CUCM Switch between partition or version after upgrade

When you upgrade a Cisco CUCM, before to launch the upgrade the system ask you if you want to restart on the new version or keep the current version and restart later.

Indeed, it’s a convenient way to limit service interruption and it’s easy to manage. Rollback is also easier to achieve.

Here some useful command for checking :

Check active version :

admin:show version active
Active Master Version: 8.6.2.22900-9
Active Version Installed Software Options:
cmterm-android_9.0.1v24.cop
cmterm-7940-7960-sccp.8-1-2SR2.cop
cmterm-iphone-install-130129.cop
cmterm-devicepack8.6.2.24097-1.cop
cmterm-69xx-sccp.9-3-3-2.cop
cmterm-rim_409_8.6v1-sip.cop
cmterm-8831-sip.9-3-3-5.cop
cmterm-7945_7965-sccp.9-3-1SR1-1.cop
cmterm-android_9.1.1v1.cop
cmterm-devicepack8.6.2.24104-1.cop
cmterm-7945_7965-sccp.9-3-1SR2-1.cop
admin:show version
      show version active
      show version inactive

Check inactive version :

admin:show version inactive
Inactive Master Version: 8.6.1.20000-1
Inactive Version Installed Software Options:
No Installed Software Options Found.
admin:

Switch from inactive to active version :

admin:utils system switch-version

Active Master Version: 8.6.1.20000-1
Inactive Master Version: 8.6.2.23070-1


If you are switching to an earlier release, you must run:

utils dbreplication reset all
from the publisher after all the nodes are switched over.


Do you really want to switch between versions ?

Enter (yes/no)? yes


 Switching Version and Restarting the Appliance ...

Switch version duration can vary depending on the database size
and platform configuration.  Please continue to monitor the
switchover process from here.


Waiting ....

Configure Voice Gateway VG224 in SIP with CUCM

Here an example of configuration of Cisco VG224 using SIP as signaling protocol and which is connected to a CUCM via a SIP Trunk.

Configuring voice-port :

voice-port 2/20
 ring frequency 50
 cptone FR
 description **telephone analogique**
 station-id number 28010
!

Configuring dial-peer pots :

dial-peer voice 28010 pots
 description **telephone analogique**
 destination-pattern 28010
 port 2/20
!

Configuring SIP TRUNK :

Configuring Incoming Trunk :

dial-peer voice 201 voip
 description **Incoming Call from SIP Trunk**
 session protocol sipv2
 session target sip-server
!

Configuring Outgoing Trunk :

dial-peer voice 200 voip
 description **Outgoing Call to SIP Trunk**
 destination-pattern 10...
 session protocol sipv2
 session target sip-server
 codec g711alaw
!

Configuring SIP-UA :

sip-ua
 sip-server ipv4:10.20.2.27
!

Troubleshooting commands :

show voice port summary

VG224#show voice port summary
                                          IN       OUT
PORT           CH   SIG-TYPE   ADMIN OPER STATUS   STATUS   EC
============== == ============ ===== ==== ======== ======== ==
2/0            --  fxs-gs      up    dorm on-hook  idle     y
2/1            --  fxs-ls      up    dorm on-hook  idle     y
2/2            --  fxs-ls      up    dorm on-hook  idle     y
2/3            --  fxs-ls      up    dorm on-hook  idle     y
2/4            --  fxs-ls      up    dorm on-hook  idle     y
2/5            --  fxs-ls      up    dorm on-hook  idle     y
2/6            --  fxs-ls      up    dorm on-hook  idle     y
2/7            --  fxs-ls      up    dorm on-hook  idle     y
2/8            --  fxs-ls      up    dorm on-hook  idle     y
2/9            --  fxs-gs      up    dorm on-hook  idle     y
2/10           --  fxs-ls      up    dorm on-hook  idle     y
2/11           --  fxs-ls      up    dorm on-hook  idle     y
2/12           --  fxs-ls      up    dorm on-hook  idle     y
2/13           --  fxs-ls      up    dorm on-hook  idle     y
2/14           --  fxs-gs      up    dorm on-hook  idle     y
2/15           --  fxs-ls      up    dorm on-hook  idle     y
2/16           --  fxs-ls      up    dorm on-hook  idle     y
2/17           --  fxs-ls      up    dorm on-hook  idle     y
2/18           --  fxs-ls      down  down on-hook  idle     y
2/19           --  fxs-gs      up    dorm on-hook  idle     y
2/20           --  fxs-ls      up    dorm on-hook  idle     y
 --More--

show dial-peer voice 28010

VG224#show dial-peer voice 28010
VoiceEncapPeer28010
        peer type = voice, information type = voice,
        description = `**telephone analogique**',
        tag = 28010, destination-pattern = `28010',
        answer-address = `', preference=0,
        CLID Restriction = None
        CLID Network Number = `'
        CLID Second Number sent
        CLID Override RDNIS = disabled,
        source carrier-id = `', target carrier-id = `',
        source trunk-group-label = `',  target trunk-group-label = `',
        numbering Type = `unknown'
        group = 28010, Admin state is up, Operation state is up,
        Outbound state is up,
        incoming called-number = `', connections/maximum = 0/unlimited,
        DTMF Relay = disabled,
        URI classes:
            Destination =
        huntstop = disabled,
        in bound application associated: 'DEFAULT'
        out bound application associated: ''
        dnis-map =
        permission :both
        incoming COR list:maximum capability
        outgoing COR list:minimum requirement
        Translation profile (Incoming):
        Translation profile (Outgoing):
        incoming call blocking:
        translation-profile = `'
        disconnect-cause = `no-service'
        advertise 0x40 capacity_update_timer 25 addrFamily 0 oldAddrFamily 0
        type = pots, prefix = `',
        forward-digits default
        session-target = `', voice-port = `2/20',
        direct-inward-dial = disabled,
        digit_strip = enabled,
        register E.164 number with H323 GK and/or SIP Registrar = TRUE
        fax rate = system,   payload size =  20 bytes
        supported-language = ''

        Time elapsed since last clearing of voice call statistics never
        Connect Time = 5647, Charged Units = 0,
        Successful Calls = 2, Failed Calls = 0, Incomplete Calls = 0
        Accepted Calls = 4, Refused Calls = 0,
        Last Disconnect Cause is "10  ",
        Last Disconnect Text is "normal call clearing (16)",
        Last Setup Time = 431092778.

Upgrade Unity Connection 8.5 to Unity Connection 8.6

Few notes about issues that can be encountered during an upgrade from Unity Connection 8.5 to 8.6.

Modification of Hardware Requirements :

Hardware requirements for Unity Connection have changed with version 8.6 :

http://docwiki.cisco.com/wiki/Virtualization_for_Cisco_Unity_Connection
With 8.6, you need 6GB of RAM memory instead of 4GB with 8.5.

If you don’t up the memory before the upgrade, the following error will be raised :

file list install * detail

file view install install_log_2013-09-06.21.48.42.log

09/06/2013 21:57:07 refresh_upgrade|Check if the upgrade is allowed|<LVL::Info>
09/06/2013 21:57:07 refresh_upgrade|Validate hardware for the upgrade|<LVL::Info>
09/06/2013 21:57:07 refresh_upgrade|Hardware is supported for the upgrade|<LVL::Info>
09/06/2013 21:57:10 refresh_upgrade|Validate hardware for "connection" deployment|<LVL::Info>
09/06/2013 21:57:10 refresh_upgrade|File:/common/download/8.6.2.23900-10/refresh_upgrade:857, Function: validate_upgrade_allowed(), This server is not supported for use with the version of "connection" that you are trying to install. For information on supported servers, see the applicable version of the "connection" Supported Platforms List at http://www.cisco.com/en/US/products/ps6509/products_data_sheets_list.html|<LVL::Error>
09/06/2013 21:57:10 refresh_upgrade|Final exit processing with result 1|<LVL::Info>

Refresh Upgrade COP file needed before upgrader 8.6

You need to install ciscocm.refresh_upgrade_v1.2.cop.sgn

http://software.cisco.com/download/release.html?mdfid=283782839&flowid=26422&softwareid=282204704&release=2013%20COP%20Files&relind=AVAILABLE&rellifecycle=&reltype=latest

Without it, the following error would be raised :

09/07/2013 12:51:48 refresh_upgrade|Validate from version 8.5.1.10000-26|<LVL::Info>
09/07/2013 12:51:48 refresh_upgrade|********** Upgrade Failed **********|<LVL::Info>
09/07/2013 12:51:48 refresh_upgrade|*** Please install the Refresh Upgrade COP, and reattempt the upgrade ***|<LVL::Info>
09/07/2013 12:51:48 refresh_upgrade|************************************|<LVL::Info>
09/07/2013 12:51:53 refresh_upgrade|File:/common/download/8.6.2.23900-10/refresh_upgrade:811, Function: validate_from_version(), Upgrade from 8.5.1.10000-26 not allowed|<LVL::Error>

Split a wireshark capture in a smaller file with editcap

One of my customer sent me a tcpdump trace with a size of 2.5 GB. It goes without saying that it’s too large for open it on a desktop PC with wireshark.
So I discovered the tool editcap delivered with wireshark which allowed me to split the trace in a smaller file. Hopefully, my customer gave me the exact time where the problem has been encountered so I can get the only traces related to this event.

C:\Program Files\Wireshark>editcap
Editcap 1.8.7 (SVN Rev 49382 from /trunk-1.8)
Edit and/or translate the format of capture files.
See http://www.wireshark.org for more information.

Usage: editcap [options] ... <infile> <outfile> [ <packet#>[-<packet#>] ... ]

<infile> and <outfile> must both be present.
A single packet or a range of packets can be selected.

Packet selection:
  -r                     keep the selected packets; default is to delete them.
  -A <start time>        only output packets whose timestamp is after (or equal
                         to) the given time (format as YYYY-MM-DD hh:mm:ss).
  -B <stop time>         only output packets whose timestamp is before the
                         given time (format as YYYY-MM-DD hh:mm:ss).

Duplicate packet removal:
  -d                     remove packet if duplicate (window == 5).
  -D <dup window>        remove packet if duplicate; configurable <dup window>
                         Valid <dup window> values are 0 to 1000000.
                         NOTE: A <dup window> of 0 with -v (verbose option) is
                         useful to print MD5 hashes.
  -w <dup time window>   remove packet if duplicate packet is found EQUAL TO OR
                         LESS THAN <dup time window> prior to current packet.
                         A <dup time window> is specified in relative seconds
                         (e.g. 0.000001).

           NOTE: The use of the 'Duplicate packet removal' options with
           other editcap options except -v may not always work as expected.
           Specifically the -r, -t or -S options will very likely NOT have the
           desired effect if combined with the -d, -D or -w.

Packet manipulation:
  -s <snaplen>           truncate each packet to max. <snaplen> bytes of data.
  -C <choplen>           chop each packet by <choplen> bytes. Positive values
                         chop at the packet beginning, negative values at the
                         packet end.
  -t <time adjustment>   adjust the timestamp of each packet;
                         <time adjustment> is in relative seconds (e.g. -0.5).
  -S <strict adjustment> adjust timestamp of packets if necessary to insure
                         strict chronological increasing order. The <strict
                         adjustment> is specified in relative seconds with
                         values of 0 or 0.000001 being the most reasonable.
                         A negative adjustment value will modify timestamps so
                         that each packet's delta time is the absolute value
                         of the adjustment specified. A value of -0 will set
                         all packets to the timestamp of the first packet.
  -E <error probability> set the probability (between 0.0 and 1.0 incl.)
                         that a particular packet byte will be randomly changed.

Output File(s):
  -c <packets per file>  split the packet output to different files
                         based on uniform packet counts
                         with a maximum of <packets per file> each.
  -i <seconds per file>  split the packet output to different files
                         based on uniform time intervals
                         with a maximum of <seconds per file> each.
  -F <capture type>      set the output file type; default is pcapng.
                         an empty "-F" option will list the file types.
  -T <encap type>        set the output file encapsulation type;
                         default is the same as the input file.
                         an empty "-T" option will list the encapsulation types.

Miscellaneous:
  -h                     display this help and exit.
  -v                     verbose output.
                         If -v is used with any of the 'Duplicate Packet
                         Removal' options (-d, -D or -w) then Packet lengths
                         and MD5 hashes are printed to standard-out.

So, the following command allows you to get the only part of time of interest :

-A : specifies the start time
-B : specifies the stop time
capture2.pcap is the input file
capturetest.pcap is the output file

C:\Program Files\Wireshark>editcap -A "2013-08-26 15:20:00" -B "2013-08-26 16:00:00" "D:\Users\capture\capture2.pcap" capturetest.pcap

VMWARE Requirements for Cisco Unity Connection

I encountered few troubles to find the good configuration for a Virtual Machine on ESXiV4.1.0 where I wanted to install a Cisco Unity Connection 8.5.1.10000-26.

The Cisco sizing page indicates that a Hard Disk with 160GB should be enough for Unity Connection but with that the hardware detection before installation failed with the message :

“Products not supported on current hardware”

http://docwiki.cisco.com/wiki/Virtualization_for_Cisco_Unity_Connection#Version_8.5.28x.29

So after some digging, I tried to increase size of the hard disk to 200 GB and the detection has been successful for Unity Connection installation.

Below, the configuration of the Virtual Machine. With a disk of 200GB with thin provisionning.

Install/Upgrade Cisco Call Manager Business Edition 5000 9.1

I encountered some issues with the installation of the Cisco Call Manager Business Edition 5000 9.1.

1 – How to size the Virtual Machine to allow the installation of CUCM BE 9.1

To pass the hardware detection for CUCM BE 9.1 you need at least :

– 3 VCPU

– 6 GO RAM

– 180 GO Disk (with Thin Provisionning)

2 – Where to download the bootable version and which release you have to select :

First failed attempt :

I tried to make an installation with the release : UCSInstall_UCOS_9.1.1.20000-5.sgn.iso

I selected the Restricted version and not Unrestricted (UNRST) version. Be carefull with that, UNRST is done only for few countries where encryption of voice is not allowed. And with the UNRST version you can’t update a restricted version and Vice versa.

I downloaded this version on cisco website and made it a bootable version thanks  the following procedure from UC Corner :

http://htluo.blogspot.fr/2010/04/how-to-make-non-bootable-iso-image.html

But with this version I fell into the following error :

/usr/local/cm/script/cm-dbms-install install PortInstall 9.1.1.20000-5 /usr/local/cm/usr/local/cm /common/log/install/capture.txt failed

After few searchs on Internet, I find out that it seems that this release doesn’t work for Installation despite the “Make a non-bootable ISO image bootable procedure”.

So I looked for another version of 9.1 on Cisco Website but without success.

Second attempt :

So the direct installation in 9.X release didn’t work I tried to install a 8.5 Release that I had and update it in 9.1.
I had a CUCM 8 with the version 8.5.1.10000-26, so I tried to update it with the UCSInstall_UCOS_9.1.1.20000-5.sgn.iso and after few minutes the installation failed with following message :

Error encountered: The selected upgrade is disallowed from the current version

After few searchs on Internet, I find out that before the upgrade in 9.X if you have a release before 8.6, you need to install first the following cop file :

ciscocm.refresh_upgrade_v1.1.cop.sgn

“Refresh Upgrade COP file: For all upgrades from pre 8.6(x) to 8.6(x) and higher. This COP also permits the upgrade to recognize the unrestricted upgrade media or file. This is for UCM standalone, Unity Connection standalone, CUCMBE5k & IME. ”

http://software.cisco.com/download/release.html?mdfid=284441232&flowid=33683&softwareid=282204704&release=COP-Files&relind=AVAILABLE&rellifecycle=&reltype=latest

Uncompress a VMWARE OVA and modify its VM version

Introduction :

This post shows how to adapt a VMWARE OVA for a Virtual Machine with VM8 format to a VM7 format compatible with ESXi4.

When you try to open an OVA with the format vmx-08 on an ESXi 4.1 you get the following error :

 “The OVF package requires unsupported hardware
Details: Line 25: Unsupported hardware family ‘vmx-08’.”

Uncompresse OVA Archive :

First off all uncompress the OVA archive (with a zip extractor like 7-ZIP)

You will get a directory with 3 files on it like this :

10.20.8.48 _ CentOS6_64b_PostGre_Designed.mf
10.20.8.48 _ CentOS6_64b_PostGre_Designed.ovf
10.20.8.48___CentOS6_64b_PostGre_Designed-disk1.vmdk

Modify the OVF file :

Open the *.ovf file

Change the following line :

 <vssd:VirtualSystemType>vmx-08</vssd:VirtualSystemType>

By this one :

 <vssd:VirtualSystemType>vmx-07</vssd:VirtualSystemType>

Modify the *.mf file and calculate the SHA1 hash of the modified OVF file :
Open the *.mf file which contains the SHA1 hash of *.ovf file. So you need to replace the value specified by the new SHA1 hash of .ovf file.

SHA1(10.20.8.48 _ Kurmi_64b_PostGre_Designed.ovf)= 48432f9cb8b0bfa97098006abb390805449303be
SHA1(10.20.8.48___Kurmi_64b_PostGre_Designed-disk1.vmdk)= ffa3500bc379a2e040badce315d6b3b06876d5a9

To calculate this hash you can use a tool like FCIV from microsoft. You can download it there : http://support.microsoft.com/kb/841290

>D:\FCIV\fciv.exe -sha1 "10.20.8.48 _ Centos6_64b_PostGre_Designed.ovf"
//
// File Checksum Integrity Verifier version 2.05.
//
a5dfa395e40861199582e8a66b1c36f58b27b7bf 10.20.8.48 _ Centos6_64b_postgre_designed.ovf

So, put the new hash in the *.mf file and save it

SHA1(10.20.8.48 _ Kurmi_64b_PostGre_Designed.ovf)= a5dfa395e40861199582e8a66b1c36f58b27b7bf
SHA1(10.20.8.48___Kurmi_64b_PostGre_Designed-disk1.vmdk)= ffa3500bc379a2e040badce315d6b3b06876d5a9

Deploy the new OVF :

Now, you can deploy directly the new OVF file on ESXi 4.1.
On VSPHERE select :

File > Deploy OVF Template
Select your OVF file :

The following WARNINGS are raised but you can move forward.

So now you can deploy and start your VM.

Configuration Cisco CME COR List

Introduction :

This post summarize the configuration of COR Lists ( Class Of Restriction).

COR Lists  define restrictions that you can apply on ephones-dn and dial-peer. These restrictions allow to limit the access for routes reserved for only ephone_dn permitted.

The principle is based on tags that you set on ephones-dn and dial-peers.

To explain a basic configuration we are going to configure the following topology :

The COR configuration scenario is the following :

• The ephone-dn 3000 can call only numbers as 1XXX
• The ephone-dn 4000 can call only numbers as 2XXX

CME Configuration :

Tags definition :

For our scenario, we need two tags RED and PURPLE.

The following configuration allows to define the name of these tags :

dial-peer cor custom
 name red
 name purpled

Incoming and Outgoing COR Lists :

We need to configure Incoming and Outgoing COR Lists which will be applied to ephones-dn and dial-peers.

• Incoming COR Lists will be used to tag an incoming call with tags defined as member.
• Outgoing COR Lists will be used to check if tags are present in a call which go out.

dial-peer cor list PURPLE-OUT
 member purple
 !
 dial-peer cor list PURPLE-IN
 member purple
 !
 dial-peer cor list RED-IN
 member red
 !
 dial-peer cor list RED-OUT
 member red

COR List Application :

According to our scenario, we place INCOMING COR LIST on  ephones-dn and OUTGOING COR LIST on dial-peers voip

!

ephone-dn  1
 number 3000
 name bob
 corlist incoming RED-IN
!
ephone-dn  2
 number 4000
 name alice
 corlist incoming PURPLE-IN
!
dial-peer voice 2 voip
 corlist outgoing RED-OUT
 description **Outgoing Call to SIP Trunk dest 1...**
 destination-pattern 1...
 session protocol sipv2
 session target sip-server
!
dial-peer voice 3 voip
 corlist outgoing PURPLE-OUT
 description **Outgoing Call to SIP Trunk dest 2...**
 destination-pattern 2...
 session protocol sipv2
 session target sip-server
!

Configure a Third-Party SIP device with CUCM

Introduction :

This post summurize the configuration to apply to register a third-party SIP device with Cisco CUCM.

CUCM configuration :

We need to configure :

•  user (for its digest credential)
• device (which is linked to the previous user)

User Configuration :

Go to User Management > End User :

Add a new user or select one from LDAP synchronisation (depending on your configuration)

For SIP usage, on the user you need to configure the fields :

Digest Credentials
Confirm Digest Credential

These fields must contain the SIP Authentication password also configured on your SIP Third-Party Device.

Device Configuration :

Go to Device > Phone

For the device configuration, you need to specify :

Third-Party SIP Device (Basic) as product type.
Digest User must be populated with the userId of the user previously defined.

Go back to user Configuration :

On the user configuration.
Add your device to the Controlled Device with Device Association button.

Example of Third Party device configuration with Thomson ST2030 :

To configure SIP Account on ST2030 web admin page, enter the following URL :
http://<ip>/admin.html

default login/password are administrator/784518

Go to Setup > VoIP Service > Basic Setup

And configure Profile 1 :

Configure the account with

Phone Number -> DN
Phone Name
Authentication ID -> CUCM userID
Password -> CUCM Digest Credential

Configure a SIP Trunk between Cisco CME and Cisco CUCM

Introduction :

In this post, I describe a basic configuration of SIP Trunk between Cisco CME (v4.1) and Cisco CUCM (v8.6.2).
Before this, if you want to know how to add ephone and ephone-dn in CME follow this post :

Read more of this post