Wednesday, June 24, 2015

Cisco PLM Prime License Manager login hangs

I've run into an issue twice now on CUCM 10.5.2 systems.  When attempting to log into Cisco Prime License Manager running co-resident with a CUCM server, after entering the correct credentials the login page never changes.  The small spinning status wheel below the credentials stops but the browser may look like it is still attempting access.  You can't access PLM.

You may likely be hitting  bug CSCur95552.

For some reason, Cisco TAC has not documented any work around or fixes at this time.

If running co-resident with CUCM, you need regenerate the IPSec certificate on the node where Prime License Manager is running. Then if this is your CUCM Publisher, restart the DRF Master and DRF Local services. If it's not the Publisher, just restart the DRF Local services.

You should then be able to login.

Regenerate Certificate:
Navigate to Cisco Unified OS Administration | Securtiy | Certificate Management and choose Find.
Scroll down to and choose the ipsec certificate associated with the server where PLM is running co-resident.

Choose Regenerate and wait a few moments until it indicates success.

Restart Services:
Navigate to Cisco Unified Serviceability | Tools | Control Center - Network Services.
Pick the server where PLM is running co-resident and choose Go.
Scroll to and choose Cisco DRF Master, click Restart, and wait until it has been restarted.
Scroll to and choose Cisco DRF Local, click Restart, and wait until it has been restarted.

You should now be able to log into PLM.

Restart Tomcat:
If you experience the same issue, restart Tomcat on the same server and repeat the above steps.
SSH to or open VMware console on server where PLM is co-resident.
Login as the platform administrator.
run "utils service restart Cisco Tomcat"

Monday, June 15, 2015

Cisco CUCM SIP URI Case Sensitive

Client indicated after starting to deploy B2B video, Jabber Guest, immersive telepresence endpoints, etc. that they were occasionally running into issues when dialing via SIP URI.  It was discovered that the entries in MS Active Directory may not have been consistently entered as lower case.  Some may have been entered using camel case, and I assume some may all be upper case as well.  When CUCM synchronized it's users with Active Directory, those cases were respected.

From the version 9 SRND, you will find:

Per RFC 3261 (section 19.1.4, URI Comparison) comparison of the userinfo of SIP URIs has to be case-sensitive. According to this standardized behaviors, and are not to be considered equivalent. When routing directory URIs, Unified CM respects this standard and looks for a case-sensitive full match of the user portion and a case-insensitive match of the host portion. To avoid confusion, Cisco highly recommends provisioning only directory URIs with all lowercase userinfo so that all directory URIs can reliably be dialed by entering all lowercase information. Unified CM 9.1 and later releases can be configured to always use case-insensitive comparison of the user info portion of directory URIs. This can be achieved by configuring the enterprise parameter URI Lookup Policy accordingly. This setting applies to matching locally configured directory URIs and also to matching directory URIs for which an ILS lookup is done. The default setting of this enterprise parameter defines standard compliant case-sensitive matching of the user info portion of directory URIs.

Cisco is apparently doing the correct thing by considering and two different things.  Unfortunately I can't imagine anyone in the wild assuming the same thing.  Regardless of whether an enterprise was lucky enough to develop and follow a procedure where all mail IDs or SIP URIs were entered with a consistent case, lower, upper or camel, they can not assume their users or clients will do the same.

With that, starting in version 9 there is an enterprise parameter that will toggle how lookups are done.

Navigate to System | Enterprise Parameters and in the Enterprise Parameters Configuration section, find URI Lookup Policy.

URI Lookup Policy
Change the value to Case Insensitive and the issue is resolved.  This is not business impacting and no resets are required.

From the help file:

This parameter specifies the way the match is done for the configured user part of the URIs in Cisco Unified Call Manager. If the parameter is set to Case Sensitive, we will match the exact case sensitive URI configured in Cisco Unified CM. If the parameter is set to Case Insensitive, then case insensitive lookup will be done.