest server via SSH as root
2. type "mkdir /mnt/cdrom"
3. type "mount /dev/cdrom /mnt/cdrom"
4. then you will see "mount: block device /dev/sr0 is write-protected, mounting read only." it is normal message, keep on going
5. type "cd /mnt/cdrom"
6. start upgrade while typing "bash upgrade"

Upgrade will take 15 min, after this time server will be ready to operate again.

Best Regards,
Mesut

PS : during this upgrade, a suicide bomber attack our biggest city, Istanbul. We lost 4 people and there are 34 injuries. Terorism is a global threat for World Peace. Please be together against Terorism.
We deserve to live together in peace.

Istanbul Toy Museum - Charlot Muppet

Today, i visited Istanbul Toy Museum.
This muppet is donated by Sir Charles Spencer Chaplin's (aka Charlie Chaplin) himself to a kindergarten. After 100 years and lots of travel, it is in Istanbul now.

A warm "Hi" from Charlot to all of us.

Presentation Tools

My favorite presentation tools are;

www.moovly.com

http://piktochart.com

MS PowerPoint

Please try them and let me know your opinion.

Best Regards,

Mesut

Cisco UCS - Terminating CIMC Session (CIMC - "The maximum number of user sessions has been reached" Error)

On same cases, more than one user can login CIMC via Web or CLI.
It will cause you to get "The maximum number of user sessions has been reached" error on CIMC Web GUI while trying to login.

It means you need to terminate some of unnecessary sessions.
You can easly do it on CIMC CLI.

Please follow kindly below steps

1. Login CIMC CLI with admin credentials by SSH

2. Check current sessions

ucs-c260-m2# show user-session
ID     Name             IP Address        Type         Killable
------ ---------------- ----------------- ------------ --------
6      admin            10.30.100.XX      CLI          yes    
5      admin            10.30.100.XY    webgui       yes    
4      admin            10.30.100.XZ    webgui       yes    
2      admin            10.30.100.XX     webgui       yes    
1      admin            10.30.100.XA    webgui       yes    
ucs-c260-m2#
ucs-c260-m2#

3. Dive into session configuration

ucs-c260-m2# scope user-session 2       ("2" means session ID "2")
ucs-c260-m2 /user-session # terminate


After these steps, you can login CIMC Web GUI succesfully.
Congrats,

Regards,
Mesut

Nice to Meet You All

A new blog as a new bridge, between you and voice/video technologies, Enterprise IT staffs, journeys and rest of the life.

Regards,
Mesut