Month: July 2015

Cisco Supervisor Desktop “No Service”

  • Posted on
  • By

Symptoms:
CUCM 9.1
UCCX 9.0.2

A user called in to report that after logging in to Cisco Supervisor Desktop, selected a Team from the Team dropdown selection, it took a long time to load. It continues to state “No Service” in the bottom of the window after nothing has loaded and Team dropdown selection is greyed out.

If you download the Cisco Desktop Call/Chat Service trace logs, you will notice messages like:


2015-07-24 03:30:36:440 INFO STD0005 Client  disconnected from service at <10.0.11.39>.
2015-07-24 03:30:36:443 WARN LC0001 Error occurred while performing an LDAP operation.
2015-07-24 03:30:36:444 WARN LC0001 Error occurred while performing an LDAP operation.
2015-07-25 12:47:19:520 WARN FCCS3008 Network communication error  sending message to application .  The application will be logged out.
2015-07-27 08:44:34:074 INFO LC0007 Invalid Value.
2015-07-27 08:44:34:082 INFO LC0007 Invalid Value.

Solution:

  • Restart Cisco Desktop Call/Chat Service. This does not drop calls because once a call is answered, the CCX port is no longer used in that call. RTP media is now between endpoints. This does disrupt and refresh screens on agents who are exchanging chat messages but that shouldn’t be an issue, in my opinion.

  • Log out and back in.

  • If restarting the Cisco Desktop Call/Chat Service, did not work for you, restart Cisco Desktop Sync Service and Cisco Desktop Browser and IP Phone Agent Service.

    • Issue confirmed fixed. Notice, after selecting a team and while it is loading, the first thing that populates are the team’s agents and supervisors.

    What you want to see in the logs will be something like this

    
2015-07-27 08:44:52:057 INFO FCCS0027 Service going into active mode.  Incoming requests will be accepted.
2015-07-27 08:44:52:074 INFO LRMS0004 LRMClient is connected to the service at <10.0.11.39>.

    Filed under: Cisco, Contact Center, Unified Communications

    FTP server on Debian

    • Posted on
    • By

    In this page, I will show you how to setup a basic FTP server in Debian. We will be using Pure-FTPd.

    Before install, check for existing FTP services.

    ps aux | grep ftp

    Check if you have an existing FTP server already installed (and not running?). Look for those lines that begins with “i”; that means the package is already installed. The “p” flag means it is a package that you can install.

    
root@ftp-server:~# aptitude search pure-ftp
p   mysqmail-pure-ftpd-logger                                                                  - real-time logging system in MySQL - Pure-FTPd traffic-logger
p   pure-ftpd                                                                                  - Secure and efficient FTP server
p   pure-ftpd-common                                                                           - Pure-FTPd FTP server (Common Files)
p   pure-ftpd-ldap                                                                             - Secure and efficient FTP server with LDAP user authentication
p   pure-ftpd-mysql                                                                            - Secure and efficient FTP server with MySQL user authentication
p   pure-ftpd-postgresql                                                                       - Secure and efficient FTP server with PostgreSQL user authentication

    Install Pure-FTPd server with aptitude install pure-ftpd. The install looks like this.

    
root@ftp-server:~# aptitude install pure-ftpd
The following NEW packages will be installed:
  openbsd-inetd{a} pure-ftpd pure-ftpd-common{a}
0 packages upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 432 kB of archives. After unpacking 999 kB will be used.
Do you want to continue? [Y/n/?] Y
Get: 1 http://ftp.us.debian.org/debian/ wheezy/main openbsd-inetd amd64 0.20091229-2 [38.1 kB]
Get: 2 http://ftp.us.debian.org/debian/ wheezy/main pure-ftpd-common all 1.0.36-1.1 [185 kB]
Get: 3 http://ftp.us.debian.org/debian/ wheezy/main pure-ftpd amd64 1.0.36-1.1 [209 kB]
Fetched 432 kB in 0s (472 kB/s)
Preconfiguring packages ...
Selecting previously unselected package openbsd-inetd.
(Reading database ... 38866 files and directories currently installed.)
Unpacking openbsd-inetd (from .../openbsd-inetd_0.20091229-2_amd64.deb) ...
Selecting previously unselected package pure-ftpd-common.
Unpacking pure-ftpd-common (from .../pure-ftpd-common_1.0.36-1.1_all.deb) ...
Selecting previously unselected package pure-ftpd.
Unpacking pure-ftpd (from .../pure-ftpd_1.0.36-1.1_amd64.deb) ...
Processing triggers for man-db ...
Setting up openbsd-inetd (0.20091229-2) ...
[ ok ] Stopping internet superserver: inetd.
[info] Not starting internet superserver: no services enabled.
Setting up pure-ftpd-common (1.0.36-1.1) ...
Setting up pure-ftpd (1.0.36-1.1) ...
Starting ftp server: Running: /usr/sbin/pure-ftpd -l pam -O clf:/var/log/pure-ftpd/transfer.log -u 1000 -E -8 UTF-8 -B

    You will need to create a new system group for pure-ftpd but before doing that check if there are existing groups. Check /etc/groups if the name of the group you are planning to add already exist.

    Create a new system group for pure-ftpd.

    groupadd ftpgroup

    Create a default FTP user that has no access to home directories and cannot drop into a shell. You will not be prompted to create a password for this user.

    useradd -g ftpgroup -d /dev/null -s /etc ftpuser

    Create FTP users. You will prompted to create a new password for this user as well. The following example is an existing user and having it point to his existing home directory.

    pure-pw useradd elton -u ftpuser -g ftpgroup -d /home/elton

    You can create FTP users with storage limits. For more options check out the pure-pw man page, command is man pure-pw.

    pure-pw useradd bill -u ftpuser -g ftpgroup -d /home/pubftp/remo -N 10

    If you’re like me, you can sometimes create passwords on the fly and right away forget. I mean, it is faster for me to randomly come up with complex passwords and not have to use a password generator. Anyway, If you need to change it-

    pure-pw passwd [username]

    A reminder that pure-pw passwd is only for changing the FTP password. You still need to use passwd [username] to change users password.

    To apply adds and changes with pure-ftpd, don’t forget to issue the command pure-pw mkdb. The version of pure-ftpd that I have, version 1.0.36-1.1 does not need pure-pw mkdb after adding a new user.

    User info are stored in the /etc/pure-ftpd/pureftpd.passwd database file. Instead of checking that file, you can also list users with 

    pure-pw list

    If you are looking for info on one specific user, pure-pw show [username]

    Here’s an example.

    
root@ftp-server:~# pure-pw show elton

Login              : elton
Password           : $1$pVSkjNe0$OVr6W4ArAcFTxsXWa8OGR1
UID                : 1001 (ftpuser)
GID                : 1001 (ftpgroup)
Directory          : /home/elton/./
Full name          :
Download bandwidth : 0 Kb (unlimited)
Upload   bandwidth : 0 Kb (unlimited)
Max files          : 0 (unlimited)
Max size           : 0 Mb (unlimited)
Ratio              : 0:0 (unlimited:unlimited)
Allowed local  IPs :
Denied  local  IPs :
Allowed client IPs :
Denied  client IPs :
Time restrictions  : 0000-0000 (unlimited)
Max sim sessions   : 0 (unlimited)

    Notice /home/elton/./ in the Directory value. The ./ after the directory path means that chroot will prevent this user from going above or outside that directory. This will make sense when you test FTP login using a FTP client.

    To save time, you can test your FTP login and server with

    ftp 127.0.0.1

    Better still, get FileZilla FTP Client.

    To start, stop, restart, force-reload, and view status of pure-ftpd, begin your command with /etc/init.d/pure-ftpd

    
root@ftp-server:~# /etc/init.d/pure-ftpd
Usage: /etc/init.d/pure-ftpd {start|stop|restart|force-reload|status}

    Remember that SFTP and FTPS are not the same. SFTP basically is FTP using SSH while FTPS uses TLS. This means that if you’ve enabled SSH on the server (and for the user), then SFTP (port 22) will work as well.

    Filed under: Debian, Linux

    Firefox 39.0 SSL Error: Weak Ephemeral Diffie-Hellman key

    • Posted on
    • By

    Recently updated Firefox to version 39.0 and tried to access Call Manager and Contact Center Express. Got the following Firefox error:

    SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)

    Solution documented in https://support.mozilla.org/en-US/questions/1066238

    Explanation: http://arstechnica.com/security/2015/05/https-crippling-attack-threatens-tens-of-thousands-of-web-and-mail-servers/

    1. In Firefox, Enter “about:config” in the URL field and press enter.
    2. Accept the “This might void your warranty!” warning by clicking “I’ll be careful, I promise!” button.
    3. In the search field, enter “security.ssl3.dhe_rsa_aes”.
    4. Double click each result (128 SHA and 256 SHA) to toggle the Value to “false”.

    No need to close and reopen the browser.

    Filed under: Firefox, Security, Web browser