To copy files to Amazon Linux via WinSCP using SCP as root:
Open WinSCP | New Session Set File protocol: SCP Set Host name: Set Advanced | Environment | SCP /Shell: sudo su - You can now authenticate as ec2-user with your private key,or perhaps with a password if you allow that, and copy files to directories requiring root access.
To find the devices that a particular user has control of, where for example the user ID is rmaslanka1:
run sql select enduser.userid, device.name from enduser,device,enduserdevicemap where enduserdevicemap.fkenduser=enduser.pkid and enduserdevicemap.fkdevice=device.pkid and enduser.userid = 'rmaslanka1'
To find the users that have control of a particular device, where for example the device name is SEPAAAABBBBCCC:
run sql select enduser.userid, device.name from enduser,device,enduserdevicemap where enduserdevicemap.fkenduser=enduser.pkid and enduserdevicemap.fkdevice=device.pkid and device.name = 'SEPAAAABBBBCCC'
Remember: 12 month free tier
provides 30 GB of EBS storage, combined over any combination of General
Purpose (SSD) or Magnetic Disks
Add tags as desired
and chose Next: Configure Security Group
Tags are key value pairs you
define to assist with management as your AWS environment grows.
A simple but useful tag example might
be
Name : OpenSSHserver01
Chose Create a new security group, name it WebDMZ or
something appropriate. The idea is we are controlling access to this server
from the Internet.Chose Review and Launch
One rule needs to be SSH over
TCP port 22 from Anywhere, or optionally a specific IP if possible.
Review options and
choose Launch
When prompted, chose
an existing keypair or create a new one. If creating new, download the keypair
to a known location.Chose Launch Instances.
Chose View Instances and monitor progress.
When the Instance
State changes to running you can test remote access.
Test remote access:
In the AWS Console, copy the IPv4 Public Address to your clipboard.
If you created a new
keypair, in Windows run PuTTYgen.
Choose Load and point
to your .pem file you downloaded previously. You may have to change the file
type to All Files *.* to find it.Then choose Save
private key to use it in PuTTY.Name and save it somewhere appropriate.
Open PuTTY, expand SSH
and chose Auth.
Browse to the new
private key you just saved.
Choose Session, paste
the IPv4 Public Address into Host Name (or IP Address)
When prompted for a
user name, enter ec2-user
It would be a good idea to run sudo yum update to apply any available updates.
Change server remote access from keypair to user / password authentication:
Set a password for
ec2-user via sudo passwd ec2-user
Open sshd_config file via sudo nano ../../etc/ssh/sshd_config
Change PasswordAuthentication no to PasswordAuthentication yes
Restart the SSH
service via sudo service sshd restart
Test access via SFTP
using username / password authentication (I personally use the WinSCP client)
Test CRUD access by
copying and deleting file in /home/ec2-user
folder
Create a CHROOT jail for SFTP user(s):
Create a new user group via sudo groupadd
sftponly where sftponly is your group name
Add a new user and prevent SSH login via /bin/false via sudo useradd -g
sftponly -s /bin/false -m -d /home/sftpuser sftpuser where sftpuser is the username
IF the user already
exists, modify it appropriately via sudo usermod -G
sftponly -s /bin/false sftpuser
Set the new user password via sudo passwd sftpuser
Change the permissions
on the user's home directory. Make root the owner, essentially disabling access from the new user. Run:
sudo chown root
/home/sftpuser
sudo chmod 755
/home/sftpuser
Create a home
sub-directory that the new user can use, here sftpfolder. Run:
Running sip88xx.12-5-1SR3-74 on 8851 phones and installing 28 button CP-8800-A-KEM. NOTES:
You must enable One Column Display on the device it's connected to or the CP-8800-A-KEM will light but will not register.
If the Line Mode is set to the default Session Line Mode the KEM button configuration actually begins on button 6, even though the device Add on Module(s) numbering starts at 11.
If the device Line Mode is set to Enhanced Line Mode, the KEM button configuration begins on button 11 as indicated in the Add on Module field.
Custom wallpaper normally deployed on the phones gets mangled on the KEM.
This is a sample of how to add and / or delete contacts in the Unity Connection database using the CUPI interface.
This was created using Python 3.6.2 and Cisco Unity Connection 12.5. This script was created after finding Extension was a required field in the Unity Connection BAT process and needs to be unique, creating challenges in environments where single DNs may need multiple names associated with them. Ultimately I found the Extension field in the BAT file can simply be left blank. With that, I would suggest using the built in Unity Connection BAT process to manage contacts when possible.
Unity Connection provides the ability to add contacts manually and via the Bulk Administration tool GUI but there are some limitations.
When adding Unity Connection contacts manually, only the Alias (unique) and the DisplayName is required. When adding Unity Connection contacts via Bulk Administration, an Alias (unique) and Extension (unique) is required. A problem arises when you only want to leverage Unity Connection contacts as additional directory entries, and where you might have multiple names or spellings for the same transfer destination.
Manually, you can add as many contacts as you require with variations of DisplayNames, all using the same TransferNumber, as the TransferNumber does not need to be unique. If you are managing thousands of DisplayName variations though (full names vs. acronyms vs. friendly names, etc.), manual entry is likely not acceptable.
Since BAT requires a unique Extension, if you enter it accurately you are required to still enter a TransferNumber, but now need to leverage multiple AlternateNames per contact to deal with name variations. This is undesireable as contact AlternateNames are not easily searchable via the GUI, and additionally User and Contact names can't be managed seperately if the extensions are the same.
For example, you may want need to manage directory entries for the President of the United Sates. Several years ago, the user BObama may have had extension 1111. This year, user DTrump may have the extension 1111. You might have historically had a directory entry (contact) with DisplayName POTUS with extension 1111. You might want a second directory entry (contact) with DisplayName P O T U S with extension 1111. You cannot add either contact with BAT, as a user already has that extension number. You can use AlternateNames in the User but when you delete and add a new user every four years, you need to remember to re-add all the asociated alternate names, which aren't searchable. If you choose to manage those more permanant AlternateNames in a contact and via BAT, you now need to create a bogus unique Extension for the contact and again manage unsearchable AlternateNames. If you want to be able to search for the AlternateNames, you need to BAT multiple contacts with multiple bogus Extesnsions and use the DisplayName in each instead.
None of this is perfect.
The CUC CUPI interface allows for bulk contact additions and deletions where Extension is not required.
This sample assumes your BAT file columns will be Alias, DisplayName, FirstName, LastName, TransferEnabled, TransferExtension and saved in UTF-8 format without BOM.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Hostnames and FQDNS resolved, SQL servers were installed correctly, firewall exceptions were in order, sa passwords checked, administrator rights to servers were good, prerequisites were verified a dozen times, CUACA uninstalled and reinstalled with new DBs, etc. etc.
TAC finally found and supplied a DLL that needed to be replaced. See CSCvp67232. The DLL is DBComponent.dll, the modified date on the fixed version is Thursday, May 23, 2019, 5:12:26 AM and it belongs in C:\Program Files (x86)\Cisco\Utilities\DB Component and C:\Program Files (x86)\Cisco\Attendant Admin\Web\Application\Bin.
Cool. Replication still doesn't work.
TAC insisted it was a firewall issue after they were unable to telnet to a port the servers were not listening on. That's not how that works, but you should probably double check yours anyway.
Ultimately I found a MS Application Error on the 2012 subscriber server in the cascading mess of errors indicating the local MS DTC detected that the MS DTC on has the same unique identity as the local subscriber server. The error text indicates the servers were likely cloned in an unsupported method. This is not unlikely in this particular environment.
There is a brief reference to this in the latest troubleshooting guide but the link to Microsoft's website is broken and you do not need to reinstall CUAC.
The fix is running 'msdtc -uninstall' and 'msdtc -install' from a command line running as administrator on the subscriber server, reboot everything, uninstall and reinstall CUACA Replication and enjoy your day.
MS DTC error message
CUCM Synchronization Issue:
When defining a device to use as a template for CUAC Queue Devices, the Owner User ID on the CUCM template device appears to need a value. If the Owner is left Anonymous in CUCM you will find an error code 9100 Function Parameter error in the CUCM Sync Report when the process is complete. If you lucky enough to be synching lots of devices and impatient when running the report you might catch a better description of the culprit before it finishes.
Not a helpful description
Now this... this is a helpful description.
Transfer to voicemail:
In CUACA User Configuration | General Properties the Maximum internal device digit length needs to be long enough to include the DN length plus the voicemail prefix defined in the client under Options | Dialing. For example, if are using +E.164 DNs and a prefix of 12345, you internal device digit length needs to be 18.
