Call Manager as Member of the Domain

Unanswered Question

Hey All,

I need some clarification and was hoping you could help. I am currently dealing with an issue that one of my clients created for himself. He apparently went around and changed a bunch of passwords, but he's not sure which.

So we have Call Manager 4.1.3 with a pub and a sub that are not replicating. I believe this is b/c of the random password changes he made. However, as I'm doing some investigation I find out that the Publisher is in a Workgroup and the Subscriber is in their AD Domain. Why it's that way, I have no idea. He said he didn't join it to the Domain and the engineer that installed this claims they didn't join it to the Domain.

Regardless, I've been getting conflicting reports of the proper procedure and I wanted some Cisco Documentation to confirm what route I should take. I thought the best procedure would be to remove the Sub from the domain and join it to the Workgroup, but I had a collegue say that I should join the Pub to the Domain.

What is Cisco best practices? Should the servers be in the domain or the workgroup?

After I figure out the domain/workgroup thing I'm planning on using adminutility.exe to set the password and sync them.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Rob Huffman Thu, 10/22/2009 - 05:41
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 IP Telephony, Unified Communications

Hi Jacob,

The Servers should be part of a Workgroup :)

Adding Cisco CallManager Servers as Members of a Windows Domain

Cisco does not recommend adding Cisco CallManager servers as members of a Microsoft Windows

domain. To prevent failures that may occur by the server being a member of a domain,

Cisco CallManager 4.1(3) modifies the installation process to abort the installation and displays the

following message if it detects that the server is in a Windows domain:

“The installation has detected that the server exists in a domain. When a server exists in a domain,

authentication between servers may fail, or the non-default domain security policies may be too

restrictive for the Cisco CallManager installation to build critical NT Accounts during an upgrade.

Your server must be removed from the domain and added to a workgroup to reduce installation and

upgrade errors, failures, or a total system failure, which would result in a loss of data and a complete

reinstallation of Cisco CallManager.

Hope this helps!


Jaime Valencia Thu, 10/22/2009 - 05:44
User Badges:
  • Cisco Employee,
  • Hall of Fame,


Just to add something to the great info from Rob

Hopefully they didn't change any of the users that their pwd was randomly generated during install and config.

Check the windows default Administrator user is the same ID and PWD in ALL server.

adminutility is a nice idea to sync a lot of pwds since they can't remember which pwds they messed with.



if this helps, please rate

Rob Huffman Thu, 10/22/2009 - 06:27
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 IP Telephony, Unified Communications

Hey Jacob,

Good stuff my friend! An add-on to the excellent tips from Java (+5 points my coffee buddy!)

This tool should only be used during Off-Production Hours.

This utility will sync the Passwords for all of these you use the Admin Utility to sync the passwords BackAdmin will be reset (and usable for your project)

SQLSvc, CCMServiceRW, CCMService, CCMCDR and CCMUser

From this excellent Tech Note;

Also check out;




This Discussion