Category: Cisco

Cisco 8851 Partial Registered in CUCM

I’ve got a few Cisco 8851 phones that always come up as partial registered. I understand that partial registered usually means that one or more lines are unregistered or something to that effect. No matter how many times I reset remotely or power cycle the damn thing, it always come back as partial registered. To the users, everything is normal. Everything is normal so – meh. A few weeks later, got an aha moment.

Here’s what I forgot: our users use extension mobility and their device profiles were based on Cisco 7962 or 7965 device types and have all 6 lines associated with a directory number. Cisco 8800-series desk phones without a key expansion module (a.k.a sidecar) can only associate up to 5 lines. The user’s device profiles also have all 6 lines populated and after I disassociate that 6th line from the profile, things are back to normal. Well, it was already normal but you know what I mean.

New UCCX Team and CSQ not showing up in CUIC

A couple weeks ago, I recently added a new skill, assigned the skill to a Contact Service Queue (CSQ) and updated the assigned CSQ’s in the Team configuration and then renamed the Team name. When I logged in to Cisco Unified Intelligence Center (CUIC) to run a report, I do not see the new CSQ I created. The fix is to restart Cisco Unified Intelligence Center Reporting Service

The CUIC that we have is embedded (not standalone) in one of the UCCX nodes. Log in to both the UCCX nodes and check if Cisco Unified Intelligence Center Reporting Service is running then restart it.

admin:utils service list

Requesting service status, please wait...
Cisco Unified Intelligence Center Reporting Service[STARTED]
Cisco Unified Intelligence Center Serviceability Service[STARTED]

admin:utils service restart Cisco Unified Intelligence Center Reporting Service
 Don't press Ctrl-c while the service is getting RESTARTED.If Service has not Restarted Properly, execute the same Command Again
Service Manager is running
Cisco Unified Intelligence Center Reporting Service[STOPPED] Commanded Out of Service
Service Manager is running
Cisco Unified Intelligence Center Reporting Service[STARTING]
Cisco Unified Intelligence Center Reporting Service[STARTED]

UCCX Basic SQL Query

Most of the things that matter daily in UCCX 8.x, 9.x and perhaps 10.x are mostly done in CCX Administration (appadmin) and some troubleshooting done CCX Editor. There is one thing that Report Summary and User View did not do for me: List all users, along with their login ID‘s, and IPCC extensions so I can inform the Windows server team which users belong in the call center.

My solution was to do a SQL query. For those of you who are familiar with MySQL syntax, you will like this or roll your eyes on how easy it is and how unnecessary this post would be. My problem was that I did not know the name of the database and tables the agent info are stored.

See that * in the query below? Don’t do that if you have a lot of agents.

run uccx sql db_cra select * from resource

Or do it anyway to find out the names of the table columns so you can narrow down your search; but do it for one user.

run uccx sql db_cra select * from resource where resourceloginid like 'elton'

Be specific with the table columns instead.

run uccx sql db_cra select resourceloginid,extension,resourcename from resource where active!='f'

I use PuTTY and automatically log all session output so I don’t have to selectively highlight text to copy. Open the directory where you store the logs, open in Notepad++, copy, paste in Excel or Calc.

This is based on the UCCX 9.0 CLI Reference Guide:

As for SQL queries in Call Manager, check these out:

Here’s a SQL user lookup example equivalent to viewing info in User Management > End Users

run sql select* from enduser where userid='elton'

William Bell has excellent CUCM SQL query tutorials as well. Don’t forget to check out the comment threads.

Basically, still using standard SQL syntax (yeah, that sounds redundant) prepended by “run sql” but it is just a matter of finding out the table and column names.

Here’s a SQL query to view them.

run sql select x.tabname, y.colname from systables x, syscolumns y where x.tabid=y.tabid order by x.tabname

Cisco Supervisor Desktop “No Service”

CUCM 9.1
UCCX 9.0.2

A user called in to report that after logging in to Cisco Supervisor Desktop, selected a Team from the Team dropdown selection, it took a long time to load. It continues to state “No Service” in the bottom of the window after nothing has loaded and Team dropdown selection is greyed out.

If you download the Cisco Desktop Call/Chat Service trace logs, you will notice messages like:

2015-07-24 03:30:36:440 INFO STD0005 Client  disconnected from service at <>.
2015-07-24 03:30:36:443 WARN LC0001 Error occurred while performing an LDAP operation.
2015-07-24 03:30:36:444 WARN LC0001 Error occurred while performing an LDAP operation.
2015-07-25 12:47:19:520 WARN FCCS3008 Network communication error  sending message to application .  The application will be logged out.
2015-07-27 08:44:34:074 INFO LC0007 Invalid Value.
2015-07-27 08:44:34:082 INFO LC0007 Invalid Value.


  • Restart Cisco Desktop Call/Chat Service. This does not drop calls because once a call is answered, the CCX port is no longer used in that call. RTP media is now between endpoints. This does disrupt and refresh screens on agents who are exchanging chat messages but that shouldn’t be an issue, in my opinion.
  • Log out and back in.
  • If restarting the Cisco Desktop Call/Chat Service, did not work for you, restart Cisco Desktop Sync Service and Cisco Desktop Browser and IP Phone Agent Service.
  • Issue confirmed fixed. Notice, after selecting a team and while it is loading, the first thing that populates are the team’s agents and supervisors.

    What you want to see in the logs will be something like this

    2015-07-27 08:44:52:057 INFO FCCS0027 Service going into active mode.  Incoming requests will be accepted.
    2015-07-27 08:44:52:074 INFO LRMS0004 LRMClient is connected to the service at <>.

    Cisco IOS Configuration Change Logging

    Someone or something caused your router to reboot. You want to log configuration changes to rule that out without using TACACS. Here’s what it looks like.

    router(config)# archive
    router(config-archive)# log config
    router(config-archive-log-cfg)# logging enable
    router(config-archive-log-cfg)# logging size 1000
    router(config-archive-log-cfg)# notify syslog

    To display configuration log entries by record numbers starting with the first recorded command
    show archive log config 1

    To display all configuration log files as they would appear in a configuration file rather than in a tabular format
    show archive log config all provisioning

    To view statistics
    show archive log config statistics

    router# show archive log config statistics
    Config Log Session Info:
            Number of sessions being tracked: 1
            Memory being held: 3909 bytes
            Total memory allocated for session tracking: 187657 bytes
            Total memory freed from session tracking: 183748 bytes
    Config Log log-queue Info:
            Number of entries in the log-queue: 63
            Memory being held by the log-queue: 16356 bytes
            Total memory allocated for log entries: 16356 bytes
            Total memory freed from log entries: 0 bytes

    For more information:

    Written by Comments Off on Cisco IOS Configuration Change Logging Posted in Cisco, IOS

    Configure SSH v2 in Cisco IOS

    Set the device’s hostname
    hostname hercules

    Set the device’s membership to a domain. Generating an RSA key requires a domain name.
    ip domain-name

    Check to see if SSH is already running
    show ip ssh

    Generate an RSA key
    crypto key generate rsa

    You will get something like the following:

    hercules(config)#crypto key generate rsa
    The name for the keys will be
    Choose the size of key modules in the range of 360 to 4096 for your
    General Purpose Keys.  Choosing a key modulus greater than 512 may take a few minutes
    How many bits in the modulus [512]: 2048
    %Generating 2048 bit RSA keys, keys will be non-exportable...
    [OK] (elapsed time was 0 seconds)

    If you skipped the ip domain-name, you will get the following:
    % Please define a domain-name first.

    Or you could do a more specific command
    crypto key generate rsa general-keys modulus 2048

    hercules(config)#crypto key generate rsa general-keys modulus 2048
    The name for the keys will be:
    % The key modulus size is 2048 bits
    % Generating 2048 bit RSA keys, keys will be non-exportable...[OK]
    *Apr 12 05:12:36.775: %SSH-5-ENABLED: SSH 2.0 has been enabled

    At this point, when you check the output of show ip ssh and it shows version 1.99, that means that it is supports or run both versions 1 and 2. Note that 1.99 is not an actual version but a method to identify backwards compatibility.

    To run only version 2
    ip ssh version 2

    Set up a local user
    username elton privilege 15 secret cisco

    Few more commands

    line vty 0 4
      login local

    Allow only SSH
    transport input ssh

    Allow both SSH and telnet
    transport input ssh telnet

    Few ways to verify

    Check if the SSH service is running on the device
    show ip ssh

    Check who are logged in

    Check the SSH port
    show control-plane host open-ports

    hercules#show control-plane host open-ports
    Active internet connections (servers and established)
    Prot               Local Address             Foreign Address                  Service    State
     tcp                        *:22                         *:0               SSH-Server   LISTEN
     tcp                        *:23                         *:0                   Telnet   LISTEN

    Check active TCP sessions. These are not TCP traffic through the router but those terminated at this router.
    show tcp

    hercules#show tcp
    tty194, virtual tty from host Achilles
    Connection state is ESTAB, I/O status: 1, unread input bytes: 0
    Connection is ECN Disabled, Mininum incoming TTL 0, Outgoing TTL 255
    Local host:, Local port: 22
    Foreign host:, Foreign port: 2326
    Connection tableid (VRF): 0
    Enqueued packets for retransmit: 0, input: 0  mis-ordered: 0 (0 bytes)
    Event Timers (current time is 0x1838E4):
    Timer          Starts    Wakeups            Next
    Retrans            13          0             0x0
    TimeWait            0          0             0x0
    AckHold             9          0             0x0
    SendWnd             0          0             0x0
    KeepAlive           0          0             0x0
    GiveUp              0          0             0x0
    PmtuAger            0          0             0x0
    DeadWait            0          0             0x0
    Linger              0          0             0x0
    ProcessQ            0          0             0x0
    iss: 1184651233  snduna: 1184653125  sndnxt: 1184653125     sndwnd:  17104
    irs: 3330383746  rcvnxt: 3330385707  rcvwnd:       3800  delrcvwnd:    328
    SRTT: 247 ms, RTTO: 663 ms, RTV: 416 ms, KRTT: 0 ms
    minRTT: 4 ms, maxRTT: 300 ms, ACK hold: 200 ms
    Status Flags: passive open, active open
    Option Flags: 0x1000000
    IP Precedence value : 6
    TCB is waiting for TCP Process (55)
    Datagrams (max data segment is 1460 bytes):
    Rcvd: 20 (out of order: 0), with data: 12, total data bytes: 1960
    Sent: 17 (retransmit: 0, fastretransmit: 0, partialack: 0, Second Congestion: 0), with data: 14, total data bytes: 1891
     Packets received in fast path: 0, fast processed: 0, slow path: 0
     fast lock acquisition failures: 0, slow path: 0
    Written by Comments Off on Configure SSH v2 in Cisco IOS Posted in Cisco, IOS

    Check loaded Jabber XML configuration

    Simply browse to http://CUCM-IP-address:6970/jabber-config.xml

    Remember that TFTP files are not configuration changes to the configuration database replicated by the publisher to the subscriber. Likely, your publisher or the server you are checking is not a TFTP server. You need to upload jabber-config.xml to all TFTP servers.

    If it does exist when you check in OS Administration > Software Upgrades > TFTP File Management, then you need to restart Cisco Tftp for the change to take effect.

    Check the installation and configuration guide for more information:

    TCP header compression on a Cisco router

    TCP header compression is used to compress TCP headers in a network to save bandwidth on a link. However, TCP header compression comes at a cost in terms of processor time (delay/serialization delay).

    Conditions: must be configured on both ends of the network to compress and decompress packets.

    cisco_router1(config)# interface serial0/1
    cisco_router1(config-if)# ip address
    cisco_router1(config-if)# ip tcp header-compression
    cisco_router2(config)# interface serial0/0/1
    cisco_router2(config-if)# ip address
    cisco_router2(config-if)# ip tcp header-compression
    cisco_router1# show ip tcp header-compression
    cisco_router2# show ip tcp header-compression

    efficiency improvement factor = (bytes saved + bytes sent) / (bytes sent)

    Written by Comments Off on TCP header compression on a Cisco router Posted in Cisco, IOS, QoS

    Disconnect SSH session on a Cisco ASA

    asa# show ssh sessions
    SID Client IP       Version Mode Encryption Hmac     State            Username
    2    2.0     IN   aes256-cbc sha1     SessionStarted   elton
                                OUT  aes256-cbc sha1     SessionStarted   elton
    3     2.0     IN   aes256-cbc sha1     SessionStarted   admin
                                OUT  aes256-cbc sha1     SessionStarted   admin

    Notice the SID 2 and 3. Session ID 3 belongs to the one logged in as admin. Let’s drop the hammer.

    asa# ssh disconnect 3


    asa# show ssh sessions
    SID Client IP       Version Mode Encryption Hmac     State            Username
    2    2.0     IN   aes256-cbc sha1     SessionStarted   elton
                                OUT  aes256-cbc sha1     SessionStarted   elton
    asa# show logging
    Oct 03 2014 11:22:00: %ASA-5-111008: User 'enable_15' executed the 'ssh disconnect 3' command.
    Oct 03 2014 11:22:00: %ASA-5-111010: User 'enable_15',running 'CLI' from IP, executed 'ssh disconnect 3'
    Oct 03 2014 11:22:00: %ASA-5-611103: User logged out: Uname: admin

    Yeah, fuck that guy. If that wasn’t anyone you know, time to change your passwords.