It's been awhile

It's been awhile but I've been swamped in service tickets lately and by the time I get home I have little to no desire to do anything yet still end up learning AGK Basic programming.  I figured I would push blog post here so anyone that does view this blog on a semi-regular basis won't think I abandoned it due to lack of interest. 

I guess I could go back to the SD card thing first.  I ended up installing a new SD card on a UCS C200 last week since it didn't come with one when it should have.  Normally this isn't a huge task unless you have servers on top of servers with little to no room to work.  I ended up getting the SD card installed and verifying on the CIMC that everything was good to go.  Again, if you have never done this here are the steps:

1. Power down all VMs gracefully
2. Verify VMs are set to auto start in vSphere
3. Power down the ESXi OS via CIMC with "Shutdown Server" not "Power Off"
4. Unplug all cables in the way, to include the power cable
5. Pull the chassis cover off by unscrewing the back middle screw that holds the cover in place
6. Press the thumb inserts and press backwards
7. Use a flathead screwdriver very carefully if it is stubborn, don't break anything!
8. At the back of the server, near the RAM, there are two horizontal slots in the middle near the power supplies
9. Slide in the SD card into Slot 1 and the other SD card into slot 2 (if you have two SD cards...)
10. Put everything back together and power up
11. Verify the CIMC sees the SD card as a FlexFlash SD
12. Verify VMs are booted

Now normally, I wouldn't let the VMs auto start if I needed to make sure something was working on the chassis but since this is a straight forward install and nothing can really go wrong, I like to shave time off and just let the VMs auto boot once the ESXi host comes back up.

I know I've beaten this SD card topic to death by now and it isn't ending until next week.  I have to install two more cards and put them in RAID-1 and you better believe I'm posting results and the process for that as well.  I feel that even though this topic is rare and most won't mess with this issue, it is important for it to be well documented as Cisco is very quick and to the point without much help other than a .PDF doc.  Now that PDF is great, but coupled with an experience makes it even better so you can avoid any potential issues down the road.

Application Dial Rules and Call Routing with Remote Destinations

Yesterday we had an issue with dialing.  To put it plainly, a 10 digit number was being stripped to 7 digits for no apparent reason until right towards the end of the day when we discovered the Application Dial Rules for some reason applied to RD/RDP?!?!?  Yes, you heard that right, the application dial rules for the old school Unified Personal Communicator and other programs that could run with CUCM and make calls. 

The story starts off with my changing my cell phone number, actually, it goes before that but I figure we can start there.  I changed my number to a local number since I was still using my hometowns number from when I was in my army days.  I just never changed it and left it as is since it was considered a local call for my mother and she doesn't have long distance.  Anyways, I updated the Remote Destination to the new number and all of a sudden I wasn't getting calls from my desk phone on my cell phone.  Others had some minor issues but we blamed CUCM 8.5 at the time.  Now, we are on CUCM 10.5(2) so there are no excuses as to why something wasn't working that has been around for so long.

We opened up the gateways and watched the traffic from CUCM come in via H.323 and saw that my number was being presented to the gateway as 7 digits instead of 10.  This didn't make any sense since we checked the following:

1. Translation Patterns for crazyness
2. Route Patterns
1. We even made a explicit RP for my cell phone and no change...
3. Gateway Configs
4. Line and CSS config
5. Device Pools and Transforms

All of these checked out and left us scratching out heads.  Dialed Number Analyzer (DNA) was worthless in showing us the problem since it isn't going to show you transformations done at the application dial rule area. Towards the end we took a look at Application Dial Rules and saw some in there.  We use Jabber and as of now there is no reason to use the ADR(Application Dial Rules) with 10.5(2) unless you got some really old clients still in use. 

We noticed that there were about 7 rules and 2 of them could have been a match for my cell phone ANI.  I was basically being stripped down there then passed to another route pattern for Waco 7 digit dialing and dumping because of this.  Also, in case you were wondering, Waco does still use 7 digit dialing locally.  Additionally remote destinations use en-bloc dialing so urgent priority and other patterns that could match beforehand are not even considered.  All in all, these rules were for some weird reason, affecting remote destinations.  Please keep this in mind if you ever run into the same issue.

Moving on to another topic, I talked about en-bloc dialing.  I figured for those that may not know what en-bloc is I would go ahead and explain.  There are two different types of dialing.  The first is digit by digit in which the CUCM receives the numbers one by one and analyzes them against both the route patterns and internal directory.  This is common on SCCP phones and now, Type B SIP phones also support this via KPML(Keypad Markup Language).  The second method is en-bloc which cell phones and all SIP phones are capable of doing.  Basically, it sends the entire string all at once to the CUCM and then a match is determined.  In this case, urgent priority is disregarded since CUCM was never given the chance to look for a longer match.

So what is urgent priority you might ask?  Urgent priority is a checkbox that can be set on DNs and route patterns.  Translation patterns are always urgent priority.  This feature basically forces a route even if there are possible longer matches.  Usually you will see this used for emergency features such as 911 and is why you should be using an "8" to dial an outside line and not a "9". 

Well that is all I got for today.  I apologize if I haven't posted much lately, I been busy finishing up the NP Voice track since it goes end of life this year.  I figured I need to go ahead and get the cert instead of studying all new material that I could better learn on the job when and if it comes around assuming I don't already it.  I hope this post has been helpful and have a great day!

CUCM Users, groups, and Roles

Today I finished up going back over a weak topic on the CIPT1 exam since I always use the canned roles and groups within CUCM.  For those of you that don't know what roles, resources, privileges, applications, and user groups are, you are about to get a quick crash course.  So to start off, roles are basically a collection of privileges based on a resource.  I hope I didn't already lose you on that statement.  Let me back that statement up with an image from Call Manager to help you get a picture of what I'm talking about.










 So with the above image, you can see a resource is simply a web page on CUCM of some sort.  For example, the Application Dial Rule web pages would let you access that particular page if you check the  "Read" privilege to the right.  If you select "Update" as well then the user would also be able to make changes.  So let's break this down even further.  I made a custom Role as you can see which I named Read only to phones only.  This is more of an identifier than anything else as it has no influence on anything other than a name.

Above you can see I set permissions to let the user with this role to be able to see the phone webpage.  Basically, they can look at the settings but can't actually change anything.  Here is what the page looks like with read-only access:

As you can see, the command bar to add, delete, reset, etc. is missing at the top. If I select a phone as this user I see this:


Again, no save, update, delete buttons are available.  If you click on a field, you can edit it all you want but you cannot save the changes.  Additionally, the modify buttons will not let you do anything either because I have not granted "Update" privileges.  Now lets compare a full admin page to giggles:

Notice the giant bar that now appears as a administrator with update access.  I can now save, delete, copy, reset, apply config, and add new.  That is the difference between update and read access.  Again, you pick an application then add a role with the appropriate resources and their privileges.

Now this is all find and dandy to add these privileges but how to we get the user to inherit these traits we have assigned?  I spent some time today figuring out why my roles were assigned but not fully working.  It comes to pass that ANY role you set up and assign to a user also REQUIRES that you assign Standard CCM Admin User Group as well or they can't get into the web admin page.  Basically, the admin user page does nothing but let them access the initial screen after logging into the CUCM.  If they click any menu from there they get a pretty access denied page that looks like this:




















So with that given, you would then see the images I first posted when they went into something they did have read-only access to.  Now back to the meat.  You need to assign the roles to a user group then assign the user to that group or vice versa, it really doesn't matter.  So, go to User Management --> User Groups and see this page:
Now by default there aren't any custom user groups.   I have two created, one was for the ICVA Informacast application that comes with the Business Edition but that is another discussion.  The one we are concerned with here is the one I made called RO Phones.  This usergroup will be where I place the users that need RO (Read Only) access to the phone webpages within CUCM.  Also note the CCM Admin Users here, this is required for the user to even get into the web admin page so the user would have at minimum two groups assigned to them.  So if we create that RO Phones group it looks like this:

In this case, I had already assigned a user but you can see how to do it from here and it's very straight forward.  Once this is done, you need to assign the roles to this usergroup that the user inserted will inherit.  You do this by using the Related Links drop down on the upper right of the screen and click Assign Role to User Group then click Go.  Once you do this, you will be presented with this screen:


Normally the Role Assignment box will be blank, you would click Assign Role to Group and get a popup box asking you which roles to assign.  Once you do this, you are officially good to go.  Whatever users you add to the group will inherit the privileges you have put in from here.  The lesson to learn here is that you need to create these custom groups and assign roles to the users.  These users can be assigned to one or more groups and can inherit the roles from those groups cumulatively.  So you can essentially create a very modular privilege system and assign users roles in based on user group.  Luckily, CUCM already has most of what you need on a regular basis already created so you just go to the end user and assign whatever you need. 

I know this topic is confusing, it was for me when I first started and I just had to get into it and get my hands dirty.  If I were to get questioned on this and asked to explain it to a third grader I probably could given the examples I've provided here.  It's something you don't mess with often since the canned privileges are always in most circumstances good enough.  I hope this has been informative and will be posting more as I develop more impromptu content.