Configuring Cisco Unified Communications

Manager Initial Settings

Task 1: Upload the License File

In this task, you will upload the license file to allow two nodes (publisher and subscriber) to be
used for call processing.

Activity Procedure
Complete these steps:
Step 1 Log in from PC-x to the web administration GUI of Cisco Unified Communications
Manager by browsing to https:\\10.x.1.1\ccmadmin.
Step 2 Navigate to System > Licensing > License File Upload and click the Upload
License File button. A new window pops up.
Step 3 Click the Browse… button and search for the .lic file on the desktop of PC-x. Select
the file and click Open.

Note If you do not know where to find the license file, ask your instructor for help.

Step 4 Click Upload to upload the license file in Cisco Unified Communications Manager.
Step 5 Click Continue in the next window, and wait until the License File Information box
appears. The license upload is completed.

Activity Verification
When navigating to System > Licensing > License Unit Report, the uploaded licenses are
included in the report.
Task 2: Eliminate DNS Reliance
In this task, you will eliminate the need for DNS by changing from DNS names to IP addresses.

Activity Procedure
Complete these steps:
Step 1 From PC-x, access Cisco Unified Communications Manager Administration.
Step 2 Go to System > Server and click Find to list all servers of your cluster.
Step 3 Click CUCMx and change the Host Name/IP Address field from CUCMx to
192.168.x.y (cucm ip address)
Step 4 Add a description for your server. Enter Publisher in the Description field.
Step 5 Click Save.

Note The Subscriber has already been configured with its IP address during the installation
procedure,because installation fails if the subscriber is configured by name and DNS is not
used.

Step 6 Under System > Enterprise Parameters, check if the phone URLs still include
hostnames (CUCMx).
Step 7 Change all of the phone URLs to the appropriate IP address and click Save.

Activity Verification
You have completed this task when you attain these results:

An IP address is used for the server name:
— Go to System > Server and click Find to list all servers of your cluster.
— Both the Publisher and the Subscriber should be listed with their IP address in the
Host Name/IP Address column, and with a Description.

No IP addresses are used in phone URLs:
— Go to System > Enterprise Parameters.
— In the Phone URL Parameters pane, all URLs should contain the IP address of the
publisher server (10.x.1.1, where x is your pod number).
Task 3: Manage Network and Feature Services
In this task, you will activate the minimum services that are required by Cisco Unified
Communications Manager to serve Cisco IP phones.

Activity Procedure
Complete these steps:

Configure Cisco Unified Communications Manager Servers

Step 1 From PC1, access Cisco Unified Communications Manager Administration GUI.
Step 2 Go to System > Cisco Unified CM and click Find.
Step 3 Click on the CM_CUCMx name to enter the Cisco Unified CM Configuration
window.
Step 4 Change the automatically generated Cisco Unified Communications Manager Name
to CUCM1-x (where x is your pod number).
Step 5 In the Description field, enter Publisher.
Step 6 Click Save.

Activate Cisco Unified Communications Manager Services

Step 7 From PC1x, access Cisco Unified Communications Manager Serviceability GUI.
Step 8 Go to Tools > Service Activation.

Step 9 At the Select Server page, select 10.x.1.1 and then click Go.
Step 10 From the list of services, check Cisco CallManager, the Cisco TFTP, and Cisco
DHCP Monitor Service.

Note You will need the Cisco DHCP Monitor Service to perform the next task in this lab.

Step 11 Click Save to activate these services. A pop-up window appears that informs you
that service activation will take a while. Confirm by clicking OK, and then wait
until the Status (on top left corner of the page) changes from Ready to Update
Completed.
Step 12 Using the related links or Tools > Control Center – Feature Services, go to the
control center for feature services.
Step 13 Verify that the Cisco Communications Manager, the Cisco TFTP, and the Cisco
DHCP Monitor Services are started and activated.
.
Task 4: Configure Cisco Unified Communications Manager to
Provide DHCP Services
In this task, you will configure Cisco Unified Communications Manager to assign IP addresses
to IP phones by DHCP.

Activity Procedure
Complete these steps:
Step 1 In the Cisco Unified Communications Manager Administration GUI, navigate to
System > DHCP > DHCP Server and click the Add New button.
Step 2 In the DHCP Server Configuration window, enter the following parameters:

Host Server: 192.168.x.y (ip cucm)

Primary TFTP Server IP Address (Option 150): 192.168.x.y

Keep the default values for all other parameters.
Step 3 Verify the entered parameters and click Save.
Step 4 Navigate to System > DHCP > DHCP Subnet and click Add New.
Step 5 In the DHCP Subnet Configuration window, select the newly created DHCP server
and enter the following parameters:

Subnet IP Address: 192.168.x.0

Primary Start IP Address: 192.168.x..50

Primary End IP Address: 192.192.168.x.100

Primary Router IP Address: 192.168.x.1

Subnet Mask: 255.255.255.0

Note By specifying option 150 at the DHCP server, you made the configured value the default
value for all DHCP subnets. Therefore this parameter does not have to be set again at the
DHCP subnet configuration.

Step 6 Verify the entered parameters and then click Save.

Activity Verification
You have completed this task when you attain these results:

The DHCP server is configured.

The DHCP subnet is configured.

Further verification, to verify that IP phones obtain an IP address from the Cisco Unified
Communications Manager publisher, is performed in Lab 3-1.
Task 5: Configure Cisco Unified Communications Manager
Enterprise and Service Parameters
In this task, you will enable the dependency records and verify the automatically created URLs.
You will also enable CDR and CMR service parameters.

Activity Procedure
Complete these steps:

Configure Enterprise Parameters

Step 1 Navigate to System > Enterprise Parameters.
Step 2 Activate the Enable Dependency Records parameter by setting the value to True, in
the CCMAdmin Parameters pane.
Step 3 Click OK in the pop-up window, and click Save.

Note Dependency records help you to determine which records in the database use other
records. For example, you can determine which devices (such as CTI route points or
phones) use a particular CSS. If you need to delete a record from Cisco Unified
Communications Manager, you can use dependency records to show which records are
associated with the record that you want to delete. You can then reconfigure those records,
so that they are associated with a different record.

Configure Service Parameters

Step 4 Navigate to System > Service Parameters and select the publisher server and the
Cisco CallManager service from the drop-down list.
Step 5 Set the CDR Enabled Flag value to True in the System parameters.

Note The CDR Enabled Flag parameter determines whether call detail records (CDRs) are
generated. Valid values specify True (CDRs are generated) or False (CDRs are not
generated).

Step 6 Set the CDR Log Calls with Zero Duration Flag to True in the System parameters.
Step 7 Set the CMR parameter Call Diagnostics Enabled value to Enabled Only When
CDR Enabled Flag is True in the Clusterwide Parameters (Device - General).

Note The Call Diagnostics Enabled parameter determines whether call management records
(CMRs), also called diagnostic records, are generated. Generating CMRs without
corresponding CDRs can cause uncontrolled disk space consumption. Cisco recommends
that you always enable CDRs when CMRs are enabled. If you choose Enabled Only When
CDR Enabled Flag is True and the CDR Enabled Flag service parameter is set to False, no
CMRs will be generated.

Step 8 Save the changes.

Activity Verification
You have completed this task when you attain these results:

The Dependency Records parameter is enabled:
— In the System > Enterprise Parameters, verify that the Enable Dependency Records
parameter is set to True.

The CDR and CMR parameters are enabled:
— Go to System > Service Parameters and select the publisher server and the Cisco
CallManager service from the drop-down list.
— The CDR Enabled Flag and the CDR Log Calls with Zero Duration Flag are set to
True, and the CMR parameter Call Diagnostics Enabled is set to Enabled Only
When CDR Enabled Flag is True.
Managing User Accounts in Cisco Unified
Communications Manager

Task 1: Managing User Accounts Using the Administration GUI

Add new user through the administration GUI

In the Cisco Unified Communications Manager web GUI, configure a user as follows:
Step 1 From PC-x, access Cisco Unified Communications Manager Administration.
Step 2 Go to User Management > End User and click Add New.
Step 3 Configure a user with the attributes that follow, and save the newly created account
by clicking Save at the bottom of the page or the Save symbol at the top of the End
User Configuration window.

User ID: User1

Password: password

PIN: 54321

Last name: Phone1

First name: User1
Step 4 Click Add New again and add a second user with these attributes.

User ID: User2

Password: password

PIN: 12345

Last name: Phone2

First name: User2
Step 5 In User Management > End User, verify that the two end users, User1 and User2,
are configured in Cisco Unified Communications Manager Administration.

Assign access rights to users

You can define different access rights to different users:
Step 6 The first user, User1, gets CCM Super User access rights assigned. Go to the End
User Configuration window by clicking the User ID in the Find and List Users list.
Step 7 Click Add to User Group in the Permissions Information box on the bottom of the
page.
Step 8 In the pop-up window, click Find.
Step 9 Select the Standard CCM Super Users parameter from the resulting list, and click
Add Selected. The selected parameter is visible in the Groups box.
Step 10 In the End User Configuration window, click Save. The status changes to Update
Successful. Go back to Find and List Users list.
Step 11 The second user, User2, gets only Standard CCM Read Only access rights assigned.
Go to the Permissions Information box in the End User Configuration window and
click Add to User Group.
Step 12 In the pop-up window, click Find.
Step 13 Select the Standard CCM Read Only parameter from the resulting list, and click
Add Selected. The selected parameter is visible in the Groups box.
Step 14 Click Save.
Step 15 On the top of the page, in the right corner, click the Logout link to log out the
CCMAdministrator account.
Step 16 On the Cisco Unified Communications Manager Administration login page, log in
as User1 and access some administrator menus. Go to User Management > End
User and verify that the Add and Delete buttons are shown.
Step 17 Click the Logout link to log out User1.
Step 18 On the Cisco Unified Communications Manager Administration login page, log in
as User2 and access some administrator menus. Go to User Management > End
User and verify that User2 has only read access rights (no buttons to add or delete
users are shown).
Step 19 Log in as user1 again and navigate to the End User menus. Press Find and verify
that two users are configured and that you can see the information offered on the
Find page.
Step 20 Click User1 and change the password to Cisco and the PIN to 12345.
Task 2: Managing User Accounts Using BAT
In this task, you will use BAT to add users and you will configure user templates to assign
rights to users.

Activity Procedure
Complete these steps:

Activate the Bulk Provisioning Service

The Bulk Provisioning Service must be activated to work with Bulk Administration tools.
Step 1 In the Cisco Unified Communications Manager Serviceability window, navigate to
Tools > Service Activation.
Step 2 In the Service drop-down box, choose the publisher server 192.168.x.y
Step 3 In the Database and Admin Services area, activate the Cisco Bulk Provisioning
Service and click Save. The window refreshes and the Activation Status
corresponding to Bulk Provisioning Service displays Activated.

Create new users with the bat.xlt file

After you download the bat.xlt file, you can enter user information in the file. The data will be
exported to a .csv file and imported in Cisco Unified Communications Manager through the
Bulk Administration tools.
Step 4 Log in to Cisco Unified Communications Manager Administration and navigate to
Bulk Administration > Upload / Download Files and click Find.
Step 5 Click the checkbox for the bat.xlt file and click Download Selected.
Step 6 Download the BAT spreadsheet to C:\ and open the BAT.xlt file. If prompted, click
Enable Macros to use the spreadsheet capabilities.
Step 7 Click the Users tab at the bottom of the spreadsheet.
Step 8 Complete all mandatory fields in each row, providing the following information:

First Name: User3

Last Name: Phone3

UserID: User3

Password: cisco

PIN: 12345
Step 9 Provide the following information for a second user:

First Name: User4

Last Name: Phone4

UserID: User4

Password: cisco

PIN: 12345
 Step 10 Click Export to BAT Format to transfer the data from the BAT Excel spreadsheet
into a CSV-formatted data file.
Step 11 Click OK at the popup window. The system saves the file to C:\XLSDataFiles\.
The filename is: Users-<timestamp>.txt

Note If you enter a comma in one of the fields, BAT.xlt encloses that field entry in double quotes
when you export to CSV format. If you enter a blank row in the spreadsheet, the system
treats the empty row as the end of the file. Data that is entered after a blank line does not
get converted to the CSV format.

Add a new user template in Cisco Unified Communications Manager

User templates are used to define common features for end users.
Step 12 Navigate to Bulk Administration > Users > User Template and click Add New.
Step 13 In the User Template Configuration window, enter the following parameters, and
then click Save:

User Template Name: CIPT_Users

Check the check box Default Password to User ID

User Locale: English, United States

User Group: Standard CCM End Users

Insert new users in Cisco Unified Communications Manager Through Bulk Administration
The newly created .csv file will be imported in Cisco Unified Communications Manager
through the Bulk Administration.
Step 14 Go to Bulk Administration > Upload/Download Files.
Step 15 Click Add New.
Step 16 In the File text box, click Browse and locate the file in C:\XLSDataFiles\ Users-
<timestamp>.txt.
Step 17 In the Select the Target drop-down box, choose Users.
Step 18 In the Select Transaction Type drop-down box, choose Insert Users.
Step 19 Click Save. The status displays that the upload is successful.
Step 20 Navigate to Bulk Administration > Users > Insert Users.
Step 21 In the File Name field, enter the CSV data file that you created for this bulk
transaction (Users-<timestamp>.txt).
Step 22 Choose the user template that you created (CIPT_Users) from the User Template
Name drop-down box.
Step 23 In the Job Information area, enter as Job description CIPT1 and click the Run
Immediately radio button.
Step 24 Click Submit to create the job for inserting the user records. The Status should
display that adding the job was successful and that the job request is submitted.
 Step 25 Use the Job Scheduler to see the status of your job, in Bulk Administration > Job
Scheduler.

Verify added user in Cisco Unified Communications Manager

Step 26 Navigate to User Management > End User and click Find.
Step 27 The two newly created users, User3 and User4, should appear in the user list.
Step 28 Browse to https://192.168.x.y/ccmuser and log in with the users User3 and User4
using the defined password cisco.

Activity Verification
You have completed this task when you attain these results:

The two new users, User3 and User4, appear in the user list:
— Navigate to User > End User and click the Find button.
Task 3: Configure Cisco Unified Communications Manager to
Use LDAP for User Provisioning
In this task, you will configure Cisco Unified Communications Manager to synchronize user
accounts with an LDAP directory.

Activity Procedure
Complete these steps:

Configure the Active Directory server

For LDAP synchronization, you will need to configure the Active Directory server as follows:
Step 1 Open Active Directory server
Step 2 On the Active Directory Server, navigate to Start > Programs > Administrative
Tools > Active Directory Users and Computers. Right-click Users, navigate to
New > User and configure a new user with the following properties:
— User login name: CCMDirMgr
— Last name: CUCM-LDAP-Access
— Password: cisco
— Password never expires
— Do not create an Exchange mailbox
Step 3 Add the CCMDirMgr user to the administrator group: Right-click the user
CCMDirMgr and select Properties. Select the tab Member of and click Add.
Step 4 Select the Administrators group and click Add, then click OK.

Note This account will be used by Cisco Unified Communications Manager to access the LDAP
directory during synchronization.

Step 5 On the Active Directory server, navigate to Start > Programs > Administrative
Tools > Active Directory Users and Computers. Right-click lab.com and select
New > Organizational Unit.
Step 6 Enter EndUsers for the name of the organizational unit and click OK.

Note Cisco Unified Communications Manager will refer to this organizational unit as a search
base. Therefore all users created within this organizational unit will get replicated to Cisco
Unified Communications Manager.

Step 7 Right-click the newly created organizational unit EndUsers, navigate to New >
User and configure a new user with the following properties:
— User login name: User5
— Last name: Phone5
— Password: cisco
 — Password never expires
— Do not create an Exchange mailbox
Step 8 Repeat the previous step by adding another user with a login name User6 and a last
name Phone6.

Configure LDAP synchronization in Cisco Unified Communications Manager

To configure LDAP synchronization follow these steps:
Step 9 In Cisco Unified Communications Manager Serviceability window, navigate to
Tools > Service Activation and select the Cisco Unified Communications Manager
192.168.x.y and click Go.
Step 10 Activate the Cisco DirSync service in the category Directory Services.
Step 11 Navigate to LDAP > LDAP System. Check the box Enable Synchronizing from
LDAP Server. The server LDAP type is Microsoft Active Directory and the LDAP
attribute for the user id is sAMAccountName.
Step 12 Click Save.
Step 13 Navigate to LDAP > LDAP Directory. Configure the LDAP directory name, by
clicking the Add New button.
Step 14 Enter the following parameters:

LDAP Configuration Name: MS-AD

LDAP Manager Distinguished Name: CCMDirMgr@lab.com

LDAP Password: cisco

LDAP User Search Base: ou=EndUsers, dc=lab, dc=com
Step 15 Activate the check box Perform Sync Just Once.
Step 16 Verify user attribute mappings: Middle Name should be middleName, Phone
Number should be telephoneNumber, and Mail ID should be mail.
Step 17 Enter the IP address of the LDAP server and the port 389.
Step 18 Click Save.
Step 19 After the new LDAP Directory information is saved, click Perform Full Sync Now.
Step 20 Navigate to User Management > End User and click Find. You will see six users.
Check the LDAP Sync Status for the users. Two are active (User5 and User6) and
four are inactive (User1 to User4).
Step 21 Try to log in to the user web pages as User3. This should not work anymore.
Step 22 Verify that you cannot add or delete end users in Cisco Unified Communications
Manager Administration.
Step 23 In the End User Configuration window, change the password for the User5 and
User6 users to cisco123 and the PIN to 12345.
Step 24 Click Save.
 Note This update will work because the PIN is always locally configured and the local password is
used as long as LDAP authentication is not enabled.

Step 25 On the Active Directory server, add two more users in the EndUsers organizational
unit by repeating the steps performed earlier. The users should have the following
properties:
— User login names: User1 and User2
— Last name: Phone1 and Phone2
— Password: cisco
— Password never expires
— Do not create an Exchange mailbox

Step 26 In Cisco Unified Communications Manager Administration, navigate to LDAP >

LDAP Directory and perform a full synchronization.
Step 27 Verify that the two users, User1 and User2, are active in the LDAP Sync Status field
in the Find and List Users window of Cisco Unified Communications Manager.

Activity Verification
You have completed this task when you attain these results:

Four LDAP directory users were imported into Cisco Unified Communications Manager.
The other two users (User3 and User4) are flagged as inactive.

Note By default, inactive users are removed after 24 hours.

Users can only be added or deleted at the Active Directory server and are imported into
Cisco Unified Communications Manager user database.
Task 4: Configure Cisco Unified Communications Manager
LDAP Authentication
Configure Cisco Unified Communications Manager to authenticate users against an LDAP
directory.

Activity Procedure
Complete these steps:
Step 1 To configure LDAP Authentication, in Cisco Unified Communications Manager
Administration, navigate to LDAP > LDAP Authentication.
Step 2 Click Enable LDAP Authentication and enter the following parameters:

LDAP Manager Distinguished Name: CCMDirMgr@lab.com

LDAP Password: cisco

LDAP User Search Base: dc=cisco, dc=com.
Step 3 Enter the IP address of the LDAP server, and the port number, 389.
Step 4 Click Save.
Step 5 Navigate to User Management > End User and try changing the password for an
end user, which should not be possible.
Step 6 The Password field is gone. Change the password on the Active Directory server for
User2 by right-clicking the user and clicking Reset Password.
Step 7 A new window pops up; use it to set the password to microsoft.
Step 8 Log in to the Cisco Unified Communications Manager Administration web pages
(https:\\192.168.x.y\ccmadmin) as User2 with password cisco. This does not work
anymore. Try logging in using password microsoft. This time the login should be
successful.
Step 9 In Active Directory, change the password of User2 back to cisco.
Step 10 Verify that User2 now has to use password cisco when logging into the Cisco
Unified Communications Manager Administration web pages.
Step 11 Try logging in to the user web pages with User5 or User6 and password cisco. This
does not work. The problem, however, is not an LDAP authentication failure but the
fact that the two newly created users are not yet members of any groups.
Step 12 Add User5 and User6 to the Standard CCM End Users group. Now they should be
able to access the user web pages.
 Note User1 and User2 were configured earlier to be members of Administrator groups (one of a
group with full access and one of a group with read-only privileges). Although these two
users were flagged Inactive after the first synchronization, their local group membership was
recovered after the users had been added to Active Directory. This works while the users
are inactive (24 hours, by default). Once they are deleted from the Cisco Unified
Communications Manager database and added via Active Directory afterwards, all their
local settings (including group memberships) must be reconfigured.

Activity Verification
You have completed this task when you attain these results:

End users are authenticated using the LDAP directory.

The password for end users can only be changed at the Active Directory server.

Note The activity verification has already been