X8.5 Software for VCS/Expressway is here

Yesterday (December 17, 2014) Cisco has released a much-anticipated X8.5 update to their VCS/Expressway appliances. In addition to some cool new features (support for SSO to CUCM over MRA, CDR logging/reporting, media statistics, etc.), the update adds support for Early Media over MRA, which squishes two bugs that may affect your Jabber environment: CSCul52293 (“Edge calls are missing or have incorrect tones and announcements”) and CSCua72781 (“VCS does not forward early media on 183 or 180 with SDP”). Refer to the posted release notes for more information about this update.

CUCM 10.5: L2 Updates May Get Stuck When Optional Email Notification Is Selected

So I encountered another issue today: I was updating an existing 10.5 CUCM cluster with a new patch ( and the process would get stuck after a few minutes of the upgrade initiation. The last line that I would see in the console and the installation log file is:

upgrade_manager.sh|Upgrade (L2) Starting|

CUCM L2 Update stuck

What should follow next? Correct: an [optional] email from “ucs-installer@cisco.com” with a subject line “Upgrade (L2) CallManager Started — <node name>” should follow. It never did. Turns out, our SMTP Relay was not permitting relay from the CallManager’s IP address, so the installation could not proceed. Workaround: either opt-out of the notification email or fix your SMTP relay!

Hope this helps someone.

CUCM 10.5.1: CSR SAN and Certificate SAN Mismatch

I’ve been lucky to hit another bug today. Brand-new deployment of CUCM/CUC/CUPS version 10.5.1 and I’m unable to upload a freshly-generated SAN certificate from Starfield. I would get the following error: “CSR SAN and Certificate SAN does not match”.

CSR/Certificate SAN Mismatch

Originally, I thought the issue is a result of the CA inserting a www-prefixed name as one of the SANs in the cert (e.g. www.common_name.domain.com). So I have manually added the www-prefixed name in the CSR and re-keyed the cert. No luck. After multiple retries, I gave up and opened a TAC case. I’m glad I did, because apparently I hit another bug. The reason why CUCM can’t match the certificates’ SANs against CSR is because the hostnames are all in UPPER case, while the cert is issued for hostnames names in lower case.

The bug affects systems running version and is fixed in newer releases of CUCM, but I was given a link to download an ES (Engineering Special) version that is almost guaranteed to work.

Hope this helps someone who has been beating his/her head against the wall trying to figure this one out.



CUC Backups May Fail After Unity Upgrade to 10.5(1)

I was troubleshooting a weird issue with Cisco Unity Connection 10.5(1): after the upgrade from version 9.1 the backups started to fail. The message was: “ERROR: Backup failed due to an interruption during file copy to backup media, Backup Completed…” What was odd about this issue is that the actual files were written to the SFTP server just fine and all backup jobs showed successful results for individual components that have been backed up:


The fix? Remove older (9.x) CUC backup files from your SFTP server and try backup up CUC again.

Adding Subscriber node to an existing CUPS cluster

If you are attempting to add a subscriber node to an existing Cisco Unified Presence Server cluster across the WAN, chances are you will get the following error during network configuration validation:

“Configuration validation with [publisher name] ([ip address]) failed.

Could not send/receive UDP packets to publisher on port 8500.

  • Is this node in the application server list on the Cisco Unified Communication Manager?
  • Is Network connection to [publisher name] up?
  • Is the MTU size correct for this network?
  • Does the network allow packet fragments?”

Here’s a screenshot of the message:

CUPS configuration validation error


If you talk to Cisco TAC, they will tell you that “CUP servers are very particular to network requirements” and quote you CSCug28096 (Sub Installation over WAN Fails – 3 different instances ver 8.6.4,9.1.1) or a similar bug. Fact is, my installation of the subscriber node failed even on a LAN connection between the nodes. Let me just cut down to the solution:

  1. Install the new node on the same host as the Publisher (host being the key word here).
  2. Use VMware vSphere Replication or otherwise copy the VM to the remote data center where it should belong.
  3. Once the VM is moved, change IP address, subnet mask (if applicable) and default gateway to match the network configuration at the remote site. The system will reboot.
  4. Update the IP address for the node’s A Record in DNS.
  5. Verify replication state of the cluster on the Publisher server.

The above workaround has worked flawlessly. Hope it works for you if you are having the same issue.

Cisco WebEx Meetings Server 2.5

The Cisco WebEx Meetings Server 2.5 has been released on October 17th. This version comes with a long-awaited Multi-Data Center (MDC) support, which is essentially High Availability and load sharing between two geographically distributed areas. Be warned, though, that a separate MDC license is required (read more about MDC Licenses in CWMS 2.5 Administration Guide). The other neat feature that could be attractive to multi-national companies is the IVR language selection for system access telephone numbers (13 languages are supported).

The ISO is available from CCO. Please refer to release notes for full information.

Jabber for Windows 10.5.1 released

Cisco has released an updated Jabber for Windows client yesterday (October 8th), available for download on CCO (login required). The build number for this release is (be sure to check out Release Notes).The release contains a number of fixes and the following 5 are may be of particular interest:

  1. Jabber clients try to authenticate multiple times when using Expressway for Mobile and Remote Access (MRA). (CSCuq54657)
  2. Jabber search on a user is returning multiple Outlook contacts for users. (CSCup78097)
  3. Phone, company and photo intermittently missing on Windows 8. (CSCup29889)
  4. Jabber for Windows 10.5. 0 client registers with BOT or TCT device. (CSCuq93337)
  5. IM history does not show for some days even if available in the db file. (CSCuq90236).


Jabber vs. OCS/Lync – Feature Comparison

Many are wondering how Cisco Jabber compares to OCS/Lync in terms of features and user experience. The two share some similarities and clearly leave other competing products far behind – as Gartner analysts clearly suggest. I have tried to summarize all features of the two in the following table:

Feature Jabber OCS/Lync
Presence indicators in Microsoft applications Yes Yes
Rich presence (e.g. “on the phone”) Yes No
Custom status messages Yes Yes
Instant Messaging
Group chat Yes Yes
File transfer Yes Yes
Screen capture-to-IM Yes No
Conversation history in Outlook No Yes
IM History for compliance Yes Yes
Telephony and Video
PC-to-PC audio calling Yes[i] Yes
PC-to-PC video calling Yes[i] Yes
PC-to-PSTN audio calling Yes No
URI dialing (e.g. someone@domain.com) Yes Yes
Click-to-call support Limited[ii] Yes
Native iPhone/iPad client Yes Yes
Native Android client Yes Yes
Native Windows Phone client No Yes
Native BlackBerry client Limited[iii] Yes
AD integration: authentication Yes Yes
AD integration: directory search Yes Yes
WebEx integration (click-to-meet) Yes Yes
Desktop sharing Yes Yes
Remote control sharing Yes Yes
Skype federation No Yes
Federation with other standards-based clients Yes Yes
VPN-less connectivity Yes Yes

[i] CUCM-registered client only
[ii] Limited support (from MS Office applications only)
[iii] Limited support (IM-only; EOL)

Your comments, as always, are welcome.

Bash Environment Variable Patch for UCM versions 8, 9 and 10

Update: The patch is also applicable to Cisco Unity Connection versions 8.5.1 and up. I have updated the post to reflect this information.

With yet another vulnerability that has become public in the recent week, vendors are scrambling to issue security patches for their systems. Cisco is no exception here, and that’s a good thing. On October 1st Cisco has released bash environment patch for CUCM/CUC versions 8, 9 and 10 to protect these systems from Shellshock bug. All future software updates for CallManager/Unity Connection versions that have not reached E-O-M will be released with the patch included. But for now, affected customers should download and install ciscocm.bashupgrade.cop.sgn available on CCO under Products > Unified Communications Call Control Cisco Unified Communications Manager (CallManager) > Cisco Unified Communications Manager Version x.x > Unified Communications Manager / CallManager / Cisco Unity Connection Utilities-COP-Files.

The update does not require system reboot, but Cisco advises to make a backup copy just in case. Be sure to check patch installation instructions and you may also want to review the CSCur00930 (CUCM) and CSCur05328 (CUC) on the Bug Tracker for more information.

Stay safe!