Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

OCS 2007 only accept TLS inbound??? CUPS RCC

I have CUPS 6.x and CUCM 6.x working flawlessly. Presence, IM, RCC, etc. I added my MOC and OCS server configurations. I can only RCC to make outbound calls on the MOC client. When I hang up, the call stays connected. It's like CUPS is not sending the SIP disconnect back to OCS (I think) On top of that my Presence is not showing in OCS (another inbound connection to OCS)

The client is using OCS and the OCS client with TLS. The OCS server is configured for TCP to Presence. Would it be safe to say I must use TLS at CUPS also and CUCM to talk to OCS for RCC and presence????

Im not complete versed in OCS to determine if TLS is required for all connections or not.

cheers

14 REPLIES
Red

Re: OCS 2007 only accept TLS inbound??? CUPS RCC

You have two issues here. And they are irrelevant to each other.

1) When you hang up, the call stays connected.

This is because INFO message from CUPS didn't get to OCS. You need to look at CUPS SIP proxy log to determine if the INFO was sent or not. From my experience, the INFO was sent but didn't get to OCS.

2) You didn't see phone presence on OCS.

This is expected. You need CUPS 7.x to do this. This feature is call "domain federation". It's not supported until CUPS 7.x. Right now, only "inter-domain federation" is supported, which means, you need to make the OCS SIP domain different with CUPS SIP domain (sub-domain would work as well).

TLS is not required for CUPS/OCS integration. Actually, I would recommend you use TCP instead of TLS during initial deployment. This makes troubleshooting easier.

My blog:

http://htluo.blogspot.com/

A book talks about CUPS/OCS integration:

http://www.lulu.com/content/5552336

Re: OCS 2007 only accept TLS inbound??? CUPS RCC

I have been meaning to read your blog, I saw the link the other day.

I noticed on the OCS server, it's only listening on 5061 TLS port. So if I turn on 5060 on the OCS server, I'm thinking the RCC will then work.

I cant recall which RTMT Real Time log I can see the SIP messages come across. I tried SIP Proxy SDI and SDL and I didnt see the messages on CUPS.

I thought the Line status would work on CUPS 6 and CUCM 6 with OCS... but that is not true??

I did make the CUPS server is a sub domain on DNS. So the server is cups-domain.com. (CUPS is the server name)

In DNS i made the subdomain sip.cups-domain.com and everything still works correctly with CUPC and CUPS.

The customer has everything in TLS right now. Switching to TCP is going to be a pain they said. I prefer to test with TCP also rather than TCP.

Right now, CUPS 6 does not work with CUCM 7, but you are saying CUPS 7 works with CUCM 6? If so, then I probably need to upgrade to CUPs 7 to make the presence work for this integration correct? Or should I set up inter-domain on the CUPs 6.x?

Thanks so much!!!!

Red

Re: OCS 2007 only accept TLS inbound??? CUPS RCC

Sometimes we're confused with the term "line status". There are two kinds of "line status": CTI and SIP (presence).

The MOC phone status you're seeing now is actually CTI. The data flow is like below:

CUCM CTIManager --(CTI)--> CUPS SIP Proxy --(CSTA/SIP)--> OCS.

The domain federation will provide phone presence as below:

CUCM CallManager --(SIP/PUBLISH)--> CUPS PE --(SIP) --> OCS.

With CTI, you can only see your own phone's status (we don't refer that as "presence").

With SIP, you can see other people's phone status (we called that "phone presence").

HTH

Re: OCS 2007 only accept TLS inbound??? CUPS RCC

So if my client wants to have on hook/off hook status in on their OCS clients and RCC, I will need to use domain federation correct? And for this to work, I will need to have CUPS 7.x to make this work.

CUPS PE (SIP) to OCS is 5060 correct? So my OCS needs to have 5060 open for this to work correct?

Thanks much!!

Red

Re: OCS 2007 only accept TLS inbound??? CUPS RCC

Re: OCS 2007 only accept TLS inbound??? CUPS RCC

For RCC, I just need to get OCS to listen on 5060 correct?

Thanks again for all your help!

Red

Re: OCS 2007 only accept TLS inbound??? CUPS RCC

well, it's more than "just need to get OCS to listen on 5060". :)

In AD, you need to configure TEL URI for each user. In OCS, you need to configure static route and authorized hosts.

Here's the official document: http://www.cisco.com/en/US/docs/voice_ip_comm/cups/6_0_1/install_upgrade/deployment/guide/dgmsint.html#wp1049488

Re: OCS 2007 only accept TLS inbound??? CUPS RCC

I have it all configured for that. The problem is the OCS is not getting the disconnect notice after the call is hung up. My suspicion is that CUPS is sending the notification back to OCS using 5060 and OCS is not listening on this port. NETSTAT on the OCS server says it's only listening on 5061.

Red

Re: OCS 2007 only accept TLS inbound??? CUPS RCC

CUPS could send to 5060 and 5061 depends your configuration.

Since you're using TLS right now, CUPS should send to 5061.

Get the CUP SIP proxy log and search for the CSTA message contains INFO. You should see CUPS trying to deliver that INFO but failed.

If you're not familiar with CUPS logs, you may also do packet capture on CUPS:

utils network capture file cups count 10000 size all host all ip_addr_of_OCS

Substitute ip_addr_of_OCS with the actual IP address of OCS. Press Ctrl-C to stop capture.

To get the file off the CUPS, use

file get activelog platform/cli/cups.cap

Drop the file into wireshark (or any SIP analyzer). It should tell you which message was failed to deliver.

Re: OCS 2007 only accept TLS inbound??? CUPS RCC

What determines 5060 or 5061 in CUPS? Does it determine by the client on OCS? If the client uses TLS in OCS, then CUPS will send TLS back to the client? I thought the sip signal was:

OCS Client initiates a RCC

OCS Server sends TCP SIP invite to CUPS (tel and URI, etc) (TCP 5060 based up on the authorization hose and static routes setup in OCS)

CUPS connects to the MAC address of the MOC enabled user requesting RCC control

Call is now connected or placed, etc.

Upon hang up, does the SIP disconnect notice get sent to OCS or to the client? if it's the client, and the client is TLS and CUPS sends TCP 5060,then this is the issue.

Red

Re: OCS 2007 only accept TLS inbound??? CUPS RCC

In this integration, client is never in the picture. CUPS only deal with OCS server.

When we talked about TLS, we actually meant the TLS peer configuration on CUPS.

Upon hang up, CTIManager sends "line close" msg to CUP proxy. CUP proxy sends INFO over CSTA to OCS.

You'd better check if the INFO ever arrived on OCS. If INFO got to OCS but client was not aware of that, it's a MSFT issue.

If INFO never got to OCS, you'll have to troubleshoot CUPS.

Again, CUPS proxy log would tell you everything. (with CTI Gateway, SIP Message and State Machine, SIP TCP turned on).

Re: OCS 2007 only accept TLS inbound??? CUPS RCC

I see a lot of INFOs in the OCS log file. I can tell what message I'm looking for in SIP for the disconnect.

TL_INFO(TF_COMPONENT) [0]0FAC.1118::01/09/2009-23:07:54.053.0008797e (SIPStack,CRecvContext::ProcessCompletion:974.idx(155) 029DD520 ) Received 886 bytes

TL_INFO(TF_PROTOCOL) [0]0FAC.1118::01/09/2009-23:07:54.053.000879eb (SIPStack,SIPAdminLog::TraceProtocolRecord:1224.idx(122))$$begin_record

Instance-Id: 000000D7

Direction: incoming

Peer: 172.40.60.23:5060

Message-Type: response

Start-Line: SIP/2.0 200 OK

From: "Feinblum, Edward"<>edward.feinblum@xxx.com>;tag=5551b1aa0b;epid=b73256e060

To: <>efeinblum@cups-ocs.sfo1.1corp.org>;tag=644be7af-7619cebc

CSeq: 5 INFO

Call-ID: d8a3aabc83b24071bf17503fa580c9d0

Via: SIP/2.0/TCP 172.41.50.80:3807;received=172.41.50.80;branch=z9hG4bK638C5383.6AA32EEB;branched=FALSE, SIP/2.0/TLS 172.40.31.89:19146;received=172.41.1.5;ms-received-port=14634;ms-received-cid=700

Content-Disposition: signal;handling=required

Require: timer

Session-Expires: 1800;refresher=uac

Content-Type: application/csta+xml

Content-Length: 301

Message-Body:

http://www.ecma-international.org/standards/ecma-323/csta/ed3">

0_a809e9f4

tel:5258;phone-context=dialstring

$$end_record

TL_INFO TF_COMPONENT

[0]0FAC.1118::01/09/2009-23:07:54.053.00087b02 (SIPStack,CTransactionStateMachine::MakeStateTransition:1365.idx(576))( 0291B7B0 ) Event[TS_EV_RESPONSE_2XX] transitioned to state[TS_ST_INACTIVE

generating event[SIP_TRANSACTION_REPLY_SUCCESS_COMPLETED] timeout 0

TL_INFO(TF_COMPONENT) [0]0FAC.1118::01/09/2009-23:07:54.053.00087b53 (SIPStack,CModuleManager::SubmitItemToEM:85.idx(160))( 029DF9D8 ) Calling OnEvent into App [SIP_MODULE_ES][http://www.microsoft.com/LCS/UserServices][0x1] for event:SIP_TRANSACTION_REPLY_SUCCESS_COMPLETED

TL_INFO(TF_COMPONENT) [0]0FAC.1118::01/09/2009-23:07:54.053.00087b6a (SIPStack,CISIPEvent::CompleteProcessing:925.idx(349))( 031EE658 ) App: http://www.microsoft.com/LCS/UserServices done for event:SIP_TRANSACTION_REPLY_SUCCESS_COMPLETED

TL_INFO(TF_DIAG) [0]0FAC.1118::01/09/2009-23:07:54.053.00087c3c (SIPStack,SIPAdminLog::TraceDiagRecord:1224.idx(144))$$begin_record

LogType: diagnostic

Severity: information

Text: Response successfully routed

SIP-Start-Line: SIP/2.0 200 OK

SIP-Call-ID: d8a3aabc83b24071bf17503fa580c9d0

SIP-CSeq: 5 INFO

Peer: 172.41.1.5:14634

Data: destination="edward.feinblum@xxx.com"

$$end_record

TL_INFO(TF_PROTOCOL) [0]0FAC.1118::01/09/2009-23:07:54.053.00087c79 (SIPStack,SIPAdminLog::TraceProtocolRecord:1224.idx(122))$$begin_record

Instance-Id: 000000D7

Direction: outgoing

Peer: 172.41.1.5:14634

Message-Type: response

Start-Line: SIP/2.0 200 OK

From: "Feinblum, Edward"<>edward.feinblum@xxx.com>;tag=5551b1aa0b;epid=b73256e060

To: <>efeinblum@cups-ocs.sfo1.1corp.org>;tag=644be7af-7619cebc

CSeq: 5 INFO

Call-ID: d8a3aabc83b24071bf17503fa580c9d0

Proxy-Authentication-Info: Kerberos rspauth="602306092A864886F71201020201011100FFFFFFFFE933937566B2B3518EE2B1204352758A", srand="3DAFA3EA", snum="26", opaque="F73073DF", qop="auth", targetname="sip/p-sfo-ocs-01.sfo1.1corp.org", realm="SIP Communications Service"

Via: SIP/2.0/TLS 172.40.31.89:19146;received=172.41.1.5;ms-received-port=14634;ms-received-cid=700

Content-Disposition: signal;handling=required

Require: timer

Session-Expires: 1800;refresher=uac

Content-Type: application/csta+xml

Content-Length: 301

Message-Body:

http://www.ecma-international.org/standards/ecma-323/csta/ed3">

0_a809e9f4

tel:5258;phone-context=dialstring

TL_INFO(TF_COMPONENT) [0]0FAC.1118::01/09/2009-23:07:58.866.00087ceb (SIPStack,CRecvContext::ProcessCompletion:974.idx(155))(

Red

Re: OCS 2007 only accept TLS inbound??? CUPS RCC

you need to trace the session by the Call-ID.

if you're not familiar with SIP, either use a SIP analyzer or open a TAC case. :)

Re: OCS 2007 only accept TLS inbound??? CUPS RCC

Sorry, forgot your rate you. I have a tac case open but the guy is not very responsive. Seems only a very few engineers know about CUPS indepth to fix issues.

652
Views
5
Helpful
14
Replies