Single Sign on with RTMT

Unanswered Question
Jul 22nd, 2012

Hello Support Community,

i configured Single Sign on with the OpenAM Server for cucm and cisco unity connection in my Lab Environment.

the environment:

CUCM  8.6.2.21900-5

CUC     8.6.2.21900-5

i configured the solution as it is explained in the Whitepaper:

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/miscellany/oam90-cucm8586-cuc86-sso.pdf

(after a bunch of sleepless nights) i got it to work with Firefox (14.0) and Internet Explorer (9.0), Operating System is Windows 7 x64.

BUT RTMT does not work.

when i start RTMT, i get a the certificate warning with the certificate of the cucm publisher, when i click "Accept" i see the certificat Warning regarding the Openam Server, if i accept this warning it says: "RTMT application cannot communicate with specified node/cluster. Please verify the host IP address is correct and ...."

Before i configured SSO for RTMT, it worked without problems.

i configured the registry keys as it is explained in the whitepaper. i also configured the J2EE Agent with the right URL:

/ast/WEB-INF/pages/logon.jsp and i configured the URL Policy Agent with "https://cucm.domain.internal:8443/*?*?*"

what could be the problem?

I have this problem too.
1 vote
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
r.rung Tue, 07/24/2012 - 09:18

Even a fresh installed Windows XP/SP2 without Firewall/Virusscan Software, without any Additinal MS Update  has the same problem.   (tested with Java 6 Update 20 and Java 7 Update 33)

Joe Martini Tue, 07/24/2012 - 10:39

I get the same error when trying to use an end user's PC to launch RTMT but when I login to a PC that is not setup for SSO RTMT connects fine.  This is connecting to the same CUCM with SSO enabled so the problem likely isn't on the CUCM side, I would think it might be on the client side with RTMT.  I'm doing some more testing to see if I can figure out what's going on when we get the cannot communicate message.

I'm also on 8.5.1 which doesn't support SSO with RTMT so I'm upgrading to CUCM 8.6.2 now to test it.

r.rung Sat, 04/19/2014 - 13:43

i did some more investigation in this problem, but without succuss till now.

just to tell you what i tested:

updating cucm to 9.1(2)SU1 and updating RTMT Tool-> same error

 

i did a lot of research regarding java and sso and the results are:

- java can basically do this

- RTMT 9.1 uses Java Version 6, so the Registry Key in the Whitepaper is correct (http://technet.microsoft.com/en-us/library/cc738673%28v=ws.10%29.aspx)

- Java Version 6 needs additionnally a krb5.ini file in C:\Windows for sso to work (http://info.michael-simons.eu/2012/07/23/java-7-jaas-and-kerberos-single-sign-on-vs-newer-windows-systems/)  -> i tried it, but without success

 

I updated the openam server from 10.0.0 to 10.1.0 -> same error

I tried it with Windows XP -> same error

 

I decrypted the ssl connection to the openam server  (from rtmt to openam and from a browser-client to openam(normal cucm login with sso) with this result:

 

Communication Windows 8.1 Firefox Browser SSO to CUCM Website: (SSO working)

GET /opensso/UI/Login?module=WindowsDesktopSSO&goto=https%3A%2F%2Fcucm.domain.intern%3A443%2Fccmadmin%2FshowHome.do HTTP/1.1

Host: openam.domain.intern:8443

User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.8,de-DE;q=0.5,de;q=0.3

Accept-Encoding: gzip, deflate

Referer: http://cucm.domain.intern/

Connection: keep-alive

 

HTTP/1.1 401 Unauthorized

Server: Apache-Coyote/1.1

Cache-Control: private

Pragma: no-cache

Expires: 0

X-DSAMEVersion: OpenAM 10.0.0 (2012-April-13 10:24)

AM_CLIENT_TYPE: genericHTML

Set-Cookie: AMAuthCookie=AQID5wM2LY4SfcwuSr-Kb7vQyL4W7DBAU58fauWb7S7xTZE.*AAJTSQACMDI.*; Domain=domain.intern; Path=/

Set-Cookie: amlbcookie=01; Domain=domain.intern; Path=/

WWW-Authenticate: Negotiate

Content-Type: text/html;charset=utf-8

Content-Length: 954

Date: Fri, 18 Apr 2014 10:06:33 GMT

<html><head><title>Apache Tomcat/7.0.29 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 401 - </h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u></u></p><p><b>description</b> <u>This request requires HTTP authentication ().</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.29</h3></body></html>

 

GET /opensso/UI/Login?module=WindowsDesktopSSO&goto=https%3A%2F%2Fcucm.domain.intern%3A443%2Fccmadmin%2FshowHome.do HTTP/1.1

Host: openam.domain.intern:8443

User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.8,de-DE;q=0.5,de;q=0.3

Accept-Encoding: gzip, deflate

Referer: http://cucm.domain.intern/

Connection: keep-alive

Authorization: Negotiate YIIDyQYGKwYBBQUCoIIGvTCCBrmgMDAuBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICHgYKKwYBBAGCNwICDqKCBoMEggZ/YIIGewYJKoZIhvcSAQICAQBuggZqMIIGZqADAgEFoQMCAQ6iBwMFACAAADCjggTtYYIE6TCCBOWgAwIBBaERGw9IRUxMR0FURS5JTlRFUk6iKTAnoAMCAQKhIDAeGwRIVFRQGxZvcGVuYW0uaGVsbGdhdGUuaW50ZXJuo4IEnjCCBJqgAwIBF6EDAgEDooIEjASCBIgro1h+j1L4W2STrIyr0VzcKgnHfgIUHSJu4GV6HBVFsPiM2uoUILPv/7HQWUtwtxZHn3rL8xMHAk1qFr+eFrl3tgQjsrBz3yWqaYo7DY8qMCd9wFxL76Ql1Mi6Og9WwYNGMa4wUc2vDGHTIOJNbVrPtswU6PtHhs1HjnjMXYh7fTxNbS4rkK7AIo7MJNZkb5r2Co0diH4W4tCqD9B+xnS+sszkb4CYglPhCG/DzFOqv3S1pO1E0CMdlgYp1MzrBhtmEPCFPcsT28lETbPe+VIcp4qJJIm/XDee7A+G9a+oNceBi7ScMUs+Zfdn8d/80Iv6drc8/yJbLm/UhHJA/EQ0365np2ACD7iq0bq3VfhRl/dApaP9jnJPcOExh771LnWQoRnKuA9/RsqlcV36omkGz8JLPVOCLkfHZa3DG7PXRm2uG4pVuF9oZ+WSfAGNYVH80t+dSeTSYENMq4PkGsU7tEk0fid9ECDhGNbTC8vSwsifDTMYIb6KKavybK5/4eJRVgfvZvFodRdE4MSHZT38zztxbLtBy2O8olRPGBI6Za9PcMFeTeX0xC/MOKHym2k871pEihjosUD768XAwGQ4Ioe1RBc2kE7Ufd+iNOWLjRSaFRm+PjXJAyZN+1bYzIn4+C3vhFT9Obrx8HepROISS8RsGhMWEmjJr43aG0TrD+zVvwBOrolI9iarXnn4tuJI+OwEZOPHl4aGG58FibQAbHp9RGbSmo1/oknx25HTueuj/3NIJ574kxMw93kgKnwZBfTPcftUSTpMhiWO292q2KftbNNqoAIhDumvq6wH8alJfpFeBs8hsIQTF6A05lNDmxLZI9Y05pY3O7WiNFKuUu12BdSdxzuqTAIvMfo7PriGGQLbRdaG2jh9p9kDyhVZ3qQ0VeKxh28GttuWnDo+S+12UVLsJD/23jiwa00kc6U9DJArVe+xZ/Uf9lq0hPKccXVqyjTZrI6naEBV8chfGzTXOnQ4OK3JnfunWuegxOL+zOTZX3FNYdaYApbhPimBG7fWwniC8j7cySwz1QDjxkxukLE2oJ1J/QbEtzHHgEfoq8kVCV91yjUhhk0vMR3PSA4LOj4jkE3xV+DuPXfVEGIr7IA+tpfikfkOw3X1IP4SBGTryqRhO5blhlfIq7+lV451Dq3GANKYpQ5MKdxozHStRMtet5d+2KYtTokjpiQgsTjwABbCzx+POwxl8QOySob2qigjZQDSaQGgi/RI0+0qwF8e1dAXyvtabfGi9TRjWPqkDzwkPNymjSX1gecwfoDcR1dWfyyxiV835MpC6wFBCV2DvikzWQPovKOnBUVg4vAvEtK9FDZl+WWBRDEOrTKUs88/sBxejVi1xgfD1pd3Uw6LzQwKqhx/Hy727OmoK3lN57DFcdc/4wR1vaTT/MyBFE53gcfAu/tqf1A+n9EO15+pkfrLncI4/8DeVZ3cvqrpdqKFEWogHol4lC0mcfGGuxSWhqxjttyAl7E6ATQ1wmzgNFeIf9x/ACNUqF3zyaOO8lDQDNSFBkHCcFBiYzUKiA/spqSCAV4wggFaoAMCAReiggFRBIIBTVwaTZK+sWtwmiCLsg0wEgF3E/oQeVgQQR8E94GoTwEZ6qS8rVhnZPXoxR6HqTwDyc6TdPvpxKqvHoKIaovR6cTx6VFOXrai1fgDqHLlwBxtqQt0LwNmGTNlhTMDPFTUkhh2ahp9c5HP+DzyHyvV4xQhoG81AFEgTUD3UtDovWv6m47DKPXdxUR6s7cYWGjoi+v9Pfjyzw51bjJs/TBfi4r2ZOCI6tuWmgaihsObwmzatV8/qA8fkZAqZ+P633cAM023zN/Btgd2+bU8nZDXiewxSJuh5XfIoeXjSGhKa43kpIsFe7w1QMgdiD++SKlno8VCJElI3SLCZvUYJmde0XyyxnjPkhBzbsWeSuLriaG59KPSnOzgbDzXswNWbOMvfzAwt1GlkFjm4LdDJ1cYoEAGxmg62+h08mV+p5XX4VsiZMGcACquy77cOTS77g==

Cookie: AMAuthCookie=ADIC5wM2LY4SfcwuSr-Kb7vQyL4W7EBAD58fauWb7S7xTZE.*AAJTSQACDDI.*; amlbcookie=01

 

HTTP/1.1 302 Moved Temporarily

Server: Apache-Coyote/1.1

Cache-Control: private

Pragma: no-cache

Expires: 0

X-DSAMEVersion: OpenAM 10.0.0 (2012-April-13 10:24)

AM_CLIENT_TYPE: genericHTML

Set-Cookie: AMAuthCookie=AQID5wM2LY4Sfcz37QUCFmpuU7tpsC3neGXHyzYOgvU5BkE.*AAJTSQACMDI.*; Domain=domain.intern; Path=/

Set-Cookie: amlbcookie=01; Domain=domain.intern; Path=/

X-AuthErrorCode: 0

Set-Cookie: iPlanetDirectoryPro=AQIC5wD2LY4Sfcz37QUCFmpuU7tpsC3neDXHyzYOgvU5BkE.*AAJTSQACMDI.*; Domain=domain.intern; Path=/

Set-Cookie: AMAuthCookie=LOGOUT; Domain=domain.intern; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/

Location: https://cucm.domain.intern:443/ccmadmin/showHome.do

Content-Length: 0

Date: Fri, 18 Apr 2014 10:06:33 GMT

 

 

 

 

 

Communication Windows 7 RTMT SSO to CUCM  (SSO not working)

GET /opensso/UI/Login?module=WindowsDesktopSSO&goto=https%3A%2F%2Fcucm.domain.intern%3A8443%2Fast%2FServerVersion.xml HTTP/1.1

User-Agent: Java/1.6.0_15

Host: openam.domain.intern:8443

Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2

Connection: keep-alive

 

HTTP/1.1 401 Unauthorized

Server: Apache-Coyote/1.1

Cache-Control: private

Pragma: no-cache

Expires: 0

X-DSAMEVersion: OpenAM 10.1.0-Xpress (2013-February-07 15:45)

AM_CLIENT_TYPE: genericHTML

Set-Cookie: AMAuthCookie=AQIC5wF2LY4SfcyvbWE7PbKa8gSdvIGNCDvSU3xduaoFCxE.*AAJTSQACMDIAAlNLABMzMDM5MTg1NDExMjQ1MTczNDU2*; Domain=domain.intern; Path=/

Set-Cookie: amlbcookie=01; Domain=domain.intern; Path=/

WWW-Authenticate: Negotiate

Content-Type: text/html;charset=utf-8

Content-Length: 954

Date: Sat, 19 Apr 2014 20:27:19 GMT

 

<html><head><title>Apache Tomcat/7.0.29 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 401 - </h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u></u></p><p><b>description</b> <u>This request requires HTTP authentication ().</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.29</h3></body></html>

 

-> Session closed and new SSL Session started!

 

GET /opensso/UI/Login?module=WindowsDesktopSSO&goto=https%3A%2F%2Fcucm.domain.intern%3A8443%2Fast%2FServerVersion.xml HTTP/1.1

Set-Cookie: AMAuthCookie=AQIC5wM2LY4SfcyvbWE7PbKa8gSdvIGNCDvSU3xduaoPCxE.*AAJTSQACMDIAAlNLABMzMDM5MTg1NDExMjQ1MTczNDU2*; Domain=domain.intern; Path=/

Authorization: Negotiate null

User-Agent: Java/1.6.0_15

Host: openam.domain.intern:8443

Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2

Connection: keep-alive

 

HTTP/1.1 200 OK

Server: Apache-Coyote/1.1

Cache-Control: private

Pragma: no-cache

Expires: 0

X-DSAMEVersion: OpenAM 10.1.0-Xpress (2013-February-07 15:45)

AM_CLIENT_TYPE: genericHTML

Set-Cookie: AMAuthCookie=FQIC5wM2LY4SfcxE0ZVVOp7b2iul2BWHv3dAb8OgsGtSx5w.*AAJTFQACMDIAAlNLABQtNzk3NDczNTEyNzE0NzE1NzU2NQ..*; Domain=domain.intern; Path=/

Set-Cookie: amlbcookie=01; Domain=domain.intern; Path=/

X-AuthErrorCode: -1

Set-Cookie: AMAuthCookie=LOGOUT; Domain=domain.intern; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/

Set-Cookie: JSESSIONID=0F5D9F36917CCFEF5EAB9FF57198983F; Path=/opensso/; Secure; HttpOnly

Content-Type: text/html;charset=UTF-8

Content-Length: 2410

Date: Sat, 19 Apr 2014 20:27:19 GMT

 

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

  

  

  

  

       

        <head>

            <title>OpenAM (Authentication Error)</title>

           

            <link href="/opensso/css/new_style.css" rel="stylesheet" type="text/css" />

            <!--[if IE 9]> <link href="/opensso/css/ie9.css" rel="stylesheet" type="text/css"> <![endif]-->

            <!--[if lte IE 7]> <link href="/opensso/css/ie7.css" rel="stylesheet" type="text/css"> <![endif]-->

        </head>

        <body>

            <div class="container_12">

                <div class="grid_4 suffix_8">

                    <a class="logo" href="/opensso"></a>

                </div>

                <div class="box box-spaced clear-float">

                    <div class="grid_3">

                        <div class="product-logo"></div>

                    </div>

                    <div class="grid_9">

                        <div class="box-content clear-float">

                            <div class="message">

                                <span class="icon error"></span>

                                <h3>An internal authentication error has occurred.</h3>

                                <p>Contact your system administrator.</p>

                               

                                    <p><a href="/opensso/UI/Login?gx_charset=UTF-8">Return to Login page</a></p>

                               

                            </div>

                        </div>

                    </div>

                </div>

                <div class="footer alt-color">

                    <div class="grid_6 suffix_3">

                        <p>Copyright .. 2010-2011 ForgeRock AS, Philip Pedersens vei 1, 1366 Lysaker, Norway. All rights reserved. Licensed for use under the Common Development and Distribution License (CDDL), see http://www.forgerock.com/license/CDDLv1.0.html for details. This software is based on the OpenSSO/OpenAM open source project and the source includes the copyright works of other authors, granted for use under the CDDL. This distribution may include other materials developed by third parties. All Copyrights and Trademarks are property of their owners.</p>

                    </div>

                </div>

            </div>

        </body>

   

</html>

i marked the two problems in red:

1. the RTMT Tool uses a new ssl session after the 401 unauthorized

2. the RTMT Tool does not send the Authenticaton Token to Openam

so for me it looks like the PC or the RTMT Tool is not sending the right token or my krb5.ini file is not correct.

as i work only in my demo lab with sso i cannot open a tac case, but for me it looks like a bug...

 

yusuf.habibi Sat, 04/19/2014 - 17:23

hi

for RTMT, copy your folder java into RTMT forder --> jre

and then opened file run.bat with notepad, change the statement "".\jre\bin\java" with ".\jre\jre7\bin\java" (uncek read-only on folder RTMT properties)

if you using java 7, save and reopen run.bat or click icon RTMT shortcut.

simple trick for RTMT troubleshooting :)

 

r.rung Sun, 04/20/2014 - 12:27

thanks a lot for the answer.

the funny thing is: last night i had a similar idea, i just renamed the jre folder and put in the newest java 6 and later the latest java 7 version.

and both are working in a Windows XP Environment.

but for my Windows 7 installation something more seems to be missing because the behavior is the same as before.

 

r.rung Sun, 04/20/2014 - 13:21

ok so finally i got it to work.

i found the following error when starting RTMT 9.1 with Java 6.0.45 included on Windows 7 x64:

GSSException: No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism level: Illegal key size))

and to solve this you need to copy into the Java files the following:

Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6  (from oracle.com)

-> see included readme for details (you need to copy the two included files into Program Files (x86)\Cisco\Unified Serviceability\JRtmt 9.1(2)SU1\jre\lib\security)

 

tonycilli Tue, 07/24/2012 - 14:12

Just to ask the simple questions: Have you tried right clicking the RTMT icon and Running as Administrator? Also, not sure how long ago you updated your CUCM, but did you download the latest RTMT from the Application > Plugins menu? Desktop icon says RTMT 8.91 but About under the Help menu says 8.92(001).

Tony

r.rung Wed, 07/25/2012 - 04:36

Hello Tony,

yes i tried to run it as an administrator (on Windows XP) and i made a fresh install (Windows XP and RTMT), and it worked bevor i enabled SSO.

tonycilli Wed, 07/25/2012 - 06:31

Hey r.rung,

Found some interesting stuff about SSO and RTMT in this cisco paper:

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/miscellany/oam90-cucm8586-cuc86-sso.pdf

Looks like they state some registry changes you should make in Windows as well:

  1. 12.3  Configuring Windows Registry for RTMT SSO

    To achieve RTMT SSO, a new registry key ‘allowtgtsessionkey’ of type REG_DWORD with value set to‘1’ should be created on desktop client(WindowsXP/Windows7) at below location corresponding the respective OS distribution.

    Windows XP: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\

    Windows Vista/Windows 7: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters

Check out pages 32 - 45 and 53. It's OpenSSO, not OpenAM, but you should be able to get the jist of everything that needs to be configured for it from this page. But I believe those registry changes should do the trick?

HTH,

Tony

If you find this post helpful, please feel free to rate!

r.rung Wed, 07/25/2012 - 08:09

Hello Tony,

thank you for your answer.

As i explained in my first text i already configured all stuff as it is explained in the whitepaper.

i configured the registry key on windows xp and Windows 7 x64 (as noted in the whitepaper: i used the key that applys to the os)

and you are completele right, "those registry changes should do the trick", BUT they don't do the trick for me.

i really seems to me that it is just a "little" Client Configuration that is nessesary.

i checked the registry key several times that they are on the right location, that i have written it correct and so on.

i also rebooted the machine after setting the registry key. it doesn't help...

by the way:

- i can use RTMT to logon to the subscriber CUCM (which is not SSO Enabled)

- i have the same problem with Unity Connection, its a bit strange that the whitepaper says that i have to put in a speacial URL Policy for RTMT with CUCM, but i don't have to set it for RTMT with CUC, seems to be an error, but no matter if i set this URL or not (RTMT_Query, Page 32) it does not work

Joe Martini Thu, 07/26/2012 - 13:11

Just a quick update.  I upgraded my CUCM to 8.6.2 and have the same error as you did.  I was on 8.5.1 which didn't support RTMT SSO and then upgraded.  Since this is a lab setup for me I was using snapshots so my certs were all expired, once I fixed that SSO is working for the ccmuser page again but RTMT errors with the same message you're getting.  I'm working on debugging SSO now as I can see the client (RTMT) contacting openAM and then fail.

tonycilli Thu, 07/26/2012 - 13:16

Are you guys uploading the Certs into OpenAM? Seems like it fails right after the Cert part each time and I know in the whitepages it says to upload the Certificates.

Just a thought!

Tony

r.rung Mon, 07/30/2012 - 03:48

Hello Tony,

i have also seen this in the whitepaper, but i'm using an external ca (Microsoft Windows Server 2008 R2), and so the Openam-tomcat keystore includes the root certificate from my ca and the cucm (tomcat-trust) includes the root certificate from my ca.

so i think that this is not relevant for my environment

r.rung Wed, 08/08/2012 - 13:02

i updatet my cucm to 8.6(2a)SU2, uninstalled the rtmt and installed the new one, but it's the same error concerning SSO

r.rung Tue, 08/21/2012 - 04:32

i recently installed Cisco Unified Presence and Updatet until 8.6.4.11900-1.

i tried the RTMT Tool ... works, i enablen SSO for all possible services, working, but not for RTMT

i did everything as the "Deployment Guide for Cisco Unified Presence Release 8.6" said...

Yorick Petey Fri, 04/05/2013 - 00:58

Hi,

I have exactly the same problem:

CUCM 8.6.2.20000-2

Corresponding RTMT

OpenAM 10.0

SSO works for CUCMUser and admin

SSO is enabled for RTMT

Registry key is inserted in "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\" (XP) but when I start RTMT, I got the error message "RTMT application cannot communicate with specified node/cluster. Please verify the host IP address is correct and ....".

Did you figure out what the problem was?

r.rung Fri, 04/05/2013 - 01:31

Well it did not invest more time in this, i deactivated SSO for  RTMT.

for me it seems to be a bug or something wrong in the documentation. As it appeared in my lab environment and not in my customer installations i did not open a case, but perhaps this would be a good idea???

Actions

Login or Register to take actions

This Discussion

Posted July 22, 2012 at 11:34 AM
Stats:
Replies:18 Avg. Rating:
Views:1605 Votes:1
Shares:0
Tags: rtmt, sso, openam
+

Related Content

Discussions Leaderboard

Rank Username Points
1 21,026
2 15,047
3 10,314
4 7,999
5 4,856
Rank Username Points
125
90
67
55
51