Unable to Share Screen in CWMS

Alex Leave a comment

Another day, another bug: there have been reports from WebEx users that they are no longer able to share their screen or individual applications in WebEx meetings. There are no errors, no pop-ups – no indication whatsoever – when you click on the Share button, nothing happens. This is a bug identified in Bug Tracker as CSCuv36151 and affects CWMS 2.5 releases up to and including MR5.

To confirm if the workstation is affected, launch the command prompt to quickly find out whether Microsoft update KB3069392 is installed by typing in the following command:

wmic qfe | find “3069392”

If you have it installed, the output would indicate the installation date of the update and you can quickly find it under the “Installed Updates” to uninstall it.

CSCuv36151

You can also try to uninstall the update from the elevated command prompt.

First, find the package name:

DISM.exe /online /get-packages /format:table

Second, remove the package:

DISM.exe /Online /Remove-Package /PackageName:Package_for_KB3069392~31bf3856ad364e35~amd64~~6.3.1.1 /quiet /norestart

Cisco has released a patch for its MR5 on July 19th, 2015, which is available on CCO for download. Refer to the readme notes for this patch to ensure that it is installed properly (you must upgrade to MR5 prior to appying the MR5 Patch 1).

Good luck!

J4W 11.0 + CWMS 2.5 = CSCuu81060

Alex 1 Comment

Since Jabber 11.0 has been officially released and posted on CCO, we have done a company-wide upgrade from 10.6 to 11.0. Shortly after, our end users started complaining about inability to start or join WebEx meetings. The error (in a form of pop-up) reads as follows: “Setup was unsuccessful. Please try again. Error [110] GpcUrlRoot“:

CWMS: Setup was unsuccessful

All affected users had IE as their default browser – that was clue #1. All affected users had Jabber 11.0 installed on their workstations – clue #2. Surely, prior to this massive deployment, IT has extensively tested this and all prior (beta) Jabber 11 releases under EAP, but no one in IT had IE set as default browser (can’t blame them). Hence, this defect has not been detected.

We’ve opened a case with Cisco TAC to troubleshoot the issue further. After playing with Trusted Sites list and zone security settings, it seemed that we had found the workaround. However, the TAC engineer who was assigned to our case just advised us of the defect CSCuu81060 which reads as follows:

Symptom:
When running Jabber 11 and 2.5 MR5+, Jabber 11 changes the GPC patch to C:\Program Files (x86)\Cisco Systems\Cisco Jabber\MeetingSDK\JabberMeeting\NewDS\MyWebex\ieatgpc.dll

This is not compatible with CWMS and causes WebEx meetings to be unable to start from IE/Productivity tools due to being unable to match the activex control used by CWMS when launching a meeting from IE/PT

Conditions:

Workaround:
Use a tested compatible version of Jabber as per documentation: http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Planning_Guide/Planning_Guide/Planning_Guide_chapter_01100.html#reference_71EE5F550E5D4E89B982F64F16DCD0C2

Verified-release 11.0(1) 10.6(6)

So far, adding the FQDN of the CWMS to the Trusted Sites list seem to have done the trick for some users (you may need to tweak the Trusted Sites security zone to achieve the right effect). Another workaround is to set Chrome or Firefox as your default browser or use those browsers exclusively to launch WebEx meetings until a fix is released. Also waiting for some feedback from Cisco Jabber/CWMS Product Teams so hopefully will have an update for you soon.

Cisco Unity Connection: “Failed to Send Message”

Alex Leave a comment

I took a long break from blogging, not because there’s nothing to blog about, but because I’ve been tremendously busy at work. Since my last post, I have moved the blog to another hosting provider (which by the way wasn’t a big deal: getting a new account, spinning a new WordPress instance and restoring posts and media from backups is super-easy these days), attended a Cisco Live! conference in San Diego (awesome experience), and migrated about half a dozen of telephony systems to Cisco Unified Communications Manager clusters (with voicemail, Jabber and all nine yards). Oh, and I have replaced my daily workhorse (a Dell Latitude for, well, another Dell Latitude).

Returning back to the topic of this post, I got frustrated trying to upload a WAV file with a greeting to a system call handler in Unity Connection, as Java was giving me the ambiguous “Failed to Send Message” error. The frustrating part was that I have already dealt with the issue a while ago, but the problem resurfaced with the new laptop of mine and I couldn’t remember what the fix was. You can obviously Google the error message and get a couple of links to posts on Cisco.com, but some of the info was not applicable for Unity Connection 10.5 that I was using. So for anyone out there who is looking for a definite solution, here it is.

To start, the issue is definitely JRE-related. After clicking about half a dozen of “Accept” Java security prompts and finally managing to launch the embedded Java applet in the Unity Connection greeting administration page, the “Failed to Send Message” appears after uploading WAV file and hitting the “Save” button.

First, figure out which JRE version is being used in the web page. To do that, open the task manager as you have the Greeting page with a Java applet opened. In the list of running processes locate the JRE process, right-click on it and select “Open File Location”:

jre_process

Next, launch the notepad as Administrator and open the java.policy file located under ..\lib\security\ folder and append the following lines anywhere between the “grant {” and “};” to add the required permissions:

permission java.net.SocketPermission "10.10.10.10:443", "connect,resolve";
// where 10.10.10.10 is the IP Address of your Cisco Unity Connection server
// and 443 is the default HTTPS port (for BE6K you would want to use 8443 instead).
// If you have multiple nodes, add each one in the same list
// It may also help to add the FQDN or the hostname of your Unity Connection, if you open the admin page by using either of the two:
permission java.net.SocketPermission "cuc-01.mydomain.com:443", "connect,resolve";
// where cuc-01.mydomain.com is the FQDN of your Cisco Unity Connection server

Close the file, saving changes, re-launch the web browser and try again. It should work this time.

X8.5 Software for VCS/Expressway is here

alex Leave a comment

Yesterday (December 17, 2014) Cisco has released a much-anticipated X8.5 update to their VCS/Expressway appliances. In addition to some cool new features (support for SSO to CUCM over MRA, CDR logging/reporting, media statistics, etc.), the update adds support for Early Media over MRA, which squishes two bugs that may affect your Jabber environment: CSCul52293 (“Edge calls are missing or have incorrect tones and announcements”) and CSCua72781 (“VCS does not forward early media on 183 or 180 with SDP”). Refer to the posted release notes for more information about this update.

CUCM 10.5: L2 Updates May Get Stuck When Optional Email Notification Is Selected

alex Leave a comment

So I encountered another issue today: I was updating an existing 10.5 CUCM cluster with a new patch (10.5.2.10000-5) and the process would get stuck after a few minutes of the upgrade initiation. The last line that I would see in the console and the installation log file is:

upgrade_manager.sh|Upgrade (L2) Starting|

CUCM L2 Update stuck

What should follow next? Correct: an [optional] email from “ucs-installer@cisco.com” with a subject line “Upgrade (L2) CallManager 10.5.2.10000-5 Started — <node name>” should follow. It never did. Turns out, our SMTP Relay was not permitting relay from the CallManager’s IP address, so the installation could not proceed. Workaround: either opt-out of the notification email or fix your SMTP relay!

Hope this helps someone.

CUCM 10.5.1: CSR SAN and Certificate SAN Mismatch

alex 2 Comments

I’ve been lucky to hit another bug today. Brand-new deployment of CUCM/CUC/CUPS version 10.5.1 and I’m unable to upload a freshly-generated SAN certificate from Starfield. I would get the following error: “CSR SAN and Certificate SAN does not match”.

CSR/Certificate SAN Mismatch

Originally, I thought the issue is a result of the CA inserting a www-prefixed name as one of the SANs in the cert (e.g. www.common_name.domain.com). So I have manually added the www-prefixed name in the CSR and re-keyed the cert. No luck. After multiple retries, I gave up and opened a TAC case. I’m glad I did, because apparently I hit another bug. The reason why CUCM can’t match the certificates’ SANs against CSR is because the hostnames are all in UPPER case, while the cert is issued for hostnames names in lower case.

The bug affects systems running version 10.5.1.10000-7 and is fixed in newer releases of CUCM, but I was given a link to download an ES (Engineering Special) version that is almost guaranteed to work.

Hope this helps someone who has been beating his/her head against the wall trying to figure this one out.

 

 

CUC Backups May Fail After Unity Upgrade to 10.5(1)

alex 4 Comments

I was troubleshooting a weird issue with Cisco Unity Connection 10.5(1): after the upgrade from version 9.1 the backups started to fail. The message was: “ERROR: Backup failed due to an interruption during file copy to backup media, Backup Completed…” What was odd about this issue is that the actual files were written to the SFTP server just fine and all backup jobs showed successful results for individual components that have been backed up:

CUC_Backup_Error

The fix? Remove older (9.x) CUC backup files from your SFTP server and try backup up CUC again.

Adding Subscriber node to an existing CUPS cluster

alex Leave a comment

If you are attempting to add a subscriber node to an existing Cisco Unified Presence Server cluster across the WAN, chances are you will get the following error during network configuration validation:

“Configuration validation with [publisher name] ([ip address]) failed.

Could not send/receive UDP packets to publisher on port 8500.

  • Is this node in the application server list on the Cisco Unified Communication Manager?
  • Is Network connection to [publisher name] up?
  • Is the MTU size correct for this network?
  • Does the network allow packet fragments?”

Here’s a screenshot of the message:

CUPS configuration validation error

 

If you talk to Cisco TAC, they will tell you that “CUP servers are very particular to network requirements” and quote you CSCug28096 (Sub Installation over WAN Fails – 3 different instances ver 8.6.4,9.1.1) or a similar bug. Fact is, my installation of the subscriber node failed even on a LAN connection between the nodes. Let me just cut down to the solution:

  1. Install the new node on the same host as the Publisher (host being the key word here).
  2. Use VMware vSphere Replication or otherwise copy the VM to the remote data center where it should belong.
  3. Once the VM is moved, change IP address, subnet mask (if applicable) and default gateway to match the network configuration at the remote site. The system will reboot.
  4. Update the IP address for the node’s A Record in DNS.
  5. Verify replication state of the cluster on the Publisher server.

The above workaround has worked flawlessly. Hope it works for you if you are having the same issue.

Cisco WebEx Meetings Server 2.5

alex 2 Comments

The Cisco WebEx Meetings Server 2.5 has been released on October 17th. This version comes with a long-awaited Multi-Data Center (MDC) support, which is essentially High Availability and load sharing between two geographically distributed areas. Be warned, though, that a separate MDC license is required (read more about MDC Licenses in CWMS 2.5 Administration Guide). The other neat feature that could be attractive to multi-national companies is the IVR language selection for system access telephone numbers (13 languages are supported).

The ISO is available from CCO. Please refer to release notes for full information.