<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7638.1">
<TITLE>Re: [cisco-voip] Ideas for troubleshooting CCMSysUser</TITLE>
</HEAD>
<BODY>
<DIV id=idOWAReplyText40956 dir=ltr>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2>After spending a week with
TAC and a 6-hour marathon phone call today I resolved it myself!</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>I removed CiscoPrivateUser from CCMSysUser
in AD Users and Computers, via CCMUser associated a device to CCMSysUser
(populating <FONT
face="Times New Roman">ciscoatUserProfile, ciscoatuserProfileString, and
ciscoatGUID) and now CTIManager is happy and CallBack works.</FONT></FONT></DIV>
<DIV dir=ltr><FONT size=2></FONT> </DIV>
<DIV dir=ltr><FONT size=2>What I was seeing in the sniffer trace was the
-profile and -CCNProfile request, and we have had previous Global Directory
device association issues that were fixed with ADSIEdit.</FONT></DIV>
<DIV dir=ltr><FONT size=2></FONT> </DIV>
<DIV dir=ltr><FONT size=2>Queestion is why are we having these -profiile and
-CCNProfile issues? There was no problems when we ran the AD Plug In.
</FONT></DIV></DIV>
<DIV dir=ltr> </DIV>
<DIV dir=ltr>I would recommend development find some way to put the
CTIManager/CCMSysUser -profile and -CCNProfile problem into SDI/SDL
traces, nothing TAC could do showed them what the problem was, or were they
missing some training? I had to read-into the .cap traces based upon other
information.</DIV>
<DIV dir=ltr><BR>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Ryan Ratliff
[mailto:rratliff@cisco.com]<BR><B>Sent:</B> Tue 2/6/2007 4:08 PM<BR><B>To:</B>
Jason Aarons (US)<BR><B>Cc:</B> cisco-voip@puck.nether.net<BR><B>Subject:</B>
Re: [cisco-voip] Ideas for troubleshooting CCMSysUser<BR></FONT><BR></DIV>
<DIV>
<P><FONT size=2>The error code in the event id you pasted below translates
to <BR>8CCC0060 which corresponds to
CTIERR_DIRECTORY_LOGIN_FAILED.<BR><BR>Is your ldap bind as CCMSysUser
successful? Also check c:\dcdsrvr<BR>\directoryconfiguration.ini to verify
the password there matches what <BR>you have in the registry (as well as
other ldap info).<BR><BR>You are correct that you should not be able to login
with CCMSysUser <BR>via CCMUser page.<BR><BR>I don't have an AD-integrated
CM handy but I do see a CCMSysUser-<BR>profile and CCMSysUser-CCNProfile object
in DCD so I suspect you <BR>should have those attributes set. In the
sniffer capture you should <BR>see us grabbing the cisco attributes from
the CCMSysUser account. If <BR>we do that then they are
required.<BR><BR>You should be able to re-run the AD plugin to get them
set.<BR><BR>-Ryan<BR><BR>On Feb 6, 2007, at 3:46 PM, Jason Aarons ((US))
wrote:<BR><BR>Once I removed CiscoPrivateUser I could login with CCMSysUser
on <BR>CCMUser.<BR><BR><BR><BR>Via ADSIEdit none of my values are populated
for ciscoatUserProfile, <BR>ciscoatuserProfileString, and ciscoatGUID,
should they be?<BR><BR><BR><BR>From: cisco-voip-bounces@puck.nether.net [<A
href="mailto:cisco-voip-">mailto:cisco-voip-</A><BR>bounces@puck.nether..net] On
Behalf Of Jason Aarons (US)<BR>Sent: Tuesday, February 06, 2007 3:32 PM<BR>To:
cisco-voip@puck.nether.net<BR>Subject: [cisco-voip] Ideas for troubleshooting
CCMSysUser<BR><BR><BR><BR>In ADSIEdit should CCMSysUser have attributes for
ciscoatUserProfile, <BR>ciscoatuserProfileString, and ciscoatGUID? I had a
few regular users <BR>in Global Directory whom I could not associate a
Device (Phone) to <BR>them until I removed any attribute for ciscoatX via
ADSIEdit on the <BR>Domain Controller.<BR><BR><BR><BR>Here is what I have
done so far, CallManager 4.1(3)SR4d, Active <BR>Directory integrated, ran
CCMPwdChanger after AD integration, <BR>rebooted everything multiple times,
can login to Windows Workstations <BR>using CCMSysUser, reverse decrypted
the registry value for Password, <BR>ran sniffer traces they shows LDAP
success for CCMSysUser, Domain <BR>Controller Security Log shows plenty of
Successful Logins (event <BR>548,547) for CCMSysUser.<BR><BR><BR><BR>I am
unable to login to <A href="https://server/ccmuser">https://server/ccmuser</A>
with CCMSysUser is my <BR>only clue. Previous forum posts from Ryan/Wes
indicate this should <BR>work, but doesn’t the CCMSysUser have
CiscoPrivateUser making ccmuser <BR>not able to login
right?<BR><BR><BR><BR><BR><BR>Event
Type: Error<BR><BR>Event
Source: Cisco CTIManager<BR><BR>Event
Category:
None<BR><BR>Event
ID:
3<BR><BR>Date:
2/6/2007<BR><BR>Time:
3:27:34
PM<BR><BR>User:
N/A<BR><BR>Computer:
NEMCCM01<BR><BR>Description:<BR><BR>Error: kCtiProviderOpenFailure - CTI
application failed to open provider<BR><BR> CTIconnectionId:
15502<BR><BR> Login User Id: CCMSysUser<BR><BR> Reason
code.: -1932787616<BR><BR> IPAddress:<BR><BR> App ID:
Cisco CTIManager<BR><BR> Cluster ID:
StandAloneCluster<BR><BR> Node ID: 10.20.28.10<BR><BR>Explanation:
Application is unable to open provider.<BR><BR>Recommended Action: Check the
reason code and correct the problem. <BR>Restart CTIManager if problem
persists..<BR><BR><BR><BR><BR><BR>Disclaimer: This e-mail communication and any
attachments may contain <BR>confidential and privileged information and is
for use by the <BR>designated addressee(s) named above only. If you are not
the intended <BR>addressee, you are hereby notified that you have received
this <BR>communication in error and that any use or reproduction of this
email <BR>or its contents is strictly prohibited and may be unlawful. If
you <BR>have received this communication in error, please notify
us <BR>immediately by replying to this message and deleting it from
your <BR>computer. Thank you.<BR><BR><BR><BR>Disclaimer: This e-mail
communication and any attachments may contain <BR>confidential and
privileged information and is for use by the <BR>designated addressee(s)
named above only. If you are not the intended <BR>addressee, you are hereby
notified that you have received this <BR>communication in error and that
any use or reproduction of this email <BR>or its contents is strictly
prohibited and may be unlawful. If you <BR>have received this communication
in error, please notify us <BR>immediately by replying to this message and
deleting it from your <BR>computer. Thank
you.<BR><BR>_______________________________________________<BR>cisco-voip
mailing list<BR>cisco-voip@puck.nether.net<BR><A
href="https://puck.nether.net/mailman/listinfo/cisco-voip">https://puck..nether.net/mailman/listinfo/cisco-voip</A><BR></FONT></P></DIV>
</BODY>
</HTML>
<HTML><BODY><P><hr size=1></P>
<P><STRONG>
Disclaimer:
This e-mail communication and any attachments may contain confidential and privileged information and is for use by the designated addressee(s) named above only. If you are not the intended addressee, you are hereby notified that you have received this communication in error and that any use or reproduction of this email or its contents is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by replying to this message and deleting it from your computer. Thank you.
</STRONG></P></BODY></HTML>