[cisco-voip] DNS and LDAP Domain name change - current process node is IP
Ryan Huff
ryanhuff at outlook.com
Mon Nov 11 19:09:01 EST 2019
From a server perspective, just make sure the forward A record and reverse PTR record for the new FQDN exist BEFORE using the CLI command to run the sanity check scripts to change the domain. You can change the DNS records shortly before running the CLI command, but not for long as it would eventually cause cluster replication issues. Make sure the reverse PTR for the old FQDN is removed/changed to point at the NEW FQDN.
Regarding the processNode names.. no real impact to leave them as IP references (changing them to FQDN can offer some advantages and conveniences when dealing with MRA, Expressway, IM & Presence).
If you do decide to change CUCM’s server references to FQDN at some point, make sure all server nodes have a forward and reverse DNS record and make sure all phones/devices have access to DNS servers that can resolve the CUCM server’s FQDN (this step is really important). Also, make sure to adjust/verify the Enterprise Parameter URLs for authentication and directories (though they can usually be left to use IP references without issue).
Certs are regenerated; so with public CA certs that means a new CSR and certs after the change. With self-signed certs, you just get new certs that’ll need to be re-trusted by tour browser or imported into your device’s truststore.
Sent from my iPhone
On Nov 11, 2019, at 18:47, Nick Britt <nickolasjbritt at gmail.com> wrote:
Sorry the ask it so change from the DNS suffix of customername.us.com<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcustomername.us.com&data=02%7C01%7C%7C2609025ca7364935d96f08d767019242%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637091128749175619&sdata=PbdJpfrUqvvG7cS7uBJq0ll6fv47o0R5mj1EWkTkb4c%3D&reserved=0> to customer.com<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcustomer.com&data=02%7C01%7C%7C2609025ca7364935d96f08d767019242%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637091128749175619&sdata=eIpn94qwo9a%2BYBGJs1XEJl1JAQVy5Qyb5KyzxNitE%2Fk%3D&reserved=0>.
Also the users from customername.us.com<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcustomername.us.com&data=02%7C01%7C%7C2609025ca7364935d96f08d767019242%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637091128749185630&sdata=UdD3B4rmbmUnK03CRqmlmBToeKW9Fk3DZywPFf79Ygg%3D&reserved=0> have been moved into a customername.com<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcustomername.com&data=02%7C01%7C%7C2609025ca7364935d96f08d767019242%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637091128749195642&sdata=kJeOUvsQs1AZ5xYP7IipTdqAga%2FXGa13gpJRc0QFK8A%3D&reserved=0> OU on different LDAP servers with the same usernames.
The servers are configured with a DNS domain and DNS servers but they process node ID is the IP address of the servers (without the suffix)
Does that make sense?
On Mon, Nov 11, 2019 at 3:26 PM Ryan Huff <ryanhuff at outlook.com<mailto:ryanhuff at outlook.com>> wrote:
what are you trying to do? Do you need to add a domain name to UC servers that currently do not have a domain name?
Sent from my iPhone
On Nov 11, 2019, at 18:21, Nick Britt <nickolasjbritt at gmail.com<mailto:nickolasjbritt at gmail.com>> wrote:
A customer has had a domain name, this includes the DNS and the active directory integration. I am trying to pull together the necessary steps for each application.
Below is what I have deduced from the documentation so far
Change Domain name CUCM, Pub and Sub
The CUCM processNode name is the IP address (System - > Server) changing the domain name will have no effect on the CTL/ITL files as phones only reference the IP currently.
Remove each server from PLM and add back in post-change
Security certs will need to be re-signed by the root CA
Each domain name and DNS change will need to be completed independently and db replication status to be checked before moving onto subscriber.
Current Active directory authentication and LDAP authentication will be moved from one server to another. The usernames are the same between the the Active Directory domains so the device associations should remain when the LDAP integration is change between one AD domain to another.
Change Domain name IMP, Pub and Sub
Security certs will need to be re-signed by the root CA
Each domain name and DNS change will need to be completed independently and db replication status to be checked before moving onto subscriber.
CUC
Security certs will need to be re-signed by the root CA
Each domain name and DNS change will need to be completed independently and db replication status to be checked before moving onto subscriber.
LDAP is used to manually "import" user name/extension then the users are added manually
SMTP is used for voicemail to mail integration instead of unified messaging so no changes needed as the mail server details remains the same.
I've also seen reports of mgcp sccp gw's unregistering if relying on DNS but the IP is used for each MGCP registration.
I would appreciate a heads up if you have encountered any issues with similar changes.
--
- Nick
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data=02%7C01%7C%7C1c991cdfa1ba4d1a875408d766fde4db%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637091112956630527&sdata=Fl%2B6R%2F1feUBCLif%2Ft1TUCSKkEgMoZlbzfy3jz87ORhg%3D&reserved=0<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data=02%7C01%7C%7C2609025ca7364935d96f08d767019242%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637091128749205647&sdata=PWGp2aWmgaOLOwtFD6qx9U3KVdlfrQG9cTxxQzDKnss%3D&reserved=0>
--
- Nick
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20191112/e4fc49b2/attachment.htm>
More information about the cisco-voip
mailing list