[cisco-voip] Jabber / CTI and DNS/LDAP

Ryan Huff ryanhuff at outlook.com
Wed Mar 8 10:15:04 EST 2017 

Adam,

I have had this happen before as well and came to the same eventual analysis too.

My DNS were BIND VMs; what I did was add a second virtual NIC to the secondary DNS and gave it the primary's IP address (because my DNS servers were in two separate segments).

Once the original was good, deleted the secondary vNIC. Wasn't a seamless failover (which is what you are looking for I think, but was a 5 minute fix).

You might also look at something like a Kemp/F5 for DNS HA.

You'll find this issue is better addressed from the network/DNS angle and not the CUCM/UC angle.

Thanks,

Ryan

> On Mar 8, 2017, at 9:16 AM, Pawlowski, Adam <ajp26 at buffalo.edu> wrote:
> 
> Good morning all,
> 
> Over the last couple of days we had the wonderful joy of running some of our services in HA failover - and others we had to do without. Amongst those we lost our primary DNS server, and just about everything Cisco UC actually performed without skipping a beat. What we noted was sign in to application admin and Jabber was very slow. Deskphone control didn't work at all - it would just sit there spinning then eventually fail with what seems to be a generic error code.
> 
> Eventually after surfing around for a while we figured out that the CTI control mechanism must authenticate using your user credentials when you're trying to control the phone. That triggers a call out to LDAP which must also trigger a DNS lookup for some reason. While this may eventually succeed, the action in Jabber times out. I'm not sure there's any way to adjust it. In our lab I tried removing a down GC from the LDAP auth configuration, and restarting the CTI manager, neither had any effect. What I was able to do was run "set network dns rotate" - and rebooted the UCM (before I found a doc saying you should only have to reboot Tomcat) which seemed to help. 
> 
> My question is - has anyone run into this before , as it would seem like setting that rotate option, or lowering the timeout/retries from default for DNS , would then be required for Jabber to actually function correctly when the primary DNS server is off-line. This wouldn't be the first time that some sort of resiliency mechanism required tweaks to timers or DNS to make sure it was viable, nor would it be the first time I've completely overlooked something.
> 
> Anyone else run into this? Thoughts? Appreciated as always.
> 
> Regards,
> 
> Adam Pawlowski
> SUNYAB NCS
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip

More information about the cisco-voip mailing list