[cisco-voip] Resolution: Ideas for troubleshooting CCMSysUser

Ryan Ratliff rratliff at cisco.com
Wed Feb 7 13:23:16 EST 2007 

There is no way to get this into CCM/SDL traces because the CM  
application is in no way involved.  This is an ldap call so the only  
logs will be in c:\dcdsrvr\log (even when AD integrated).

I would guess if the profiles were not created when the user was  
there was some type of permissions issue when you first ran the  
directory plugin.  It could very well be that we only go to create  
the profile, etc when we create the user, so if the user exists we  
assume the profile, etc are correct too.

The workaround you used to fix the issue is a good one though I'd  
like to see the directory plugin fix this if it's broken.   There are  
attributes that may need to be on that user that CCMAdmin will not  
put in the profile by default.
If you run into further issues you may want to delete CCMSysUser  
entirely and re-run the directory plugin to recreate it.

-Ryan

On Feb 6, 2007, at 10:05 PM, Jason Aarons ((US)) wrote:

After spending a week with TAC and a 6-hour marathon phone call today  
I resolved it myself!

I removed CiscoPrivateUser from CCMSysUser in AD Users and Computers,  
via CCMUser associated a device to CCMSysUser (populating  
ciscoatUserProfile, ciscoatuserProfileString, and ciscoatGUID) and  
now CTIManager is happy and CallBack works.

What I was seeing in the sniffer trace was the -profile and - 
CCNProfile request, and we have had previous Global Directory device  
association issues that were fixed with ADSIEdit.

Queestion is why are we having these -profiile and -CCNProfile  
issues? There was no problems when we ran the AD Plug In.

I would recommend development find some way to put the CTIManager/ 
CCMSysUser  -profile and -CCNProfile problem into SDI/SDL traces,  
nothing TAC could do showed them what the problem was, or were they  
missing some training? I had to read-into the .cap traces based upon  
other information.

From: Ryan Ratliff [mailto:rratliff at cisco.com]
Sent: Tue 2/6/2007 4:08 PM
To: Jason Aarons (US)
Cc: cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] Ideas for troubleshooting CCMSysUser

The error code in the event id you pasted below translates to
8CCC0060 which corresponds to CTIERR_DIRECTORY_LOGIN_FAILED.

Is your ldap bind as CCMSysUser successful?  Also check c:\dcdsrvr
\directoryconfiguration.ini to verify the password there matches what
you have in the registry (as well as other ldap info).

You are correct that you should not be able to login with CCMSysUser
via CCMUser page.

I don't have an AD-integrated CM handy but I do see a CCMSysUser-
profile and CCMSysUser-CCNProfile object in DCD so I suspect you
should have those attributes set.  In the sniffer capture you should
see us grabbing the cisco attributes from the CCMSysUser account.  If
we do that then they are required.

You should be able to re-run the AD plugin to get them set.

-Ryan

On Feb 6, 2007, at 3:46 PM, Jason Aarons ((US)) wrote:

Once I removed CiscoPrivateUser I could login with CCMSysUser on
CCMUser.



Via ADSIEdit none of my values are populated for ciscoatUserProfile,
ciscoatuserProfileString, and ciscoatGUID, should they be?



From: cisco-voip-bounces at puck.nether.net [mailto:cisco-voip-
bounces at puck.nether..net] On Behalf Of Jason Aarons (US)
Sent: Tuesday, February 06, 2007 3:32 PM
To: cisco-voip at puck.nether.net
Subject: [cisco-voip] Ideas for troubleshooting CCMSysUser



In ADSIEdit should CCMSysUser have attributes for ciscoatUserProfile,
ciscoatuserProfileString, and ciscoatGUID? I had a few regular users
in Global Directory whom I could not associate a Device (Phone) to
them until I removed any attribute for ciscoatX via ADSIEdit on the
Domain Controller.



Here is what I have done so far, CallManager 4.1(3)SR4d, Active
Directory integrated, ran CCMPwdChanger after AD integration,
rebooted everything multiple times, can login to Windows Workstations
using CCMSysUser, reverse decrypted the registry value for Password,
ran sniffer traces they shows LDAP success for CCMSysUser, Domain
Controller Security Log shows plenty of Successful Logins (event
548,547) for CCMSysUser.



I am unable to login to https://server/ccmuser with CCMSysUser is my
only clue. Previous forum posts from Ryan/Wes indicate this should
work, but doesn’t the CCMSysUser have CiscoPrivateUser making ccmuser
not able to login right?





Event Type:        Error

Event Source:    Cisco CTIManager

Event Category:                None

Event ID:              3

Date:                     2/6/2007

Time:                     3:27:34 PM

User:                     N/A

Computer:          NEMCCM01

Description:

Error: kCtiProviderOpenFailure - CTI application failed to open provider

    CTIconnectionId: 15502

    Login User Id: CCMSysUser

    Reason code.: -1932787616

    IPAddress:

    App ID: Cisco CTIManager

    Cluster ID: StandAloneCluster

    Node ID: 10.20.28.10

Explanation: Application is unable to open provider.

Recommended Action: Check the reason code and correct the problem.
Restart CTIManager if problem persists..





Disclaimer: This e-mail communication and any attachments may contain
confidential and privileged information and is for use by the
designated addressee(s) named above only. If you are not the intended
addressee, you are hereby notified that you have received this
communication in error and that any use or reproduction of this email
or its contents is strictly prohibited and may be unlawful. If you
have received this communication in error, please notify us
immediately by replying to this message and deleting it from your
computer. Thank you.



Disclaimer: This e-mail communication and any attachments may contain
confidential and privileged information and is for use by the
designated addressee(s) named above only. If you are not the intended
addressee, you are hereby notified that you have received this
communication in error and that any use or reproduction of this email
or its contents is strictly prohibited and may be unlawful. If you
have received this communication in error, please notify us
immediately by replying to this message and deleting it from your
computer. Thank you.

_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck..nether.net/mailman/listinfo/cisco-voip



Disclaimer: This e-mail communication and any attachments may contain  
confidential and privileged information and is for use by the  
designated addressee(s) named above only. If you are not the intended  
addressee, you are hereby notified that you have received this  
communication in error and that any use or reproduction of this email  
or its contents is strictly prohibited and may be unlawful. If you  
have received this communication in error, please notify us  
immediately by replying to this message and deleting it from your  
computer. Thank you.

More information about the cisco-voip mailing list