I am having an issue getting CUPS to properly support LDAP Authentication with SSL.
CUCM version 6.1(3)
CUPS version 7.0(2)
LDAP Solution: Microsoft Active Directory 2003
I have been able to get CUCM and CUPS to authenticate against LDAP using port 389 (non-SSL). I am also able to get CUCM to authenticate using port 636 (SSL). However, CUPS does not work correctly when the LDAP authentication on CUCM is configured to use SSL. I have uploaded the same root certificate to CUCM and CUPS. I have tested with https://cucmserver/ccmuser and https://cupsserver/ccmuser as well as with Unified Personal Communicator. LDAP works and LDAP over SSL does not.
I ran a network capture on both the CUCM and CUPS servers. In both traces, the transactions are basically the same:
1. tcp handshake (syn syn ack)
2. cucm/cups --> LDAP (Client Hello)
3. some exchange of TCP messages (same on both traces)
It is at this point where things are different. With CUCM, the CUCM server initiates client key exchange. With CUPS, the server sends an alert message (Alert: level fatal, Internal Error (80)).
So, I am somewhat at a loss. Obviously the issue is with the certificate and it is also obvious that CUPS wants a different certificate than what I have loaded on CUCM. I have loaded the exact same certificate file on both. I have generated separate certificates, I have also downloaded the CUCM version of the cert and imported it into CUPS. All to no avail.
Any thoughts on what could be wrong? Am I supposed to use a different certificate? (note: the certificate is the root CA for the DC server) Any logs/traces/etc. that I can look at to see what the "internal error" is?
I'm not able to access my old voice mail messages all of a sudden. The recording says something like 'the message is currently not available'. This has never happened before in all the years I have been using this system. I have t...
If you have 2 ISR routers, one acting as Failover, do we need to have both the same number of SRST licenses on the 2 routers?
No. You will only need the SRST licenses on the primary router. Because this feature...