Hello Cisco Support Community,
i'm searching for a way to give a user the permission to use the Real-Time Monitoring Tool.
i tried to give the user the same roles as my default admin acount has (Audit Administrator and System Administrator).
now the user can do all the admin tasks, but when he starts rtmt it gives me: "Access forbidden"
i tried it with CUC 9.1(2)SU1
Try to add this Role in the Application User or End User:
The user can access to the admin page of cucm but only with read permission and he can access to the RTMT.
On "searching for a way to give a user" do you mean a mailbox user or an admin user?
If you just try with the System Administrator role do you get the same message?
Are you using an RTMT (Real Time Monitoring Tool) version downloaded from the CUC admin page or are you attempting with the RTMT donwloaded from CUCM?
If you CUC is a cluster have you tried logging into the other node?
Have you tried re-installing rtmt?
thanks for the answer.
basically i wanted to give a mailbox user the right to start rtmt. but for you i tested both:
1. an LDAP Imported mailbox user with the Role "System Administrator"
2. an LDAP Imported admin user with the Role "System Administrator"
3. an AXL-Imported mailbox user with the Role "System Administrator"
all 3 are giving me: Access forbidden. Forbidden
If i type in a different password i get another error, so the authentication works correct.
i tried reinstalling RTMT and the same RTMT works fine for the default admin user which i created in the installation phase.
just to give you an idea why i want to do this: i want to enable Single Singn on for RTMT for Unity Connection. and when i enabled it i need the Permission for an LDAP User because there is no way to enter credentials any more after that.
Unfortunately i must say this is a bottleneck type of situation and expected as this uses the OS admin account. You can only have one OS admin account and several application admin users, you cannot create other separate OS admin accounts.
ok, so this means:
Basically Single Sign on for RTMT Tool is a supported Feature for Unity Connection, but you can't really use it because there is no way to give an ldap user the permission to use RTMT, right?
Based on the following link:
Cisco Unity Connection 8.6 and later versions support the single sign-on feature that allows end users to log in once and gain access to use the following Cisco Unity Connection applications without signing on again:
•Cisco Personal Communications Assistant
•Cisco Unity Connection Administration
•Cisco Unity Connection Serviceability
Where exactly did you read it was supported for RTMT (Real Time Monitoring Tool) ?
ohh your right.
i'm sorry. just the availability of the option to enable sso for rtmt is no indication that this is really supported. my mistake...
The option to enable sso depends on the version of RTMT (Real Time Monitoring Tool) and the Application you are using it for as well.
On the guide below for RTMT version 9.0.1 you will see it is supported for IM and Presence server, but nowhere is CUC mentioned.
Cisco Unified Real-Time Monitoring Tool Administration Guide, Release 9.0(1)
So i think we can wrap this one up :)
i tried it with the set account cli command, but it gives me: Access is denied, please make sure user name and password ... are correct.
because you can't use an os account for RTMT...