[cisco-voip] CCM 4.3(1) SA and local administrator password restrictions on installation

Wes Sisk wsisk at cisco.com
Fri Jun 12 13:04:16 EDT 2009


So it sounds like your direction is already set?  You must use a complex 
password.  And if it breaks things, well, you have to work through the 
failures and maintain some level of password complexity.


Otherwise, I agree with Ryan.  No Cisco services should use the sa 
account any more so this recommendation is not likely related to 
features on CUCM.  In fact, I am not aware of restricting the sa 
password in SQL to disallow special characters.  To that end, I am 
optimistic (not tested) that you can use special characters and not 
experience failures.  If the install box only allows alphanumeric then 
go into SQL afterwords and reset the password.

/Wes

On Friday, June 12, 2009 7:47:09 AM, Paul <asobihoudai at yahoo.com> wrote:
> The crux of the issue comes down to this, the gub'ment requires special characters in their passwords or their provider will shut their connection off. We cannot use alphanumeric-only passwords even if it means it's to fix an issue. This is so frustrating.
>
>
> ----- Original Message ----
> From: Ryan Ratliff <rratliff at cisco.com>
> To: Paul <asobihoudai at yahoo.com>; cisco-voip at puck.nether.net
> Sent: Thursday, June 11, 2009 8:30:27 PM
> Subject: RE: [cisco-voip] CCM 4.3(1) SA and local administrator password restrictions on installation
>
> As far as CUCM goes you can change the local admin password at any point
> with no consequences.  None of our services run as that user and mostly it's
> used for CCMAdmin access (unless MLA is enabled) and logging into the OS.  
>
> There have certainly been plenty of bugs in the past around passwords with
> special characters in them.  If it's a big deal to you proceed as you wish
> and change it if you run into issues.  
>
> -ryan
>
> -----Original Message-----
> From: Paul [mailto:asobihoudai at yahoo.com] 
> Sent: Thursday, June 11, 2009 6:31 PM
> To: Ryan Ratliff; cisco-voip at puck.nether.net
> Subject: Re: [cisco-voip] CCM 4.3(1) SA and local administrator password
> restrictions on installation
>
>
> I was just told by TAC that using only alphanumeric characters for all of
> the passwords within CUCM is best practice. Of course, if all of the
> passwords are the same, they have to be a maximum of 15 characters or else
> IP IVR has a conniption and refuses to install when it comes to entering the
> secret password phrase of 15char+.
>
> What other problems might occur besides AXL issues? I'm not concerned about
> AXL issues since the customer isn't going to be deploying any AXL
> applications on this 4.3(1) cluster anytime soon.
>
> Paul
>
>
>
> ----- Original Message ----
> From: Ryan Ratliff <rratliff at cisco.com>
> To: Paul <asobihoudai at yahoo.com>; cisco-voip at puck.nether.net
> Sent: Thursday, June 11, 2009 4:53:23 PM
> Subject: RE: [cisco-voip] CCM 4.3(1) SA and local administrator password
> restrictions on installation
>
> SA isn't used by anything in CUCM that I'm aware of (maybe some IPCCX stuff)
> and by default the SQL database isn't even set to mixed mode. 
> The local Administrator account is going to be limited by the apps that use
> it.  AXL has always had issues with special characters.  The good news is
> that the local admin account can be changed at any point without breaking
> services (assuming it's changed cluster-wide).
>
> -ryan
>
> -----Original Message-----
> From: cisco-voip-bounces at puck.nether.net
> [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Paul
> Sent: Thursday, June 11, 2009 3:43 PM
> To: cisco-voip at puck.nether.net
> Subject: [cisco-voip] CCM 4.3(1) SA and local administrator password
> restrictions on installation
>
>
> http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/install/4_3/cm431ins.html
>
> Being bitten in the ass by Cisco documentation more than once in two weeks,
> I'd like to get some clarification on passwords for the local Administrator
> (NT admin account I'm assuming), and the SA (SQL Server system
> administrator).
>
> The URL above warns "When entering passwords for the local
> Administrator and SA (SQL Server system administrator) accounts, enter
> alphanumeric characters only. The account password must match on every
> server in the cluster." I'm assuming this means NO SYMBOLS, PUNCTUATION, OR
> OTHER GOBBLEYGOOK. The customer has created a password with symbols and
> punctuation so I'm quite concerned that I need to blow away the cluster and
> reinstall all three nodes because of this. I'd, naturally, like to avoid
> such self-flagellation but if required will do what needs to be done.
>
> Can anyone confirm that only A-Z, a-z, 0-9 are the only characters allowed
> for these passwords? Thanks!
>
> Paul
>
>
>
>       
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
>       
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>   



More information about the cisco-voip mailing list