[cisco-voip] CallManager Active Directory Issue

Fri Oct 15 12:16:24 EDT 2004

I'm glad that fixed it.  It took us two weeks and a lot pain and
suffering.  Cisco helped figure out that the communication wasn't
working but they couldn't figure out what was going on.  Our ACL were
all fine.  Then by the Grace of God I seen the fixup for 389 and decided
to turn it off.  Then it worked for us.  I think Cisco needs to document
this somewhere.

I think this is a very common setup; inside network (voIP) and servers
on a DMZ(AD).

Scott

-----Original Message-----
From: Yunming Song [mailto:yunming.song at digiconasp.com] 
Sent: Friday, October 15, 2004 9:11 AM
To: Voll, Scott; Hering, Marc; cisco-voip at puck.nether.net
Cc: tunde.falade at digiconasp.com; allison.lee at digiconasp.com; Bill
Seguin; Dave Strzemienski; Yunming Song; Luten, Randy
Subject: Re: [cisco-voip] CallManager Active Directory Issue

thanks a lot, we fixed the issue.
Since we have two PIX firewalls between the CM and Schema master,
and we just turn off the fixup for 389 as your suggestion.

----- Original Message ----- 
From: "Voll, Scott" <Scott.Voll at wesd.org>
To: "Yunming Song" <yunming.song at digiconasp.com>; "Hering, Marc" 
<MHering at TheGaleCompany.com>; <cisco-voip at puck.nether.net>
Cc: <tunde.falade at digiconasp.com>; <allison.lee at digiconasp.com>; "Bill 
Seguin" <Bill.Seguin at centrivity.com>; "Dave Strzemienski" 
<dstrz at centrivity.com>
Sent: Friday, October 15, 2004 9:58 AM
Subject: RE: [cisco-voip] CallManager Active Directory Issue

Is there a PIX (or firewall) in between the CM and the Schema master?

If so, you need to turn off the fixup for 389.  It hoses the LDAP
communication. (only know from experience:-)

Scott

-----Original Message-----
From: cisco-voip-bounces at puck.nether.net
[mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Yunming Song
Sent: Friday, October 15, 2004 6:59 AM
To: Hering, Marc; cisco-voip at puck.nether.net
Cc: tunde.falade at digiconasp.com; allison.lee at digiconasp.com; Bill
Seguin; Yunming Song; Dave Strzemienski
Subject: Re: [cisco-voip] CallManager Active Directory Issue

We use the original administrator account,
but doesn't work either.

----- Original Message ----- 
From: "Hering, Marc" <MHering at TheGaleCompany.com>
To: "Yunming Song" <yunming.song at digiconasp.com>;
<cisco-voip at puck.nether.net>
Sent: Friday, October 15, 2004 8:51 AM
Subject: RE: [cisco-voip] CallManager Active Directory Issue

> Were you using the original administrator account?   For some reason I
> don't know why, if you use other accounts it sometimes bombs...
>
>
>
> -----Original Message-----
> From: Yunming Song [mailto:yunming.song at digiconasp.com]
> Sent: Friday, October 15, 2004 8:59 AM
> To: Hering, Marc; cisco-voip at puck.nether.net
> Subject: Re: [cisco-voip] CallManager Active Directory Issue
>
> Hi Marc,
>
> We logged into AD with Schema Admin rights, but the problem still
> exists.
> Any other input?
>
> thanks,
> Yunming
>
> ----- Original Message -----
> From: "Hering, Marc" <MHering at TheGaleCompany.com>
> To: "Yunming Song" <yunming.song at digiconasp.com>;
> <cisco-voip at puck.nether.net>
> Sent: Thursday, October 14, 2004 4:50 PM
> Subject: RE: [cisco-voip] CallManager Active Directory Issue
>
>
>> Who were U logged into AD as?  Was it an account with Schema Admin
>> rights?  Domain Admin rights won't work
>>
>> <M>
>>
>> -----Original Message-----
>> From: cisco-voip-bounces at puck.nether.net
>> [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Yunming Song
>> Sent: Thursday, October 14, 2004 4:44 PM
>> To: cisco-voip at puck.nether.net
>> Cc: Yunming Song
>> Subject: [cisco-voip] CallManager Active Directory Issue
>>
>> Hi Group,
>>
>> Under CallManager 3.3(4)sr2, we are installing Cisco Customer
>> Directory Configuration Plugin, from Publisher server (MCS-7825),
>> attempting to integrate with existing Corporate Active Directory
>> generates the following errors:
>> "Failed to modify Active Directory Schema. Addition of attributes
>> failed"
>> "Failed to modify Active Directory Schema. Addition of objectclasses
>> failed"
>> "Failed to configure Active Directory.  Addition of default
containers
>
>> and profiles failed."
>> "... Addition of system userprofiles failed"
>> "... Addition of system users failed"
>>
>> We have verified that we are connecting to the schema master for the
>> domain, using a Schema Admin and Enterprise Admin account.  The
schema
>
>> master shows significant cpu activity just before the first failure
>> message is displayed on the Publisher server.
>> We have also verified the registry key
>> HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Schema Update
>> Allowed is set on the Microsoft Active Directory Server to 1 Our A/D
>> infrastructure consists of 4 domain controllers across 2 physical
>> locations.  The schema master is not located at the same location as
>> the Publisher server from which we are running the Directory
>> Configuration Plugin, however we are allowing all IP traffic between
>> the two locations and have confirmed that the 2 servers are at least
>> talking to each other.
>>
>> Any input/idea is pretty much appreciated!
>>
>> thanks a lot,
>> Yunming Song
>> Digicon Corporation
>> 571-323-5030 (o)
>> yunming.song at digiconasp.com
>>
>> _______________________________________________
>> cisco-voip mailing list
>> cisco-voip at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>
>>
>>
>>
>>
>>
>>
>> The Gale Company is one of the largest real estate companies in the
>> industry with a global portfolio exceeding 60 million square feet of
>> office space.  For more information contact 973-301-9500 or visit
>> www.TheGaleCompany.com
>>
>>
>>
>>
>>
>
>
>
>
>
>
>
> The Gale Company is one of the largest real estate companies in the
> industry with a global portfolio exceeding 60 million square feet of
> office space.  For more information contact 973-301-9500 or visit
> www.TheGaleCompany.com
>
>
>
>
>

_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip