Unified Communications Blog

Thursday, August 31, 2017

Scripted Cron Shutdown Guest VM's & ESXi Server

By customer request I had to find a way to setup a solution to do a automated shutdown all guests on a ESXi server gracefully. After that the ESXi host had also to be shutdown.

On an ESXi server you can't access the crontab via crontab -e, but you can edit the config file and kill & restart the crond.

What it took to get this running:
Login to ESXi as root and execute these steps

Kill crond

[root@esxi1:~]/bin/kill $(cat /var/run/crond.pid)

Edit crontab

[root@esxi1:~] vi  /var/spool/cron/crontabs/root
#min hour day mon dow command
1    1    *   *   *   /sbin/tmpwatch.py
1    *    *   *   *   /sbin/auto-backup.sh
0    *    *   *   *   /usr/lib/vmware/vmksummary/log-heartbeat.py
*/5  *    *   *   *   /sbin/hostd-probe ++group=host/vim/vmvisor/hostd-probe
00   1    *   *   *   localcli storage core device purge

# My added lines
0 13 30 8 * /sbin/vmware-autostart.sh stop
15 13 30 8 * /sbin/shutdown.sh && /sbin/poweroff

Start crond

[root@esxi1:~]/usr/lib/vmware/busybox/bin/busybox crond

Above added lines in the crontab will result in the guests to be shutdown on 30th of August at 13:30 UTC time. The last line will shutdown the ESXi host 15 min later. So, check your system time via date.

[root@esxi1:~] date
Thu Aug 30 16:38:36 UTC 2017

The gracefull guest shutdown will only work if the guests are configured for autostart in ESXi. The original crontab will be restored automatically with the next system boot.

If you want your changes to be permanent you could archieve this by editing
/etc/rc.local.d/local.sh to readd your changes at every system startup.

Example:

#!/bin/sh
#Kill crond
/bin/kill $(cat /var/run/crond.pid)
#Your added lines
/bin/echo "0 13 30 8 * /sbin/vmware-autostart.sh stop" >> /var/spool/cron/crontabs/root
/bin/echo "15 13 30 8 * /sbin/shutdown.sh && /sbin/poweroff" >> /var/spool/cron/crontabs/root
#Start crond
/usr/lib/vmware/busybox/bin/busybox crond
exit 0

Keep in mind that all these changes are not officially supported by VMware. Use at your own risk.

Monday, October 10, 2016

CUCM 11.5 Custom Ringtone Troubleshooting

Recently I had a customer that asked for some custom ringtones. What should have been a task for about half an hour was finally a task that took me several hours on a Cisco Unified Communications Manager 11.5. If you are easily bored, there are still plenty of bugs in that release to play around with. So here is a short summary of the steps required to get this stuff up and running:

1. Be aware that the filenames like Ringlist-wb.xml are case sensitive.
2. When there is a signed file like Ringlist-wb.xml.sgn make sure to delete it when you upload the new Ringlist-wb.xml. The signed files are not renewed automatically when you restart the TFTP service. It will be renewed in the case there is no one. So delete it.
3. If you change an already existing ringtone and keep the filename, delete the ringtone.rwb.sgn file. Same problem as in point 2.
4. If your phone now sees the new ringtone and is able to play it in the ringtone selection menue, but doesn't play it as selected ringtone -> reset your phone

Finally Audacity setting for export:

RWB Files (newer wideband phones 88XX, etc.):

RAW Files (old phones 79XX, etc.):

Hints:
Be aware that the old phones use the Ringlist.xml file instead of the Ringlist-wb-xml file.
The new wideband phones accept also "old" raw ringtone entries in the Ringlist-wb.xml files.

The process in general is very well described at:
http://www.netcraftsmen.com/uc-toolkit-using-audacity-for-cucm-ring-tones/

Friday, September 4, 2015

Cisco Webex Meetings Server CWMS 2 Error 23 Troubleshooting

Cisco Webex Meetings Server aka CWMS is sometimes a little bit picky about certificates. If you get the following error message whilst trying to acces the CWMS site it usually indicates a problem with your certstore:

"Setup was unsuccessful.Please try again [Error 23]"

You can try to capture the Webex logs via wbxtracer, and you will probably find an error 0x800B010A in it.
I could't find anything usefull in the internet, except for the fact that it is a certificate chain problem. So I decided to publish the fix here. Hopefully it saves somebodys day ...

Error 23 means IDS_SECURITY_TAMPERED. It means there is something wrong with the integrity check of a (Webex .dll) file.
Most typically this means there could be a problem with any certificate in the certificate path used to verify the digital signature on the file.

In my case, the issue is related to a missing intermediate signing certificate from Verisign (which is used to verify digital signature of Webex .dll files)

The fix is to download the certificate manually and install it as Intermediate CA certificate on affected PCs.
This is the link to download the relevant certificate from VeriSign:
https://knowledge.verisign.com/library/VERISIGN/ALL_OTHER/Certificates/Code2010/VeriSign_Class_3_Code_Signing_2010_CA.cer
If you use another CA / certificate, go and check their homepage.

Resolution Summary:

1. Download certificate to affected PC(s): https://knowledge.verisign.com/library/VERISIGN/ALL_OTHER/Certificates/Code2010/VeriSign_Class_3_Code_Signing_2010_CA.cer
2. From within IE open "Internet Options” dialog box and under “Content" click on “Certificates".
3. Import certificate into "Intermediate Certificate Authorities” trust store.
4. Happy conferencing ;-)

Saturday, March 7, 2015

Edit Licence MAC on CUCM / CUPS / UCNX / UCCX

This works at least from UC version 8.x onwards.

To get access to the LicenseMac.sh file, you first need root access on your system.
Have a look here: http://uc-b.blogspot.de/2015/03/step-by-step-guide-to-root-access-via.html
When you system is rooted, ssh to it as root.

Fire up vim at LicenseMac.sh:
vim /usr/local/bin/base_scripts/LicenseMac.sh

Search for "FinalString=" by entering "/FinalString=" in vim. Mine popped up at line 155. Might be different in your system.

Edit the string to match your license mac.
FinalString="deadbeafdead"

Watch out! The original line has single quotes. We have to use double quotes to make this work. Otherwise your license field in "show status" might end up empty.

Reboot. Done.

Step By Step Guide To Root Access Via SSH On UCCX 10.6

We will do this by booting the VM with a Redhat Centos ISO image. Then we are modifying some parameters and will end up after one reboot with a rooted UCCX system. This guide is also valid for CUCM / CUPS / UCXN. Supported version for this to work is at least 9.x to 10.x. I guess 8.6 should work also.

This guide will walk you through the rooting process of an UCCX 10.6 system. With the 10.x release Cisco switched from a 32bit Linux to a 64bit Linux. So, when you are on a pre 10.x system, you need a 32bit version of Centos. If you are at least on version 10.x you need the 64 bit version.

I use these:
32bit http://isoredirect.centos.org/centos/5/isos/i386/
64bit http://isoredirect.centos.org/centos/6/isos/x86_64/

Things needed for the rooting process of UCCX 10.6:

Running Cisco UCCX 10.6 System
CentOS-6.6-x86_64-bin-DVD1.iso or equivalent.
15-30 min of time to spend on this

I'm showing this on a Vmware workstation 7.1 host. Other Vmware versions might/will show a different menu. If you are going to do this, you will be able to figure out where to find the relevant checkboxes. ;-)

I suggest taking a snapshot of the system before we begin.

We start by open the settings window of our UCCX machine. There we map our DVD drive to the Centos ISO image. Check that it will connect on power on.

Then we open the VMX file of your UCCX machine and enter an additional line:

bios.bootDelay = "7000"

When we start the UCCX system, this will give us a 7 sec delay to press ESC in the boot process.Which brings us to the boot menu:

Select "CD-ROM Drive" and press enter.

Select "Rescue installed system".

Select "English".

I prefer to leave it at "us". If you are using a non us keyboard this might be a little bit awkward if you are not used to this.

No need for a network here.

Select "Continue".

This can be a little bit tricky. Choose your active partition. Easy guess here because I came from 9.02 (ver5) to 10.6 (ver6). So it has to be the sda1 partition.

Select "OK".

Select "Shell".

If you get an error reporting that /mnt/sysimage was mounted read only, you can fix it with:

mount -o rw,remount /mnt/sysimage

After checking /mnt/sysimage is mounted as rw you change your root to the mounted, hopefully active, partition:

bash-4.1# chroot /mnt/sysimage
sh-4.1#

Now we can start editing the systems config for root access via SSH.

Remove securetty to get rid of TTY restrictions:
sh-4.1# rm /etc/securetty

Set a password for root. Because this is only a lab system you can use a simple password and ignore the warning.
sh-4.1# passwd root
Changing password for user root.
New password:
BAD PASSWORD: it is too short
BAD PASSWORD: is too simple
Retype new password:
passwd: all authentication tokens updated successfully.
sh-4.1#

Assign a shell to the root user:
sh-4.1# vim /etc/passwd
Replace “root:x:0:0:root:/root:/sbin/nologin” with “root:x:0:0:root:/root:/bin/bash”.
Quit and save.

Allow root login via SSH:
sh-4.1# vim /etc/ssh/sshd_config
Add the line “PermitRootLogin yes”.
This one is write protected. So quit by using :wq!.

Set Selinux to permissive:
sh-4.1# vim /etc/selinux/config
Replace “SELINUX=enforcing” with “SELINUX=permissive”.
Quit and save.

Reboot the system to verify successful root access.
sh-4.1# reboot

When the reboot is finished try to ssh to the UCCX system. You should be prompted with this:

login as: root
root@172.20.23.250's password:
Send automatic password
Last login: Fri Mar 6 19:56:49 2015 from 172.20.23.3
[root@LABUCCX ~]#

There we are. Success! This is intended only for use in lab environments! Don't use this in production environments.

For those not familiar with the VIM editor there are some good tutorials online. This one has the important stuff covered: http://vim.wikia.com/wiki/Tutorial

In short words:
/FindMe        Search for pattern FindMe. Caution! This is case sensitive.
    n          Next hit
    N          Previous hit
To edit a file press i. This will bring you to the insert mode. Now you can insert and delete text.
When you are done press ESC to leave insert mode.
:q!            To quit without saving. You loose changes made.
:wq            To save and close the file.
:wq!           To save and close the file. Even if it is flagged as read only.

Friday, November 18, 2011

Lab Setup Windows 2008 AD Server for Dirsync to CUCM via LDAP

Sometimes it's useful to have a Windows Active Directory server in your lab. I'm everything else than a Microsoft expert and I was curious if I could get this to work. Target is to get a couple of users in a hierarchic structure with different characteristics to test search base settings and LDAP filters. Screenshots are in German, sorry for that. Had no other version to test but I tried to translate the important parts.

I started with the installation of a Windows 2008 Server where then DNS & AD where activated. There is a pretty straightforward guide at:
http://www.petri.co.il/installing-active-directory-windows-server-2008.htm
There are several other equal good guides around.

When I verified the installation in Server Manager I saw a warning:

The Replication Service was stopped. I tried o start it manually but it would not start. I think DFS Replication is used now. Anyway it seems to work without that service.

Next step is to verify the AD User setup. So go via Start -> Administration and click Active Directory - Users & Computers.

This opens your User administration:

I've added some OU's to get a structure in it. You can create these via the button the arrow points to.
Now we are only missing some users to get some life into this. Because I'm lazy, if possible, I will add them by batch. So I opened a DOS prompt on my DC and entered the following lines:

dsadd user CN="John Adams,OU=MITTE,OU=BERLIN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn John -ln Adams -pwd .C1sc0uc. -display "John Adams" -samid John.Adams -iptel 2800 -company IPT-Experts -dept Voice -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email John.Adams@lab.local
dsadd user CN="Helmut Meier,OU=MITTE,OU=BERLIN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Helmut -ln Meier -pwd .C1sc0uc. -display "Helmut Meier" -samid Helmut.Meier -iptel 2801 -company IPT-Experts -dept Voice -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Helmut.Meier@lab.local
dsadd user CN="Sabine Mueller,OU=MITTE,OU=BERLIN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Sabine -ln Mueller -pwd .C1sc0uc. -display "Sabine Mueller" -samid Sabine.Mueller -iptel 2802 -company IPT-Experts -dept Voice -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Sabine.Mueller@lab.local
dsadd user CN="Hermann Meier,OU=MITTE,OU=BERLIN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Hermann -ln Meier -pwd .C1sc0uc. -display "Hermann Meier" -samid Hermann.Meier -iptel 2803 -company IPT-Experts -dept Voice -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Hermann.Meier@lab.local
dsadd user CN="Ernst Maier,OU=MITTE,OU=BERLIN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Ernst -ln Maier -pwd .C1sc0uc. -display "Ernst Maier" -samid Ernst.Maier -iptel 2804 -company IPT-Experts -dept Voice -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Ernst.Maier@lab.local
dsadd user CN="Manfed Meyer,OU=BERLIN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Manfed -ln Meyer -pwd .C1sc0uc. -display "Manfed Meyer" -samid Manfed.Meyer -iptel 2805 -company IPT-Experts -dept Voice -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Manfed.Meyer@lab.local
dsadd user CN="Sebastian Meier,OU=BERLIN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Sebastian -ln Meier -pwd .C1sc0uc. -display "Sebastian Meier" -samid Sebastian.Meier -iptel 2806 -company IPT-Experts -dept Voice -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Sebastian.Meier@lab.local
dsadd user CN="Gustav Tretpohl,OU=BERLIN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Gustav -ln Tretpohl -pwd .C1sc0uc. -display "Gustav Tretpohl" -samid Gustav.Tretpohl -iptel 2807 -company IPT-Experts -dept Voice -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Gustav.Tretpohl@lab.local
dsadd user CN="Hans Duck,OU=BERLIN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Hans -ln Duck -pwd .C1sc0uc. -display "Hans Duck" -samid Hans.Duck -iptel 2808 -company IPT-Experts -dept Voice -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Hans.Duck@lab.local
dsadd user CN="Helmut Kohl,OU=HAMBURG,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Helmut -ln Kohl -pwd .C1sc0uc. -display "Helmut Kohl" -samid Helmut.Kohl -iptel 2809 -company IPT-Experts -dept Voice -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Helmut.Kohl@lab.local
dsadd user CN="Andre Morgenstern,OU=HAMBURG,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Andre -ln Morgenstern -pwd .C1sc0uc. -display "Andre Morgenstern" -samid Andre.Morgenstern -iptel 2810 -company IPT-Experts -dept Voice -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Andre.Morgenstern@lab.local
dsadd user CN="Andre Stello,OU=HAMBURG,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Andre -ln Stello -pwd .C1sc0uc. -display "Andre Stello" -samid Andre.Stello -iptel 2811 -company IPT-Experts -dept Voice -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Andre.Stello@lab.local
dsadd user CN="Andreas Gustav,OU=HAMBURG,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Andreas -ln Gustav -pwd .C1sc0uc. -display "Andreas Gustav" -samid Andreas.Gustav -iptel 2812 -company IPT-Experts -dept Voice -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Andreas.Gustav@lab.local
dsadd user CN="Frank Eickhoff,OU=HAMBURG,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Frank -ln Eickhoff -pwd .C1sc0uc. -display "Frank Eickhoff" -samid Frank.Eickhoff -iptel 2813 -company IPT-Experts -dept Voice -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Frank.Eickhoff@lab.local
dsadd user CN="Sebastian Stahlhut,OU=HAMBURG,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Sebastian -ln Stahlhut -pwd .C1sc0uc. -display "Sebastian Stahlhut" -samid Sebastian.Stahlhut -iptel 2814 -company IPT-Experts -dept Voice -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Sebastian.Stahlhut@lab.local
dsadd user CN="Hans-Hernmann Sawade,OU=HAMBURG,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Hans-Hernmann -ln Sawade -pwd .C1sc0uc. -display "Hans-Hernmann Sawade" -samid Hans-Hernmann.Sawade -iptel 2815 -company IPT-Experts -dept Voice -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Hans-Hernmann.Sawade@lab.local
dsadd user CN="David Wenk,OU=HAMBURG,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn David -ln Wenk -pwd .C1sc0uc. -display "David Wenk" -samid David.Wenk -iptel 2816 -company IPT-Experts -dept Sales -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email David.Wenk@lab.local
dsadd user CN="Andreas Leppin,OU=COLOGNE,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Andreas -ln Leppin -pwd .C1sc0uc. -display "Andreas Leppin" -samid Andreas.Leppin -iptel 2817 -company IPT-Experts -dept Sales -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Andreas.Leppin@lab.local
dsadd user CN="Guenther Walter,OU=COLOGNE,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Guenther -ln Walter -pwd .C1sc0uc. -display "Guenther Walter" -samid Guenther.Walter -iptel 2818 -company IPT-Experts -dept Sales -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Guenther.Walter@lab.local
dsadd user CN="Michael Kaenner,OU=COLOGNE,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Michael -ln Kaenner -pwd .C1sc0uc. -display "Michael Kaenner" -samid Michael.Kaenner -iptel 2819 -company IPT-Experts -dept Sales -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Michael.Kaenner@lab.local
dsadd user CN="Thomas Gottschalk,OU=COLOGNE,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Thomas -ln Gottschalk -pwd .C1sc0uc. -display "Thomas Gottschalk" -samid Thomas.Gottschalk -iptel 2820 -company IPT-Experts -dept Sales -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Thomas.Gottschalk@lab.local
dsadd user CN="Guenther Jauch,OU=COLOGNE,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Guenther -ln Jauch -pwd .C1sc0uc. -display "Guenther Jauch" -samid Guenther.Jauch -iptel 2821 -company IPT-Experts -dept Sales -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Guenther.Jauch@lab.local
dsadd user CN="Anne Will,OU=COLOGNE,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Anne -ln Will -pwd .C1sc0uc. -display "Anne Will" -samid Anne.Will -iptel 2822 -company IPT-Experts -dept Sales -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Anne.Will@lab.local
dsadd user CN="Helmut Schmidt,OU=COLOGNE,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Helmut -ln Schmidt -pwd .C1sc0uc. -display "Helmut Schmidt" -samid Helmut.Schmidt -iptel 2823 -company IPT-Experts -dept Sales -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Helmut.Schmidt@lab.local
dsadd user CN="Harald Schmidt,OU=COLOGNE,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Harald -ln Schmidt -pwd .C1sc0uc. -display "Harald Schmidt" -samid Harald.Schmidt -iptel 2824 -company IPT-Experts -dept Sales -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Harald.Schmidt@lab.local
dsadd user CN="Sebastian Seine,OU=ESSEN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Sebastian -ln Seine -pwd .C1sc0uc. -display "Sebastian Seine" -samid Sebastian.Seine -iptel 2825 -company IPT-Experts -dept Sales -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Sebastian.Seine@lab.local
dsadd user CN="Hartmut Hubertus,OU=ESSEN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Hartmut -ln Hubertus -pwd .C1sc0uc. -display "Hartmut Hubertus" -samid Hartmut.Hubertus -iptel 2826 -company IPT-Experts -dept Sales -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Hartmut.Hubertus@lab.local
dsadd user CN="Manfred Deutschland,OU=ESSEN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Manfred -ln Deutschland -pwd .C1sc0uc. -display "Manfred Deutschland" -samid Manfred.Deutschland -iptel 2827 -company IPT-Experts -dept Sales -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Manfred Deutschland@lab.local
dsadd user CN="Joseppe Krug,OU=ESSEN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Joseppe -ln Krug -pwd .C1sc0uc. -display "Joseppe Krug" -samid Joseppe.Krug -iptel 2828 -company IPT-Experts -dept Sales -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Joseppe.Krug@lab.local
dsadd user CN="Jose Roemer,OU=ESSEN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Jose -ln Roemer -pwd .C1sc0uc. -display "Jose Roemer" -samid Jose.Roemer -iptel 2829 -company IPT-Experts -dept Sales -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Jose.Roemer@lab.local
dsadd user CN="Mark Gottschalk,OU=ESSEN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Mark -ln Gottschalk -pwd .C1sc0uc. -display "Mark Gottschalk" -samid Mark.Gottschalk -iptel 2830 -company IPT-Experts -dept Sales -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Mark.Gottschalk@lab.local
dsadd user CN="Kai Schroeder,OU=ESSEN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Kai -ln Schroeder -pwd .C1sc0uc. -display "Kai Schroeder" -samid Kai.Schroeder -iptel 2831 -company IPT-Experts -dept Sales -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Kai.Schroeder@lab.local
dsadd user CN="Uwe Koenig,OU=ESSEN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Uwe -ln Koenig -pwd .C1sc0uc. -display "Uwe Koenig" -samid Uwe.Koenig -iptel 2832 -company IPT-Experts -dept Sales -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Uwe.Koenig@lab.local
dsadd user CN="Hardo Koenig,OU=ESSEN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Hardo -ln Koenig -pwd .C1sc0uc. -display "Hardo Koenig" -samid Hardo.Koenig -iptel 2833 -company IPT-Experts -dept Sales -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Hardo.Koenig@lab.local
dsadd user CN="Maik Buchholz,OU=ESSEN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Maik -ln Buchholz -pwd .C1sc0uc. -display "Maik Buchholz" -samid Maik.Buchholz -iptel 2834 -company IPT-Experts -dept Sales -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Maik.Buchholz@lab.local
dsadd user CN="Jan Buchholz,OU=ESSEN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Jan -ln Buchholz -pwd .C1sc0uc. -display "Jan Buchholz" -samid Jan.Buchholz -iptel 2835 -company IPT-Experts -dept Marketing -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Jan.Buchholz@lab.local
dsadd user CN="Clara Schmidt,OU=ESSEN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Clara -ln Schmidt -pwd .C1sc0uc. -display "Clara Schmidt" -samid Clara.Schmidt -iptel 2836 -company IPT-Experts -dept Marketing -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Clara.Schmidt@lab.local
dsadd user CN="Sabine Schroeder,OU=ESSEN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Sabine -ln Schroeder -pwd .C1sc0uc. -display "Sabine Schroeder" -samid Sabine.Schroeder -iptel 2837 -company IPT-Experts -dept Marketing -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Sabine.Schroeder@lab.local
dsadd user CN="Manfred Buchholz,OU=ESSEN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Manfred -ln Buchholz -pwd .C1sc0uc. -display "Manfred Buchholz" -samid Manfred.Buchholz -iptel 2838 -company IPT-Experts -dept Marketing -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Manfred.Buchholz@lab.local
dsadd user CN="Hendrik Schiene,OU=ESSEN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Hendrik -ln Schiene -pwd .C1sc0uc. -display "Hendrik Schiene" -samid Hendrik.Schiene -iptel 2839 -company IPT-Experts -dept Marketing -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Hendrik.Schiene@lab.local
dsadd user CN="Heinz Stahlhut,OU=ESSEN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Heinz -ln Stahlhut -pwd .C1sc0uc. -display "Heinz Stahlhut" -samid Heinz.Stahlhut -iptel 2840 -company IPT-Experts -dept Marketing -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Heinz.Stahlhut@lab.local
dsadd user CN="Wilhelm Sprick,OU=ESSEN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Wilhelm -ln Sprick -pwd .C1sc0uc. -display "Wilhelm Sprick" -samid Wilhelm.Sprick -iptel 2841 -company IPT-Experts -dept Marketing -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Wilhelm.Sprick@lab.local
dsadd user CN="Klaus Landree,OU=ESSEN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Klaus -ln Landree -pwd .C1sc0uc. -display "Klaus Landree" -samid Klaus.Landree -iptel 2842 -company IPT-Experts -dept Marketing -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Klaus.Landree@lab.local
dsadd user CN="Magnus Landree,OU=ESSEN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Magnus -ln Landree -pwd .C1sc0uc. -display "Magnus Landree" -samid Magnus.Landree -iptel 2843 -company IPT-Experts -dept Marketing -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Magnus.Landree@lab.local
dsadd user CN="Siegrid Schaekel,OU=ESSEN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Siegrid -ln Schaekel -pwd .C1sc0uc. -display "Siegrid Schaekel" -samid Siegrid.Schaekel -iptel 2844 -company IPT-Experts -dept Marketing -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Siegrid.Schaekel@lab.local
dsadd user CN="Marlies Salge,OU=ESSEN,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Marlies -ln Salge -pwd .C1sc0uc. -display "Marlies Salge" -samid Marlies.Salge -iptel 2845 -company IPT-Experts -dept Marketing -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Marlies.Salge@lab.local
dsadd user CN="Ernst Mueller,OU=MUNICH,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Ernst -ln Mueller -pwd .C1sc0uc. -display "Ernst Mueller" -samid Ernst.Mueller -iptel 2846 -company IPT-Experts -dept Human Resources -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Ernst.Mueller@lab.local
dsadd user CN="Friedrich Mueller,OU=MUNICH,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Friedrich -ln Mueller -pwd .C1sc0uc. -display "Friedrich Mueller" -samid Friedrich.Mueller -iptel 2847 -company IPT-Experts -dept Human Resources -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Friedrich.Mueller@lab.local
dsadd user CN="Tanja Meier,OU=MUNICH,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Tanja -ln Meier -pwd .C1sc0uc. -display "Tanja Meier" -samid Tanja.Meier -iptel 2848 -company IPT-Experts -dept Human Resources -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Tanja.Meier@lab.local
dsadd user CN="Bjoern Meyer,OU=MUNICH,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Bjoern -ln Meyer -pwd .C1sc0uc. -display "Bjoern Meyer" -samid Bjoern.Meyer -iptel 2849 -company IPT-Experts -dept Human Resources -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Bjoern.Meyer@lab.local
dsadd user CN="Mona Haeberle,OU=MUNICH,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Mona -ln Haeberle -pwd .C1sc0uc. -display "Mona Haeberle" -samid Mona.Haeberle -iptel 2850 -company IPT-Experts -dept Human Resources -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Mona.Haeberle@lab.local
dsadd user CN="Thomas Hilbig,OU=MUNICH,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Thomas -ln Hilbig -pwd .C1sc0uc. -display "Thomas Hilbig" -samid Thomas.Hilbig -iptel 2851 -company IPT-Experts -dept Human Resources -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Thomas.Hilbig@lab.local
dsadd user CN="Wolfgang Maximo,OU=MUNICH,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Wolfgang -ln Maximo -pwd .C1sc0uc. -display "Wolfgang Maximo" -samid Wolfgang.Maximo -iptel 2852 -company IPT-Experts -dept Human Resources -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Wolfgang.Maximo@lab.local
dsadd user CN="Sina Sattel,OU=MUNICH,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Sina -ln Sattel -pwd .C1sc0uc. -display "Sina Sattel" -samid Sina.Sattel -iptel 2853 -company IPT-Experts -dept Human Resources -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Sina.Sattel@lab.local
dsadd user CN="Judith Sattel,OU=MUNICH,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Judith -ln Sattel -pwd .C1sc0uc. -display "Judith Sattel" -samid Judith.Sattel -iptel 2854 -company IPT-Experts -dept Human Resources -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Judith.Sattel@lab.local
dsadd user CN="Silke Hubertus,OU=MUNICH,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Silke -ln Hubertus -pwd .C1sc0uc. -display "Silke Hubertus" -samid Silke.Hubertus -iptel 2855 -company IPT-Experts -dept Consulting -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Silke.Hubertus@lab.local
dsadd user CN="Kira Roemer,OU=MUNICH,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Kira -ln Roemer -pwd .C1sc0uc. -display "Kira Roemer" -samid Kira.Roemer -iptel 2856 -company IPT-Experts -dept Consulting -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Kira.Roemer@lab.local
dsadd user CN="Wolfgang Rolf,OU=MUNICH,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Wolfgang -ln Rolf -pwd .C1sc0uc. -display "Wolfgang Rolf" -samid Wolfgang.Rolf -iptel 2857 -company IPT-Experts -dept Consulting -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Wolfgang.Rolf@lab.local
dsadd user CN="Peter Worms,OU=MUNICH,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Peter -ln Worms -pwd .C1sc0uc. -display "Peter Worms" -samid Peter.Worms -iptel 2858 -company IPT-Experts -dept Consulting -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Peter.Worms@lab.local
dsadd user CN="Hans Eichel,OU=MUNICH,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Hans -ln Eichel -pwd .C1sc0uc. -display "Hans Eichel" -samid Hans.Eichel -iptel 2859 -company IPT-Experts -dept Consulting -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Hans.Eichel@lab.local
dsadd user CN="Ferdinand Eichel,OU=MUNICH,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Ferdinand -ln Eichel -pwd .C1sc0uc. -display "Ferdinand Eichel" -samid Ferdinand.Eichel -iptel 2860 -company IPT-Experts -dept Consulting -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Ferdinand.Eichel@lab.local
dsadd user CN="Clemens Fuchs,OU=MUNICH,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Clemens -ln Fuchs -pwd .C1sc0uc. -display "Clemens Fuchs" -samid Clemens.Fuchs -iptel 2861 -company IPT-Experts -dept Consulting -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Clemens.Fuchs@lab.local
dsadd user CN="Walter Rudolf,OU=MUNICH,OU=GERMANY,OU=USERS,OU=CUCM-LAB,DC=lab,DC=local" -fn Walter -ln Rudolf -pwd .C1sc0uc. -display "Walter Rudolf" -samid Walter.Rudolf -iptel 2862 -company IPT-Experts -dept Consulting -office "Musterstraße 1, 12345 Musterstadt" -canchpwd no -pwdneverexpires yes -memberof "CN=CUCM-USERS,CN=users,DC=lab,DC=local" -email Walter.Rudolf@lab.local

Let's check if this worked:

So far so good. Now I add a user which I will use to authenticate the dirsync to CUCM:

Settings:

Password should never expire and user doesn't need to change it.

Now the CUCM needs to be prepared for Dirsync. Remember that all localy administered end users will be deactivated / deleted after a LDAP dirsync. First step is to enable the Dirsync service in CUCM Serviceability. Then go to System -> LDAP System Configuration and enable the LDAP Sync:

After doing and verfying that go to System -> LDAP Directory:

When you are done click save and subsequently Perform Full Sync Now.
Maybe you get this error after trying to save:

This doesn't neccesarily mean that there is "null" connection. This shows also up when there is an authentication error. I started with a quick view to Wireshark:

Error code is:
80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1
The problem is that CUCM only speaks LDAP simple and with that you have to enter the username for LDAP (distinguished Name) in the format of an email address. I think that's new in Windows 2008 server. In the case that you are running CUCM and AD in the same Vmware System, like I do, you might not be able to sniff the traffic on the LAN. You could still use CUCM packet capture:

http://uc-b.blogspot.com/2011/08/cisco-cucm-troubleshooting-with-cucm.html

Anyway, if everything went well the end users start appearing now:

A nice tool for checking the LDAP functionality is an LDAP browser. I would highly recommend LDAP Admin for that. Stable, flexible and usually enough features. You can get it from here: http://ldapadmin.sourceforge.net/

As always, feel free to comment, ask or suggest ...