Unable to login to CCMuser site for new user from a new domain.

Unanswered Question
Nov 25th, 2009
User Badges:

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

We have CUCM 6.1.  We want to add new users from new domain. 

I have added LDAP directory for this new domain and has been able to pull the new users from this new domain.

I went to “User Management > End User” and found the new users from the new domain. So CUCM is able to see the users.

I have associated the user with one of the phone and then assign the Primary Extension, and then in the permission information, I added the “Standard CCM End Users” for this user which will give the user Roles as “Standard CCM End User” and “Standard CCMUSER Administration”

When the user go to the CCM user page, the user got “Log on failed - Invalid User ID or Password”

I have the user from the existing/old domain that is already with CUCM and the user is able to login fine. Seems to be only from the users from the new domain.

It seems that it has an Authentication issue.  Can someone give me an idea how to fix this?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Chris Deren Wed, 11/25/2009 - 13:18
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,
  • Cisco Designated VIP,

    2017 IP Telephony, Contact Center, Unified Communications

Did you create new LDAP authentication for the new domain in CM beside just the LDAP search?


sienz.sienz Wed, 11/25/2009 - 13:58
User Badges:

I was thinking the same thing but I do not see where can I create a new LDAP authentication.

I go to "CCMadmin > System>LDAP authentication" and I see that is "LDAP authentication for End User". Currently it is for the old/existing domain that has already been setup with CUCM. but i do not see there an option to add another one.

How/Where can we create another "LDAP authentication for End User"?

or am i missing something?

Jaime Valencia Wed, 11/25/2009 - 16:10
User Badges:
  • Cisco Employee,
  • Hall of Fame,


You cannot create another, you can only configure 1.

LDAP Authentication

To enable authentication, a single authentication agreement may be defined for the entire cluster.


If you're going to migrate all to the new domain just delete and recreate, if not read the section:

Additional Considerations for Microsoft Active Directory

contained in the above doc.



If this helps, please rate


sienz.sienz Tue, 12/01/2009 - 15:20
User Badges:

It seems that it is only working on the Parent-Child Domain situation which we can point the LDAP Authentication on the parent domain.

In our environment, we do not have Parent-Child Domain.  Each domain is in each forest.  So in this case, our users got imported but they would not be authenticated.

Can someone confirm or have any advice on this?


Sascha Monteiro Tue, 12/01/2009 - 15:58
User Badges:
  • Silver, 250 points or more

I had a quick look at the SRND (the link that Java posted), and as far as I could see, you can authenticate against the GC, but need to sync on the UPN instead of the userid..??


This Discussion