CUCM 7.0.1 User + Extension Mobility authentication Failure

Unanswered Question

We have deployed CUCM 7.0.1

We have integrated CUCM with AD only to download users. After the AD synchronization we disabled synchro and changed the users password to make Authenticatrion made from CUCM.

We have enabled Extension Mobility and we have enabled 'Enterprise subscription'.

We have 2 authentication issues:

- Extension Mobility authentication issue (Authentication failed error 201)

- Users authentication failure when they try to login to the : http://CUCM_IP/ccmuser

We checked, verified and even changed many times the users passwords without results.

We created new user from CUCM administration interface and we could login in both CUCM user interface and Extension Mobility.

Could anyone help us to resolve this issue

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
cmcinally Sat, 09/04/2010 - 04:53

I have the exact same problem with Extension mobility on CUCM v6.1.4.  We removed the AD Sync and now none of the users can login.  Did you ever get this workign as I do not want to have to set them all up again.


Please find below the case description and the solution provided by TAC to make us resolve the issue :

@@@@@@@ Problem Description @@@@@@@
CUCM 7.X LDAP integration was deleted. User remain in inactive state and hence cannot be accessed via ccmuser page.

@@@@@@@ RESOLUTION SUMMARY @@@@@@@

TroubleShooting Steps/Resolution:

1) Customer enabled LDAP integration again to sync the users.
2) He needed to add the standard CCM enduser group
3) Reset PIN and password with BAT.

Explained in case he decides to dsiable LDAP integration he needs to do the below.

1) Delete the LDAP agreement -> Disable Integration -> STOP the DirSync service.
2) SSH to the publisher and run this command to fix the accounts:
     run sql update enduser set status=1

Hope this will help!

cmcinally Sat, 09/04/2010 - 06:53

Thanks very much this worked !!  I had a slightly different symptom in that I coull not authenticate but the LDAP (Active / Inactive) field was gone as it should be.  Thanks very much, the TAC engineer would like to trhank you also.


This Discussion