Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

CUCM Error

Hi Everyone

I was trying to move a phone from one DP to another and when I move the phone and went to save the changes it gave me this error below and I wanted to know what would cause this and how would I go about fixing this problem.

The attempted action was a violation of security protocols and will not be allowed. This may be caused by having multiple concurrent windows open or using browser buttons (back, refresh, etc). Please retry the operation

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Did you have more than one

Did you have more than one tab open for CCMadmin??

If yes, that's the cause, use only one, or use different browsers.

HTH

java

if this helps, please rate

www.cisco.com/go/pdi
36 REPLIES
Cisco Employee

Did you have more than one

Did you have more than one tab open for CCMadmin??

If yes, that's the cause, use only one, or use different browsers.

HTH

java

if this helps, please rate

www.cisco.com/go/pdi
New Member

I received this error when

I received this error when trying to make a change, shut the browser down completely (closed all tabs, sessions, etc)

logged back in - attempted the change again - same error -

 

Can we only have 1 administrator in at a time now? That seems like a big step backwards:

New Member

Any resolution to this?Just

Any resolution to this?

Just upgraded to CCM 10.5. I was able to add a location, but now I cant modify or delete w/o getting this error. I cleared cache/cookies, used a diff browser, I am the only one logged in, etc.

Can't get past it.

Thx,

Can you try hitting save

Can you try hitting save after seeing this error? This should still let you save the changes. Is your browser supported, I remember seeing this error but happened only when I opened another tab while modifying any records, and if I remember correctly after doing save after this error it did let me save. I dont have the console in front of me to test it at the moment but you can try saving after the error.

Ref: (although this for ver 10)

www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/admin/10_0_1/ccmcfg/CUCM_BK_C95ABA82_00_admin-guide-100/CUCM_BK_C95ABA82_00_admin-guide-100_chapter_01.html


Note
 
If you receive the following error message upon saving a configuration, entered changes are not lost. Click Save again after seeing the error message.

Security Error : The attempted action was a violation of security protocols and will not be allowed. This may be caused by having multiple concurrent windows open or using browser buttons (back, refresh, etc). Please retry the operation

 

-Terry

Please rate all helpful posts

New Member

Thanks Terry.Once I get that

Thanks Terry.

Once I get that message though, I no longer have any options other than hitting "Go" to go back to the list of my Locations. There is no Save button. :(

I don't have multiple tabs open in my browser. I tried IE, Firefox, Chrome, non domain machines, rebooted the PUB, and no such luck. Same darn message.

Strange. Can you confirm if

Strange. Can you confirm if you are making the changes from Pub server (I am sure you must be but to double check)?

Although this appears more of a browser issue to me but can you post the output of below from CLI of the pub

show network cluster

utils dbreplication runtimestate

It may be completely off the track but just wanted to confirm you have no other problems.

-Terry

VIP Purple

[+5] to Terry for

[+5] to Terry for troubleshooting tips.

I can see one bug not exactly related to the error message[multiple browsers] posted 7 months bug but has been fixed in latest 10.5.1 version.

 

have  u upgraded to the same version as mentioned in Fixed releases.

 

UCM Admin page gives unexpected error for "security protocol violation"
CSCuj91763
Symptom:
See "The attempted action was a violation of security protocols and will not be allowed. Please try another action." when saving User Device Association consecutive times.

Conditions:
Navigate to User Device Association and save selected changes consecutive times.

Workaround:
Navigate to User Configuration and then back to User Device Association to save again.
Known Affected Releases:
(1)
10.0(1.10000.2)
Known Fixed Releases:
(7)
10.5(0.98000.23)
10.0(1.10000.7)
10.5(0.98000.13)
10.0(1.10000.6)
10.0(0.98000.35)
10.0(1.10000.24)
10.5(1.10000.7)
New Member

Thx for all the replies. I

Thx for all the replies. I just upgraded to 10.5.2.10000-5.

Upon further  hair pulling, this issue is related to a particular site within my cluster. For that  site, I cant change the Device Pool, Region, Location, etc.

I can make changes to everything else outside of this particular site.

I removed any devices associated to that DP, still no luck.

I restored from a backup I had made right  after my upgrade, no luck.

dbrep runtimestate shows all status 2's.

show net cluster shows all authenticated.

TAC case is opened.

New Member

It's got to be a bug. I went

It's got to be a bug. I went to change the name of the Location and it worked.

The original name was Campus-DoveValley

 

These names work:

Campus

Campus-Centrepoint99999999

Campus-CentrepointPPPPPPPPPPPPPP

Campus-Dove

Campus-DoveV

Campus-DoveVa

Campus-DoveVVVVVV

Campus-DoveVa123

Campus-Dove_Valley

Campus-ValleyDove

 

 

These names don't:

Campus-CentrepointDoveValeyy

Campus-DoveValley

Campus-DoveVal

Campus-DoveValaaa

Campus-DoveVal123

Campus-DoveValley_

Campus_DoveValley

Campus_WasDoveValley

 

I cant make any sense from it. It works when it likes the name. Now I have to cope with a naming convention that isnt consistent. Going to need counseling. ;)

I will update this when TAC takes a look at it.

 

Thanks again!

 

 

VIP Purple

we would wait for TAC to

we would wait for TAC to reply.

this is what I could find.

Location - Hub_None Access Denied error
CSCur06655
Symptom:
If there is a location by the name "Union (any characters)" and then when we access the below path,

System > Location Info > Select the Location beginning with 'Union xx' > Under Links, select Hub_None

We get the below error,

"Access to the requested resource has been denied. The attempted action was a violation of security protocols and will not be allowed. Please try another action."

Conditions:
CUCM version 9.x and 10.x

Workaround:
None
New Member

I am running 10.5.2 and

I am running 10.5.2 and having this same issue.  Has anyone come across a resolution? 

New Member

Jecker, I got around it by

Jecker, I got around it by changing the name. The best I could do. Cisco's response was above.

New Member

Yeah, looks like it's a bug. 

Yeah, looks like it's a bug. 

 

Thanks for the info. 

New Member

This is definately a bug. I

This is definately a bug. I get the same error when trying to change the route partition of a line on a device.

 

My workaround i found to bypass this is as follows:

 

Instead of selecting save, select apply config first, it will then give you the option to save and then the update happens as suppose to.

 

Regards,

Conwell

 

 

New Member

It's a late evening, and this

It's a late evening, and this error reared its ugly head.  Your answer worked perfectly!

New Member

Is it possible to disable

Is it possible to disable this security error message ?

New Member

That's good info. I had this

That's good info. I had this exact issue just now and I definitely didn't have "eval" listed anywhere within this phone entry. My fix was to restart the Cisco Tomcat service within the CLI, but I'll give your solution a try too if it occurs next time.

VIP Purple

Any updates from TAC. regds

Any updates from TAC.

 

regds,

aman

New Member

From TAC. Note: I am seeing

From TAC. Note: I am seeing this error in CUCM 10.5.2.10000-5.

I dont see any of the "keywords" below in my names that generated the error. I am not going to pursue this  any longer. I'll just keep my current labels as they are.

 

Hi Matt,

 

This seems to be working as designed in CUCM ver 10.5.2. As far now, this have not been accepted as the bug.

 

These are the list of keywords which when used in the description field of a device tend to give this error:


"union,delete,insert,iframe,script,img,alert,onerror,window,location,href,onmouseover,key,pkid,lookup,multiple,fkdevice,having,service,primarytable,rowsvisible,dispcols,

name,searchstring0,eval,bulk,searchfield0"

New Member

What a wonderfull forum !!!

What a wonderfull forum !!!  Saved us a week with TAC.

 

Recently migrated from CUCM 8.0.3 to 10.5.2.

Had the security violation message when saving changes to a DN on a vg204.

Turns out we had the keyword "eval" somewhere in the description of the line and in some other fields like alerting name.

Removing this keyword solved our problem.

 

What a weird bug.

 

Eric

New Member

Funny Bug :)

Funny Bug :)

Cisco Employee

So, this is a stretch, but if

So, this is a stretch, but if there are reserved words that can't be used then I suspect one that was missed was "eval", which is a function name in just about every language written.  SQL, js, java, php, etc.

The one's that don't work all have dovEVALley.  It seems comical that it would translate that to an actual eval statement, since everything should be passed as a string, but that is the only thing that jumps out at me.

New Member

djdeel, your "stretch" was

djdeel, your "stretch" was right. You can't name anything with the characters "eval". Very good! I went back and tested and anything with that sequence of characters is rejected. It is rejected for Locations, DP's, Regions and MTP's.

Thanks for the update..looks

Thanks for the update..looks like time for another BUG ID...or its some sort of database lock..

Matt - Can you please let us know what's the outcome of the TAC case?

-Terry

Cisco Employee

Had this come up and and

Had this come up and and found the defect ID in case someone hits this again. CSCut08386 - Keyword 'eval' is not allowed as a substring.  The fix allows "eval" as a substring, but not as the primary string.  So, "testeval" would be fine, but simply "eval" would not.

Just adding a note to this

Just adding a note to this thread...

Ran into this at a client site today, they had added some new users to AD and the users had the word "Evaluations" in their job title.  When you went to update the end user settings in Call Manager you got the Access Denied error on a plain white web page.  We removed that word from the users title in AD and resynced LDAP on Call Manager and then that word went away from the Title field and the end user updates saved fine.

New Member

This is not acceptable I need

This is not acceptable I need to have more than one tab open at one time.  Cisco needs to change this.  It is already a horrible product don't make it worse. 

New Member

The true answer is that the

The true answer is that the Cisco Broke it attempting to secure it. 

Cisco Employee

It has been this way for a

It has been this way for a long time now and is required to be certified for the more security minded verticals, eg:  banks, government, investing houses, etc.

7024
Views
40
Helpful
36
Replies
CreatePlease to create content