[cisco-voip] CCX 11.5 Upgrade Issues
Matthew Loraditch
MLoraditch at heliontechnologies.com
Mon Oct 24 13:46:36 EDT 2016
So after getting some sleep, I figured I'd publish this PSA. Don't run CCX 11.5 on C200M2 BE6K. while it may be able to handle it from a numbers basis, It can't handle it. 11.5 is a resource hog. Once I moved it to a BE7H I have and upped it to the CPU and RAM of 400 user OVA it started working. The RAM/CPU increase had been discussed as a possible option. Although I now have an OVA mismatch because I only have one hard drive.
Essentially there are timeouts on the various components that run under tomcat and if Tomcat doesn't come up in 10 minutes they never will come online.
I now have to experiment with the RAM/CPU and see if it will be ok on the better hardware with the normal settings or not and then upgrade my normal hosts hardware. Boy did I have no idea what rabbit hole I was going down. My supervisors owe me some drinks...
From: Matthew Loraditch
Sent: Monday, October 24, 2016 12:21 AM
To: Matthew Loraditch <MLoraditch at heliontechnologies.com>; NateCCIE <nateccie at gmail.com>; 'Ryan Huff' <ryanhuff at outlook.com>
Cc: cisco-voip at puck.nether.net
Subject: RE: [cisco-voip] CCX 11.5 Upgrade Issues
I've stumped the Sunday crew.... On the phone for 12 hours straight now. We are now escalating to the BU.
From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Matthew Loraditch
Sent: Sunday, October 23, 2016 12:54 PM
To: NateCCIE <nateccie at gmail.com<mailto:nateccie at gmail.com>>; 'Ryan Huff' <ryanhuff at outlook.com<mailto:ryanhuff at outlook.com>>
Cc: cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
Subject: Re: [cisco-voip] CCX 11.5 Upgrade Issues
Yes that's what I've found, but that's basically telling me to build a whole new CA. Which is not hard in and of itself, it's the implications of having multiple Cas and/or migrating all of the other certs. Trying to avoid overcomplicating things when I have zero need for that kind of encryption.
From: NateCCIE [mailto:nateccie at gmail.com]
Sent: Sunday, October 23, 2016 12:40 PM
To: Matthew Loraditch <MLoraditch at heliontechnologies.com<mailto:MLoraditch at heliontechnologies.com>>; 'Ryan Huff' <ryanhuff at outlook.com<mailto:ryanhuff at outlook.com>>
Cc: cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
Subject: RE: [cisco-voip] CCX 11.5 Upgrade Issues
Not much of a windows guy anymore, (MCSE Windows 2000), but this looks pretty easy, but I imagine it's under the control of some other person/group.
https://technet.microsoft.com/en-us/library/ff829847(v=ws.10).aspx
-Nate
From: Matthew Loraditch [mailto:MLoraditch at heliontechnologies.com]
Sent: Sunday, October 23, 2016 9:16 AM
To: NateCCIE <nateccie at gmail.com<mailto:nateccie at gmail.com>>; 'Ryan Huff' <ryanhuff at outlook.com<mailto:ryanhuff at outlook.com>>
Cc: cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
Subject: RE: [cisco-voip] CCX 11.5 Upgrade Issues
We use our AD CA for the certs and setting that up to do EC certs is not a tiny bit of work. Everything I've read basically indicated I have to rebuild the thing from scratch. The Cert Management page indicates I can actually turn them off in Enterprise Parameters... but that's not exposed in UCCX.
I'll probably be just using GPO to push the self signed certs to my agent's PCs for now.
From: NateCCIE [mailto:nateccie at gmail.com]
Sent: Sunday, October 23, 2016 11:04 AM
To: Matthew Loraditch <MLoraditch at heliontechnologies.com<mailto:MLoraditch at heliontechnologies.com>>; 'Ryan Huff' <ryanhuff at outlook.com<mailto:ryanhuff at outlook.com>>
Cc: cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
Subject: RE: [cisco-voip] CCX 11.5 Upgrade Issues
http://www.cisco.com/c/en/us/support/docs/customer-collaboration/unified-contact-center-express/200651-UCCX-Version-11-5-Prerelease-Field-Commu.html
All of the 11.5 stuff seems to have the ecdsa certs. Digicert issues them just fine on their wildcard cert.
From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Matthew Loraditch
Sent: Saturday, October 22, 2016 11:00 PM
To: Ryan Huff <ryanhuff at outlook.com<mailto:ryanhuff at outlook.com>>
Cc: cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
Subject: Re: [cisco-voip] CCX 11.5 Upgrade Issues
Thanks. After another reboot. I've got admin pages on the primary. Also some finesse service is running on yet another port (12015) and giving me elliptic curve certs... Need to figure out how to disable them.
TAC and Football tomorrow!
From: Ryan Huff [mailto:ryanhuff at outlook.com]
Sent: Saturday, October 22, 2016 11:16 AM
To: Matthew Loraditch <MLoraditch at heliontechnologies.com<mailto:MLoraditch at heliontechnologies.com>>
Cc: cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
Subject: Re: [cisco-voip] CCX 11.5 Upgrade Issues
There is an ES for 11.5 FYI; not sure if any of your upgrade issues are covered in the ES ... but TAC may lead you down that path.
Sent from my iPhone
On Oct 22, 2016, at 11:09 AM, Matthew Loraditch <MLoraditch at heliontechnologies.com<mailto:MLoraditch at heliontechnologies.com>> wrote:
So I did one of these last night, just a few issues..
1) None of the admin webpage services will start on the primary server. Tomcat logs don't show anything I understand or look like obvious errors.
2) Can't login to CUIC or the new Identity services with any combination of usernames I've tried. Just plain usernames, the built in admin account, CCX\username, etc.
I've combed documentation for #2, but I'm either missing something or it doesn't exist. I read the SSO guide for identity services, but it skips over the login to it this way section and the configuration guide doesn't seem to mention it...
DB Replication is good for both databases CCX and the platform DBs. CCX is operating, agents can login and queues are working correctly.
I'll be calling TAC tomorrow, but if anyone has any insights or bug IDs that may save me time, I'd appreciate it.
-Matthew
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20161024/c87a8e84/attachment.html>
More information about the cisco-voip
mailing list