I have followed this document to deploy a CUCM with Conductor/Telepresence server integration.
I have :
- CUCM v 10.5 (virtual)
- Conductor XC2.3 (virtual)
- Telepresence server v 4.0 on Multiparty Media 310
The doc says that Conductor can use Encrypted SIP (TLS) port 5061 and HTTPS port 443 but is it a prerequisite or not ?
I have configured everything with HTTP 80 and SIP (TCP+UDP) 5060 but I have this error message in the call history of Conductor when I try to do an ad-hoc conference :
B2BUA generated 404 Not Found due to a TLS failure on the Egress
I'm doing the same as you but with v10 of CUCM. I don't get the same error but calls are failing when I dial into a Meetme number mapped to a 'Rendezvous' service on Conductor/TPS.
Did you get things working?
According to an answer from Cisco support, TLS is mandatory. You cannot make this work if you don't configure SIP TLS and HTTPS between CUCM, Conductor and the Telepresence server.
I made it work (ad-hoc and rendez-vous) with configuring TLS (following the configuration guide).
i've have the same problems.
please can you say, what certificarte downloaded on cucm to install on Conductor?.
You have to make the CUCM certificate being signed by a CA.
Under certificate management, click on CSR Request. Choose Call Manager.
Then download CSR, choose Call Manager.
Go to your CA (either private or public) and give it the CSR so that it can be signed.
Upload the certificate to the CUCM.
Do the exact same process for Conductor.
Then you also have to upload the CA certificate to both CUCM (Call Manager trust) and Conductor.
Everything is explained in the "deploying certificates guide" of Conductor.
thanks for you information.
but i've a doubt when the CA signed my CSR. i'm obtain my cucm CA signed.
first need upload CA root certificate on cucm (call manager trust) and then upload the new certificate CA for cucm on (call manager)
Yes, first the CA certificate, then the CUCM certificate.
When you upload the CUCM certificate, you also have to indicate the name of the "root" certificate, the CN name of the CA certificate.
You can also not use any CA. Just upload the Conductor certificate (which is by default self-signed by a temporary CA, hence it is this default temporary CA that you would upload, not the Conductor certificate itself) on the CUCM and vice versa, upload the CUCM certificate (self-signed by default) to Conductor.
This is what I did lastly and it works fine. This is easier as you don't need any CA involved. OK for a lab, not for a production environnement.
Can you explain more this step please ?
Just upload the Conductor certificate (which is by default self-signed by a temporary CA, hence it is this default temporary CA that you would upload, not the Conductor certificate itself) on the CUCM - In this step i take the certificate (sign) of the CUCM or CA ? I put in Trusted CA Certificate or in Server Certificate?
and vice versa, upload the CUCM certificate (self-signed by default) to Conductor. - Where in CUCM os administrator page ?
This is not 100% correct.
TLS is required between vTS and the Conductor. You can use TCP and HTTP between the Conductor and CUCM.
No need to upload certificate in Telepresence Server. You will need the encryption key to be able to use TLS for encrypted communication (mandatory) between Telepresence Server and Conductor.
For Telepresence Server version 4.1(2.33) or earlier, encryption key is required. Beginning with version 4.2, it is no longer required.
Correct. You can use HTTP as communication between CUCM and Conductor for XML RPC.
But Cisco always recommend encrypted communication by using TLS and HTTPS so certificates are required.
You should have no problem using TCP for SIP trunk and HTTP for XML RPC between CUCM and Conductor. Have tried with some of my lab testings and works fine.
Refer to this guide under p.8 for reference.