Cisco Unity Connection: “Failed to Send Message”

I took a long break from blogging, not because there’s nothing to blog about, but because I’ve been tremendously busy at work. Since my last post, I have moved the blog to another hosting provider (which by the way wasn’t a big deal: getting a new account, spinning a new WordPress instance and restoring posts and media from backups is super-easy these days), attended a Cisco Live! conference in San Diego (awesome experience), and migrated about half a dozen of telephony systems to Cisco Unified Communications Manager clusters (with voicemail, Jabber and all nine yards). Oh, and I have replaced my daily workhorse (a Dell Latitude for, well, another Dell Latitude).

Returning back to the topic of this post, I got frustrated trying to upload a WAV file with a greeting to a system call handler in Unity Connection, as Java was giving me the ambiguous “Failed to Send Message” error. The frustrating part was that I have already dealt with the issue a while ago, but the problem resurfaced with the new laptop of mine and I couldn’t remember what the fix was. You can obviously Google the error message and get a couple of links to posts on, but some of the info was not applicable for Unity Connection 10.5 that I was using. So for anyone out there who is looking for a definite solution, here it is.

To start, the issue is definitely JRE-related. After clicking about half a dozen of “Accept” Java security prompts and finally managing to launch the embedded Java applet in the Unity Connection greeting administration page, the “Failed to Send Message” appears after uploading WAV file and hitting the “Save” button.

First, figure out which JRE version is being used in the web page. To do that, open the task manager as you have the Greeting page with a Java applet opened. In the list of running processes locate the JRE process, right-click on it and select “Open File Location”:


Next, launch the notepad as Administrator and open the java.policy file located under ..\lib\security\ folder and append the following lines anywhere between the “grant {” and “};” to add the required permissions:

permission "", "connect,resolve";
// where is the IP Address of your Cisco Unity Connection server
// and 443 is the default HTTPS port (for BE6K you would want to use 8443 instead).
// If you have multiple nodes, add each one in the same list
// It may also help to add the FQDN or the hostname of your Unity Connection, if you open the admin page by using either of the two:
permission "", "connect,resolve";
// where is the FQDN of your Cisco Unity Connection server

Close the file, saving changes, re-launch the web browser and try again. It should work this time.

X8.5 Software for VCS/Expressway is here

Yesterday (December 17, 2014) Cisco has released a much-anticipated X8.5 update to their VCS/Expressway appliances. In addition to some cool new features (support for SSO to CUCM over MRA, CDR logging/reporting, media statistics, etc.), the update adds support for Early Media over MRA, which squishes two bugs that may affect your Jabber environment: CSCul52293 (“Edge calls are missing or have incorrect tones and announcements”) and CSCua72781 (“VCS does not forward early media on 183 or 180 with SDP”). Refer to the posted release notes for more information about this update.

CUCM 10.5: L2 Updates May Get Stuck When Optional Email Notification Is Selected

So I encountered another issue today: I was updating an existing 10.5 CUCM cluster with a new patch ( and the process would get stuck after a few minutes of the upgrade initiation. The last line that I would see in the console and the installation log file is:|Upgrade (L2) Starting|

CUCM L2 Update stuck

What should follow next? Correct: an [optional] email from “” with a subject line “Upgrade (L2) CallManager Started — <node name>” should follow. It never did. Turns out, our SMTP Relay was not permitting relay from the CallManager’s IP address, so the installation could not proceed. Workaround: either opt-out of the notification email or fix your SMTP relay!

Hope this helps someone.

CUCM 10.5.1: CSR SAN and Certificate SAN Mismatch

I’ve been lucky to hit another bug today. Brand-new deployment of CUCM/CUC/CUPS version 10.5.1 and I’m unable to upload a freshly-generated SAN certificate from Starfield. I would get the following error: “CSR SAN and Certificate SAN does not match”.

CSR/Certificate SAN Mismatch

Originally, I thought the issue is a result of the CA inserting a www-prefixed name as one of the SANs in the cert (e.g. So I have manually added the www-prefixed name in the CSR and re-keyed the cert. No luck. After multiple retries, I gave up and opened a TAC case. I’m glad I did, because apparently I hit another bug. The reason why CUCM can’t match the certificates’ SANs against CSR is because the hostnames are all in UPPER case, while the cert is issued for hostnames names in lower case.

The bug affects systems running version and is fixed in newer releases of CUCM, but I was given a link to download an ES (Engineering Special) version that is almost guaranteed to work.

Hope this helps someone who has been beating his/her head against the wall trying to figure this one out.



CUC Backups May Fail After Unity Upgrade to 10.5(1)

I was troubleshooting a weird issue with Cisco Unity Connection 10.5(1): after the upgrade from version 9.1 the backups started to fail. The message was: “ERROR: Backup failed due to an interruption during file copy to backup media, Backup Completed…” What was odd about this issue is that the actual files were written to the SFTP server just fine and all backup jobs showed successful results for individual components that have been backed up:


The fix? Remove older (9.x) CUC backup files from your SFTP server and try backup up CUC again.

Adding Subscriber node to an existing CUPS cluster

If you are attempting to add a subscriber node to an existing Cisco Unified Presence Server cluster across the WAN, chances are you will get the following error during network configuration validation:

“Configuration validation with [publisher name] ([ip address]) failed.

Could not send/receive UDP packets to publisher on port 8500.

  • Is this node in the application server list on the Cisco Unified Communication Manager?
  • Is Network connection to [publisher name] up?
  • Is the MTU size correct for this network?
  • Does the network allow packet fragments?”

Here’s a screenshot of the message:

CUPS configuration validation error


If you talk to Cisco TAC, they will tell you that “CUP servers are very particular to network requirements” and quote you CSCug28096 (Sub Installation over WAN Fails – 3 different instances ver 8.6.4,9.1.1) or a similar bug. Fact is, my installation of the subscriber node failed even on a LAN connection between the nodes. Let me just cut down to the solution:

  1. Install the new node on the same host as the Publisher (host being the key word here).
  2. Use VMware vSphere Replication or otherwise copy the VM to the remote data center where it should belong.
  3. Once the VM is moved, change IP address, subnet mask (if applicable) and default gateway to match the network configuration at the remote site. The system will reboot.
  4. Update the IP address for the node’s A Record in DNS.
  5. Verify replication state of the cluster on the Publisher server.

The above workaround has worked flawlessly. Hope it works for you if you are having the same issue.

Cisco WebEx Meetings Server 2.5

The Cisco WebEx Meetings Server 2.5 has been released on October 17th. This version comes with a long-awaited Multi-Data Center (MDC) support, which is essentially High Availability and load sharing between two geographically distributed areas. Be warned, though, that a separate MDC license is required (read more about MDC Licenses in CWMS 2.5 Administration Guide). The other neat feature that could be attractive to multi-national companies is the IVR language selection for system access telephone numbers (13 languages are supported).

The ISO is available from CCO. Please refer to release notes for full information.

Jabber for Windows 10.5.1 released

Cisco has released an updated Jabber for Windows client yesterday (October 8th), available for download on CCO (login required). The build number for this release is (be sure to check out Release Notes).The release contains a number of fixes and the following 5 are may be of particular interest:

  1. Jabber clients try to authenticate multiple times when using Expressway for Mobile and Remote Access (MRA). (CSCuq54657)
  2. Jabber search on a user is returning multiple Outlook contacts for users. (CSCup78097)
  3. Phone, company and photo intermittently missing on Windows 8. (CSCup29889)
  4. Jabber for Windows 10.5. 0 client registers with BOT or TCT device. (CSCuq93337)
  5. IM history does not show for some days even if available in the db file. (CSCuq90236).


Jabber vs. OCS/Lync – Feature Comparison

Many are wondering how Cisco Jabber compares to OCS/Lync in terms of features and user experience. The two share some similarities and clearly leave other competing products far behind – as Gartner analysts clearly suggest. I have tried to summarize all features of the two in the following table:

Feature Jabber OCS/Lync
Presence indicators in Microsoft applications Yes Yes
Rich presence (e.g. “on the phone”) Yes No
Custom status messages Yes Yes
Instant Messaging
Group chat Yes Yes
File transfer Yes Yes
Screen capture-to-IM Yes No
Conversation history in Outlook No Yes
IM History for compliance Yes Yes
Telephony and Video
PC-to-PC audio calling Yes[i] Yes
PC-to-PC video calling Yes[i] Yes
PC-to-PSTN audio calling Yes No
URI dialing (e.g. Yes Yes
Click-to-call support Limited[ii] Yes
Native iPhone/iPad client Yes Yes
Native Android client Yes Yes
Native Windows Phone client No Yes
Native BlackBerry client Limited[iii] Yes
AD integration: authentication Yes Yes
AD integration: directory search Yes Yes
WebEx integration (click-to-meet) Yes Yes
Desktop sharing Yes Yes
Remote control sharing Yes Yes
Skype federation No Yes
Federation with other standards-based clients Yes Yes
VPN-less connectivity Yes Yes

[i] CUCM-registered client only
[ii] Limited support (from MS Office applications only)
[iii] Limited support (IM-only; EOL)

Your comments, as always, are welcome.