Is there any reason to have IIS services running on the Subscriber Callmanager? We were thinking that if we removed the service from the Subscribers, then we would only be vulnerable to the IIS security holes on one Callmanager server in the cluster. Then if the publisher got hit, at least the phones would remain up until we cleaned/restored the publisher.
We disabled the IIS service on a test lab subscriber and it didn't appear to cause problems, but it is only a test lab environment.
No, IIS is not required on subscriber CallManagers. During CallManager installation, one of the optional items to install says something like "Web Components" which includes CCMAdmin, CCMUser, and other virtual webs. If these are not installed then there is no reason to have IIS running on these servers.
Even if the Web Components are installed, I see no reason why you can't disable the appropriate services, since CCMAdmin/CCMUser/etc wouldn't generally be used except on the server where you typically access them -- usually the publisher.
You have reached the Cisco Logistics Support Center.. To Check Status of
your RMA, visit Product Returns & Replacements (RMA). Need help? Contact
us by Phone or Email. North Americas Phone: 1800 553 2447 Option 4
Email: firstname.lastname@example.org Europe Phone: +3...
The short answer is that you don't.... That isn't entirely true while at
the same time it kind of is, but for the most part you don't configure
the softkeys. You enable or disable them via TCL. Here is the long
answer. Be sure to read the whole thing or e...
Topology: IP Phone > Switches > Microsoft NPS setup to forward 802.1x
proxy to > ISE 2.1 patch 3 Authentication: EAP-TLS using Cisco MIC SANs
Phone Models 802.1X support? 802.1x flavor Addtl Comment EAP-MD5 EAP-TLS
Cisco 3905 Y Y N Cisco 6911 Y Y N Cisco ...