Re: Call Manager and AD authentication

cgeorgePA · ‎12-06-2005

We change our AD administrator passwords periodically. We recently had callmgr 4.1 installed on our servers. We can't login to the Administration pages of call manager since we changed the AD admin password. How do I fix this?

gogasca · ‎12-06-2005

Hi George,

Is the CallManager in a domain?

Are you using MLA?

If you are using MLA you might check the account used for authentication in the Directory under:

C:\dcdsrvr\DirectoryConfiguration.ini

Also check in regedit:

HKEY_LOCAL_MACHINE\SOFTWARE\Cisco Systems, Inc.\Directory Configuration

The MGRPW field.

Password is encrypted, you can use the passwordutils utility to encrypt your new password.

Open a cmd

passwordutils

Then reset IIS.

Let us know

HTH

cgeorgePA · ‎12-06-2005

I did the above listed, even tried a restart on IIS. Did not work. Still no web admin access. I even rebooted the machine. Any other suggestions?

gogasca · ‎12-06-2005

Are you using MLA?

cgeorgePA · ‎12-06-2005

Yes, we are. I found a troubleshooting guide that recommended restarting some services, but that does not work either. What is dependent on that Active Directory admin password in call manager? any other suggestions? thanks.

ptredway · ‎12-07-2005

When you install the Active Directory plugin for CallManager, you must supply a user account with certain read privilegs to AD. This user account is used to bind to AD and check for valid credential sets when you login to CallManager via MLA, CCMUser etc etc.

So, if you change the password for the account which CallManager uses to bind to AD w/, it breaks.

You're not completely out of luck though. When you install MLA, you configure an account with full admin access that you can use at any point that does not authenticate against AD. Most of the time this account is ccmadministrator and the local administrator password of the box, but could have been altered during install. Refer to the following doc for more detailed info: http://www.cisco.com/univercd/cc/td/doc/product/voice/c_callmg/4_1/sys_ad/4_1_3/ccmcfg/b07mla.htm.

Moving forward, I'd recommend creating a service account (denied interactive login to any boxes on your network) for the sole purpose of CallManager binding to LDAP. Make the password complex, mark it never to expire, user can't change, and you shouldn't have to change the password in the future.

Hope this helps!

cgeorgePA · ‎12-07-2005

We had an installer come in set the box up for CallManager so we were not told that changing a password would break callmanager. I have to be able to get into the administration via on the box or webpage, which I cannot do. I need to know how to get the web administration working to fix all this. I appreciate the link references, but this does not help me get the web interface back up. Is this beyond your expertise and do I need to call our cisco service tech to fix? Thanks.

Vladimir Lazovic · ‎12-07-2005

Hi

As i can see u didn't change ccmadministrator password

or other CCM system accounts in call manager

When u change it in AD u also have to do it in CCM

with CCMPWDChanger through cmd, command prompt

Run->cmd->ccmpwdchanger-> and here u change passwords of ccmadministrator... after u change it in AD

Hope it helps

try it and give me a feedback if it helps please rate it

cheers

Vlad

cgeorgePA · ‎12-08-2005

We did not change the ccmadministrator password, only our AD admin password. We had to put a trouble ticket in for support and got the problem resolved. It required reinstalling a piece of software. But thanks for your help anyway.

Vladimir Lazovic · ‎12-08-2005

thanx for feedback

vinhnguyen · ‎07-01-2010

What is the name of that software? Could you post it?