[cisco-voip] CCX 11.5 Upgrade Issues

Matthew Loraditch MLoraditch at heliontechnologies.com
Tue Nov 8 12:55:19 EST 2016


The only thing I could add is it wasn't entirely clear to me that I need to rerun the patch for the date time bug in reporting after the upgrade.
I ended up getting EC certs working, but yeah that parameter needs to be exposed somewhere and defaulted to off.

Thanks for asking!

Matthew G. Loraditch - CCNP-Voice, CCNA-R&S, CCDA
Network Engineer
Direct Voice: 443.541.1518

Facebook<https://www.facebook.com/heliontech?ref=hl> | Twitter<https://twitter.com/HelionTech> | LinkedIn<https://www.linkedin.com/company/helion-technologies?trk=top_nav_home> | G+<https://plus.google.com/+Heliontechnologies/posts>

From: Abhiram Kramadhati (akramadh) [mailto:akramadh at cisco.com]
Sent: Tuesday, November 8, 2016 6:13 AM
To: Nathan Reeves <nathan.a.reeves at gmail.com>; Matthew Loraditch <MLoraditch at heliontechnologies.com>
Cc: cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] CCX 11.5 Upgrade Issues

Hi Nathan, Mathew, all,

Just checking if you have have had any other issues or feedback to share for 11.5?
There are a few things that have caught our attention and might be a good place to share:

  *   CSCvb67761: Live Data Streaming Source Offline after 'maxThreads' exhausted on port 9443
     *   This is due to the Agent State Log Report causing high CPU and affecting the socket.IO service, eventually leading to LD to shut down
     *   If you are having issues of LD not working under load or user complaining of constant disconnects, disable this one report and it should be resolved. We are investigating the fix, but this is due to the fact that the initial data is being loaded from the DB snapshot for this report and thus putting a lot of load on the system.
     *   This is affecting a small % of customers, but the workaround is simple.
     *   Disable

viewId=5D411E8A10000140000000230A4E5E6B
 filterId=AgentStateDetailStats      agentID=loginId from the Finesse layout

  *   CSCvb93630: UCCX: Calls recorded by Media Sense are not tagged by UCCX 11.5
     *   This is a sev2 defect, so please be mindful of this
     *   Fix will be released soon
  *   Handling ECDSA certificates: updated strategy and required COP files have been published to TAC. So if you are having trouble working with ECDSA certificates or looking to disable them (like the enterprise parameter mentioned below, which is for CUCM only) - please get in touch with TAC.
Apart from that, any other general feedback on upgrade experience or on Finesse etc. are most welcome, please share the same.

Thanks.

Regards,
Abhiram Kramadhati
Technical Solutions Manager, CCBU
CCIE Collaboration # 40065


From: cisco-voip <cisco-voip-bounces at puck.nether.net<mailto:cisco-voip-bounces at puck.nether.net>> on behalf of Nathan Reeves <nathan.a.reeves at gmail.com<mailto:nathan.a.reeves at gmail.com>>
Date: Wednesday, 26 October 2016 at 2:48 PM
To: Matthew Loraditch <MLoraditch at heliontechnologies.com<mailto:MLoraditch at heliontechnologies.com>>
Cc: "cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>" <cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>>
Subject: Re: [cisco-voip] CCX 11.5 Upgrade Issues

I saw something similar with a fresh install / upgrade (from 11.0 to 11.5 - didn't have a bootable 11.5 ISO) I attempted last week.

Found that the upgrade via GUI wouldn't successfully complete.  It would get to the section that mentions releasing the upgrade lock but never actually does so.  I posted on the cisco forums and it was suggested to do the upgrade via cli.  This did complete successfully, but like you encountered, services wouldn't start on the first boot following upgrade.  I completed a subsequent reboot and things came up as expected.

Was in between moving employers so haven't managed to get back to the home lab to take any further look at logins unfort.

Nathan

On Tuesday, October 25, 2016, Matthew Loraditch <MLoraditch at heliontechnologies.com<mailto:MLoraditch at heliontechnologies.com>> wrote:
11.0. It was not Finesse, that and CUIC were the only Tomcats that started and Finesse actually worked. Agents could login and take calls in my testing.
The regular Tomcat service and the dependent services that run /appadmin /cmplatform etc would not start. This was occurring before live agents even logged in.

From:avholloway at gmail.com<javascript:_e(%7B%7D,'cvml','avholloway at gmail.com');> [mailto:avholloway at gmail.com<javascript:_e(%7B%7D,'cvml','avholloway at gmail.com');>] On Behalf Of Anthony Holloway
Sent: Monday, October 24, 2016 2:46 PM
To: Matthew Loraditch <MLoraditch at heliontechnologies.com<javascript:_e(%7B%7D,'cvml','MLoraditch at heliontechnologies.com');>>
Cc: cisco-voip at puck.nether.net<javascript:_e(%7B%7D,'cvml','cisco-voip at puck.nether.net');>
Subject: Re: [cisco-voip] CCX 11.5 Upgrade Issues

What UCCX version were you coming from, and what are the Finesse browser versions in use?

I wonder if 11.5 is a resource hog, or if you might be hitting the Finesse Live Data issue I had a few months back when moving to UCCX 11.0 and using IE9 in non-compatibilty mode, and IE11 in compatibility mode.

https://communities.cisco.com/thread/65762?start=0&tstart=0

On Mon, Oct 24, 2016 at 12:46 PM, Matthew Loraditch <MLoraditch at heliontechnologies.com<javascript:_e(%7B%7D,'cvml','MLoraditch at heliontechnologies.com');>> wrote:
So after getting some sleep, I figured I'd publish this PSA. Don't run CCX 11.5 on C200M2 BE6K. while it may be able to handle it from a numbers basis, It can't handle it. 11.5 is a resource hog. Once I moved it to a BE7H I have and upped it to the CPU and RAM of 400 user OVA it started working. The RAM/CPU increase had been discussed as a possible option. Although I now have an OVA mismatch because I only have one hard drive.

Essentially there are timeouts on the various components that run under tomcat and if Tomcat doesn't come up in 10 minutes they never will come online.

I now have to experiment with the RAM/CPU and see if it will be ok on the better hardware with the normal settings or not and then upgrade my normal hosts hardware. Boy did I have no idea what rabbit hole I was going down. My supervisors owe me some drinks...


From: Matthew Loraditch
Sent: Monday, October 24, 2016 12:21 AM
To: Matthew Loraditch <MLoraditch at heliontechnologies.com<javascript:_e(%7B%7D,'cvml','MLoraditch at heliontechnologies.com');>>; NateCCIE <nateccie at gmail.com<javascript:_e(%7B%7D,'cvml','nateccie at gmail.com');>>; 'Ryan Huff' <ryanhuff at outlook.com<javascript:_e(%7B%7D,'cvml','ryanhuff at outlook.com');>>

Cc: cisco-voip at puck.nether.net<javascript:_e(%7B%7D,'cvml','cisco-voip at puck.nether.net');>
Subject: RE: [cisco-voip] CCX 11.5 Upgrade Issues

I've stumped the Sunday crew.... On the phone for 12 hours straight now. We are now escalating to the BU.

From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net<javascript:_e(%7B%7D,'cvml','cisco-voip-bounces at puck.nether.net');>] On Behalf Of Matthew Loraditch
Sent: Sunday, October 23, 2016 12:54 PM
To: NateCCIE <nateccie at gmail.com<javascript:_e(%7B%7D,'cvml','nateccie at gmail.com');>>; 'Ryan Huff' <ryanhuff at outlook.com<javascript:_e(%7B%7D,'cvml','ryanhuff at outlook.com');>>
Cc: cisco-voip at puck.nether.net<javascript:_e(%7B%7D,'cvml','cisco-voip at puck.nether.net');>
Subject: Re: [cisco-voip] CCX 11.5 Upgrade Issues

Yes that's what I've found, but that's basically telling me to build a whole new CA.  Which is not hard in and of itself, it's the implications of  having multiple Cas and/or migrating all of the other certs. Trying to avoid overcomplicating things when I have zero need for that kind of encryption.

From: NateCCIE [mailto:nateccie at gmail.com<javascript:_e(%7B%7D,'cvml','nateccie at gmail.com');>]
Sent: Sunday, October 23, 2016 12:40 PM
To: Matthew Loraditch <MLoraditch at heliontechnologies.com<javascript:_e(%7B%7D,'cvml','MLoraditch at heliontechnologies.com');>>; 'Ryan Huff' <ryanhuff at outlook.com<javascript:_e(%7B%7D,'cvml','ryanhuff at outlook.com');>>
Cc: cisco-voip at puck.nether.net<javascript:_e(%7B%7D,'cvml','cisco-voip at puck.nether.net');>
Subject: RE: [cisco-voip] CCX 11.5 Upgrade Issues

Not much of a windows guy anymore, (MCSE Windows 2000), but this looks pretty easy, but I imagine it's under the control of some other person/group.

https://technet.microsoft.com/en-us/library/ff829847(v=ws.10).aspx

-Nate

From: Matthew Loraditch [mailto:MLoraditch at heliontechnologies.com<javascript:_e(%7B%7D,'cvml','MLoraditch at heliontechnologies.com');>]
Sent: Sunday, October 23, 2016 9:16 AM
To: NateCCIE <nateccie at gmail.com<javascript:_e(%7B%7D,'cvml','nateccie at gmail.com');>>; 'Ryan Huff' <ryanhuff at outlook.com<javascript:_e(%7B%7D,'cvml','ryanhuff at outlook.com');>>
Cc: cisco-voip at puck.nether.net<javascript:_e(%7B%7D,'cvml','cisco-voip at puck.nether.net');>
Subject: RE: [cisco-voip] CCX 11.5 Upgrade Issues

We use our AD CA for the certs and setting that up to do EC certs is not a tiny bit of work. Everything I've read basically indicated I have to rebuild the thing from scratch. The Cert Management page indicates I can actually turn them off in Enterprise Parameters... but that's not exposed in UCCX.
I'll probably be just using GPO to push the self signed certs to my agent's PCs for now.

From: NateCCIE [mailto:nateccie at gmail.com<javascript:_e(%7B%7D,'cvml','nateccie at gmail.com');>]
Sent: Sunday, October 23, 2016 11:04 AM
To: Matthew Loraditch <MLoraditch at heliontechnologies.com<javascript:_e(%7B%7D,'cvml','MLoraditch at heliontechnologies.com');>>; 'Ryan Huff' <ryanhuff at outlook.com<javascript:_e(%7B%7D,'cvml','ryanhuff at outlook.com');>>
Cc: cisco-voip at puck.nether.net<javascript:_e(%7B%7D,'cvml','cisco-voip at puck.nether.net');>
Subject: RE: [cisco-voip] CCX 11.5 Upgrade Issues

http://www.cisco.com/c/en/us/support/docs/customer-collaboration/unified-contact-center-express/200651-UCCX-Version-11-5-Prerelease-Field-Commu.html

All of the 11.5 stuff seems to have the ecdsa certs.  Digicert issues them just fine on their wildcard cert.

From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net<javascript:_e(%7B%7D,'cvml','cisco-voip-bounces at puck.nether.net');>] On Behalf Of Matthew Loraditch
Sent: Saturday, October 22, 2016 11:00 PM
To: Ryan Huff <ryanhuff at outlook.com<javascript:_e(%7B%7D,'cvml','ryanhuff at outlook.com');>>
Cc: cisco-voip at puck.nether.net<javascript:_e(%7B%7D,'cvml','cisco-voip at puck.nether.net');>
Subject: Re: [cisco-voip] CCX 11.5 Upgrade Issues

Thanks. After another reboot. I've got admin pages on the primary. Also some finesse service is running on yet another port (12015) and giving me elliptic curve certs... Need to figure out how to disable them.

TAC and Football tomorrow!

From: Ryan Huff [mailto:ryanhuff at outlook.com<javascript:_e(%7B%7D,'cvml','ryanhuff at outlook.com');>]
Sent: Saturday, October 22, 2016 11:16 AM
To: Matthew Loraditch <MLoraditch at heliontechnologies.com<javascript:_e(%7B%7D,'cvml','MLoraditch at heliontechnologies.com');>>
Cc: cisco-voip at puck.nether.net<javascript:_e(%7B%7D,'cvml','cisco-voip at puck.nether.net');>
Subject: Re: [cisco-voip] CCX 11.5 Upgrade Issues

There is an ES for 11.5 FYI; not sure if any of your upgrade issues are covered in the ES ... but TAC may lead you down that path.

Sent from my iPhone

On Oct 22, 2016, at 11:09 AM, Matthew Loraditch <MLoraditch at heliontechnologies.com<javascript:_e(%7B%7D,'cvml','MLoraditch at heliontechnologies.com');>> wrote:
So I did one of these last night, just a few issues..

1)      None of the admin webpage services will start on the primary server. Tomcat logs don't show anything I understand or look like obvious errors.

2)      Can't login to CUIC or the new Identity services with any combination of usernames I've tried. Just plain usernames, the built in admin account, CCX\username, etc.

I've combed documentation for #2, but I'm either missing something or it doesn't exist. I read the SSO guide for identity services, but it skips over the login to it this way section and the configuration guide doesn't seem to mention it...

DB Replication is good for both databases CCX and the platform DBs. CCX is operating, agents can login and queues are working correctly.

I'll be calling TAC tomorrow, but if anyone has any insights or bug IDs that may save me time, I'd appreciate it.

-Matthew
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<javascript:_e(%7B%7D,'cvml','cisco-voip at puck.nether.net');>
https://puck.nether.net/mailman/listinfo/cisco-voip

_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<javascript:_e(%7B%7D,'cvml','cisco-voip at puck.nether.net');>
https://puck.nether.net/mailman/listinfo/cisco-voip

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20161108/6a31e540/attachment.html>


More information about the cisco-voip mailing list