JASON NEUROHR

Latest Articles

Removing ASCII Colour Codes From Log Events in Logstash


Wednesday, July 8, 2020
During a review of log events coming into Elasticsearch I came across some that included ASCII colour codes in them. Below is one example where they are included in the log level, noting the ‘‘box’’[39mDEBUG’‘box’’[0;39. While this is handy for colouring the log levels while viewing in a terminal, it is not so handy for use in Elasticsearch or Kibana. Some more examples, noting these were mutated to be all uppercase hence the capital ‘‘M’’.
READ ARTICLE

Hashicorp Vault LDAP Authentication and LDAP Groups


Thursday, November 7, 2019
Integrating HashiCorp Vault with an existing LDAP system such as Active Directory is a convenient way to manage user authentication and authorization. Follow along below for an example of setting this up. Note, I am piping curl output to jq for better formatting. Check it out here. Updated - check the updates at the bottom of the post for a briefer setup. Enable the LDAP Auth Method API: 1 curl --header "X-Vault-Token: s.
READ ARTICLE

Deploying to AWS ECS Using Cloudformation and Spot Instances


Wednesday, September 18, 2019
This article details the AWS CloudFormation building blocks to deploy a containerised application using the AWS Elastic Container Service (ECS). I use this method to deploy this vary website which was initially running in ECS using an on-demand instance deployed the old fashion way (with many mouse clicks and typing). With this CloudFormation template the entire stack can be created from a single command aws cloudformation create-stack…! and completely blown away and stood up again with minimal effort.
READ ARTICLE

Oh My ZSH on Windows WSL and Windows Terminal


Thursday, September 12, 2019
In this article, I’ve thrown together the steps I used to install Oh My ZSH! for the Windows Subsystem for Linux (WSL) with Powerlevel9k. I’m using Ubuntu in the WSL, so the steps apply to Ubuntu. Note, the screenshot was taken when using the agnoster theme. Setup for the Windows Subsystem for Linux Install the required packages. 1 sudo apt-get install -y zsh fontconfig Install Oh My ZSH! (https://ohmyz.sh/) 1 sh -c "$(curl -fsSL https://raw.
READ ARTICLE

AWS Cloudformation Logs to Slack


Monday, September 2, 2019
I recently published a repository to GitHub called aws-cloudformation-logs-to-slack available here, which is an AWS Lambda function written in Python using the AWS SAM framework to as the name suggest send the CloudFormation events to a Slack channel. I thought this would come in handy when you’re running a large CloudFormation to quickly open the channel and see where it’s currently up to in the process. A sample of the messages is shown below.
READ ARTICLE

My Little Buildah and Podman Cheat Sheet


Sunday, August 4, 2019
A brief cheat sheet of some common commands and examples for using buildah and podman to build and run OCI containers without the docker daemon for reference. Buildah Creating an OCI working container image using the existing image python:alpine as the base. container=$(buildah from python:alpine) Mount the working container file system mountpoint=$(buildah mount $container) Creating a directory in the image file system mkdir $mountpoint/app Copying files into the container image file system
READ ARTICLE

Distributed Tracing with ASP .NET Core and Kubernetes + Istio + Jaeger


Saturday, August 3, 2019
This article is going to take a look at Distributed Tracing for an application (this website) running in Kubernetes using Istio and Jaeger. The application is written in ASP .NET Core. For reference, I’m going to cover some of the Istio setup before getting into the distributed tracing. To quote the Istio Distributed Tracing overview here Distributed tracing enables users to track a request through mesh that is distributed across multiple services.
READ ARTICLE

Kubernetes in the Wild - Envoy Proxy Is NOT Ready


Saturday, July 27, 2019
In this episode of Kubernetes in the Wild, we are delving into the world of service meshes and specifically Istio. Istio has been installed into a two-node Kubernetes cluster following the setup guide here, and a container has been deployed, but we are not able to access the container. The first port of call is to Isito Envoy sidecar container within the pod in question; its logs are checked using the following command
READ ARTICLE

Kubernetes in the Wild - Invalid Option "reclaimPolicy"


Tuesday, July 16, 2019
In this episode of Kubernetes in the Wild, we observe an issue with one of our pods, which is failing to start in EKS. The pod deployment YAML looks like the below containing a persistent volume claim. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 --- apiVersion: apps/v1 kind: Deployment metadata: name: db labels: app: db spec: replicas: 1 selector: matchLabels: app: db template: metadata: labels: app: db spec: hostname: db volumes: - name: mongodb-data persistentVolumeClaim: claimName: mongodb-data containers: - name: db image: xxxxxxxxxxxx.
READ ARTICLE

Backup the Cisco Expressway Using Python


Wednesday, June 26, 2019
This Cisco Expressway can be backed up with a backup encryption password relatively easy using some simple Python code. The script requires updating the following variables before running. URL PASSWORD BACKUP_PASSWORD The script will save the Expressway backup file to the directory where it is run. Also available as a GitHub Gist here. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 import requests import json import re def main(): URL = "https://10.
READ ARTICLE

ECS Container Logs to Slack via AWS Lambda


Saturday, June 22, 2019
This was more of a discovery article to document the process for getting logs from ECS containers into a messaging service (Slack in this case). I used data from this website’s logs, specifically when the contact form receives spam data and when people go to suspicious paths that don’t exist (primarily automated scanners looking for the WordPress login page or phpMyAdmin…). The below topics are covered: Configuring containers running in AWS ECS to send logs to AWS CloudWatch Setting the AWS CloudWatch Log Group to Stream the data to an AWS Lambda function The Lambda function code for sending the data as Slack messages Configuring ECS Containers to Send Logs to CloudWatch I’m assuming if your reading this you have familiarity with AWS ECS and so I’ll jump straight to the good bit.
READ ARTICLE

How to Set Up Let's Encrypt With NGINX Docker Container in AWS ECS


Saturday, May 25, 2019
Recently I redesigned jasonneurohr.com to be more of a microservice architecture (for fun!) and in doing so initially used Cloudflare to handle the frontend TLS for the website. I used Let’s Encrypt when the site was more monolithic to provide the TLS certificates and had not had time to work out how to implement Let’s Encrypt into my CI/CD pipeline, and I wanted to solve that problem. Hence this article was written.
READ ARTICLE

Connection Refused When Installing Flannel on Kubernetes


Saturday, May 11, 2019
During the setup of a Kubernetes master using Ansible, I ran into the following error when installing the Flannel pod network add-on as described in the Installing a pod network add-on in the Creating a single master cluster with kubeadm guide. “unable to recognize \“https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml\”: Get http://localhost:8080/api?timeout=32s: dial tcp [::1]:8080: connect: connection refused” The command being executed was: kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/a70459be0084506e4ec919aa1c114638878db11b/Documentation/kube-flannel.yml During the initial kubeadm init, I had followed the steps provided in the output here under a regular user account, for context the commands are:
READ ARTICLE

Deploying Containers in the Amazon Elastic Container Service and Azure Pipeline Integration


Saturday, April 27, 2019
In an earlier article Building Docker Containers and Pushing them to Docker Hub with Azure DevOps Pipelines, we looked at how Azure DevOps Pipelines could be used to facilitate the container building process. This article extends on that process and covers deploying containers to the Amazon Elastic Container Service (ECS) and triggering ECS to redeploy the containers when the pipeline is run automatically. At a high level, the steps taken are:
READ ARTICLE

Building Docker Containers and Pushing Them to Docker Hub With Azure DevOps Pipelines


Saturday, April 13, 2019
In this article the steps to create an Azure DevOps Pipeline that builds and pushes a Docker container image to a private Docker Hub Repository are discussed. It is assumed that you, the reader, are already familiar with Azure DevOps and Docker, specifically dockerfiles, and that you have a private Docker Hub repository already set up. In Azure DevOps, the following git repository structure is setup (noting only the layout relevant to this article is shown)
READ ARTICLE

Setup a Basic Azure DevOps Pipeline


Sunday, February 3, 2019
Recently I set up an Azure DevOps Pipeline for two .Net Core projects I had published to GitHub and so as a brief reminder of the steps and some general issues I came across in doing so I created this article. This is by no means and is not intended to be an in-depth article on designing or building Azure DevOps pipelines. If you came across this article when searching for an issue with your pipeline, jump straight to the bottom of the page to the troubleshooting section.
READ ARTICLE

How-to Setup a Polycom Trio Corporate Directory Part Two


Thursday, October 4, 2018
This is part two of a two-part series detailing the steps to configure Polycom Trios to utilise an external directory source such as Active Directory Lightweight Directory Services (AD LDS) enabling users to search the directory for available contacts. Setup A Polycom Trio Provisioning Server Internet Information Services (IIS) is used as the provisioning server in this article. Follow the Server Manager wizard to add the IIS role, including Security > Basic Authentication FTP Server > FTP Service Once IIS is installed perform the following steps:
READ ARTICLE

How-to Setup a Polycom Trio Corporate Directory Part One


Wednesday, July 25, 2018
Polycom Trios can be configured to utilise an external directory source such as as Active Directory Lightweight Directory Services (AD LDS) enabling users to search the directory for available contacts. To facilitate the configuration of the Polycom Trios a Provisioning Server can also be implemented that will serve all Polycom Trios with a standard set of configuration elements including the connection information of the AD LDS source. In part one of two, I will detail the setup Active Directory Lightweight Directory Services (AD LDS) to house the directory objects for the Polycom Trios.
READ ARTICLE

How-to Manually Install Certificates on a Polycom RMX


Monday, June 25, 2018
During some recent Polycom RMX work, it was discovered that the RMX’s (2000 and 1800) would not accept certificates into the trust store with an expiration past the year 2038, seemingly related to the article here. After some triage, I found it was possible to work around the issue of using RMX Manager which would not take the certificate by using SSH/WinSCP to manually update the required .crt and .xml certificate bundle and configuration files respectively, which I’ve detailed below.
READ ARTICLE

Cisco Meeting Server Load Balancing with Call Bridge Groups


Sunday, June 24, 2018
In a previous article here, I discussed Cisco Meeting Server Load Balancing with a focus on the Cisco Unified Communications Manager configuration and load balancing from its perspective. This article expands that discussion with the Call Bridge Group feature added in CMS version 2.1. Note this article does not cover all the requirements of implementation, please refer to the official Cisco documentation that I have referenced below. Also, note that Load Balancing Calls Across Cisco Meeting Servers omits configuration required to make the solution work.
READ ARTICLE

Cisco Meeting Server Graphical Space Extractor


Tuesday, April 24, 2018
The Graphical Space Extrator is a small utility for connecting to a Cisco Meeting Server via API and extracting the configured CoSpace’s and there associated AccessMethods into a CSV file for review. Requirements The following is required in order for the utility to work: Microsoft .Net Framework 4.6.1 or higher The Cisco Meeting Server webadmin must be configured with a valid certificate The Windows computer where the utility is run must trust the certificate Install The Graphical Space Extractor can be installed from here.
READ ARTICLE

Skype for Business Meeting Invitation Customisation


Tuesday, February 20, 2018
In a video conferencing deployment more often then not integration with Microsoft Skype for Business is a key component. To maintain a simple and familiar booking process for users the Skype Meeting invitation is modified to provide guidance on how to participate in meetings from video conferenicng devices. As shown below. Configure Skype Meeting Footer Text This below steps assume a vanilla Skype for Business build, adjust them as required to suit your environment:
READ ARTICLE

CMS Wildcard Certificate With Skype for Business


Thursday, February 1, 2018
When testing Cisco Meeting Server (CMS) in a lab environment utilising a wildcard certificate (CN:*.sfblab.assured.io) for the callbridge I discovered that Skype for Business (SfB) would not accept inbound calls, however, SfB clients could make outbound calls to the CMS successfully. Subsequent research revealed that there is a known problem noted in the Acano FAQs here: Calls to Lync fail to connect and the error shown in Lync logs show “The peer is using a wildcard certificate but did not identify itself with a NEGOTIATE request”.
READ ARTICLE

Cisco Spark SSO With Azure Active Directory


Friday, December 15, 2017
Integrating Cisco Spark with your Microsoft Azure Active Directory for Single Sign-On (SSO) enables users to enjoy the benefit of authenticating with Spark using their Active Directory credentials, and bypassing the password login altogether if they are already authenticated in the browser to the Office 365 cloud. In this article, I describe the process of configuring Cisco Spark with the Microsoft Azure AD for SSO with screenshots for context throughout. I’ve assumed you have an existing Cisco Spark and Microsoft Azure AD available and the required permissions to follow the steps that follow.
READ ARTICLE

CMS as a CUCM Conference Bridge


Wednesday, November 15, 2017
A brief article detailing how to configure the Cisco Meeting Server (CMS) as a conference bridge resource in Cisco Unified Communications Manager (CUCM) for ad-hoc call escalation. OpenSSL is used only for example purposes, in production, a more appropriate certificate authority should be used for signing certificates in your production environments. Create a Root CA using OpenSSL Generate a key and the certificate to use for signing CSR requests as a root certificate authority.
READ ARTICLE

SipOps SIP Testing Tool


Tuesday, November 7, 2017
SipOps and PySipOps are an extension of some work posted in a previous article SIP OPTIONS with Scapy. PySipOps is a basic version of SipOps written as a simple example. SipOps is written in Java and supports sending the following SIP messages SIP Early Offer Invite (& SIP ACK) SIP Delayed Offer Invite SIP Options It is a simple piece of code and not meant to be a commercial SIP testing tool replacement by any means, nor is it designed to be a fully fledged SIP UA.
READ ARTICLE

SIP OPTIONS with Scapy


Friday, October 20, 2017
“Scapy is a powerful Python-based interactive packet manipulation program and library.” which I recently used to identify an issue with some incoming SIP OPTIONS pings to a Cisco Expressway. This article, as an output of working through the issue, provides the python script to perform (a) a TCP handshake, and (b) craft a SIP OPTIONS message and send it towards a device, which in this case is a Cisco Expressway. An in-depth overview of TCP or general packet manipulation is not discussed, however, as an aside, I’ve found that some of the existing Scapy TCP three-way handshake code used an incorrect TCP SYN number on the subsequent TCP PUSH/ACK packet following the handshake which is accounted for in the code below.
READ ARTICLE

Cisco Meeting Server - Load Balancing


Thursday, August 31, 2017
The Cisco Meeting Server load balancing document referenced can be found here. The section titled Example 3: Deployment without a SME to route calls, describes the configuration required to route calls to a dispersed set of CMS’s trunked locally to their respective CUCM clusters. Through the use of Route Groups, Route Lists, Route Patterns, and Transformations, the CMS deployment can be made more resilient, allowing calls to flow to alternate CMS servers in the cluster through a remote CUCM cluster with local CMS resources when the local CMS is unavailable or busy.
READ ARTICLE

Cisco Expressway SfB Federated Call Problems


Wednesday, July 19, 2017
This article will cover various issues found pertaining to federated calls between Microsoft Skype for Business (SfB) and Cisco’s collaboration platform via the Expressway appliances. SfB Client Reports “We couldn’t reach xxxxx@ciscoenv.domain.com” This issue was encountered when trying to call from an Office 365 SfB client into a Cisco CMS space via Expressways. Initial investigation showed that the Expressway-E’s received no inbound communication from the Office 365 cloud when the SfB client tried to initiate the call.
READ ARTICLE

No-frills CMS Meeting Manager


Tuesday, June 20, 2017
Over the weekend I thought it would be a nice challenge to see what would be possible with the Cisco Meeting Server (CMS) API. I came to the conclusion that a simple meeting manager would be a small but ample weekend challenge and so the No-frills Meeting Manager (NFMM for short) was born! No-frills Meeting Manager for CMS utilises Python 3, Flask, and the Bootstrap framework to provide a no-frills web interface for viewing active calls and basic conference control for a single or cluster of Cisco Meeting Servers (CMS).
READ ARTICLE

Graphing Data With Python MongoDB and Plotly


Thursday, June 15, 2017
Cryptocurrency, specifically Ethereum and Bitcoin seem to be in the news a lot at the moment and due to their wild price movements, I thought it would be an interesting use case for generating some graphs using Plotly. So in this article, I’ll utilise Python, to connect to the BTC Markets API, retrieve the various Cryptocurrency ticker statistics and write them to a local MongoDB instance; then finally create a line graph using the Plotly Python module.
READ ARTICLE

Polycom RMX LDAP Authentication


Monday, June 12, 2017
In order to enable LDAP authentication utilising Microsoft Active Directory on your Polycom RMX you will first require an Active Directory security group. The below image shows an Active Directory user who is a member of a security group rmx_admins. On the RMX navigate to Setup > Directory Services. On the Directory Services screen, configure: IP Address or DNS Name - the IP/name that will resolve your domain controller/s Port - 389 or 636, 636 is recommended for increased security Search Base DN - should be a DN path above your users/groups Authentication Type - NTLM is the only choice Click on Role Mapping from the left navigation.
READ ARTICLE

Cisco Meeting Server - Automatic Backups


Friday, May 19, 2017
The below steps can be followed to setup automatic backups of the Cisco Meeting Server (CMS) using a Windows host. For similar steps for Linux, refer to the Acano Knowledge Base article here. The first steps involve creating a CMS user that can be used for SSH & SFTP, and generation of a private/public key pair. Once those steps are done, using PowerShell you can automatically back up your CMS by utilising the Windows Scheduler.
READ ARTICLE

Cisco Meeting Server - Database Clustering


Sunday, April 2, 2017
Two Node Database Clustering (Don’t Do It!) Recently a few people architecting Cisco Videoconferencing (VC) solutions have asked the question, “_how many servers do I need to cluster the CMS database? _” or similar. Given the size of the deployments are relatively small the answer is always three and hopefully the following will help solidify why that is. It’s also worth noting that there is currently a limit of five database nodes in a cluster.
READ ARTICLE

Cisco Video Conferencing Content Sharing Issues Part 1


Wednesday, March 29, 2017
Content Sharing Issues over a VCS/Expressway Zone to CUCM 10.5+ Recently I’ve come across a few instances of content sharing in various Cisco video conferencing (VC) environments that have all been related to the same misconfiguration. Specifically, the environments where there is devices hanging off/behind a VCS:C or Expressway-C with a zone to a CUCM 10.5 cluster that has VC endpoints registered to it. Calls traversing the zone/trunk result in issues with BFCP.
READ ARTICLE

Cisco Spark Hybrid - Fix Audio Only Calls to Video Devices


Tuesday, March 28, 2017
For anyone who has been following along with the Cisco Spark Hybrid series, you will likely come across the issue of audio-only calls to video conferencing (VC) devices. For those of you who have successfully deployed Cisco Spark Hybrid Call Aware/Connect and are just experiencing this issue welcome! If your Spark Hybrid clients are only able to achieve audio and not video when calling VC devices read on to resolve the problem.
READ ARTICLE

Cisco Spark Hybrid - Call Connector Setup Part 4


Saturday, March 4, 2017
Part four depicts the steps required to add the Expressway-C Call Connector into Cisco Collaboration Managment (CCM). Log into CCM and Navigate to Services Add the Expressway-C as a Hybrid Call Service Resource In this environment, the Expressway-C has already been added. Clicking on the device will show you the panel shown in the second image. Clicking edit cluster settings will allow you to alter the cluster name and upgrade schedule.
READ ARTICLE

Cisco Spark Hybrid - Call Connector Setup Part 3


Friday, March 3, 2017
On Cisco Unified CM Enable users for unified mobility. Unified Mobility can be enabled from UCM Administration > User Management > End User. Configure a CTI Remote Device for each user’s primary extension. Alternatively, the administrator can configure automatic creation of the CTI Remote Devices with the limitation that settings like Calling Search Space, Rerouting Calling Search Space, Location and Device Pool will be shared between all CTI Remote Devices
READ ARTICLE

Cisco Meeting Server - Google Chrome WebRTC Microphone Issue


Thursday, March 2, 2017
Recently I came across an issue with some CMS WebRTC users where their microphones were not working when joining spaces. After some initial troubleshooting, we found that the Domain Group Policy was altering settings related to the Microphone preventing it from being used on the CMS WebRTC site. The setting in question is named Do not allows sites to access your microphone. Which can be found by navigating per the below points.
READ ARTICLE

Cisco Spark Hybrid - Call Connector Setup Part 2


Thursday, March 2, 2017
Following on from Cisco Spark Hybrid - Call Connector Setup Part 1; the following information relates to the setup of Call Service Aware which is a prerequisite to the Call Connector. On Cisco Unified CM Enable Spark users for CTI control. The following steps can be followed to add users to the Standard CTI Enabled user group. The steps can also be found here. Select User Management > End User Select the user you want to add to the group Select Add to User Group in the Permissions Information group Search for Standard CTI Enabled in the Find and List User Groups window Select Standard CTI Enabled user group Select Add Selected Select Save Configure an application user to monitor devices enabled for CTI control.
READ ARTICLE

Cisco Spark Hybrid - Call Connector Setup Part 1


Wednesday, March 1, 2017
The following text and screenshots coincide with the Deploying Cisco Spark Hybrid Services guide, and specifically with the Call Service Prerequisites. Additional articles will cover the Call Service Aware Deployment Steps and the Call Service Connect Deployment Steps. On Cisco Unified CM Set the mail ID of the user or import it from the LDAP directory. The User Mail ID can be found in UCM Administration > User Management > End Users > User.
READ ARTICLE

Cisco Meeting Server - Recorder Setup With Windows NFS


Monday, February 27, 2017
Configure the Windows NFS Folder After the Server for NFS role has been installed, set up the Windows NFS Folder. To do this I created a folder C:\_Recorder. Configure the folders NFS properties as follows. Configure CMS Recorder In this specific post, the recorder and call bridge are on the same CMS as it is a small demo/test environment. In production this should not be the case, refer to the CMS guides for up to date deployment information.
READ ARTICLE

Cisco - Null Media Info in CAR CDR Reports


Tuesday, January 24, 2017
Support forums thread Cisco Prime Collaboration Assurance and Analytics: Grade VoIP Calls using SCSR Instead of MOS White Paper For an environment using Cisco Video Conferencing devices, when running the CAR, CDR > Search > By User/Phone Number/SIP URL. The Media Info value for all records is null. According to the Cisco Prime white paper, this is expected behaviour: Note that all audio quality metrics listed in Table 1 are stored in the CMR.
READ ARTICLE

Cisco Expressway - Office 365 Skype for Business Federation Configuration


Tuesday, January 24, 2017
Cisco Meeting Server with Expressway X8.9 Expressway Configuration At a high level, the following standard Expressway configuration is required. For more detailed steps refer to the Expressway configuration guides Traversal zone between the Expressway-C and the Expressway-E Search rule on the Expressway-E directing the inbound calls to the target domain to the Expressway-C via the Traversal zone Neighbour zone on the Expressway-C to the CMS Call Bridge Search rule on the Expressway-C directing the inbound calls to the target domain to the CMS Neighbour zone for Microsoft SIP calls (Microsoft Variants) External SRV record for Federation noted in the table below External DNS record:
READ ARTICLE

Cisco Meeting Server - Office 365 Skype For Business Invitation Text


Tuesday, January 24, 2017
From the Office 365 Admin Center, navigate to the Skype for Business Admin Center Navigate to the online meetings menu object From this screen specify a logo if desired, the size can be no bigger than 188x30, and the format must be JPEG Specify the Footer text. For example the IVR SIP URI and WebRTC details for the CMS Click Save Changes can take an hour to replicate. Once they have, any new Skype Meeting in Outlook will reflect the changes.
READ ARTICLE

Cisco Expressway Troubleshooting


Thursday, January 19, 2017
SIP/2.0 503 Service Unavailable Observed in Expressway-C trace SIP/2.0 503 Service Unavailable Via: SIP/2.0/TCP 1.1.1.241_EXPC:5060;egress-zone=CEtcp192168994;branch=z9hG4bK3eca9d5dc4e26de65b1b83f501cea485458555;proxy-call-id=51ce23fa-d8d1-4c22-9579-ade0f631d257;rport,SIP/2.0/TLS 1.1.1.241_EXPC:5073;branch=z9hG4bK1e991e55187479dada6391ef5adf084024563;x-cisco-local-service=nettle;received=1.1.1.241_EXPC;rport=30979;ingress-zone=DefaultZone,SIP/2.0/TLS 1.1.1.241_EXPC:5061;egress-zone=DefaultZone;branch=z9hG4bKb340db4a70e04cc037ea7de16e55df58458554.3d8de2b0006ebe59e4c4ae2fde61ae57;proxy-call-id=1ceee43f-3413-4f0f-bfcb-aed8a3b2ad03;received=1.1.1.241_EXPC;rport=29605,SIP/2.0/TLS 1.1.1.246_EXPE:7001;egress-zone=UCtoEXPC2;branch=z9hG4bKf0e07263c19c7bfd6133775994af916998831.7b4bb0bfbe6838be4f4507d0ce70df61;proxy-call-id=bc3fdcb9-f10b-4f23-a0d1-1e59e49de578;received=1.1.1.246_EXPE;rport=7001;ingress-zone=UCtoEXPE2,SIP/2.0/TLS 0.0.0.0_USER:43932;branch=z9hG4bK00004aa4;received=2.2.2.2_EXPEPUB;rport=43932;ingress-zone=CollaborationEdgeZone Call-ID: aefdce71-0af2001c-00004664-00007833@0.0.0.0_USER CSeq: 101 INVITE From: “Jason Neurohr” <sip:30822@1.1.1.1_CUCM>;tag=aefdce710af2021f0000027c-00000f51 To: <sip:12345@domain.com.au>;tag=698699~2004fc79-b651-49b6-be90-35de0e0192d1-48112662 Server: Cisco-CUCM10.5 Date: Wed, 28 Dec 2016 02:37:57 GMT Allow-Events: presence Reason: Q.850 ;cause=41 Observed on CUCM trunk Status Reason local=2 Discussion This issue occurred on an Expressway pair where both MRA and B2B were configured. The zone towards CUCM was configured to use a non-standard port and this configuration was reciprocated on the CUCM trunk and security profile.
READ ARTICLE

Cisco TelePresence Server Multistream Configuration


Thursday, January 19, 2017
This document was written based on an environment with the following devices: UCM 11.0.1 (Required from CE8.2.0) TelePresence Conductor XC4.3 Virtual TelePresence Server 4.4(1.16) MX800 Dual CE8.3 CUCM Configuration Following best practices copy the existing Standard SIP Profile For TelePresence Conferencing and modify Timer Invite Expires (seconds) to be 30. Other requirements should already be satisfied when copying this profile, however specifically ensure: SDP Transparency Profile = Pass all unknown SDP attributes Allow iX Application Media = Checked Allow multiple codecs in answer SDP = Checked Configure regions such that call speed will be high enough to support multistream.
READ ARTICLE

Cisco Meeting Server - WebRTC Troubleshooting


Monday, December 19, 2016
Acano KB article - Troubleshooting Web Bridge connectivity issues Unable to connect - try again later In this specific case the problem is due to the fact that the Web Bridge is not able to resolve the DNS SRV record for _xmpp-client._tcp.domain.com. Dec 19 01:57:00 user.info mmp health: average power usage in last 5 minutes: 171.9W; peak 174.2W; 37.9 kWh total since Fri Dec 9 23:21:27 2016 Dec 19 01:57:19 user.
READ ARTICLE

Cisco Unified Communications Manager - COP Install


Friday, December 16, 2016
Log into Cisco Unified OS Administration Navigate to Device > Device Settings > Device Defaults Note the current load information for the target device down Download the firmware from Cisco. E.g for the IX5000 the cop file is cmterm-IX.8-2-0-28R-K9.P3.cop.sgn Copy the COP file to an SFTP server (the rest of this text assumes the root has been used) Log into Cisco Unified OS Administration Navigate to Software Upgrades > Install/Upgrade Fill out the software location details substituting where appropriate Click Next, on the following screen select the COP file previously downloaded and copied to the SFTP server from the drop down list Once downloaded confirm the MD5 signature matches what is provided on the Cisco.
READ ARTICLE

Cisco Endpoint Ops - CLI Calling


Sunday, December 11, 2016
Start a call xcommand Dial Number: 12345 Retrieve calls status and ID xstatus call *s Call 20 Status: Connected *s Call 20 AnswerState: Answered *s Call 20 CallPriority: None *s Call 20 CallType: Video *s Call 20 CallbackNumber: “sip:12345@10.10.10.13” *s Call 20 DeviceType: Endpoint *s Call 20 Direction: Outgoing *s Call 20 DisplayName: “12345” *s Call 20 Duration: 12 *s Call 20 Encryption Type: “None” *s Call 20 FacilityServiceId: 0
READ ARTICLE

Cisco Meeting Server Cluster Upgrade


Sunday, December 11, 2016
Upgrading a Cisco Meeting Server (CMS) database cluster is a straightforward process thanks to the simplicity of the solution. Thanks, Acano team! The text below describes the steps for upgrading a three node cluster with two slaves and a single master. Two of the servers are Acano X3’s in a Call Bridge cluster and the other is a virtual appliance providing only database functions. Before doing anything backups of each CMS should be taken.
READ ARTICLE

Cisco Unified Communications Manager - Packet Capture


Sunday, December 11, 2016
From the CLI use the utils network capture command. To capture everything, use parameters similar to that shown below. utils network capture eth0 file packets count 10000 size all To stop the capture before the 10000 count press ctrl+c To retrieve the files use the command file get activelog platform/cli/packets.cap and providing valid SFTP server details Alternatively, log in using RTMT > Trace & Log Central > Collect Files > select Packet Capture Logs > Set the time interval as per normal and download Updated - 28/05/2018 To locate capture files you can use the command file list activelog platform/cli
READ ARTICLE

Cisco Meeting Server DTMF Profile Usage Scenarios


Thursday, December 8, 2016
Mute all future participants using DTMF In this scenario, the muteAllNewAudio DTMF sequence is used to set the call parameter joinAudioMuteOverride “If true, new participants will be muted when joining the call.” (Cisco Meeting Server API Reference Guide 2.0. p. 55) Set the callLegProfile used by the space with the parameter changeJoinAudioMuteOverrideAllowed=true On the DTMFProfile configure: muteAllNewAudio=*8 unmuteAllNewAudio=*9 toggleMuteSelfAudio=*6 Now a participant can join a space and using DTMF enter *8.
READ ARTICLE

How to Replay H.264 Video from a Packet Capture


Thursday, December 8, 2016
In this article, I document the steps I used to capture a live H.264 video conferencing call and then replay it for viewing. To do this I built an Ubuntu Virtual Machine, and utilised: Wireshark - to perform the packet capture Videosnarf - to decode the RTP streams from the packet capture Mplayer - to replay the captured video Videosnarf can be found here, http://ucsniff.sourceforge.net/videosnarf.html. To build the Ubuntu Virtual Machine do the following:
READ ARTICLE

OpenSSL CLI Reference


Thursday, December 8, 2016
Convert a DER to PEM openssl x509 -inform der -in myder_certificate.cer -out mypem_certificate.cer Convert a PFX to PEM openssl pkcs12 -in mypfx.pfx -out mypem.pem -nodes Convert a PFX to PEM without keys openssl pkcs12 -in mypfx.pfx -out mypem.pem -nodes -nokeys Convert a PFX to PEM keys only openssl pkcs12 -in mypfx.pfx -out mypem.pem -nodes -nocerts Confirm a private key againt a certificate. Both should output the same value. openssl rsa -noout -modulus -in mycertificate.
READ ARTICLE

Configuring a SIP-TLS Trunk Between VCS and CUCM


Wednesday, December 7, 2016
This post details how to configure a SIP-TLS trunk between Cisco Video Communications Server (VCS) or Cisco Expressway-Core and Cisco Unified Communications Server (CUCM). This post references a single CUCM node (version 10.5) with a single VCS Control (version X8.2.1) lab build throughout, and only the minimum steps to achieve the desired outcome are described. It is assumed that both CUCM and VCS have a basic config and endpoints can register with SIP-TLS and can dial other endpoints registered to the same system (VCS>VCS, CUCM>CUCM, etc.
READ ARTICLE

Registering Cisco Video Conferencing Endpoints to CUCM Using SIP-TLS


Wednesday, December 7, 2016
This post details how to register a Cisco Videoconferencing endpoint, specifically TC based endpoints such as the C or EX series, to Cisco Unified Communications Manager (CUCM) 10.5 utilising SIP-TLS. This post references a single node lab build throughout, and only the minimum steps to achieve the desired outcome (registering the TC based Videoconferencing endpoint to CUCM using SIP-TLS). Firstly why would you use SIP-TLS in the first place? Using the Transport Layer Security (TLS) protocol will protect the SIP messaging traffic on the legs where it is enabled, preventing a third party (the forever mentioned and nefarious BOB) from intercepting the SIP messages for malicious purposes, such as deciphering the caller and callee details which could be sensitive in certain environments.
READ ARTICLE