Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Call Manager as Member of the Domain

Hey All,

I need some clarification and was hoping you could help. I am currently dealing with an issue that one of my clients created for himself. He apparently went around and changed a bunch of passwords, but he's not sure which.

So we have Call Manager 4.1.3 with a pub and a sub that are not replicating. I believe this is b/c of the random password changes he made. However, as I'm doing some investigation I find out that the Publisher is in a Workgroup and the Subscriber is in their AD Domain. Why it's that way, I have no idea. He said he didn't join it to the Domain and the engineer that installed this claims they didn't join it to the Domain.

Regardless, I've been getting conflicting reports of the proper procedure and I wanted some Cisco Documentation to confirm what route I should take. I thought the best procedure would be to remove the Sub from the domain and join it to the Workgroup, but I had a collegue say that I should join the Pub to the Domain.

What is Cisco best practices? Should the servers be in the domain or the workgroup?

After I figure out the domain/workgroup thing I'm planning on using adminutility.exe to set the password and sync them.


Hall of Fame Super Red

Re: Call Manager as Member of the Domain

Hi Jacob,

The Servers should be part of a Workgroup :)

Adding Cisco CallManager Servers as Members of a Windows Domain

Cisco does not recommend adding Cisco CallManager servers as members of a Microsoft Windows

domain. To prevent failures that may occur by the server being a member of a domain,

Cisco CallManager 4.1(3) modifies the installation process to abort the installation and displays the

following message if it detects that the server is in a Windows domain:

“The installation has detected that the server exists in a domain. When a server exists in a domain,

authentication between servers may fail, or the non-default domain security policies may be too

restrictive for the Cisco CallManager installation to build critical NT Accounts during an upgrade.

Your server must be removed from the domain and added to a workgroup to reduce installation and

upgrade errors, failures, or a total system failure, which would result in a loss of data and a complete

reinstallation of Cisco CallManager.

Hope this helps!


Community Member

Re: Call Manager as Member of the Domain

Thanks Rob! That was exactly what I was looking for. I couldn't find the correct document.

Cisco Employee

Re: Call Manager as Member of the Domain

Just to add something to the great info from Rob

Hopefully they didn't change any of the users that their pwd was randomly generated during install and config.

Check the windows default Administrator user is the same ID and PWD in ALL server.

adminutility is a nice idea to sync a lot of pwds since they can't remember which pwds they messed with.



if this helps, please rate



if this helps, please rate
Hall of Fame Super Red

Re: Call Manager as Member of the Domain

Hey Jacob,

Good stuff my friend! An add-on to the excellent tips from Java (+5 points my coffee buddy!)

This tool should only be used during Off-Production Hours.

This utility will sync the Passwords for all of these you use the Admin Utility to sync the passwords BackAdmin will be reset (and usable for your project)

SQLSvc, CCMServiceRW, CCMService, CCMCDR and CCMUser

From this excellent Tech Note;

Also check out;



CreatePlease to create content