WARNING: This post has a lot of pictures! I’ve been meaning to write this up for a while, but I’ve been lazy/busy. As some may know, I relocated with my family from Nashville to Kentucky when my wife accepted her new position. As a consultant, I have the freedom to live and work from anywhere, so moving to improve my wife’s career was no big deal. Fortunately, a new home offers the chance to correct oversights on the last one. One of the first things I did was take the plans and determine how I wanted my network to look. I knew I wanted a collapsed core with access layer devices on each floor. I started by estimating how many wired connections per floor I would want. After this, I segmented those out to determine how many needed POE. The biggest thing was ensuring I left room for growth.

As some of you may know, I’ve documented my IT adventures for over 5 years now. Personally, I think a lot of my articles were pretty useful and I actually referenced them regularly while working on client systems. Sadly, today I had a database failure.

After reading this, look at the bug I discovered when enabling secure LDAP on UC applications [here][1]. As many of you are aware, Microsoft began the process to deprecate LDAP access into Active Directory back in March. You can read cisco’s advisory here: [https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/trouble/12_5_1/fieldNotice/cucm_b_fn-secure-ldap-mandatory-ad.html][2] Basically, this means we need to do a fairly simple swap from LDAP to LDAPS. I just completed one for a client’s CUC and CUCM and it took about 30 minutes start to finish.

I lost a lot of data during a database failure where I also discovered my backups weren’t working. TEST YOUR BACKUPS! I had something about 8192 NAT table limitation here, if that doesn’t bother you, you don’t need to proceed unless you want to. I’ll cover the three methods (I only am aware of these 3) that I tested myself. Dumb switch, EAProxy, and full bypass.

In this article, I discuss how to get root access to Cisco UC Applications, without leveraging TAC. This is NOT a supported process.

While working with a client recently, I had a situation where they had two non-HA cubes connecting to two VeloCloud SDWAN devices to get to the carrier. My first thought was to use OSPF for the routes which would allow for easy failover and a potential use of BFD. However, the carrier informed us that they only use dynamic routing protocols on their upstream connections, and we would need to use static routes to them. My first thought in this case (barring bad thoughts about the carrier) were just using weighted static routes and relying on if the carrier’s interface is down, we would see it down causing the secondary static route to take over. Well, after testing with the carrier, if they shut their port, Cisco saw it up up resulting in 100% packet loss due to the lack of transition for the static route. See the routes below

Sometimes when you’re in a client environment, you just need something you don’t have access to. That could be NTP, DNS, gateways, an internal CA, or even just an SFTP server. I encounter this all the time and my solution is almost always to simply get an IP from the client and spin up a linux server.

With Call Manager 11x we saw the deprecation of Meet Me conferences begin. Meetme conferences were great, but many users had issues with using them. This is likely what led to the mass exodus of users to things like webex, zoom, and bluejeans. Today was the first time I’ve ever had the opportunity to work on Conference Now, so I will run through what I did to get this all working. The photos I will use in the guide are from UCM 12.5, but the process is the same in 11x. )

I’ll start off with the bad news. After the two win10 vms were running perfectly for over a year now, I was running updates on my other linux servers… some how i did pay attention and upgraded the distro of my kvm box. It pretty much ruined everything, now I get stuck at the windows logo during boot. I even tried simply reinstalling the vm guest, but when the kvm booted from the win10 iso, it would freeze at… you guessed it, the windows logo.

Today I was cleaning up some CSSs for a client. I came across a particular css that had been erroneously assigned as the line css for a bunch of unassigned DNs (they were precreated to show they were already in use). Of course, I went to BAT first to see if I could just update the line css of the lines, but I discovered that I couldn’t affect the unassigned DNs (even though there is an option for searching unassigned dns…) Anyway, as you can guess, I jumped into SQL to see what I could do.