User accounts are automatically disabled in CWMS 2.0 MR4

Update #2 07-18-2014: A hotfix cisco-webex-meetings-server-2.0.1.416.B.iso has been released for customers who are affected by the defect CSCup62113. The hotfix is available via special download only; to obtain access to it, please contact Cisco TAC.

Update #1 07-08-2014: Apparently, another outcome of the bug is that the Personal Conferencing accounts have been removed from all user profiles after users were temporarily deactivated in CWMS. There is a way to re-enable the old host/participant access codes if a user creates a new Personal Conferencing account (regardless whether the same or a new PIN is specified). The old Personal Conferencing host/access codes will not show up in the users’ profile or WebEx Productivity Tools in Outlook.

So I have upgraded our CWMS 2.0 environment to the latest maintenance release (MR4 or 2.0.1.407). Everything went well and the systems tested successfully post the upgrade. Time to remove pre-upgrade snapshots of your CWMS VMs (don’t ever forget to do this, as snapshots left behind do have an adverse effect on VM performance) and call it a night. Well, it turned out that the newest maintenance release is bugged and this time it is a big one. If you haven’t upgraded to the latest maintenance release, but plan to do it sometime soon, you’d likely want to reconsider. Read on…

So I have learned today that all but two of my 5000+ users were deactivated in CWMS with a status “disabled on LDAP” (which, of course, isn’t true). Users can still authenticate with the CallManager (with which CWMS synchronizes), so directory synchronization with LDAP and LDAP authentication isn’t a problem. Turns out, CWMS would disable any user whose record hasn’t been updated in the CallManager within the past few weeks (8 to be precise, as claimed by a Cisco TAC engineer). There is no patch or hotfix available at this point, but a workaround is as follows:

  1. Make a change (any change) for the affected end user object(s) in the CallManager (you’d likely want to make the changes in bulk using BAT).
  2. Synchronize the users in CWMS
  3. Disable periodic synchronization.

I found it easiest to bulk update user objects using a query (Bulk Administration -> Users -> Update Users -> Query). I have made a copy of an existing Service Profile and saved it under a different name, then switched all of my users to that Service Profile using a query in Bulk Administration. Use Job Scheduler to verify that all records have been updated successfully.

Job Scheduler

 

Once the batch job completes successfully and you have confirmed that all records have been updated, proceed with synchronization of users with CUCM in CWMS.

Important: Do not forget to disable periodic synchronization!

CWMS Directory SynchronizationHope you did not have to go through this. I will update the post once a hotfix or an update with a fix becomes available. You can also save the bug CSCup62113 and add email subscription to receive updates on it in Cisco’s bug tracker tool.

 

One thought on “User accounts are automatically disabled in CWMS 2.0 MR4

Leave a Reply

Your email address will not be published. Required fields are marked *