Field Notice – 70379 = Time to Patch CUCM/CUC/CER/CUP 10/11/12!

Please review this recent Field Notice.  There’s a significant issue where a VMTools upgrade can brick your UC VM during a reboot.

Problem Description

After a Unified Communications server node is rebooted for any given reason, it will not boot the operating system (OS) back up. A reboot or power cycle of the server node will not boot the server node back up nor restore its services. The server node will remain offline and Applications Services will not be reinitialized.

The FN includes more details as well as a workaround in the event the system becomes bricked on reboot.

The latest SU’s for the various products include a fix.

CSR 12 Released – Understanding Smart Licensing

CSR 12.0 has been released (CUCM, IM&P, Unity Connection v12.0) and a these version bring a major change for the better to licensing.

No it’s not another change in licensing type (RTU, DLU, UCL, CUWL), but rather it is the ”cloudification” of licenses. Instead of using PLM to pull licenses, version 12 now uses Cisco Smart Licensing. Cisco will now keep track of your licenses for you instead of relying on registering PAKs and dealing with TAC.

Benefits of Smart Licensing:

• One source of truth for licensing. Instead of dealing with PAKs and TAC asking for SO#s during upgrades, the licensing portal will hold all licenses.
• Customer-controlled license pool for an Organization. Licenses can be shared across sub-orgraniations easily.
• Simple upgrades. The licenses are stored in the cloud and entitlement is easily visible there. Waiting for license files is a thing of the past.

Cisco is moving all products to be Smart License enabled. Smart Licensing is not an enforcement mechanism. It’s job is merely to capture and report license ownership and consumption details as sent by a Cisco product. Each product deals with it’s own license enforcement. CUCM/CUC offer a 90-day grace period.

Cisco Smart Software Manager (CSSM) is the customer web portal that enables management all of your Cisco Smart software licenses from one centralized website. With Cisco Smart Software Manager, you organize and view your licenses in groups called virtual accounts and can transfer the licenses between virtual accounts as needed.

More information about Cisco Smart Licensing is found here –https://www.cisco.com/c/en/us/buy/smart-accounts/software-licensing.html

CUCM and all products that use Smart licensing talk to Cisco one of three ways, directly through the internet, via an HTTP/HTTPS proxy, or through the Cisco Software Manager satellite. This is an OVA that you deploy on ESXi which is the central relay for products to communicate back to Cisco for an organization. More information and the download is located here –https://www.cisco.com/c/en/us/buy/smart-accounts/software-manager-satellite.html

How to register CUCM 12 to the Smart Software Manager

Create a Smart Account at software.cisco.com– Administration pulldown, Request Smart Account or if one already exists for your org, Reqest Access to Existing Smart Account.

 

Click on the option Smart Software Licensing > Inventory > Generate New Token

Copy the text of the token to the clipboard which you will eventually paste into CUCM for it to register (see several steps later).

 

Login to the newly upgraded/installed CUCM 12.0

 

In CUCM Admin navigate to: System > Licensing > License Management. You’ll see the following:

If your CUCM has access to the internet to talk to Cisco directly, click on the Register button.

 

Take the token that was generated from the Smart Licensing portal earlier and paste it in and hit Register:

 

If your CUCM does not have direct internet access, you will need to decide how you want CUCM to communicate with Cisco by clicking theedit the Licensing Smart Call Home Transport settings and selecting from the following:

 

If you want to use the Smart Software Manager satellite to communicate requests between your Smart Licensed components (keep in mind that Smart Licensing is the future of licensing for all Cisco products, and currently covers many more products than just Cisco collaboration products), navigate here to download and deploy the OVA – https://software.cisco.com/download/release.html?mdfid=286285506&softwareid=286285517&os=Linux&release=3.1.1&relind=AVAILABLE&rellifecycle=&reltype=latest

Once your system is registered you’ll see a Registration completed successfully message.

The main licensing page will now show registered:

And if you go back to to the Smart Licensing Portal (https://software.cisco.com/#SmartLicensing-Inventory)again you’ll see your product instance:

 

CUCM 11.5(1)SU2 – A critical CUCM upgrade for Jabber for iOS users – iOS Push Notifications (APNs)

Please note that Cisco has published a document covering CUCM IM&P 11.5(SU2) and Push Notifications here.

CUCM 11.5(1)SU2 released last week, and in addition to typical bug fixes it includes a major feature that all customers who use Jabber for iOS (iPad/iPhone) are recommended to deploy before September 2017.

The quick list of new features in CUCM 11.5(1)SU2 (release notes here):

• Cisco Meeting Server 2.x support for CUCM ad-hoc, meet-me, and Conference Now conferences.
• Cisco Spark Remote Device – allow your extension to also ring out to Spark as a soft phone (requires Expressway) without requiring an extra device license (as long as Spark-RD is not their only device).
• CUCM IM&P supports Skype for Business federation.
• CUCM IM&P Roster Cleanup (CLI command to purge contacts from buddy lists for contacts who are no longer present in the system — e.g. Employee leaves the company and should be purged from everyone’s buddy lists.
• CUCM IM&P support for dual MS SQL DB for persistent chat with high availability (instead of just supporting Postgres and Oracle).
• MRA support for Shared Lines on 78xx/88xx (requires Expressway X8.9)
• TLS 1.2 support for syslog.
• CUCM IM&P Apple Push Notification Service support for IM.

I’ll focus on the last feature since it will become the most important of the bunch for anyone running Jabber on iOS.

APNs for iOS IM and Call Notification

It is recommended to upgrade to IM&P 11.5(1)SU2 this summer.  IM&P 11.5(1)SU2 adds support for Apple APNs.  The primary reason for this is to save battery by stopping IM and VoIP apps from continually doing a keep-alive to their service.  When the app is put into the background it will be completely terminated, this requiring APNs to wake up the app to receive IM/VoIP calls.  All APNs notifications are encrypted all the way to the device.

For services like Cisco Spark Messaging, since it is a cloud-based service these back-end changes will be seamless to users.  For customers running WebEx Connect/Messenger instead of CUP/IM&P as the back-end for Jabber, the changes will be handled there.  [Note that for customers using Jabber to Jabber VoIP calls with Connect/Messenger on the back-end will NOT want to turn on APNs today as Jabber will be terminated on background and no calls will ring through unless Jabber is in the foreground.  Keeping APNs off in Jabber will preserve the current behavior.]

APNs allow CUCM IM&P to send a notification to Apple to be pushed to the iOS device running Jabber if it is in the background or not running.  CUCM 11.5(1)SU2, Jabber 11.8(1) and Expressway X8.9.1 are the first versions that will support this method of notification.

This release of CUCM 11.5(1)SU2 enables IM notification via APNs.  A future release of CUCM IM&P is expected to add the Call notification via APNs which is expected to be released in the Summer.

Jabber IM Notification Scenarios

APNs is not required for ALL IM notifications.  It depends on Jabber’s state on the iOS device.

If Jabber is in the foreground, notifications will come directly from IM&P to Jabber as is currently done.  If Jabber is connected via MRA and in the foreground, notifications are relayed through Expressway as is currently done.

If Jabber is in the background or not running, notifications will come from IM&P, be sent to the Cisco Collaboration Cloud relayed to Apple APNs and then to the iOS device.

Once Jabber has been opened and is in the foreground, notifications will come directly from IM&P to Jabber.

Jabber APNs Flow

Because CUCM IM&P needs to be able to talk to Apple to send the notifications, CUCM will need to be able to talk to the Cisco Collaboration Cloud which will relay the notification to Apple.   This may be an architectural change for some customers.

Upon initial release CUCM IM&P’s connection to the Cisco Collaboration Cloud will allow for two connection methods:

1. Direct outbound access (can be through NAT)
2. Connect via a corporate proxy server with authentication.

Unfortunately the initial CUCM IM&P release cannot communicate through Expressway.  This is expected in a subsequent release of Expressway.

In typical customer deployments CUCM IM&P is only allowed to communicate with users on an internal network, or alternately it may be allowed to communicate with Jabber clients via Expressway MRA.  In both of these cases IM&P itself will likely not have NAT or firewall rules setup.  If a proxy server is not available, NAT and outbound firewall rules will need to be configured.

In some customer deployments done in the past CUPS/IM&P would be allowed to federate with other XMPP systems directly.  In this case, firewall rules/NAT are likely setup already and will just require some fine tuning to allow CUCM IM&P to talk out to Cisco for notification relay.   Note: Expressway started supporting XMPP federation proxy a few versions ago, so some customers may be relaying through Expressway and not directly NATing.

If a corporate proxy is available then CUCM IM&P will just need connectivity to the proxy and not directly to the internet.

IM&P will know whether Jabber is in the foreground and will determine if it should send the notification directly or via APNS.

Configuration

CUCM and CUCM IM&P must be at 11.5(1)SU2 or newer.  Jabber must be 11.8(1) or newer.  iOS can be on 10.x and use APNs right now for IM notification.  VoIP call notification via APNs will be deliviered in the future.

CUCM Publisher must have DNS resolution setup and working, then APN Service Enabled under Advacnced Features > Cisco Cloud Onboarding.  Make sure to select “I want Cisco to manage the Cisco Cloud Service CA Certificate required for this trust” if you don’t want ot have to deal with manually importing the CA certs for Cisco Collaboration Cloud communications.

Onboarding will create a unique oAuth token which is automatically distributed to all nodes in the cluster for communication with the Cisco Collaboration Cloud to relay to APNs.

Firewall – Outbound access using TCP 443 to fos-a.wbx2.com, push.webexconnect.com, and idbroker.webex.com

Firewall – Outbound access for iOS devices to connect to Apple.  If iOS devices are allowed out to the internet in your environment then no changes should be required.  If your iOS deployment restricts communication to Apple (e.g. WiFi network that iOS uses is restricted to internal network onl), then outbound ports will have to be opened so that the iOS device can connect to Apple for APNs.  TCP 5223 to 17.0.0.0/8 or on WiFi will fallback to TCP 443 to 17.0.0.0/8.

What does this mean to me?

If you’re running CUCM IM&P (aka CUP/CUPS) on-perm and Jabber for iOS and want IM notifications to still appear when Jabber is not in the foreground you are highly encouraged to CUCM 11.5(1)SU2 and Jabber 11.8(1) or newer before this Fall!  These changes will NOT be back-ported into previous versions of CUCM/IM&P.  I would suggest doing the heavy lifting of getting to SU2 now.   Go through the setup to use APNs for IM notification.  Jabber on iOS 10 will then use APNs for IM notification, and keep-alive API for call notification.

If you have Jabber users connecting via Expressway MRA, you will need to upgrade Expressway to X8.9.1 or newer before Fall.

If you are using SSO today with Jabber (where you are not allowing cached credentials in Jabber) and reauth is required for every re-launch of Jabber, then do not turn on APNs today.  Wait until later this summer for Jabber and CUCM releases which will have a faster logon mechanism before turning on APNs.  Otherwise when your iOS device receives an APN for an incoming call or message users would have to login via SSO and would likely miss the incoming call.

Given the significant effort required to upgrade a system between major versions, I am suggesting everyone begin planning their system upgrade now to get to 11.5(1)SU2.  Then make the easier hop to SUx before the Fall 2017.

 

Notes about Upgrading to CSR 11.5

Helped a customer upgrade from 11.0 to CSR 11.5, CUCM 11.5(1)SU1; IM&P 11.5(1)SU1; CUC 11.5(1)SU1.

Unity Connection 11.5

You must apply ciscocm.cuc_11.5SU1_pre_upgrade.cop.sgn before you upgrade to 11.5 because of bugid CSCvb02774.  The install of the patch is straightfoward and does not require a reboot.  I also ran a utils iothrottle disable to make the upgrade run faster (since it was being done after hours.)

If you’re upgrading from 10.x or earlier it is CRITICAL to increase your VM RAM to 6GB.  (This was something I ran into when going to 11.0.  If you leave it at 4GB  it will not function properly at all.)

The upgrade ran normally and took a quite a while for the switch-version to complete.

On a site note, I noticed that the new Unity Connection (CUC) 11.5 .ova files define a 200GB HDD for the bigger VM.  I investigated increasing my HDD from 160 to 200GB, but found out that CUC does NOT support dynamic resize of the HDD.  This will cause the partition to be unaligned and you’ll get to rebuild CUC from scratch.  So leave it at it’s current size.

CUCM 11.5

To save time during the upgrade window, the day before I preloaded the 11.5 ISO on my remote ESXi datastores so that it wouldn’t take forever for the ISO to SFTP over to the remote offices (they have limited bandwidth) , then I attached those ISOs as virtual DVDs to the CUCM servers via vShpere and then launched those upgrades as though they were coming from DVD instead of a remote file server.

The first attempt to launch the upgrade on the Pub failed with the old “common parition doesn’t have enough space” business.  I used RTMT to decrease the Low and High logging watermark to 45 and 40 respectively (and restarted the log partition monitoring service) to create room.

Purge Log Files by Changing the Log Partition Watermarks

• Another way to create additional disk space is by changing the high and low watermarks on the system. This informs Unified CM of the numbers of log files to purge once the watermark is reached. Use RTMT as follows:

1. Launch RTMT and log in to the desired cluster.
2. From the left pane, select Alert Central.
3. On the right pane, double-click LogPartitionHighWaterMarkExceeded. Change the threshold value to 40.
4. On the right pane, double-click LogPartitionLowWaterMarkExceeded. Change the threshold value to 45.
5. This data is polled every five minutes. Allow five to 10 minutes and then check the drive partitions for additional disk space by using one of the methods described above.

http://docwiki.cisco.com/wiki/Unified_CM_L2_Upgrade_Disk_Space_issues#Purge_Log_Files_by_Changing_the_Log_Partition_Watermarks

 

As usual, I ran the Pub first (without switching version), when it completed, I ran the Subs (also without switching versions).

If you’re coming from 11.0, the utils iothrottle disable command is not necessary.  (You can try to run it but CUCM 11.0 tells you it is unneeded.)

I rebooted the Pub and then Subs as normal.

IM&P 11.5

This was also a typical upgrade.  The switch-version took a LONG time for services to come up on the reboot.

 

 

Upgrading to VCS/Expressway X8.8 and Jabber MRA Broke? Here’s why…

VCS/Expressway X8.8 changes it’s behavior versus prior versions.  8.8 does a reverse lookup of the IP addresses it’s communicating with to make sure it matches the hostname between C and E.

From the Release notes:

DNS entries: Do you have forward and reverse DNS lookups for all infrastructure

systems that the Expressway interacts with? If the Expressway cannot resolve hostnames and IP addresses of systems,your complex deployments (eg.MRA) could stop working as expected after you upgrade.

Oddly enough, the two systems that I’ve been involved in the upgrade to 8.8.1 with, both had the Unified Communications traversal zone with show Active, and hard phones (8800 and DX 650) will register and work properly, but Jabber clients will be unable to login and Jabber will throw an error when trying to login through MRA:

"Unable to Communicate with Server."

Running the debugging logs on Expressway-C you see the following error: 

"Certificate verification failed for host=x.x.x.x, additional info: 
Invalid Hostname expressway-e.domain.com"

The fix is to make sure that Expressway-C can do a reverse DNS lookup on the IP address of Expressway-E. Then flush the DNS cache of C to make sure it re-queries DNS properly.

The debugging log will give you the address and hostname it is trying to do the lookup on.

In a dual-NIC Expressway-E deployment the PTR recrod should point to the private IP address that C talks to.  In a single-NIC NAT hairpin deployment, I’ve seen it talk on the private and public IP.  So check that debug log.

 

 

 

CE 8.2 code on the DX70 and DX80

***UPDATED***  The Devpack, CE8.2.1 and conversion cop are now available on CCO.

CE 8.2.0 firmware for the DX70 and DX80 posted to CCO today.  (But of course we’re still waiting for the Devpack with the QED that will be released in the next week or so.)  The release notes are here.  The Official Conversion Guide is here.  Any instructions in this guide would override what I’ve said.

I’ve been running the beta for the last few weeks and can absolutely say CE code on the DX is MUCH more responsive, stable and usable than the Android-based code.  (That said the last few builds of 10.2(5) android code have been pretty decent.)

CE 8.2 code is absolutely the code to move to if your primary use for the DX is for video calls.

 

Why move to CE on the DX?

• Responsiveness.  No more lag!  It’s snappy.
• Stability.  Seldom, I had the random crash and full-reboot during video calls with Android.  While it was pretty rare, it was super frustrating.
• Video-centric user interface.  It run CE codec code now and feels like a Cisco codec (like SX10, 20, etc.) now.  It’s all about the video call.
• Registration to VCS/Expressway
• Far-end Camera Control
• OBTP (one button to press) meeting launch and TMS management
• Fully customizable wallpaper

Why stay on Android?

• You need Android applications.  CE doesn’t run any apps, period.
• You use the built-in Cisco Webex and Jabber Android apps on the DX.
• You need a local web browser.  CE doesn’t have a web browser built in.
• You are currently using Wi-Fi or Bluetooth.  The CE code doesn’t yet support Wi-Fi or BT.  (That’s coming in a follow-on release.)
• You need telephony features on the phone like CFwdAll, Shared Lines, Voicemail button, Auto answer.

What happens to Android?

Android will be supported on the DX70 and Dx80 for the life of the product.  Keep running it if you need features that will always only be specific to Android (local web-browser, Android Apps).  The DX650 will remain Android-only.

Converting to CE Code using CUCM

Note: You have a couple options to convert to CE code.   CUCM of course or, as the conversion guide notes, there is a public TFTP server on the internet provided by Cisco to convert a DX using.  As far as CUCM, you can convert the DX either onnet or connected via MRA registration through Expressway.

1. Upgrade to the latest build of Android code – 10.2(5)207 by installing the COP file on CUCM, restarting TFTP and rebooting your DXes.  (Either way you want to go to this code because of all of the bugfixes.)
2. Install the latest (Early July 2016) Devpack:
   CUCM 11.0.1:  cmterm-devicepack-11.0.1.22048-1.cop.sgn
   CUCM 10.5.2: cmterm-devicepack10.5.2.14076-1.cop.sgn
   CUCM 9.1.2: cmterm-devicepack9.1.2.16137-1.cop.sgn
3. Install the Devpack on CUCM as well as cmterm-synergy-ce8_2_1_no_defaults.cop.sgn (or latest version) so that it gets the Telepresence DX70 and Telepresence DX80 device type QED installed.  Reboot your cluster.  (Unless you’re on CUCM 11.5 which doesn’t need the immediate reboot!!)  Or bug someone you know for the standalone CE 8.2 QED in the meantime.
4. This devpack should have the CE 8.2 firmware, but if not install the CE 8.2 COP file – mterm-s52040ce8_2_1.k3.cop.sgn (or current); restart TFTP.
5. In CUCM, change the Phone Load of the existing DX80 to the CE 8.2 phone load name specified in the conversion guide.  For 8.2.0 it is sipdx80.ce821.rel.loads
6. The DX80 will take a few minutes (10-15) to upgrade to CE 8.2.1.
7. Take note of the MAC address of the DX80 in the CUCM device, because you are about to DELETE the DX80 device!
8. Delete the DX80 device from CUCM.
9. Create a new Telepresence DX80 device in CUCM and paste in the MAC address of the DX80 you just deleted.  Set the appropriate device settings and add an extension/SIP URI to the device.
10. On the DX80 itself, run through the startup wizard and pick UCM registration or UCM through Expressway (if your endpoint is registering through Expressway).
11. You’ve now got a DX80 on CE 8.2 code
12. Enabled Web Access in CUCM device settings so that you can get to the DX80 GUI.
13. Login to the GUI and set the admin password.  (This step may not be needed, setting the admin username/password was not available in earlier CE betas via the CUCM device setting page.)

 

Other Notes

• The Touch 10 doesn’t work on the DX80 or Dx70, you must use the built-in touch screen on the DX.

8800 Series 11.5(1) Firmware – Enhanced Line Mode

11.5 firmware for the 8800 series phones is on CCO now.

It comes with a bunch of cool new features.

Enhanced Line Mode

The coolest and most useful that I’ve seen requests for is the new Enhanced Line Mode.  (I’ll abbreviate it ELM even if there’s overlap with the PLM/ELM acronym.)  ELM allows all 10 buttons on the phones to be used a programmable line keys (PLKs).

The mode we’re used to includes 5 PLKs on the left, and 5 context-sensitive function keys on the right.  I like this mode, having gotten used to it back in the day with the 9900 series phones, but hear customers who need more than 5 PLKs (in particular for admin/receptionists who want more than 5 BLFs or Shared lines).

 

As you can see in the picture, I can now use all 10 buttons.

While the firmware is out now, there is a Devpack required to enable the ELM feature on the device configuration page.

The release notes indicate that you should get the latest Devpack from CCO, install it and reboot the cluster to enable the ELM setting.  The challenge you’ll hit is that the latest Devpack on CCO as of today (mid-June) doesn’t actually include the QED file that enables the ELM setting.  The Devpack that inclues the QED will release in the next couple weeks.

Look for a Devpack with a late-June/early-July date stamp if you want to turn this feature on.

Enhanced Do Not Disturb

The DND function has been updated to be much more obvious which is nice.

Other features to mention:

• Wi-Fi Security Enhancements
• Customized Dial Tone for SIP Phones

See the release notes for more information about the last two.

 

 

CUCM 11.5 Released – Warning!

CSR (CUCM/IM&P/CUC) 11.5 has been released!  It includes a lot of cool new features but there’s a warning that needs to be shared for customers who have legacy phones.

New Features of note:

CUCM 11.5

• “Hitless” Device Pack Installation.  Add new device types without an immediate reboot.  TFTP restart required, and Publisher reboot at next maintenance window.
• Read-only AXL user role.  (Finally!)
• PIN Sync to Unity Connection
• User-customizable  Display Name field searchable in the directory for users who want a nickname or short name.  (e.g. Mike White vs Michael White — both searchable)
• Directory search for MRA clients/devices
• UCM Scale Increase with same OVA spec
• Single SAML SSO Agreement per Cluster
• Next Gen Encryption (DOD Suite B)
• VMWare ESXi 6.0 support, Single SAML IdP per Cluster

 

IM&P (Jabber Server) 11.5

• Multi-device Messaging.  Finally copies of chats messages are sent to all clients, not the most recently active.  Read notifications sync’d across all devices.
• Persistent Chat HA and support for MS SQL (in addition to currently-supported Postgres and Oracle) for Persistent Chat functions.

Unity Connection

• Full video messaging.  In addition to video greetings, video messages can be left in inboxes.  Video playback is supported from the handset, and not Jabber at this time.  (This functionality requires Mediasence as the video engine.)
• PIN Synchronization between CUC and CUCM
• New Media Player replaces the old MediaMaster applet
• Support for Exchange 2016/Outlook 2016, Windows 10, MS Edge Browser
• Next Gen Encryption (DOD Suite B)
• VMWare ESXi 6.0 support, Single SAML IdP per Cluster

 

The warning is located in the release notes.  Certain legacy (i.e. REALLY OLD 12+ year EoS models) phones WILL NOT WORK with CUCM 11.5.

Update: A Field Notice has been posted.

This is a drastic change from previous versions were the phones are no longer supported and may not work properly anymore rather than disabling these models.  For example, I have an old 12SP+ at the office and it would register to CUCM 10, but not really work right.  In the case of 11.5, IT WILL NOT WORK.

Realistically the only models that I still see customers with are the 7935 Conference Station, 7920 Wireless, and 7910.

If you have these endpoints, understand that most have been EoS for over 12 years, and that there is a very aggressive phone trade-in program to get 20-30% extra discount (on top of your normal discount) to go to the new 8800 series phones.

Deprecated Endpoints

As of Cisco Unified Communications Manager Firmware Release 11.5, the following phones are not supported:•    Cisco IP Phone 12 SP+ and related models
•    Cisco IP Phone 30 VIP and related models
•    Cisco Unified IP Phone 7902
•    Cisco Unified IP Phone 7905
•    Cisco Unified IP Phone 7910
•    Cisco Unified IP Phone 7910SW
•    Cisco Unified IP Phone 7912
•    Cisco Unified Wireless IP Phone 7920
•    Cisco Unified IP Conference Station 7935

If you use any of these phone models on an older release of Cisco Unified Communications Manager and you upgrade to Release 11.5, the phone will not work after the upgrade completes.

Here’s an example from my CUCM where I have a 7905 defined.  The phones stays there, but this giant warning appears at the top.

Adventures in Upgrading to CSR 11.0

Now that all of the core CSR 11 components have had a service release under their collective belts, it’s go-time.  I helped a customer upgrade CUCM, IM&P and CUC from 10.5 to release 11.0.

• CUCM/CUC 11.0(1a)SU1
• CUCM IM&P 11.0(1)SU1
• Jabber for Mac and Windows 11.5
• Latest DX-series/8800 firmware
• Expressway C/E X8.7.1
• CWMS 2.6 MR1 Patch 1
• Security COP to address CSCuy07473 for CUCM 11.0(1)
• Permanent Licensing Surprises
• Holding UCCX at 10.6 for now…. (Agent/Supervisor issues)

 

CUCM 11.0(1a)SU1

This is a four node system (pub and 3 subs) running the latest 10.5 SU.  Upgraded the pub during evening hours and told it not to reboot the night before.  Once it had completed the upgrade, I ran the upgrade on the three subs and told them not to reboot.  The maintenance window was the next evening, so we didn’t make any changes during that window.

When trying to reboot the pub to the new version from the GUI it got into an ugly loop.  Switch version reported that an upgrade was still in progress.  Went to the upgrade menu option and it indicated that I had to assume control over the upgrade.  Did so and the log file showed that the upgrade had completed successfully and that the lock files were released.  Went back to switch version and it still indicated that it was in an upgrade…

Bailed on the GUI and issued the version switch from the CLI.  It didn’t complain at all and did the version switch from 10.5 to 11.  It was a faster process than I imagined, taking less than 10 minutes to reboot on 11.  I was a bit concerned if it was going to work given the GUI seeming to be in a loop, but it rebooted just fine.

I rebooted the subs all from the CLI since I didn’t (and now perhaps don’t trust) the GUI switch version.  They all rebooted quickly too and were up and running on v11.0

Important!  Please note that the OVA release notes indicate that the RAM should be upgraded to 6GB for the CUCM and CUC VMs – http://www.cisco.com/web/software/283088407/126036/cucm-11.0.ova.readme.txt.  This was pointed out by a kind reader, which I hadn’t noticed until my CUC was falling apart after the upgrade.  Moving this VM to 6GB was an immediate fix.

CUC 11.0(1a)SU1

This was a textbook upgrade that evening.  I’d prestaged 11.0 like CUCM and the reboot took about 15 minutes.  All was well until I applied the permanent licensing.  Which I’ll cover later

IM&P 11.0(1)SU1

I wasn’t able to pre-stage this upgrade so ran it the evening of the maintenance window.  It’s a fairly small system so it took about an hour to upgrade and reboot.  The reboot seemed excessively long and I was worried, but it came back and workstation Jabber  clients automatically connected.

In conjunction with this upgrade I updated my jabber-update.xml file and push out the latest 11.5(2) version of the Mac and Windows clients.  We also updated all of the user photos on the webserver that houses them to current pictures.  Jabber was hit and miss about actually pulling the new picture.  It seemed that you had to manually view the profile on some users to get it to pull the new picture.

Latest DX/8800 series Firmware

The DX-series firmware has been a bumpy bumpy bumpy road.  It’s finally pretty stable as of 10.2(5)154.  A newer 10.2(5)195 is out so I pushed that out as it has a number of bugfixes.  I also updated the photo location for the DX-series phones and they all now pull the photos correctly from the webserver that houses them.  The super secret URL to put in the Company Photo Directory is this:  http://<webserver ip address>/%%uid%%.jpg

I migrated the DX-es from Anyconnect VPN over to MRA through Expressway that night since this latest ASA Sev 10 Bugfix upgrade has caused an odd cert issue for the DX (not not normal Anyconnect software clients on other platforms).  Remote phone control does work properly from Jabber (that is VPNed in) to the phone that is connected via MRA.

CUCM 11.0 default firmware also had older firmware for the 8800 series phones so I pushed the latest 11.0 version and am anxiously awaiting 11.5 for some really cool upcoming features for the 8800 series.

Expressway C/E X8.7.1

Textbook upgrade.  I love the software that came from Tandberg.

CWMS 2.6MR1 Patch 1

This is still my favorite app to upgrade by miles.  Attach the ISO to the Admin VM in vCenter and press go from the GUI.  An hour or so later after a couple reboots of all the various VMs (Admin, Media, IRP) you kick it back out of maintenance mode and you’re done.

Security COP to address CSCuy07473 for CUCM 11.0(1)

This patch JUST released with the latest security fixes for CiscoSSL (a ciscoized variant of OpenSSL).  Install on each CUCM node and you’re done.  No reboot required.

Permanent Licensing

After upgrading everything to 11.0 everything kicked into 60-day temp license mode as expected.  (Upgrading to CSR 10.5 was bad news when it didn’t do what it was supposed to and CCX ate all of it’s licenses resulting in a P1 case.)

The TAC case for licensing was pretty straightforward.  Had permanent licenses in about a day after providing the contract number that showed SWSS.

I held of installing the permanent licenses until after hours in the event that something would go wrong and take the system down (still nervous after the CCX incident).  Installation went fine with one side issue.

I had complaints about SpeechConnect / voice enabled directory handlers on Unity Connection not working right.  Turns out CUC didn’t like the permanent licenses as far as SpeechConnect.  It had pulled the licenses from ELM/PLM properly and was in compliance, but it took a restart of the Conversation service for it to start doing the voice recognition stuff again.  Rather odd.

Holding at CCX 10.6

Since 10.6 is the last version of CCX to support CAD/CSD and Finesse, I’m working to migrate the contact center over to Finesse.  There are some usability complaints we’re working through.  The users love the idea of a dedicated app that pops when a call comes in as well as the agent-to-agent chat inside CAD.  Getting them to use a web-browser for Finesse has been a challenge.   Once I have those details ironed out we’ll force them into Finesse when we upgrade to CSR 11.5 in the summer.

 

 

 

Deploying Multistream Conferencing with vTS and CUCM

With the release of CE8 code for Cisco video endpoints (like the SX10 (8.1), SX20 (also MX200-G2 and MX300-G2) and SX80-based endpoints like the SX80, MX700 and MX800), and the appropriate infrastructure components, multistream video is a possibility.  Multistream video allows an endpoint to send multiple resolution video streams and have the bridge pass the most appropriate streams to the far-end video units.  The far end video unit would receive a full resolution stream of the active speakers, and then low quality streams of the other participants.  The most useful feature of multistream video is the ability to use both screens of a dual-screen video unit to see remote participants (when doing single-stream transcoded mode, you can only do single screen video, and secondary screen content.)  Multistream also allows for ActiveControl layout, which allows the endpoint to choose the video layout vs. the video bridge determining the layout of the participants (which has rudimentary DTMF layout control).

Components used in my lab configuration:

• SX10 (CE8.1)
• MX800 (CE8.0.1)
• (2) 8845 video phones (used to inject more video streams — these endpoints do not support multistream, they do single stream and receive their layout from the bridge)
• Conductor XC4.1
• vTS 4.2(4.23)
• CUCM 11.0(1)21900-11 (Latest and greatest version is a requirement) -or- VCS X8.7.1

This guide assumes you’ve already setup a Rendezvous (aka MeetMe) number/URI that is routed to Conductor/vTS and you’re able to to normal conference calls.  We’ll modify settings to enable multistream.

Guide to configure endpoints and CUCM SIP Profile – http://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/solutions/cmrpremises/cmr-premises-deployment-guide-r6-0.pdf

The relevant portion of this configuration is to make sure your SIP trunk to conductor is in a Location that supports full quality video.  I sent the inter-region bandwidth to UNLIMITED in my test system.  Cisco recommends a minimum of 1mpbs per screen, otherwise the vTS bridge may kick that video unit down to single-stream transcoded mode.

Configure the endpoint to support multistream

In CUCM the setting is in the device specific settings, Multistream Mode needs to be set to Auto.  Despite some of the documentation reading otherwise, Auto will attempt to do multistream, there is not actually an On setting.

Configure CUCM

Configure the SIP Profile used by the SIP trunk to Conductor to include the following settings:

• Allow iX Application Media and Allow multiple codecs in answer SDP are checked on.
• SDP Transparency Profile is set to Pass all unknown SDP attributes

In System > Service Parameters > Call Manager Service > click advanced > set SIP Maximum Incoming Message Size to 18000.

Configure Conductor

On the Conductor server, under the Conference Template you’re using for your conference, select advanced template parameters and add:

• Enable iX protocol – True and the box checked
• Multiscreen layout – ActivePresence and the box checked

No settings on vTS need to be changed, it will automatically do multistream if the endpoints meet the requirements, and CUCM (or VCS) and Conductor are properly configured.

When you join with a multi-stream endpoint you will see the following on vTS Conferences page:

 

You’ll notice the endpoints that support multistream show Multistream, and the 8845 phone named “Mike White” is Standard because it only supports a single stream.

If we look at the statistics for 5580 (the SX80) you’ll see multiple video streams being sent and received:

 

Lastly if we look at the call statistics from the video endpoint itself, we see the same information:

 

The touchpanel now shows more details in the layout.  You can see each participant in the conference and the active speaker.

 

While you can select from several canned layout modes (same typical layouts are you’re used to), this version doesn’t yet support complete drag and drop layout of individual participants where you want them.  If you select a particular participant, you can see information about any of the participants and boot them if you are meeting organizer:

 

Overall its very cool, and sets the groundwork for much more flexibility in the future with layout control.