Extension Mobility Authentication Problems

I have CallManager 4.2(3) integrated with Active Directory. When logging onto EM with an old pin the message authentication error appears. When the pin is changed via CCMAdmin and logging onto EM the message error 23 is seen. Error 23 implies the userid does not exist, clearly this is wrong as it does. When the old pin is re-tried I still see the authentication error message. It appears that it may be trying to authenticate in two different places. I have checked the registry on CallManager for the directory and this is set to true. EM was working previously. I have tried new accounts and resetting TomCat but to no avail. Any assistance would be gladly appreciated.

i would suggest to re-run the EM plugin. sounds like you ran the tool twice and you're not looking at the right directory or hoteling profile
HTH
java
if this helps, please rate

Similar Messages

Bo Mobile Authentication Problem

i use MDS 4.1.4 and bb simulator 9530
bo is the same place with mds and bb simulator.
mds and bo in the same server:192.168.1.66 local ip.and machine name is botest(mobile server is in the same place too)
VAS-cluster config:
i added:
[comm]
[comm $ mds]
HOST_PORT =192.168.1.66:8888
VAS-server.config:
i added:
[comm $ external]
ENABLED=mds
[comm $ external $ mds]
EXTERNAL_HOSTNAME=BOTEST
CLIENT_TYPE=mds
VMS-server.config:
i added:
[comm $ external]
ENABLED=mds
[comm $ external $ mds]
EXTERNAL_HOSTNAME=BOTEST
CLIENT_TYPE=mds
in this situation i connect to the cms with a bb simulator..but in a real bb says to me " authentication login...."
what is the problem?
thanks in advance.

Hi,
Also, in a real BB deployment, the request would go through a BES server deployment.
Make sure the settings are apt on teh BES server side ( ip:port)
Also, the VAS and VMS ports are open between BO and BES server.
Regards,
Atul

Strange problem with Extension Mobility and Click to Call

Can anyone explain how is it possible ? Any ideas, guys?
CUCM 7.1.3
PC1 with IP comm. and user1 is logged in to Extension Mobility + Click to Call. User1 can make a call using Click to Call.
PC2 with IP comm. and user2 is logged in to Extension Mobility + Click to Call. User2 can't make a call using Click to Call.
The following error appears on the PC2 screen:
"The call failed. Please ensure you are logged into your Extension Mobility device. If the problem persists contact your phone administrator"
Here is the log from PC2:
2010-02-03 12:49:46,781 [16] INFO - 1 devices returned from ParseDevices
2010-02-03 12:49:46,781 [16] DEBUG - 0) MY IPC - Cisco IP Communicator - SEP0022680B43E9
2010-02-03 12:49:48,703 [1] DEBUG - entering FindCallRecord - 26468949
2010-02-03 12:49:48,703 [1] INFO - matched tag with call record - 26468949
2010-02-03 12:49:48,703 [1] INFO - action - new call: ct:Click to Call;rt:20100203-12494870;pn:26468949;pt:;cn:desk phone ct:;desk phone rt:;desk phone pn:;desk phone pt:;soft Phone cn:soft Phone ct:;soft Phone rt:;soft Phone pn:;soft Phone pt:;soft Phone cn:
2010-02-03 12:49:48,734 [1] DEBUG - ClickToCallDialer server and port10.100.3.1:8443
2010-02-03 12:49:48,734 [1] INFO - make call through WD - 26468949
2010-02-03 12:49:48,734 [1] INFO - MakeCall: user(a.koltalo) to(26468949) with profile(a.koltalo;Extension Mobility Phone;;True)
2010-02-03 12:49:51,859 [1] ERROR - make call failure through WD - CALL_FAILURE_ERROR
2010-02-03 12:49:51,859 [1] DEBUG - entering WriteRecord - 26468949
2010-02-03 12:49:51,859 [1] INFO - record already exists, go through records to remove matched record - C:\Documents and Settings\Jevgenij\Application Data\Cisco\Click to Call\Data\Outbound\26468949.xml
2010-02-03 12:49:51,859 [1] DEBUG - entering ReadRecord - C:\Documents and Settings\Jevgenij\Application Data\Cisco\Click to Call\Data\Outbound\26468949.xml
2010-02-03 12:49:51,875 [1] DEBUG - push call record into stack
2010-02-03 12:49:51,875 [1] DEBUG - write record into file
2010-02-03 12:49:51,875 [1] INFO - outbound call record changed, fire event to notify
2010-02-03 12:52:08,484 [17] DEBUG - ClickToCallDialer server and port10.100.3.1:8443
2010-02-03 12:52:08,593 [17] DEBUG - entering QueryDevices - 10.100.3.1 - a.koltalo
2010-02-03 12:52:08,656 [17] INFO - return success from GetDevices -
User2 moves from PC2 to PC1 - run IP comm. do loggin to Extension Mobility and run Click to Call with his credentials. User2 can make a call using Click to Call
User1 moves from PC1 to PC2 - run IP comm. do loggin to Extension Mobility and run Click to Call with his credentials. User1 can't make a call using Click to Call
PC2 and PC1 - have the same configuration and software installed, both PCs are on the same LAN subnet. There are no any firewalls between PCs and CUCM server.

Sounds like a possible permissions issue on the workstation to me. Have you tried configuring one of your test users as the local admin on the workstation?

Problems With Extension Mobility

I have made each step to configure "EXTENTION MOBILITY" in the Call Manager 4.3 (Guide: Cisco Unified CallManager Features and Services Guide, Release 4.2(3) [Cisco Unified Communications Manager (CallManager)]), but my configuration in the CCM fall :(, when I try to accede to the service on the telephony IP and I ingress the username and the PIN configureds en el CALL MANAGER, and the display in the phone show "Authentication Unsucessfull", and the username and password are correct, I don't understand :( ....

do you have the users associated with the device profile? (option extension mobility in the users option)

Extension Mobility doesn't work

Hello,
I want to implement Extension Mobility service. I have followed the setup step by step. But when I select my login/logout service, I receive an error "Login Insuccessful" Error: [6].
The IP Phone doesn't prompt me to enter my UserID and PIN.
In the EM Traces I have:
%EMApp-3-UNK:Error while getting dir handle: DirUser.OperationError
%EMApp-3-UNK:Unable to establish dir connection :DirUser.OperationError
For information the CCM are not yet registered to the DNS and I used the LMHOST file.
Thanks you for your help,
Regards,
JPB

Its very likely the CCMSysUser user account password has not been updated on Callmanager and AD server and you may be having authentication problems between the ip phones services on Callmanager to Active Directory.

Extension mobility redundancy in CUCM 8.5

Hi ,
I have a doubt in cucm 8.5 extension mobility redundancy.
I have 3 call managers in cluster.
1. X.X.X.1 - punlisher
2. X.X.X.2 - sub1
3. X.x.X.3 - sub3
i have configured CUCM X.X.X.2 (sub 1) for extension mobility URL and in exterprise parameter configuration also (service URL). all phones are subscribed this URL and users login.
my schenerio is,
if SUB1 goes down, i change enterprise parameter service URL IP to punblisher. is that enough for users to login to extension mobility?
my doubt is,
in the above schenerio,
users press services button, request will go to enterprise parameter URL> enterprise URL will check for subscribed services> and route the request to the subscribed services for the phones . but here i have subscribed only EM service which has sub1 IP address.
how user can login?
if users can login meas, how that works.
or do i need to create 2 EM service (one for SUB1 IP, another one for PUB IP) and subscribe all the phones with both the services?
so that if subscriber fails user will login another service with has publisher IP?
I have activated EM service in all call managers inthe cluster.
please clarify my doubts.
thanks

Hi
Yes , the extension mobilty HA is avilable starting from V8 .On earlier verions as v 7 is not supported, Please find the below link:-
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/8x/cmapps.html#wp1189079
I think you have to deploy SLB (server load balancer) to distribute requests through servers . You can use load balancer as (F5 , or DNS round robin).
Note:The problem , is that the "Login" and "Logout" service URLs can really only point to one IP address. Please find the below solution based on DNS:-
- create multiple DNS records for the same name which will point to two CCM servers running the EM service
- point your EM service URL at that hostname which you have created on 1 step.
- ensure your phones have valid DNS servers assigned to resolve the above
Note: the problem on the DNS is the delay between requests.
Thank you
please rate all useful information

CME Extension Mobility, SIP configuration

Hi,
Need help with CME Extension Mobility with SIP Phones (7841). I'm using CME 10.5 and I configured the parameters below for extension mobility but the phones won't register right after I put the logout profile in the voice register pool.
They work normally when not in Extension Mobility though. Please help I need to deploy this to my customer soon.
hostname Router
boot-start-marker
boot system flash:c3900-universalk9-mz.SPA.154-3.M2.bin
boot-end-marker
no aaa new-model
no authentication logging verbose
ip dhcp excluded-address 192.168.1.1 192.168.1.20
ip dhcp excluded-address 192.168.1.254
ip dhcp pool Phones
network 192.168.1.0 255.255.255.0
default-router 192.168.1.254
option 150 ip 192.168.1.254
no ip domain lookup
ip cef
no ipv6 cef
multilink bundle-name authenticated
cts logging verbose
voice-card 0
voice service voip
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
sip
bind control source-interface GigabitEthernet0/1.10
bind media source-interface GigabitEthernet0/1.10
registrar server expires max 600 min 60
voice register global
mode cme
source-address 192.168.1.254 port 5060
max-dn 110
max-pool 110
load 7841 sip78xx.10-1-1SR1-4
time-format 24
date-format D/M/Y
service https
url authentication http://192.168.1.254/CCMCIP/authenticate.asp
tftp-path flash:
create profile sync 0002641841434163
voice register dn 1
number 6001
name Poh Huat - 6001
label Poh Huat - 6001
voice register dn 4
number 6005
name Coordinator - 6005
label Coordinator - 6005
voice register pool 1
logout-profile 100
busy-trigger-per-button 2
id mac 547C.69D6.1AB6
type 7841
voice register pool 4
logout-profile 100
busy-trigger-per-button 2
id mac 547C.69D6.1A2F
type 7841
voice logout-profile 100
pin 1234
user 6000 password 12345
number 6000 type normal
speed-dial 1 999 label "EMERGENCY"
voice user-profile 1
pin 12345
user richard password richard
number 6001 type normal
speed-dial 1 996506901 label "Richard"
voice user-profile 2
pin 12345
user 6005 password 12345
number 6005 type normal
license udi pid C3900-SPE100/K9 sn FOC16145MQA
license boot module c3900 technology-package uck9
username xtra privilege 15 secret 5 $1$STRs$Qsuesm8dF23Okof.vRyf5.
redundancy
ip ftp username xtra
ip ftp password xtra2006admin
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
ip address dhcp
duplex auto
speed auto
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
interface GigabitEthernet0/1.10
encapsulation dot1Q 10 native
ip address 192.168.1.254 255.255.255.0
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
ip forward-protocol nd
ip http server
no ip http secure-server
ip http path flash:
nls resp-timeout 1
cpd cr-id 1
tftp-server flash:PHONES/sip78xx.10-1-1SR1-4.loads alias sip78xx.10-1-1SR1-4.loads
control-plane
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
mgcp profile default
gatekeeper
shutdown
telephony-service
authentication credential 6000 12345
em keep-history
max-ephones 110
max-dn 110
service phone webAccess 0
max-conferences 8 gain -6
transfer-system full-consult
create cnf-files version-stamp 7960 Mar 05 2015 15:50:52
I have turned on debug ip http all and debug voice em-profile on and right after I entered the logout profile 100 under pool i get the following logs.
Router(config-register-pool)#
Mar 5 16:15:28.299: Thu, 05 Mar 2015 16:15:28 GMT 192.168.1.21 /CMEserverForPhone/serviceurl ok
Protocol = HTTP/1.1 Method = GET Query = locale=English_United_States&name=SEP547C69D61A2F
Mar 5 16:15:28.299:
Mar 5 16:15:28.299: Getting SIP phone index by IP address 192.168.1.21
Mar 5 16:15:28.299: SIP phone 4 found with contact IP address 192.168.1.21
Mar 5 16:15:33.363: Thu, 05 Mar 2015 16:15:33 GMT 192.168.1.21 /CMEserverForPhone/serviceurl ok
Protocol = HTTP/1.1 Method = GET Query = locale=English_United_States&name=SEP547C69D61A2F
Mar 5 16:15:33.363:
Mar 5 16:15:33.363: Getting SIP phone index by IP address 192.168.1.21
Mar 5 16:15:33.363: SIP phone 4 found with contact IP address 192.168.1.21
Mar 5 16:15:37.539: Thu, 05 Mar 2015 16:15:37 GMT 192.168.1.21 /CMEserverForPhone/extensionmobility ok
Protocol = HTTP/1.1 Method = GET
Mar 5 16:15:37.539:
Mar 5 16:15:37.539: Getting SIP phone index by IP address 192.168.1.21
Mar 5 16:15:37.539: SIP phone 4 found with contact IP address 192.168.1.21
After this the phones are still not registering, I'm suspecting it is the url authentication command, as i can't put the application-name and password after the command, any suggestions would be appreciated. THanks in advance.
-richard

Try adding:
voice register global
url authentication http://192.168.1.254/CCMCIP/authenticate.asp secretname psswrd
if still doesn't work try to compare your config with the reference guide here:
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucme/admin/configuration/guide/cmeadm/cmemobl.html#pgfId-1163414
-Terry
Please rate all helpful posts

Extension Mobility not working properly

Dear All,
I would like to ask about extension mobility on my Cisco Unified Call manager 8.5. The problem is when I press services button then Extension Mobility the put the User ID and Pin, the login was successfull but after that there's no change on IP Phone screen.
After I check on Cisco Unified Call Manager -> Devices -> Phone -> Actively Logged In Device Report I was found that my ID already login on IP Phone, but like I say before there's no change on IP Phone, my Directory Number, Name also not appear.
Did anyone experiencing same issue above? Or anyone know how to fix issue above?
Please let me know, I'm very appreciate to all of you that help and contribute on this discussion
Best Regards,
Nanda Nurhadyan

Nanda,
Have you created a Specific Device Profile with your DN and name? You will need to do that, and then you will need to go in to your end user account and make it a controlled profile.
If you do not have a device profile specific for you, you are probably getting the default device profile that doesn't have any DN associated with it.
Let me know if this helps.
Dallan

Failover config for Extension Mobility

Hi,
I have CCM3.3(3) loaded on publisher & subscriber.Extension mobility,Tomcat service is running on both servers.In IP phone services URL, I have givem publishers ip address.In Cisco Extension Mobility Logout,I have configured "True" for Login Service Enabled field in both the servers.
When I shutdown Publisher,EM is not working on all the phones.When I shutdown Subscriber,EM is not working on few phones.But EM is working on all phones when both servers are up.
Should I configure something additional to build redundancy .I want to configure subscriber as primary & Publisher as secondary for EM.
I am using 7940 IP phones.
Regds
Jagadish

Text below from Cisco Engineer Marcos Massakawa, about TAC case of this problem with extension mobility.
The problem, as you noted, is that the "Login" and "Logout" service URLs can really only point to
one IP address. In your case, you'd probably have these set up to point to whichever server you
wanted to be the primary one for Extension Mobility. However, if that server failed, the "Login"
and "Logout" services will no longer be useable, since they point to an IP that is no longer
reachable. If you want to enable users to be able to login and logout from the backup server, you'd
have to install EM on the other server, and create a slightly different service name that would show
up on the users' phones as a valid service, such as "Login2"/"Logout2", or "Login Backup"/"Logout
Backup", etc. The service URL for these services would point to the IP of the backup server. It
seems kind of clumsy, but it's a limitation of only being able to put one IP in the service URL.
Best Regards
Joao Medeiros

Extension Mobility. EMProvider

Hello?.
Im trying to make a connection between my application (Java) and the Extension Mobility. I already configure all the EM application in the callManager, and it works. I can login and logout through the phone.
Now, I want my application do some tasks like ?knowing if a user is login or know the device name of the phone is login in?.
Here is a piece of my code:
EMProvider emp = new EMProvider(callManager, callManagerUserId, callManagerPassword, extMobUserId, extMobPassword);
My problem is that I don?t know what I should introduce in ExtensionMobility UserID and Password. I did the entire EM configuration and I don?t recall any UserID or password in the configuration process.
So? what those variables supposed to mean? Where can I see it or where I can reset them?
Thanks for your help and time.

It's the login/password of a user having extension mobility proxy rights.
You could also use any em enabled user's login and password but that limits you to log in/out that particular user.

Extension Mobility Failover mode

CCM 4.1(3)
We discovered yesterday during failover testing that Extension Mobility does not function when CCM PUB is down. When pressing the services button on the phone the message "Requesting" displays, and the services menu does not populate. Is this an expected loss of functionality with the PUB down or does this sound like a Configuration problem? EM functions normally with the PUB on line. Thanks

There is no failover for EM in 4.1(3)
There are some features and functions that require access to the master database on the publisher because they make modifications to records and therefore need write access. The publisher is the only server in a Cisco CallManager cluster that has a read and write configuration database. The main features and functions that require access to the publisher for write access include:
?Configuration additions, changes, and deletions
?Extension Mobility
?User speed dials
?Cisco CallManager User page options requiring the database
?Cisco CallManager software upgrades
?Call Forward All changes
?Message Waiting Indicator (MWI) state
Other services or applications might also be affected, and their ability to function without the publisher should be verified when deployed.
http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_implementation_design_guide_chapter09186a0080447510.html#wp1045103
Regarding the services, the URL may be pointing to the PUB, and HTTP request are sent to PUB.For this you need to create a DNS entry which responds to this request no matter if Primary server is offline.
G

Ccm 4.1.3 : Extension mobility error [10]

Hello,
CCM is integrated with Active Directory, passwords of CCMadministrator and CCMsysuser are syncronized.
When users try to login into extension mobility service they receive error [10] which is:
Proxy Authentication Not Allowed: the appID that is specified does not have rights to log in or log out other users.
I guess that appID is CCMSysUser here, so where could these right could possibly be turned on? I've tried looking in the attributes of CCMSysuser in Active Directory - no luck, nothing like proxy rights/auth found.

No luck.
Tried reinstalling LDAP integration plugin, installation completed OK, but password fields of ccmadministrator and ccmsysuser in the CCM's regisrty became empty.
After putting there encrypted password (passwordutils.exe) and restarting IIS ADMin/TOmcat i receive error [10] again.
Any suggestions please?..

Creating user with extension mobility on prime provisioning 10.5

Hi All,
Does anyone know any document or have any expirenece on creating user with extension mobility on prime provisioning 10.5?
I'm facing challenges on it, appreciate if you have any document or experience to share with me.
Thanks,
Cherry

What sort of issues are you facing?
I'm also having problems, but I think it is system related.
CUCM is LDAP synced.
When PCP tries to provision Extension Mobility Access, it actually seems to be trying to update the user on CUCM (via AXL) (this fails as it is an LDAP user and the values come from LDAP and cannot be updated)
I've got a tac case open.
Bug details are currently hidden - CSCuo11522 - but this one is extension mobility provisioning issue
There was also mention of another bug related to failures to provision users with directory URI's in their LDAP record. I didn't catch a bug ID for this one though.
Cheers,
Tim

UC520 and extension mobility.

I have a UC520 with the latest version IOS (uc500-advipservicesk9-mz.124-11.XW5) it has the commands to make a logout profile and enable extension mobility. The phone (7971) that the logout profile is associated with does not see extension mobility enabled however at the CLI the IOS says it is. Any help? The profile functions as far as to bring up the associated ephone-dn.

Which exact IOS are you using? I've heard that XW6 has this sort of problem while XW5 is fine.

CCM 4.2.3 Extension Mobility

Hello,
I'm configuring the Extension Mobility Service but I found a very strange failure.
1) I have configured the Extension Mobility Service ( http://10.10.1.1/emapp/EMAppServlet?device=#DEVICENAME# ) and i did subscribe under every phones.
2) I've created the Device Profiles for every phones.
3) Under Global Directory I did insert the users and they control own device and extension mobility feature
When the user click the "World Button" on the phone it appears not the Extension Mobility Feature but the message: " MAC-ADDRESS NOT AVAILABLE .
I did attach the version and CCM's details.
Someone has had before the same problems ?

hi,
please can you tell me what is configured in the menu :
"System - Enterprise Parameters - URL Services"
http://CallManager-IP-Address/CCMCIP/getservicesmenu.asp
If so look whether IP-Address or DNS-Name of the Call Manager is configured
regards
alex

Extension Mobility Authentication Problems

Similar Messages

Maybe you are looking for