Collecting alarms from CUCM

In RTMT there is a separate menu named “Alert Central”, where all active and history alarms of CUCM and IM&P nodes are listed. RTMT communicates with Cisco AMC service to get this info anomg other real-time data.

Service parameters for Cisco AMC looks like that:

Primary collector is a node (CUCM or IM&P) which would collect logs from other nodes. Cisco suggest to choose least busy node for it. After changing Primary collector AMC service should be restarted on every node.

Logger enabled switch allows AMC logs to be saved as csv files that can be queried later.

Alert files can be found on Primary collector by issuing CLI command

file list activelog cm/log/amc/AlertLog

Files in this directory are generated at midnight every day or when AMC is restarted and file format is AlertLog_MM_DD_YYYY_HH_MM.csv (last part of HH_MM is usually 00_00 or 00_01).

In order to obtain these files programatically there is a special API for that. Here is a simple python script to get the file with alarms:

import requests

def getOneFile(node,user,passw,filename):
    header={'SOAPAction':'http://schemas.cisco.com/ast/soap/action/#LogCollectionPort#GetOneFile'}
    raw_xml = """<soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soap="http://schemas.cisco.com/ast/soap/">
   <soapenv:Header/>
   <soapenv:Body>
      <soap:GetOneFile soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
         <FileName xsi:type="get:FileName" xmlns:get="http://cisco.com/ccm/serviceability/soap/LogCollection/GetFile/">/var/log/active/tomcat/logs/manager.2016-02-11.log</FileName>
      </soap:GetOneFile>
   </soapenv:Body>
</soapenv:Envelope>""".format(filename)
    try:
        response=requests.post('https://'+node+':8443/logcollectionservice/services/DimeGetFileService',data=raw_xml,auth=requests.auth.HTTPBasicAuth(user,passw),verify=False,headers = header)
        return response.text
    except:
        return -1

if __name__ == '__main__':
    print getOneFile('192.168.0.1','admin','admin','/var/log/active/cm/log/amc/AlertLog/AlertLog_02_08_2016_00_00.csv')

The user, which queries the file might be your administrator Application user with access to AXL applications.

The output should look like this:

Content-Type: text/xml; charset=UTF-8
Content-Transfer-Encoding: binary
Content-Id: <80DB2208357F8BD76EE58C1967C79E0D>

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <soapenv:Body>
        <ns1:GetOneFileResponse soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns1="http://schemas.cisco.com/ast/soap/">
            <DataHandler href="cid:BC0EDD33C6D0C7A1F6286E3691F95332" xsi:type="ns2:DataHandler" xmlns:ns2="DimeGetFileService"/>
        </ns1:GetOneFileResponse>
    </soapenv:Body>
</soapenv:Envelope>

Content-Type: application/octet-stream
Content-Transfer-Encoding: binary
Content-Id: <BC0EDD33C6D0C7A1F6286E3691F95332>

Time Stamp,Alert Type,Alert Name,Alert Message,Monitored Object Name,Severity,PollValue,Action,Node ID,Group ID
1454882401636,0,CriticalServiceDown, Service operational status is DOWN. Cisco Presence Engine. The alert is generated on Mon Feb 08 00:00:01 EET 2016 on node 192.168.0.34., ,2,0,admin@exmaple.com;,192.168.0.34,System
1454882431615,0,CriticalServiceDown, Service operational status is DOWN. Cisco Presence Engine. The alert is generated on Mon Feb 08 00:00:31 EET 2016 on node 192.168.0.34., ,2,0,admin@exmaple.com;,192.168.0.34,System

 

As you can see the last part of the output is the content of the file with alarms thrown by CUCM and IM&P, where every line start with a timestamp (with milliseconds). So parsing this output is rather simple.

With this in mind you can create a zabbix server check and monitor UC alarm with common software and stop relying to emails and RTMT.

Telepresence SW CE8

Cisco released new software for SX series Telepresence endpoints a couple of month ago. That SW introduced wireless desktop sharing from PC and MAC.
Here are some features of this innovation
1) To enable BYOD (that is Proximity) there is no need to login to endpoint’s web interface and search for hidden BYOD configuration parameter. There is separate menu”Proximity” for it. Moreover, it’s provisioning now is available from CUCM’s device page:

So now we can use BAT to enable Proximity on all devices.

2) The Proximity software for desktop can be downloaded from  https://proximity.cisco.com/. But unlike the Proximity for Android or IOS desktop version allows you to share content only.
3) My DELL laptop refused to connect to my SX10 until I switched off Wave MaxxVoice which tampered with built-in mic. So in order to use you have to train your staff to turn off every mic enhancement on their laptops.
4) As with Proximity for mobile desktop version listens to ultrasound and extracts codec’s URL from it. Then it connects to is via HTTPS. The desktop capture also uses TCP 443 for transferring images.
5) Current version doesn’t show mouse cursor while sharing desktop. According to Cisco community they are going to fix it in next releases.

6) The image of CE software is pretty big and uploading and extracting cop.sgn file caused my CUCM server CPU utilization to reach almost 100%, so it’s better to do it during off-hours.

Jabber bot for Cisco IM&Presence

Creating a bot for Cisco Jabber isn’t very difficult: you’d need a python3 interpreter (ships with all latests Ubuntu installations) and a slixmpp library. I’m using pip to install slixmpp like that:

apt-get install python-pip3
pip3 install slixmpp

The example from slixmpp github repo (under “The Slixmpp Boilerplate” subtitle) is working right from the box: just specify bot’s username and password and IM&P server name or IP. If you need your bot to read or calculate some data and send it to you on a regular basis here is a modified example:

import logging
import asyncio
import datetime
import time
from slixmpp import ClientXMPP
from slixmpp.exceptions import IqError, IqTimeout

@asyncio.coroutine
def asleep(t):
    yield from asyncio.sleep(t)

def calc_smth():
    return time.mktime(datetime.datetime.now().timetuple())

class EchoBot(ClientXMPP):

    def __init__(self, jid, password):
        ClientXMPP.__init__(self, jid, password)
        self.add_event_handler("session_start", self.session_start)
        self.register_plugin('xep_0199')
    def session_start(self, event):
        try:
            self.send_presence()
        except IqError as err:
            self.disconnect()
        except IqTimeout:
            self.disconnect()


    def disconnected(self, event):
        print("%s disconnect" % self.jid)

if __name__ == '__main__':
    logging.basicConfig(level=logging.ERROR,format='%(levelname)-8s %(message)s')
    try:
        xmpp =  EchoBot('bot@example.com', 'password')
        xmpp.connect(address=("IM&P IP", 5222))
        xmpp.process(timeout=0.1)
        while True:
            asyncio.get_event_loop().run_until_complete(asleep(5))
            xmpp.send_message(mto='johndoe@example.com', mbody="Timestamp={}".format(calc_smth()), mtype='chat')
    except (KeyboardInterrupt, SystemExit):
        xmpp.disconnect()
        print("Done")

Just change bot’s JID  and password (bot@example.com and ‘password’ in this example), destination JID (johndoe@example.com), modify calc_smth function for it to do something usefull instead of calculation current timestamp and launch it with

python3 bot.py

Cisco TMS, TMSPE and CMR

Collaboration Meeting Rooms by Cisco is a wonderful collaboration tool I first heard of during the latest Cisco Connect in Moscow.
I think of it as an e-mail, but for video or audio conferencing: everyone have their own URI (e.g. a person with email address of johndoe@example.com might have a CMR johndoe@cmr.example.com) that can be accessed from a number of devices like browser via Jabber Guest,desktop and mobile clients like Cisco Jabber 4 Win/Mac/Android/IOS, video codec or desktop phone.

For this to work you should have CUCM, IM&P, Telepresence Conductor and Server, TMS and TMSPE. Also Cisco suggests to adopt Personal Multiparty licensing but you can stay with Screen licensing as well.  Documentation about installation of Telepresence Conductor and Server and integrating them with CUCM is rather thorough. But I personally can’t say the same about TMS/TMSPE/CMR deployment guide. So I’d like to cover some things I encountered during implementing CMR 5 in TMS with Conductor, CUCM and Server already installed for AdHoc and Rendezvous conferencing.

1. TMS installs on a Windows Server  2012 (CUCM once was a Windows appliance as well), so it’s a good idea to have this server to be a part of the domain, as IIS which serves a GUI for configuring CMR uses windows authentication.
2. If you are planning to install 2 TMS for redundancy you should use separate MSSQL server for tmsng (and others like tmspe,tms_userportal, tmspe_vmr) databases. Cisco also specify MSSQL versions you should use: Microsoft SQL Server 2012
All versions, 64 bit only or Microsoft SQL Server 2008 R2 All versions, 64 bit only
3. If had you configured TMS already, but found that you had accidentally connected to the wrong MSSQL server there is an application named TMS tools installed along with TMS that can change db connection details.
4. When installing TMSPE you might get a Java error – it happened to me when I had JREv8 installed. After downgrade to jre-7u80-windows-x64 the problem gone
5. When TMSPE is installed you may ‘connect’ it to TMS with Administrative Tools -> Configuration -> General Settings ->  Provisioning Mode: -> Provisioning Extension
6. All your users by default would be able to access Smart Scheduler, which is great but it has so many limitations, like you cannot add non-Cisco-codec destinations (this codecs should be present in TMS) to scheduled conference. So if you don’t want to confuse them it’s better disable Smart Scheduler until it becomes more feature-rich: Administrative Tools -> User administration -> Default System Permissions -> uncheck ‘Book’ check-box against Group Name ‘Users’
7. If you want users to access CMR configuration you should import users to TMSPE. I use LDAP for that. LDAP or AD import mappings to TMSPE can be configured here: Administrative Tools -> Configuration -> Provisioning Extension Settings
The import itself is configured under Systems -> Provisioning -> Users -> User import. Also it’s nice to have Video Address Pattern and Device Address Pattern configured under User setting in a form of {username}@cmr.example.com
8. Next step should be adding of Telepresence Conductor under Collaboration Meeting Room Templates (click TelePresence Conductor Settings and specify it’s address and admin credentials). TMSPE support only one Conductor, but it’s okay
as TMSPE only pushes CMR configs and doesn’t process calls so it doesn’t need as much redundancy as Conductor.
9. To configure a template click to New Template, choose a TelePresence Conductor configured earlier, SIP alias pattern in a form of {username}@cmr.example.com, Numeric alias pattern if you want CMRs to be accessed from phones with dialpad only (I used a prefix like *1* to distinguish CMR numbers from internal DNs).
Other interesting parameters are Allow Guest Role and Guest Lobby: it allows users to share their CMR numbers and aliases with others and invite them to their CMRs, so when a guest joins your CMR it just dials # and waits for a host to connects while looking at a lobby screen.
10. If you want users to connect to their CMRs add a SIP route pattern of cmr.example.com and *1* Route pattern pointing to SIP Trunk to Conductor used to start Rendezvous conferences in CUCM.
11. CMR are populated to Conductor by TMSPE only when a users access CMR configuration page at http://<tms_fqdn>/tmsagent/tmsportal/#home and finally configures it (assigns a PIN and an optional name). You can check if CMR is there in Conductor goto it’s admins interface Status ->  Collaboration meeting rooms and search for a CMR in a form of johndoe@cmr.example.com.

In essence, there are so many nuances when deploying CMRs and I think that Cisco should include the overall description of this technology into top-level design documents like Collaboration SRND.

Cisco Jabber (CAXL) powered web chat

Cisco IM&Presence server provides the ability to connect to it via BOSH interface. In order to turn this feature on navigate to Cisco Unified IM and Presence Serviceability -> Tools -> Control Center – Feature Services -> choose a node -> Cisco XCP Web Connection Manager and check if it’s started and activated.

Next, check what security setting are applied to it: Cisco Unified CM IM and Presence Administration -> System -> Security -> Settings. If Enable Web Client to IM/P Service Secure Mode is checked you’ll use https to reach BOSH interface, http otherwise.

Now let’s check if BOSH interface is up: navigate to https://cup_server_name:7335/httpbinding (use http if you are not using secure connection). You browser should show something like this:

This URL can be overriden by modifying Cisco Unified CM IM and Presence Administration -> System -> Service Parameters -> choose a node -> Cisco XCP Web Connection Manager -> HTTP Binding Paths Handled – Path field.

I know only 2 clients that support BOSH connections: Pidgin and CAXL, which is a Cisco javascript library. The description of the latter can be found here and library docs here.

I decided to implement web chat, based on this library. The source can be found here. You’ll need Python2 with Flask and  requests modules for it to work.

After launching the app you’ll se a login screen:

• username: full username with domain part, e.g. user@example.com
• password: end user password
• IM&P node: FQDN or IP address or IM&P Node with Cisco XCP Web Connection Manager running
• chat alias: full group chat name in a form like chat_name@chat_alias. Navigate to Cisco Unified CM IM and Presence Administration -> Messagin -> Group Chat Server Aliases  Mapping to check what chat_aliases are available

Once logged in the main window should look like that:

The styling is pretty simple and can be modified.

 

 

Hunt pilot alerting name

Hunt pilot is a cool CUCM feature  that allows you to spread an incoming call across multiple lines. In version 10 of CUCM Cisco added queueing capabilities introducing tiny call-center.
Hunt pilot setup follows standard CUCM 3-tier configuration scheme: hunt pilot number refers to a hunt list which is a sorted list of line groups. The latter are the groups of DNs.
This allows you to have a DN in multiple line groups. But here is a complication: when someone calls a Hunt pilot the recipient sees a calling number of this someone and not the hunt pilot.
What if it’s a sales manager that is a member of hunt pilots and he have difference greetings for each hunt pilot number?
There is a Advanced clusterwide service parameter for CallManager service, which allows our sales manager to identify a hunt pilot he’s been reached from:

In hunt pilot configuration page you can set alerting names:

Calling Line ID Presentation and Calling Name Presentation should be set to Allow if you want a called party to see who’s calling (not the hunt pilot alerting name but caller id). Connected Line ID Presentation and Connected Line ID Presentation  should be set to Allow if you want a called party to see resulting DN Caller ID once on call.

The result should look like that for Cisco Jabber notification:

and on a phone screen:

The default behaviour for this function is enabled for CUCM of version >10. But I’m not sure when this parameter was introduced and I think that this feature would be switched off after upgrade from a version where it was absent.

 

 

3rd party SIP device and CUCM

Adding 3rd party SIP device to CUCM is pretty straightforward: add End User with digest credentials, create SIP profile with Digest authentication support, add 3rd party SIP device (choose advanced for video) and apply config on the device itself (you should usually specify DN, end user name and digest credentials). Here is the link to cisco.com which describes the process.

But recently I encountered that my Lifesize video codec refused to register on CUCM. TCPdump showed that device sent SIP register, CUCM replied with 401 Unauthorized with all necessary info for authentication (Digest realm=”ccmsipline”, nonce=”some long random line”, algorithm=MD5), which was OK. When Lifesize calculated the response and sent it with subsequent SIP REGISTER, CUCM replied with 500 Internal Server Error:

Before submitting a TAC case I decided to check device config on CUCM. There is a configuration parameter of Device Pool assigned to device. This pool define CMgroup among other things. Cisco phones download their configuration files  where they can find CUCM nodes they can register to, which is not the case with 3rd party SIP devices.

Now back to Lifesize configuration window: in SIP Registration hostname field I specified a node which was not in the CMgroup assigned to the device. When I changed it to appropriate hostname, Lifesize registered normally.

Serviceability Control Center

Recently, I’ve decided to try out CAXL IM&Presence API (https://developer.cisco.com/site/jabber-websdk/overview/overview/) and integrate a Web chat with Jabber MUCs (chat conferences). And it turns out that XCP Web connection manager which serves BOSH interface for CAXL (or jabberwerx) can’t stand more than 100 concurrent connections. This service just went to Stopped state.

While troubleshooting that with UC serviceability web interface on CUCM (like going to Cisco unified Serviceability ->  Tools -> Control center Feature services ot Network services -> choosing a node and it takes quite some time to fetch the data) I decided to write a simple GUI for this. I’ve based my server on a API’s description from here https://developer.cisco.com/site/sxml/discover/overview/service-control/.

The source is accessible from my github https://github.com/smirnov-am/cucm_srv_cc_api.

Installation should be easy: on a server with python installed, use pip to get flask and apscheduler modules and run the script. Open a browser and enter your server IP and enter srv_mon/srv_mon when it asks for credentials.

On configuration enter your CUCM and IM&P node IPs and hit Save&Run. The UCM and IMP pages should populate with service’s states:

 

Services that are activated and not running come first, started services are just highlighted with green, inaccessible nodes and inactivated services are grey and can be found in the end of the list.

I’m going to invest some time into it later and add service stop/start/restart capabilities to it.

It looks like you can get the same info from RTMT or PrimeCollaboration which is free if you got CUWL Pro licence. But first one is slow and the latter is very greedy for computing resources and I find my solution much more helpful when debugging service states.

Problems with user login into Cisco IM&Presence

Cisco IM&Presence supports both native Cisco Jabber clients and 3rd party XMPP clients like PSI.

Cisco jabber clients use special type of DNS SRV records (_cisco-uds._tcp.example.com) which stores an address of CUCM server. When they get it they make a request to a special service called Cisco UDS for a user login and his respective parameters – Service Profile to be exact. Cisco UDS can be found in UC Serviceability in Control Center -> Network Services -> CM Services, so if you experience problems with Cisco Jabber authorization and RTMT sends you AuthenticationFailed with Interface : cucm-uds  string you can restart it.

Service Profile (CM Administration -> User Management -> User settings -> Service profile) – defines which UC services are available to a user. Navigate to End User configuration to check which service profile is tied to a certain user. Service profile have links to IM and Presence Profile, which are defined by CM Administration -> User Management -> User settings -> UC services.

It is UC services which stores addresses of IM&P nodes. That’s how Cisco Jabber clients reach IM&P and get IM capabilities. Also without _cisco-uds SRV a client queries for _cuplogin._tcp SRV which points to IM&P nodes and uses the same process as 3rd party XMPP client described below.

3rd party XMPP clients don’t use _cisco-uds SRV. They use _xmpp-client._tcp SRV which points to IM&P node. Inside IM&P there is a service of Cisco XCP Connection Manager which listens on 5222 port and provides logins. So when there is a problem with login of 3rd party XMPP client it is likely that Cisco XCP Connection Manager is faulty and should be restarted.

Cisco UDS is pretty new service and a lot of stuff relies on it now in UC infrastructure (like MRA for example – I should definetely write a post on how CIisco Jabber clients login with MRA – it’s a peice of art) and it deals with a huge load ok. But Cisco XCP Connection Manager in certain situations becomes unavailable under heavy load. From the perspective of the client it looks like it’s responding and even provides a list of possible auth mechanisms of PLAIN and CISCO_VTG_TOKEN, but returns nothing when a client send it’s encoded password with XMPP (you can observe this with PSI XML console for example).

URI dialling in UC infrastructure. Part 3.

In previous parts I’ve tried to cover the process of configuration of egress B2B URI calling. Now it’s time to set up inbound one, so your organization will have a URI in form of info@example.com and it can be dialled by outside partners. For my scheme to work you should have CUCM, a Expressway-C/E pair and Telepresence Conductor with confbridges up and running and capable of handing rendezvous conferences.
Let’s create a search rule on Expressway-E which will accept our URI and send it to Traversal zone toward Expressway-C.

On Expressway-C we are going to transform info@example.com on its way from Traversal Zone to 7777@cucm1.example.com and send it to Neighbor Zone pointing to CUCM

Assumed we have a Telepresence Conducter setup according to http://www.cisco.com/c/dam/en/us/td/docs/telepresence/infrastructure/conductor/config_guide/xc3-0_docs/TelePresence-Conductor-Unified-CM-Deployment-Guide-XC3-0.pdf
all we have to do is to create a route pattern of 7777 pointing to a SIP trunk for rendezvous conferences.

On Telepresence Conductor let’s create a separate alias of 7777 which refers to a template External B2B

Template External B2B should among other parameters have a pin set.

So when a remote party calls you they will see a standart Cisco background with a Example.com label and will be asked to enter a PIN via DTMF.

Of course all this setup is irrelevant if you don’t have DNS SRV records for your domain visible from public Internet.

And remember all these call will requeire a RMS licences on Expressway-C/E pairs.