Guest

Cisco Prime Unified Provisioning Manager

Getting Started with Cisco Unified Provisioning Manager 1.3.1 Deployment and Best Practices

  • Viewing Options

  • PDF (1.1 MB)
  • Feedback

Contents

Terms

What Is Cisco Unified Provisioning Manager?

How Does It Differ from Other Provisioning Applications?

Direct versus Indirect Provisioning

What Do Companies Use Cisco Unified Provisioning Manager For?

Usage by Problem to Be Solved

Reference Materials and Software Links

Training

Concepts

Cisco Unified Provisioning Manager Concepts

Business Analysis

Installing Cisco Unified Provisioning Manager

How to Select Hardware

How to Select the OS

Loading Other Software with Cisco Unified Provisioning Manager

Information Needed During Installation

VMware Support in Provisioning Manager

How to Assure a Clean Install

Preparing End Systems

Basic Task Flow

How to Choose the Synchronization Rules

Domain Sync Rules

Domain Sync Rules Interoperability

Configuring Rules Step by Step

How-To Examples

Taking over an Existing Cisco Unified Communications Network

Setting up a New Cisco Unified Communications Network

Typical Problems with Setup and Operation

Things to Remember When Using Batch Files

Dealing with LDAP Integrated Cisco Unified Communications Manager

NAT issues

To Sync or Not to Sync

Moving Users between Domains or Services between Service Areas

Handling Common Directory Number Mapping across Multiple Service Areas

Working with TAPS

How Many Concurrent Users

Handling Autoregistered Phones

Using Cisco IOS Templates to Provision Communications Manager Express/Cisco Unity Express/SRST

Window Security Patch Update

Cisco Unified Provisioning Manager Licensing

FAQ and Troubleshooting Tips

Install or Upgrade

Communications Manager Synchronization

Communications Manager Express and Cisco Unity Express Synchronization

Unity and Cisco Unity Connection Synchronization

Batch Operations

Orders

Others


Introduction

It is assumed that the reader has done some evaluation of the product and has looked through the data sheet and user guides. This guide is not structured or written to aid in purchasing but rather is about what to do with the product once you receive it.
This document outlines best practices for a successful deployment of Cisco ® Unified Provisioning Manager in Cisco Unified Communications initial deployment and ongoing operational environments. It documents different aspects of installation guidelines, server sizing, initial device setup, and best practices for initial setup, ongoing administration, and maintenance of the product.
This document is not an alternative to the installation guide or the user guide as it does not cover all the features or all the steps for the operations suggested. It is a supplement to the installation guide and the user guide. Detailed steps are provided for best practices wherever relevant.

Terms

There are a variety of terms used within Cisco Unified Provisioning Manager and this document that may be new to the reader or may need to be clarified in the context of Cisco Unified Provisioning Manager.

Table 1. Terms Related to Cisco Unified Provisioning Manager

Terms

Attributes

Attributes

Option settings. These may have true/false, text, template, or keyword settings.

Admins

Admins are those with authorization to perform various tasks in Cisco Unified Provisioning Manager. There are global admins and domain admins.

Communications Manager

Cisco Unified Communications Manager, formerly Cisco Unified CallManager

Provisioning Manager

Refers to the Cisco Unified Provisioning Manager application

Domain

A logical partition to subdivide a shared environment to create separate local administrative partitions

Domain admin

An administrator that has provisioning access to one or more domains. A domain admin generally will not have higher-level access to set up infrastructure devices or the overall Cisco Unified Provisioning Manager system.

Domain sync

Domain synchronization

MAC or MACD

Moves, adds, changes, or deletes

PMAdmin

Top-level administrator with access to all system resources. Typically the PMAdmin sets up the system and delegates management tasks to domain admins.

Service area

A logical partition to subdivide a shared environment within a domain

Subscriber

An entity that uses IP telephony services provided by the Cisco Unified Communications System

Sync

Import configuration information from Cisco Unified Communications devices. There are three types of sync: infrastructure sync, subscriber sync, and domain sync.

User

Also referred to as admins

What Is Cisco Unified Provisioning Manager?

Cisco Unified Provisioning Manager is a business-process-oriented provisioning tool that utilizes management domains, rules, and policy to control provisioning of subscriber services and network infrastructure.

How Does It Differ from Other Provisioning Applications?

Provisioning is done by ordering services or ordering service changes rather than by modifying individual attributes on individual applications. Every change to the infrastructure or subscriber services is done by submitting an order, and all orders are tracked to provide an audit trail. Orders can be submitted through the provisioning GUIs or through templates and batch files.
Cisco Unified Provisioning Manager is subscriber/infrastructure oriented. Every order is placed against a subscriber ID or the Infrastructure ID. Phones are assigned to subscribers. Services are provisioned for subscribers.
Cisco Unified Provisioning Manager is designed to support Cisco products only. There is no direct support for third-party call devices. Cisco Unified Provisioning Manager does not use Simple Network Management Protocol (SNMP) for provisioning. It uses Cisco AXL, SQL calls, and Telnet or Secure Shell (SSH) Protocol style communications depending on the device type being provisioned.
Cisco Unified Provisioning Manager supports a large number of Cisco Unified Communications Manager, Communications Manager Express, Cisco Unity, Cisco Unity Express, and Cisco Unity Connection revisions. Nearly all third-party provisioning tools are designed to support a small amount of target revisions and Cisco Unified Communications applications.

Direct versus Indirect Provisioning

Cisco Unified Provisioning Manager does not always directly communicate with devices to set configurations. Endpoints, for example, get their provisioned settings from Communications Manager, which is directly provisioned by Cisco Unified Provisioning Manager. The following sections outline how devices are provisioned.

Direct Provisioning

Cisco Unified Communications Manager and Cisco Unity: The Cisco Unified Communications Manager has API interfaces referred to as AXL interfaces. Cisco Unified Provisioning Manager talks directly to Cisco Unified Communications Manager through AXL and connects to Cisco Unity SQL server using Java Database Connectivity (JDBC).
Communications Manager Express: Communications Manager Express is a Cisco IOS ® Software application that runs on Cisco routers that provides telephony services. Since Communications Manager Express is a Cisco IOS application, Cisco Unified Provisioning Manager communicates with the router using the Cisco IOS software command-line interface (CLI).
Cisco Unity Express: Cisco Unity Express is a software application that runs on a service module installed either in a Cisco modular router or in integrated hardware in a Cisco modular router. Part of the Cisco Unity Express configuration is done through the Cisco IOS interface for the router and part through the service module command interface.

Indirect Provisioning

Presence: Cisco Unified Provisioning Manager does not currently configure the Presence server. Presence settings related to a subscriber's service are set on Cisco Unified Communications Manager.
Phones: Cisco Unified Provisioning Manager does not directly communicate with the phones, but Cisco Unified Provisioning Manager configures Cisco Unified Communications Manager with phone settings. The phones get their configurations from Cisco Unified Communications Manager.
Microsoft Exchange: Cisco Unified Provisioning Manager does not directly communicate with Exchange, but Microsoft Exchange indirectly gets users added during the provisioning of a voice mail account to Unity subscriber.

What Do Companies Use Cisco Unified Provisioning Manager For?

Different companies have different pain points or return on investment (ROI) goals they would like solved by Cisco Unified Provisioning Manager. They use all or part of Cisco Unified Provisioning Manager's "toolbox" to solve their business problems. The toolbox can be subdivided into a set of tools by problem to be solved or by type of operation.

Usage by Problem to Be Solved

I need to roll out one or more sites.

For the first site or two, it generally is best to use the Cisco Unified Communications applications' GUIs to directly set up the Cisco Unified Communications applications and devices. If more sites are going to be deployed, it is best to capture common deployment settings in templates with keywords for devices or site names. It is usually better to make smaller templates of common settings and later nest them to create a larger template to describe a specific site. Some large companies have rolled out many sites by creating templates for common areas, such as manufacturing buildings, sales offices, and retail stores. These sites can be added to templates that are built for different physical regions or countries to make sites uniformly configured based on function while customized by state or country.
When rolling out new sites, it is often required to add many subscribers and their services all at once. If this is the case, batches can be created with lists of user IDs, phone types, and services. These batches can be loaded into the order management system in Cisco Unified Provisioning Manager to be executed immediately or at a future date to bulk create users and user services in a new site. This functionality is sometimes used to bulk migrate subscribers from a legacy PBX into a Cisco voice over IP (VoIP) network.
Summary: The tools are infrastructure templates and the batch order functions.

I want onsite or regional administrators to handle MACs and password reset.

Cisco Unified Provisioning Manager can have a single domain for all subscribers or multiple domains with subscribers. In order to delegate day 2 tasks to different regional administration groups, subscribers for each group can be put in different domains. With this configuration, administration for a specific subscriber group can be delegated to a specific regional administrator or regional administration group. A regional administrator assigned to manage subscribers in one domain will not be able to make changes to subscribers in another domain.
When a day 2 administrator is created in the provisioning system, that person is usually assigned to manage only one domain. Starting with Cisco Unified Provisioning Manager 1.3.1, day 2 administrators can be assigned to multiple domains.
Summary: The deployment architecture needed is multidomain. Tools required are the order manager GUI and possibly the multidomain administration feature.

I need to create uniform configurations across one or more clusters

In some cases companies have had turnover in IT staff causing many different individuals to configure Communications Manager causing inconsistent provisioning. Another case is when multiple companies merge and want to bring together two or more Cisco Unified Communications networks, each configured differently. Rather than manually sorting out the configurations server by server, templates can be used to create uniform configurations. This is similar to rolling out new sites. The templates can be pushed out to all Communications Managers, making the configurations consistent.
Summary: Nested templates with keyword replacement are used to produce consistent, repeatable configurations across clusters.

Reference Materials and Software Links

Following are useful reference materials on Cisco Unified Provisioning Manager.

Training

Cisco provides an excellent, self-led tutorial for Provisioning Manager, which should be considered mandatory reading for people who will be managing Provisioning Manager. This tutorial takes less than two hours to go through and provides task-based walkthroughs for how to use Cisco Unified Provisioning Manager in various scenarios. The tutorial can be found at http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps6491/ps6705/ps7125/prod_presentation0900aecd8062a570.pdf.
Cisco also provides a two-day instructor-led training (ILT) course, with "hands-on" labs for people who prefer a classroom forum in which to learn more about the product. Further information about training can be found at http://www.cisco.com/go/ndm.

Concepts

Cisco Unified Provisioning Manager is a business-oriented product that operates differently from the devices it manages. An understanding of the concepts around Cisco Unified Provisioning Manager is necessary to understand how to get the maximum value from the product.

Cisco Unified Provisioning Manager Concepts

Cisco Unified Provisioning Manager uses concepts to ease the management of Cisco Unified Communications Manager deployment (Figure 1). Concepts consist of following:

Domain

• A logical partition to subdivide a shared environment to create separate local administrative partitions containing service areas with domain partitions and subscribers. A domain can contain multiple service areas and may be associated with multiple Cisco Unified Communications Manager or Unity clusters.

Example: A domain could be a company headquarters building or all subscribers in Western Europe or each department in a large enterprise.

Best practice: If you want to give a group of subadministrators the ability to manage only a limited part of the voice network, then most likely you will want to create a domain for them to manage.

Service area

• A logical partition to subdivide a shared environment within a domain to determine the class of service for each subscriber type. Subscriber services are mapped to the devices and application in the voice network. A service area is associated with only one Cisco Unified Communications Manager or one Unity cluster.

Example: A service area can be a department within a company headquarters building domain (for example, Engineering, Marketing, Finance, and other departments) or may be tied to a specific location or site.

Best practice: You most likely will have a service area for each class of service for each location you manage.

Figure 1. Domain - Service Area Concept

Users

• Users are those with authorization to perform various tasks in Cisco Unified Provisioning Manager. See Table 2 for more information on user roles.

• Global

– Complete authorization to perform all tasks in Cisco Unified Provisioning Manager

– Cisco Unified Provisioning Manager admin (PMAdmin user), created at install, has global administrator rights

• Domain

– Authorization is limited to tasks within a specific domain or, if using the Multi Domain Admin function, one or more domains.

– Individual user roles are related for either policy or workflow tasks.

– Users can be assigned more than one user role within a single domain.

– Individual user roles are related for either policy or workflow tasks.

– Users can be assigned more than one user role within a single domain.

– Users can be assigned to manage multiple domains.

– Global administrator: Cisco Unified Communications experts who install the Cisco Unified Provisioning Manager application and set up the infrastructure, rules and policy. They can assign domain admin roles to users.

– Domain admin: Junior help desk technicians who can order predefined service offerings

– Domain admin with advance ordering privileges: Senior help desk technicians who can set provisioning attributes at time of order

• Service can be ordered for users. Thus, users become subscribers.

• User roles determine the level of access within Cisco Unified Provisioning Manager.

• Some domain-specific roles are only applicable if workflow is enabled.

Example: A company wants to manage a Cisco Unified Communications network and give day 2 tasks to an IT help desk. In the IT help desk, there are junior and senior technicians. The roles could be as follows:

– Global administrators: Cisco Unified Communications experts who install the Cisco Unified Provisioning Manager application and set up the infrastructure, rules, and policy. They can assign domain admin roles to users.

– Domain admin: Junior help desk personnel who can order predefined service offerings

– Domain admin with advance ordering privileges: Senior help desk personnel who can set provisioning attributes at the time of the order

Best practice: Initially, for each domain, set up one or more users with the ordering role at a minimum. If the preset workflow rules (see below) are used, no other roles need be assigned, since workflow will perform activation automatically. Giving only the ordering role will allow users very fixed functionality. The administrator can provide more access once the users become familiar with the system.

Table 2. User Roles

User Type

User Roles

Rights

Global

Administration

Maintenance

Full Rights (expect maintenance)

Configure system cleanup activities

Domain specific
(Users with these roles can only perform authorized tasks within their assigned domain)

• Policy
• Ordering
• Advance assignment
• Approval
• Assignment
• Shipping
• Receiving
• Manage phone inventory, create new subscriber types, and set phone button templates
• Subscriber management and product ordering
• All ordering privileges plus the ability to set provisioning attributes at time of order
• All ordering privileges plus the ability to assign MAC at time of order
• Approve or reject orders
• Assign phone (MAC address) to an order
• Help ensure that the equipment is sent before order processing continues

Subscribers

• An entity that uses IP telephony services provided by the Cisco Unified Communications System (that is, that has phones, lines, voicemail accounts, and so on)

• Subscriber role type defines the products and services that can be provisioned for a subscriber

– Subscriber role types (refer to the Cisco Unified Provisioning Manager User Guide for details):

Employee

Contractor

Manager

Sr. Manager

Executive

Operator

– Subscriber role types may be modified in a global template or on a per domain basis. The products and product bundles associated to a subscriber type can be customized. For example, one can configure the employee subscriber type only to provision phones of type 7961.

– Additional customized subscriber role types can be created in Cisco Unified Provisioning Manager.

• If Cisco Unified Provisioning Manager Self-Care mode is enabled, subscribers can order services for themselves. Thus, a subscriber also becomes a limited user.

Business rules

• Cisco Unified Provisioning Manager contains a predefined set of business rules that control processing of orders, behavior of the synchronization process, and default values for various objects. Rules can be set per domain or in a global template assigned to all new domains.

• Some commonly used rules (eight domain synchronization rules are introduced later in the section "How to Choose the Synchronization Rules"):

– Domain synchronization rules (see the section "How to Choose the Synchronization Rules" for more details on how to use them)

AssociateAllUsersInCallProcessor

AssociateAllUsersInUMProcessor

AssociateOnlyExistingUsers (1.3)

AssociateUsersByDeptCode

AssociateUsersByDevicePool (1.3.1)

AssociateUsersByLocation (1.3.1)

TakePrimaryUserInfoFromUMProcessor (1.3)

Non-RestrictedDomainSync (1.3)

– Workflow rules (see the User Guide for Cisco Unified Provisioning Manager for more details)

IsAuthorizationRequiredForAddOrder

IsAuthorizationRequiredForCancelOrder

IsAuthorizationRequiredForChangeOrder

PhoneAssignmentDoneBy

PhoneReceiptDoneBy

PhoneShippingDoneBy

– Rules by problem to be solved

Need to remove exchange data when a Unity account is deleted: Enable PurgeUponUmRemoval

Need subscribers to order service for themselves: Enable CreateSelfCareAccounts

Don't want help desk to choose phone template when provisoning phones: Disable ChoosePhoneButtonTemplates

Want to force Unity subscriber to change the password after the password is reset by Cisco Unified Provisioning Manager: Enable ChangeUnityPasswordOnNextLogin

Need to import a user from Cisco Unified Communicatons Manager and to assign the subscriber role automatically: Configure the DefaultUserType rule as desired. By default this is configured to be Employee.

– Rules related to default values of provisioning attribute

DefaultCallManagerPassword

DefaultCallManagerPIN

DefaultDeviceProfile

DefaultServiceName<1-5>

DefaultServiceURL<1-5>

DefaultUnitySubscriberPassword

DescriptionString

LineDisplayString

ExternalNumberMasks

Best practice:

• Set the synchronization rules up for domains before the first sync (see the section "How to Choose the Synchronization Rules" for more details on how to select domain synchronization rules).

• Leave the default settings for other rules until you gain experience with Cisco Unified Provisioning Manager.

(Example: Workflow rules can be modified afterwards.)

Provisioning attributes

• Both call and messaging services have many attributes that can be assigned and further define and enhance the service provided to the subscriber. For example, one attribute that can be defined on a phone as an enhancement to its use is the setting of speed dials. Within Cisco Unified Provisioning Manager, these settings are known as provisioning attributes, and they can be set at multiple levels within Cisco Unified Provisioning Manager to enforce policy, again simplifying the overall provisioning of subscriber services.

• The provisioning attributes supported by Provisioning Manager are documented in the User Guide for Cisco Unified Provisioning Manager.

• Provisioning attributes can be set for domains, subscriber types, service areas, and during order entry. This order also defines the order of precedence in the event that the same attribute is set at multiple levels.

• Let's look at a brief example to help clarify this.

– A policy at Chambers Engineering states that no subscribers in any of the offices in France are to have video capabilities on their phones except the executives.

– One way to implement this would be to set the phone attribute Video Capabilities to Enabled at the domain level and true for the executive subscriber type.

– Now, all orders for phones in the France domain will set Video Capabilities to Enabled, but for subscribers of type Executive, this will be overridden with a value of true.

– If an individual employee is also given clearance for video privileges, the employee's false setting can be overridden during order entry using the Advanced Options button.

Best practice: Customers tend to set up provisioning attributes for the service area to establish templates for subscriber services; however, if you have a large number of service areas and the majority of them share the same provisioning attributes, set them at the domain level to reduce potential service area updating efforts.

Ordering workflow

• Cisco Unified Provisioning Manager has a built-in ordering workflow to coordinate activities in the ordering process. The activities include approving the order, assigning a phone to the order, shipping the product, and receiving the product.

• This workflow can be customized to fit the customer's exact needs by enabling or disabling each step and assigning the enabled steps to Cisco Unified Provisioning Manager user roles.

• By default, all steps are disabled. The workflow rules control enabling of any step of the workflow.

Best practice: Leave workflow default values until you gain experience with Cisco Unified Provisioning Manager.

Business Analysis

Because Provisioning Manager is typically used within the business processes of an organization, a brief business analysis activity early in the deployment process is highly recommended. This will provide the information necessary for how best to configure various Cisco Unified Provisioning Manager system objects. The following questions will help drive this analysis:

• Are there less technical staff who will be "delegated" management capabilities for the day 2 (move, add, change) activity for subscriber services (example: a help desk, or administrative staff in various locations)?

• What groupings of subscribers map best to how you want to do this "delegated" management (example: geographic-based groupings or organizational-based groupings)?

– These questions will dictate the number of domains that will be created in Provisioning Manager. Note that users with the domain-level access role (called the ordering role for a single domain within Cisco Unified Provisioning Manager) can only see subscribers in their own domain.

• Within each grouping of subscribers, which sites or locations do you want to manage?

• For each site or location, what classes of services are required?

• For each site or location, which devices will support that location?

– These questions will dictate the number of service areas that will be created in Provisioning Manager for that domain. Service areas point to unique combinations of call processors and message processors (example: Cisco Unified Communications Manager and Unity). They also contain policy information on calling privilege, like calling search spaces within the Cisco Unified Communications Manager to be used for the service area). Directory number blocks can also be defined in service areas.

• Is a single Cisco Unified Communications application (example: Cisco Unified Communications Manager) shared across these groupings of subscribers and locations?

– These questions will dictate how basic synchronization rules are set within Provisioning Manager. For example, will Cisco Unified Provisioning Manager need to place subscribers into domains automatically at synchronization time based on the department code in the Cisco Unified Communications Manager, or can it put all users it finds into a Cisco Unified Communications Manager single domain?

Best practice:

• It is recommended that the initial deployment of Provisioning Manager focus on defining the correct domains and service areas, provisioning attributes against these, and the basic rules covered in the section "Usage by Problem to Be Solved."

• See what I mean?

• Consider the use of subscriber types, advanced rule settings, and other configuration parameters after these concepts are well understood.

Installing Cisco Unified Provisioning Manager

How to Select Hardware

There are several things to consider in selecting hardware:

Platforms: Cisco Unified Provisioning Manager does not require special Cisco hardware, but it is tested on various Cisco 7835 (2 GB RAM) and 7845 (4 GB RAM) server platforms. The Cisco Unified Communications network to be managed is mission critical, so serious consideration should be used in choosing a platform for management applications. The platform chosen must meet the published requirements as listed below. The recommendations below are provided as guidelines when you are not sure how much performance is really needed to provide a good administrator experience.

Number of phones to be managed: Cisco Unified Provisioning Manager is tested at several tiers, and hardware recommendations are listed below for each tier. The number of phones to be managed has a major impact on disk performance requirements, especially during device sync operations.

Concurrent user load on the system: The responsiveness of the system may change as more concurrent users are added. More concurrent administrators generally require more CPU for processing and memory for user space. The 10,000 and lower phone recommendation assumes one to five operators. The 20,000 phone and larger phone recommendation assumes up to 10 concurrent users. In smaller environments with more than five concurrent administrators, you should consider going to a faster computer tier to assure responsiveness. See the section "VMware Support in Provisioning Manager" for virtualization recommendations.

Network growth effect on hardware: As the number of phones increases, the number of concurrent administrators will usually also increase. Sometimes the increase in managed phones will cause the hardware platform to be upgraded. It is a good practice to look at growth requirements versus platform cost depreciation to decide which tier of performance should be considered for the initial purchase.

Table 3 lists the minimum hardware requirements as of January 16, 2009.

Table 3. Minimum Hardware Requirements

Server Requirements

Up to 1,000 Phones

Up to 10,000 Phones

Up to 30,000 Phones

CPU

Single 3.0 GHz Intel P4 processor or equivalent

2.33 GHz or higher quad core processor or equivalent

• Two-machine deployment with both:
• 2.33 GHz or higher quad core processor or equivalent each for database server and the web/application server

Memory

2 GB RAM

4 GB RAM

4 GB RAM on each machine

Disk space

One 30 GB hard disk

One 60 GB hard disk with SAS or SCSI drives

• One 30 GB hard disk on machine for web and application servers, and
• One 80 GB SAS hard drive in a RAID 1+0 configuration for the database

Network

100 Mbps network interface card (NIC)

100 Mbps NIC

100 Mbps NIC

Note: Make sure that hyperthreading is enabled in the BIOS.

In order to achieve better Cisco Unified Provisioning Manager performance, in addition to the minimum server requirements, we also recommend the following hardware components and configuration:

• Cisco Unified Provisioning Manager web/application server:

– Dual Dualcore Xeon 2.33 GHz CPU or better

– 1333 MHz FSB or better

– Gigabit NIC

• Cisco Unified Provisioning Manager database server:

– Dual Dualcore Xeon 2.33 GHz CPU or better

– 1333 MHz FSB or better

– Serial Attached ATA (SAS) hard drives

– RAID 10 or 0+1 (with at least two disks in RAID 0 array; more disks in the RAID 0 array provide better performance)

– Enable write back: This configuration option is highly vendor dependent and can be achieved on either on OS level, controller level, or combination of both; consult your hardware vendor for correct methods. Warning: when this option is enabled without a backup power supply, a power outage may cause data loss. Make sure you have a backup power supply set up before enabling this option.

– Larger SAS controller cache (minimum 256 KB)

– Enterprise-grade disks (minimum 10,000 RPM)

– Gigabit NIC

Generally it's a good practice to run regular disk defragmentation for better performance.

How to Select the OS

• Cisco Unified Provisioning Manager is only supported with off-the-shelf Windows 2003 Server.

Microsoft is encouraging companies to upgrade to Windows 2008 Server but, as of this date, is allowing customers to purchase Windows 2008 and downgrade to Windows 2003 to support current applications. The latest service pack, currently Service Pack 2, should be installed.

• Windows 2003 Server: Standard and Enterprise

Cisco Unified Provisioning Manager is tested on both versions. Choosing which one to use is based on the amount of RAM and swap (virtual memory/page file) space required. The Standard version, for example, will only allow a maximum of 4 GB of swap space. If you feel you need more swap space, use the Enterprise version.

• Cisco custom OS versions

Cisco provides a customized version of Windows 2003 Server with some of its Cisco Unified Communications applications and hardware. Cisco Unified Provisioning Manager will not operate properly with these custom versions. If you user Cisco hardware, don't buy an MCS with Windows installed.

Loading Other Software with Cisco Unified Provisioning Manager

As of Cisco Unified Provisioning Manager Release 1.3, Cisco Unified Provisioning Manager is expected to be loaded on a hardware platform running Windows 2003 Server along with the Cisco Unified Provisioning Manager application. If a Cisco Unified Provisioning Manager patch is required, this may be loaded.
Cisco Unified Provisioning Manager does not require CiscoWorks common services, so do not attempt to load it on a server running Cisco Unified Provisioning Manager.
Cisco Unified Provisioning Manager has undergone interoperability testing with Cisco Security Agent 5.0. Cisco Security Agent must be disabled during installation of Cisco Unified Provisioning Manager.
Cisco Unified Provisioning Manager has undergone interoperability testing with McAfee VirusScan Enterprise 8.0. For McAfee Enterprise VirusScan 8.0, you must have patch version 11 installed. Install the McAfee VirusScan Enterprise 8.0 Patch Version 11 before installing Cisco Unified Provisioning Manager on the system.
OpenSSL may be loaded as described in the Cisco Unified Provisioning Manager Installation Manual for support of HTTPS connections between your web browser and the Cisco Unified Provisioning Manager server.
Other software should not be loaded.

Information Needed During Installation

If you are installing for the first time, the best practice is to use the default port numbers offered during the installation unless they are known to interfere with other services on the same network. Make sure you save your settings in case you need to reuse them for a future reinstall, recovery, or upgrade. This is especially important if you do an advanced installation.
You may need to supply the following information during the installation of Provisioning Manager:

• You will need your hardware MAC in order to get a license generated. If you are installing Cisco Unified Provisioning Manager in a VMware environment, you must have a static MAC address in the following range: 00:50:56:00:00:00 to 00:50:56:3F:FF:FF.

• For a simple installation, you will need to have the following:

– A license file, or you can choose to use the evaluation version for 90 days.

– Password for the administrator user; does not have to be the password for the Windows server administrator.

• For an advanced installation, what you need depends on your installation. The following list contains information you may need:

– A license file, or you can choose to use the evaluation version for 90 days.

– A port number for the Apache web server

– A port number for the PostgreSQL database

– Hostname or IP address for the systems that can connect to the PostgreSQL database

– Username and password for the Windows user that the PostgreSQL database uses

– Username and password for the PostgreSQL administrator

– The JBoss application server name

– The port number for the JBoss application server

– Username and password for the application database user

– Password for the administrator user

– Port number for the NICEservice

VMware Support in Provisioning Manager

Provisioning Manager supports the VMware environment. To use Provisioning Manager in a VMware environment, your virtual machine must be configured with a static MAC address.
If you need to configure a static MAC address after installation, perform the following procedure:

Note: The following procedure applies to VMware GSX and VMware ESX prior to version 3.0. If you are running VMware ESX 3.0 or later, you can use the Edit Settings option on the Virtual Machine to configure a static MAC address.

1. Power down the VMware server.

2. On the virtual machine, remove the VMware server from the VirtualCenter inventory.

3. On the virtual machine, change the .vmx file according to the following:

• Change the value of the ethernet0.addressType entry to static.

• Change the value of the ethernet0.GeneratedAddress entry to ethernet0.Address.

4. Change the current MAC address of the virtual machine to a MAC address in the following range: 00:50:56:00:00:00 to 00:50:56:3F:FF:FF

5. In VirtualCenter, select a VMware ESX and select Storage.

6. In data storage locate your virtual machine.

7. Right-click on the .vmx file and then select Add to inventory.

8. Power on the VMware server.

9. On the VMware server open a command prompt.

10. Enter the command ipconfig /all.

11. In the command output, locate the VMware NIC and verify that your manually assigned MAC address appears as the MAC address for the NIC.

How to Assure a Clean Install

• Always make sure you turn off all virus checkers before installing Cisco Unified Provisioning Manager. This is one of the most common reasons for failed installs.

• You must exclude the following from virus scanning:

– The pgsql folder (if you selected the default location during installation, it is C:\CUPM\pgsql)

– The postmaster.exe file (located in the CUPM\pgsql\bin folder)

• Check that the password policy in Windows is not set to eight characters minimum. Change to five characters if possible. If not, do an advanced install and specify passwords that meet the minimum password length.

• The root directory on the server you install should have access to the group Users.

• Make sure you record and store the passwords and port numbers. Sometimes you need these later, especially if you migrate the application to a new PC.

• Do not install Provisioning Manager on a primary domain controller (PDC) or backup domain controller (BDC).

• Make sure you use a directory that does not contain a space in the name. Unless there is a major reason to pick a nonstandard directory name, use the default directory.

• It is best to start with a standard install.

• After installing or upgrading Cisco Unified Provisioning Manager, apply any recommended Cisco Unified Provisioning Manager patches.

• When using two servers for a distributed install, make sure the application maintains IP connectivity. Consider using a ping utility to look for connectivity issues.

• Cisco Unified Provisioning Manager will not install in either medium or large model configurations, required for more than 1000 phones, if Windows 2003 reports less than 4 GB of memory. There is a known issue with the Windows 2003 operating system, when working with certain hardware, where 4 GB of memory may be installed and Windows reports less than 4 GB of memory. Refer to http://msdn2.microsoft.com/en-us/library/ms791485.aspx for more details.

Do the following to enable the 4 GB memory:

– On the Provisioning Manager system, in Windows, right-click My Computer.

– Select Properties.

– Select the Advanced tab.

– Under Startup and Recovery, click Settings.

– Click Edit. The boot.ini file opens.

– In the file, add "/PAE" in the line starting with "multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=...".

– Restart the system.

Note: To verify the system has detected the full 4 GB of memory, launch Task Manager and display the Performance tab. The "Total" under the block headed "Physical Memory (K)" should be ~ 4192968.

• On the Cisco Unified Provisioning Manager system, install Win32 OpenSSL v0.9.8j Light (latest version as of the writing of this guide) in C:\OpenSSL.

• When installing OpenSSL, there will be a prompt for "Copy OpenSSL DLLs to" and there will be two options "The Windows System Directory" or "The OpenSSL binaries(/bin) directory". Choose the "The OpenSSL binaries(/bin) directory". After the OpenSSL install is done, copy the libraries ssleay32.dll and libeay32.dll, which are under the c:\OpenSSL\bin folder, to the c:\CUPM\httpd\bin folder, where c:\CUPM is the location where Cisco Unified Provisioning Manager is installed and c:\OpenSSL is the location where OpenSSL is installed. Installing this way will allow Cisco Unified Provisioning Manager to coexist with other management applications, which may have different SSL support, when management application coresidence becomes available in the future.

Note: If you receive an error message stating that Visual C++ 2008 Redistributables are missing, you must download and install the Visual C++ 2008 Redistributables before proceeding. It is available at the same location: http://www.slproweb.com/products/Win32OpenSSL.html.

Preparing End Systems

• Ensure the AXL services are running on the Cisco Unified Communications Manager server. The Cisco Unified Provisioning Manager sync process and provisioning process require the AXL service.

– In versions earlier than Cisco Unified Communications Manager 5.0, enable the following from the Control Center:

Cisco Serviceability Reporter

Cisco RIS Data Collector

– In Cisco Unified Communications Manager Version 5.0 and later, enable the following from Control Center - Feature Services:

Database and Admin Services -> Cisco AXL Web Service

Performance and Monitoring Services -> Cisco Serviceability Reporter

For additional information on preparing the end system, please refer to the Cisco Unified Provisioning Manager Installation Guide at http://www.cisco.com/en/US/docs/net_mgmt/cisco_unified_provisioning_manager/1.3/installation/guide/PMinstll.html.

Basic Task Flow

• Set up devices

– Add call processors (Cisco Unified Communications Manager publishers only, when using Cisco Unified Communications Manager clusters) and message processors to Cisco Unified Provisioning Manager

– Perform infrastructure synchronization

– Perform subscriber synchronization

• Set up domain deployment

– Create domains and assign call processors and message processors

– Create service areas

– Configure rules

– Perform domain synchronization

– For preexisting call processors and message processors

Verify that subscribers get created

• Provision network

– Create and push templates to configure Cisco Unified Communications Manager

– Or sync current provisioning configurations from existing deployment

• Set up deployment

– Create new service areas, as needed, for each domain

Typically one per class of service

– Assign subscriber types to each service area

• Admin

– Add subscriber types

– Modify products available to subscriber types

– Create administrative users for each domain

– Configure business rules

Set ordering workflow

• Order, update, or change subscriber services

Please refer to the Cisco Unified Provisioning Manager Tutorial for details on the initial setup process of each of the above listed areas.

How to Choose the Synchronization Rules

Domain Sync Rules

There are three types of synchronization in Cisco Unified Provisioning Manager: infrastructure sync, subscriber sync, and domain sync. Infrastructure sync discovers all objects in Communications Manager that Cisco Unified Provisioning Manager uses and are not specific to individual subscribers, for example, Calling Search Space, Voice Device Groups, Route Patterns, and Translation Patterns. Subscriber sync discovers all objects related to individual subscribers, for example, configured phones, configured lines, and device profiles. Domain sync puts existing subscribers discovered during subscriber sync into the domain and appropriate service area.
Infrastructure sync and subscriber sync retrieve information from the device. These are unidirectional syncs. Cisco Unified Provisioning Manager does not update devices during these syncs. They should be completed on all devices before a domain sync is started. Domain sync aggregates data from the processor syncs. Devices are not accessed during this sync.
Domain sync behavior is controlled by the business rules. There are eight rules that can be configured for synchronizing a domain:

1. AssociateAllUsersInCallProcessor

If this rule is enabled, during a domain synchronization, all of the user accounts in all of the call processors in the domain are assigned to the domain being synchronized. In the example in Figure 2, all users in the call processor are placed in Domain 1. Sync on another domain will not have any users since all users have been placed to Domain 1. So this rule should be used to controlled domain sync when only one domain is configured in Cisco Unified Provisioning Manager.

Figure 2. Example: Domain Sync with AssociateAllUsersInCallProcessor

2. AssociateAllUsersInUMProcessor

This behaves the same as AssociateAllUsersInCallProcessor. If this rule is enabled, all user accounts in a given Cisco Unified Message Processor are assigned to a Provisioning Manager domain. This rule can be used to control domain sync when only one domain is configured in Cisco Unified Provisioning Manager.

3. AssociateOnlyExistingUsers

Users are first created in Cisco Unified Provisioning Manager in the desired domain. Domain sync associates users in a call processor only if they are already created on the domain. This rule is used only when you want to manually define the user assignment in a multidomain environment. Figure 3 shows an example.

Figure 3. Example: Domain Sync with AssociateOnlyExistingUsers

4. AssociateUsersByDeptCode

Users created in Cisco Unified Communications Manager with the department code field filled in are associated to the domain based on the value placed in this field. The list of department code values should be enclosed in double quotation marks (") and separated by the semicolon delimiter (;). Department code values may contain wildcards (* or %); for example, "Dept 1";"";"Dept 2";"Dep*3". Figure 4 shows an example.

Figure 4. Example: Domain Sync with AssociateUsersByDeptCode

This rule is used to partition users based on the department code in a multidomain environment. If you don't have a department code clearly defined for every user or a department code is not guaranteed to be unique across domains, this rule cannot be used.

5. AssociateUsersByDevicePool (new in 1.3.1)

Users are associated to a domain based on the device pool setting on the phone. Users are not associated if they do not have a phone. If this rule is set, domain sync will sync only those users that have a phone with the device pool specified in the data field. This rule is applicable only to Cisco Unified Communications Manager, not Communications Manager Express.

Sample data in the rule: "CCM1:DevicePool1";"CCM2:DevicePool2";

With this data, users that have a phone in CCM1 with device pool as DevicePool1 and users that have a phone in CCM2 with device pool as DevicePool2 will by synchronized. If either CCM1 or CCM2 is not part of the current domain, that part of the data will be ignored.

6. AssociateUsersByLocation (new in 1.3.1)

Users are associated to a domain based on the location setting on the phone. Users are not associated if they do not have a phone. If this rule is set, domain sync will sync only those users that have a phone with the location specified in the data field. This rule is applicable only to Cisco Unified Communications Manager, not Communications Manager Express. Sample data in the rule: "CCM1:Location1";"CCM2:Location2";

With this data, users that have a phone in CCM1 with location as Location1 and users that have a phone in CCM2 with location as Location2 will by synchronized.

If either CCM1 or CCM2 is not part of the current domain, that part of the data will be ignored.

7. TakePrimaryUserInfoFromUMProcessor

If enabled, user and subscriber information is updated from the associated Cisco Unified Message Processor account; otherwise it is updated from the call processor. When the rule is enabled, you can also specify the message processor ID, which takes precedence if a user has accounts on multiple message processors. This value can also be left blank to indicate no preference. This rule is used to handle inconsistent configurations across different call processors and message processors. Figure 5 shows an example.

Figure 5. Example: Domain Sync with TakePrimaryUserInfoFromUMProcessor

8. Non-RestrictedDomainSync

If this rule is enabled, Provisioning Manager performs nonrestricted domain synchronization. Criteria used to find the service area for a product are relaxed to use only a call processor and protocol for the phone product; a call processor for the CTI Port, Line, Enable Extension Mobility, and Enable Mobility Support products; a call processor and messaging processor for the Voicemail, Email, and Unified Messaging products. In addition, only a call processor and messaging processor are used as criteria to match the directory number and voicemail. The user can define a list of service areas to be used. When more than one service area satisfies such criteria, the first matching service area from this list is selected. If no service area is defined or found, Provisioning Manager selects a service area that satisfies the criteria. The service area names should be enclosed in double quotation marks (") and separated by the semicolon delimiter (;), for example, "DefaultSA1";"SA2".

When this rule is disabled, services are assigned to a user only if there are matching service area settings. For phones, Cisco Unified Provisioning Manager matches the following attributes: device pool, common device configuration, calling search space of phone, location, and protocol. For lines, Cisco Unified Provisioning Manager matches the following attributes: device pool of phone, common device configuration of phone, route partition of line, calling search space of line, location of phone. The domain sync log will show all services that do not have matching service areas.

Figure 6 gives an example with the Non-RestrictedDomainSync rule disabled.

Figure 6. Example: Domain Sync with Non-RestrictedDomainSync rule Disabled

Figure 7 shows an example with the Non-RestrictedDomainSync rule enabled.

Figure 7. Example: Domain Sync with Non-RestrictedDomainSync rule Enabled

From Figure 7, you can see that, by default, services are only assigned to subscribers and displayed under a subscriber record if there are matching service area settings. The number of service areas required might be a lot based on permutations and combinations of different service area attributes. The Non-RestrictedDomainSync rule will come in handy when you want to reduce the number of service areas needed and make sure all subscriber services show up and are manageable in Cisco Unified Provisioning Manager.
When configuring the rules, please follow the below general guidelines:

• Rules 1-6 determine how subscribers are placed into the domain.

• Rule 7 determines where information for a subscriber comes from.

• Rule 8 determines how services are matched to service areas in a domain.

• Some rules work in conjunction with others, while some rules are set exclusively.

• The rules AssociateUsersByDeptCode, AssociateUsersByDevicePool, and AssociateUsersByLocation can be used together.

• Once users are assigned to a domain, they cannot be moved to another domain. Users who need to be deleted need to be deleted for the entire domain.

Domain Sync Rules Interoperability

The following are all the rules that determine the call processor users that will be synchronized in a domain sync (includes the two new rules):

1. AssociateAllUsersinCallProcessor

2. AssociateOnlyExistingUsers

3. AssociateUsersByDeptCode

4. AssociateUsersByDevicePool

5. AssociateUsersByLocation

If the first rule is enabled, the settings of all the other rules are ignored. If the second rule is enabled, the settings of rules 3, 4, and 5 are ignored. The last three rules are additive in the sense that if two of them enabled, then only users that satisfy both the constraints are synchronized.
Suppose a domain has three call processors, CCM1, CCM2, and CCM3, and its rules are set like this:

AssociateUsersByDeptCode: Enabled with data `Dept1'

AssociateUsersByDevicePool: Enabled with data `CCM2:DevicePool2;CCM3:DevicePool3'

AssociateUsersByLocation: Enabled with data `CCM3:Location3'

When the domain sync is run, these users are synchronized:

CCM1: Users with department code `Dept1'

CCM2: Users with department code `Dept1' and with phones whose device pool is `DevicePool2'

CCM3: Users with the department code `Dept1' and with phones whose device pool is `DevicePool3' and whose location is `Location3'

Configuring Rules Step by Step

Domains rules need to be configured properly before a sync is performed.

Step 1. Configure how users are placed in the domain.

Select

AssociateAllUsersInCallProcessor + AssociateAllUsersInUMProcessor

OR

AssociateOnlyExistingUsers

OR any combination of

AssociateUsersByDeptCode
AssociateUsersByDevicePool
AssociateUsersByLocation

Step 2. Configure how services for a user are assigned to service areas.

Non-RestrictedDomainSync (disabled by default)

Optional:

AssociateAllUsersInUMProcessor
TakePrimaryUserInfoFromUMProcessor
Example: Customer has an Active Directory integrated Communications Manager and has different domains set up for different branches.

Step 1. Option 1:

• Set the department in Active Directory for users.

• Enable the AssociateUsersByDeptCode rule for each domain and specify the department code.

Option 2: If the department code cannot be set:

• Create a subscriber in Cisco Unified Provisioning Manager first in the desired domain.

• Enable the AssociateOnlyExistingUsers rule for domains.

Option 3:

• Users can be placed using a combination of these rules: AssociateUsersByDevicePool and AssociateUsersByLocation.

• This requires that all users have an associated phone.

Step 2. Enable the Non-RestrictedDomainSync rule to reduce the number of service areas needed from 36 to 12 per domain. By default there will be about 36 service areas per domain needed for this customer to cover permutations on different calling search spaces and different device pools.

How-To Examples

Taking over an Existing Cisco Unified Communications Network

This section follows the exploits of a fictitious company as it deploys Cisco Unified Provisioning Manager to simplify the Cisco Unified Communications deployment.

Network Descriptions

With operations in multiple countries, a fictional France-based utility firm is in the process of deploying Cisco Unified Provisioning Manager to simplify moves, adds, changes, and deletes (MACD). Customer already has an operational Cisco Unified Communications network so Cisco Unified Provisioning Manager will mainly used for Day 2 operations to speed up MACD.

Collecting Information for Cisco Unified Provisioning Manager Design and Configuration

The following information is collected to determine how to design and configure Cisco Unified Provisioning Manager:

• Sites

100 physical branch offices in total

10,000 IP phones

• Call processors

Three Communications Manager clusters

For each of the three Communications Manager publishers

– Release 6.1(1)

– Lightweight Directory Access Protocol (LDAP) synchronization and authentication

– Extension mobility

• Messages processors

Three Cisco Unity Version 5

• Administrative partitioning

Based on delegation requirements, users are partitioned into five administrative sites.

• Subscriber services provisioning requirement

Most users have phone, line, voicemail, and email.

Some users are provisioned with extension mobility (device profile and line) and voicemail.

• Dial plan information

Classes of service for Cisco Unified Communications Manager is implemented with the line/device approach (Figure 8):

– There are 100 device Calling Search Spaces, one per branch office.

– There are 4 line Calling Search Spaces.

– There are 100 location codes, one per branch office.

– There are 100 device pools, one per branch office.

Figure 8. Calling Search Spaces and Partitions Needed with the Line/Device Approach

Preparing End Systems

• Create a SQL Server user and password that can be used by Provisioning Manager to access the SQL Server database on Cisco Unity. The SQL Server user requires access to both the Cisco Unity and master databases and with mixed authentication (default is Windows only). Detailed procedure is located at http://www.cisco.com/en/US/docs/net_mgmt/cisco_unified_provisioning_manager/1.3/installation/guide/PMinstll.html#wp1048066.

• Create a user and password with administrator privileges that can be used by Provisioning Manager to access Cisco Unified Communications Manager. Standard AXL API access is one of the predefined roles in the Linux version of Cisco Unified Communications Manager that can be used by Provisioning Manager.

Configuring Cisco Unified Provisioning Manager: Set Up Devices

• Each Communications Manager publisher is entered in Cisco Unified Provisioning Manager (Figure 9):

– With extension mobility service and URL

– LDAP integration: synchronization and authentication

• Three call processors are defined.

• Each Unity (primary Unity) is entered in Cisco Unified Provisioning Manager. Note: Cisco Unified Provisioning Manager doesn't support provisioning backup Unity.

• The user used to access the message processor is SQL Server then Unity must be configured to allow:

– SQL and Windows access (default is Windows only)

– A user must be created with the appropriate db-owner, db-read, db-write on master-db, and unity-db parameters.

• Perform infrastructure sync and subscriber sync for each Communications Manager and Unity.

Figure 9. Configuring Unified Message Processor

Configuring Cisco Unified Provisioning Manager: Set Up Domains

• Five domains are created, one per administrative site (Figure 10).

• Each domain uses only one call processor and one message processor

• Cisco Unified Provisioning Manager allows automatic subscriber synchronization by matching the department code in the directory.

• The department code is not guaranteed to be unique across domains.

• For each domain, configure the AssociateUsersByDevicePool and/or AssociateUsersByLocation rules in Cisco Unified Provisioning Manager to allow synchronization of the subscriber in the domain.

• Provisioning attributes: Phone : user_locale: French, Extension mobility access (device profile ): user_locale: French

Figure 10. Domain Setup

Configuring Cisco Unified Provisioning Manager: Set Up Service Areas

By Default (without enabling the Non-RestrictedDomainSync rule), around 400 service areas are needed based on 100 device Calling Search Spaces and 4 line Calling Search Spaces (Figure 11). The Non-RestrictedDomainSync rule can be enabled to reduce the number of service areas to 100 or less. In that case, the most common line Calling Search Spaces is selected to be the line Calling Search Spaces in the service area. The domain administrator is assigned the advanced ordering role and can change the line Calling Search Spaces during order time if needed.
One service area per site containing:

• One call processor

– One device: Site-specific value

– One line Calling Search Spaces: Select one out of four

– Location: Site-specific value

– Device pool: Site-specific value

• One messaging processor

• Employee subscriber type is selected for the service area.

• Directory number block: One predefined block per site to allow autoassignation

• Some provisioning attributes:

– Forward xxx: Set as the same line Calling Search Spaces

– Description (extension mobility line)

Figure 11. Service Area Setup

• Domain sync needs to be performed before ordering services and after creating service areas.

Configuring Cisco Unified Provisioning Manager: Set Up Administration

• Multiple administrators will be defined (Figure 12):

– Some global administrators

– Some administrators per domains

• Workflow rules are not enabled.

• No additional subscriber roles are created, but edit the employee role to associate Unified Messaging Service and Extension Mobility Access with Line (Figure 13).

• Nightly sync is run to make sure that Communications Manager and Cisco Unified Provisioning Manager have the same data. For detailed information on scheduling sync, please use the schedule information documented in the User Guide for Cisco Unified Provisioning Manager at http://www.cisco.com/en/US/docs/net_mgmt/cisco_unified_provisioning_manager/1.3/user/guide/admin.html#wp1058592.

Figure 12. Domain Admin Setup

Figure 13. Customize Orderable Products for the Subscriber Role

Subscriber Services Provisioning: Order, Update, or Change Subscriber Services

Subscriber services can be provisioned by a domain administrator or a global administrator.
Subscriber services can be provisioned using the batch provisioning feature or using the GUI (Figure 14).
Order services for users that have phone, line, voicemail, and email

• For subscribers, one Unified Messaging Service will be ordered where the administrator will have to choose:

– The domain (only if it's a global administrator)

– The Unified messaging service (phone, line, voicemail, and email)

– The line type: Autoassigned line

– Voicemail alias and voicemail display name

– Email ID and display name

– The MAC address

– The service area

– The phone button template

For each subscriber that has an extension mobility line and voicemail, two orders are needed for the initial deployment.
First order:

• Extension mobility access and line

• The line type: Autoassigned line

• Phone button template

• Some provisioning attribute :

– On the line: Pickup groups, line groups

Second order:

• Voicemail

Figure 14. Provisioning Manager Ordering GUI

Setting up a New Cisco Unified Communications Network

Setting up Cisco Unified Provisioning Manager for a new Cisco Unified Communications network is slightly different. The following describes the differences:

1. Synchronization (infrastructure sync, subscriber sync, and domain sync) doesn't need to be performed the first time when the call processors, messaging processors, and domains are set up in Cisco Unified Provisioning Manager initially as no configurations/users exist in the call processors and messaging processors. Nightly syncs are recommended to run when users configure Cisco Unified Communications devices with both Cisco Unified Provisioning Manager and a native Cisco Unified Communications interface.

2. On day 1 of voice deployments, the main activity is to roll out the new branches and cut over subscribers from the older PBX network to the VoIP network. Templates (Figures 15 and 16) can be utilized, so it is best to capture common deployment settings in templates with keywords for devices or site names. For example, with the traditional approach, a customer might have three device Calling Search Spaces (local, international, national) set up for each site. If you have 50 sites, you might end up defining hundreds of Calling Search Spaces repeatedly using the native Communications Manager interface. An example Cisco Unified Provisioning Manager template can be configured as below to allow for both consistency and reuse.

Note: The ${KEYWORD} construct allows you to create generic templates. The keyword is defined during configuration.

Figure 15. Provisioning Manager Configuration Template

Then you can further define the keyword list with each keyword defined to be a real value such as Austin, San Jose, and so on.

Figure 16. Provisioning Manager Configuration Template

3. Batches are used to bulk add new users and move users to help enable easy rollouts of new offices. Provisioning Manager provides sample files that contain most of the commonly used actions. The sample files are located in the <Installation Directory>/sep/ipt/config/sample/batchProvisioning folder.

Typical Problems with Setup and Operation

Things to Remember When Using Batch Files

Batch action files must contain a single row of column headers. The data columns can be in any order, but must be in a tab-delimited text file, not in comma-separated value (CSV) format. You can compile the data in any text editor, provided that the resulting file conforms to these guidelines. For example, you can create batch files in a spreadsheet and then export them as tab-delimited files.
Provisioning Manager provides sample files that contain most of the commonly used actions. The sample files are located in the <Installation Directory>/sep/ipt/config/sample/batchProvisioning folder.
Please also make sure that none of the data values contain a comma in your template creation, as the comma causes the parsing of the template to fail.
A certain minimum set of fields is required for every batch file. Some types of batches need more fields.
Table 4 describes the minimum fields required for every batch action file.

Table 4. Minimum Required Fields for a Batch Action File

OrderType

UserID

Product Name

Service Area

add

tsmith

xxxxx

San Jose

The Domain field is optional but recommended.
Table 5 describes the minimum fields required for new users.

Table 5. Minimum Fields for New Users

OrderType

UserID

FirstName

LastName

Domain

Product Name

ServiceArea

add

tsmith

Tom

Smith

westcoast

xxxx

San Jose

The FirstName field is optional but recommended.
For changing line batch operation, the following fields need to be there:

• OrderType

• UserID

• ProductName

• Domain

• ServiceArea

• Directory Number

• Route Partition

When creating batch action files, keep in mind the following guidelines:

• MAC address is required when ProductName is Phone (or a bundle containing a phone) and Phone Type is not a virtual phone (for example, CTI Port).

• New MAC address is required when changing phones.

• Object name is required when canceling products.

• Phone button template is required when ProductName is Phone (or a bundle containing a phone) or Extension Mobility Access (or a bundle containing an extension mobility access) and Phone Type is not a virtual phone (CTI Port) and when ordered in a service area associated with Cisco Unified Communications Manager only.

• Cisco Unity devices (Cisco Unity, Cisco Unity Connection, and Cisco Unity Express) do not support all products and services. If the batch action file is configured for a product that is not supported by the device in the specified service area, batch provisioning will fail.

• Product attributes that require user input during the manual order entry process are required to successfully complete the equivalent order in a batch project. Examples include:

– Phone Type: Type of phone (for example, Cisco 7960, Cisco 7912) if ordered product is a phone or a bundle that contains a phone.

– Line Type: Type of line (for example, autoassigned line or chosen line) if ordered product is a line or a bundle that contains a line.

– Directory Number: Required when ProductName is Line and Type is Chosen Line. Additionally, ordering a product with a dependency that is not met by the order itself (for example, ordering a single line) requires a column specifying the dependent object.

– Route Partition: Required when ProductName is Line and Order Type is Change.

For additional guidelines, please refer to the User Guide for Cisco Unified Provisioning Manager at http://www.cisco.com/en/US/docs/net_mgmt/cisco_unified_provisioning_manager/1.3/user/guide/infrstct.html#wp1150270.

Dealing with LDAP Integrated Cisco Unified Communications Manager

Cisco Unified Provisioning Manager supports LDAP integrated call managers for Communications Manager Versions 5.x and later. When adding an AD integrated Communications Manager to Cisco Unified Provisioning Manager using the CallProcessor wizard, you have the option of selecting the LDAP directory integration to be one of synchronization or of synchronization and authentication. This value must exactly match the value configured in Cisco Unified Communications Manager. If Cisco Unified Communications Manager is integrated with an external LDAP, subscribers are not created through Provisioning Manager; instead they are synchronized through Cisco Unified Communications Manager. When placing an order in Cisco Unified Provisioning Manager, if a subscriber is not available on Cisco Unified Communications Manager, the workflow subsystem waits for a predefined period of time (24 hours by default) for the subscriber to be available on Cisco Unified Communications Manager and then continues processing the order. The 24-hour period can be configured on Provisioning Manager in the ipt.properties file. Change the following two settings:

• dfc.oem.extdir.retries: 24

• dfc.oem.extdir.retry_interval: 3600

If a user is added into Active Directory, the user needs first to be synchronized to Communications Manager, and then it can be synchronized from Communications Manager to Cisco Unified Provisioning Manager. How long it takes to get the user into Cisco Unified Provisioning Manager depends upon a couple of things:

• How often Communication Manager does the synchronization from Active Directory (which is configured on Cisco Unified Communications Manager), and

• Whether a synchronization from Cisco Unified Communications Manager to Cisco Unified Provisioning Manager is performed to automatically pull in the user to a domain, or whether a user is manually added in Cisco Unified Provisioning Manager

To avoid performing Cisco Unified Provisioning Manager syncs after a user is added in Active Directory, a user can be added in both Active Directory and Cisco Unified Provisioning Manager in parallel, and services ordered in Cisco Unified Provisioning Manager; the services will not be activated until the Active Directory to Communications Manager synchronization happens. But in this case, it is not necessary to do a Cisco Unified Provisioning Manager sync after a user is added in Active Directory.
Cisco Unified Provisioning Manager 1.3.1 also allows end users to configure Cisco Unified Provisioning Manager to use authentication, authorization, and accounting (AAA) for authentication while users are logging in to Cisco Unified Provisioning Manager. Cisco Unified Provisioning Manager will neither retrieve authorization/accounting information nor write any kind of information to the AAA servers. Cisco Unified Provisioning Manager 1.3.1 allows the addition of only LDAP servers. Microsoft Active Directory Server 2003 is used as the LDAP server for testing.

NAT issues

Devices managed by Cisco Unified Provisioning Manager must have unique IP addresses. Two different Communications Managers in two different networks cannot have the same IP address. This scenario sometimes occurs in a multitenant management environment. The most common solution is to sort out unique IP addresses or use Network Address Translation (NAT). Cisco Unified Provisioning Manager only needs to reach the call processors and message processors. Phones can have overlapping addresses since Cisco Unified Provisioning Manager does not directly communicate with the phones.

To Sync or Not to Sync

Some things to keep in mind when it comes to synchronizing call processors and message processors to Cisco Unified Provisioning Manager:

• When Cisco Unified Provisioning Manager encounters an error while in the middle of provisioning:

– Only partially configured information will be saved to the devices.

– Manual configuration is required to the device to complete the provisioning tasks; however, the changes made manually to the device will be resynchronized to the inventory database when Cisco Unified Provisioning Manager is back up again and a synchronization is requested.

• What happens when Cisco Unified Communications Manager Publisher fails?

– Will not be able to access any of the information on Cisco Unified Communications Manager server or cluster. It is recommended to add only Publisher to the Cisco Unified Provisioning Manager.

• What happens when Cisco Unified Provisioning Manager is being rebooted or is not available?

– Client browser shows this message: "The application server you are trying to access is currently unavailable. Please try again later."

• How do I run sync on a scheduled basis?

– It is recommended to run sync at off-peak/midnight hours to avoid impact on both Communications Manager and Cisco Unified Provisioning Manager.

– It is recommended to have a nightly sync run to help ensure that Communications Manager and Cisco Unified Provisioning Manager have the same data.

– Besides running synchronizations on demand through the appropriate Provisioning Manager functional area, you can set up scheduled synchronizations. You must use the Scheduled Tasks functionality that comes with your operating system. For detailed information on scheduling sync, please use documentation in the User Guide for Cisco Unified Provisioning Manager at http://www.cisco.com/en/US/docs/net_mgmt/cisco_unified_provisioning_manager/1.3/user/guide/admin.html#wp1058592.

– There are five environment variables that should be set for the user you configured to run the sync script: DEV_DIR, EOSS_BASE, JBOSS_HOME, JAVA_HOME, and DFC_PROPERTIES.

• How long does it take to sync?

– First-time synchronization for a large network (around 30,000 phones) may take as much as 22 hours for one domain.

– Second-time synchronization with 10 percent changed takes less (approximately 10 hours).

• Why am I not able to see the phones and line under some subscriber records?

– By default, services are assigned to subscribers and displayed under the subscriber record only if there are matching service area settings. For phones, Cisco Unified Provisioning Manager matches the following attributes: Device Pool, Common Device Configuration, Calling Search Space of Phone, Location, and Protocol. For lines, Cisco Unified Provisioning Manager matches the following attributes: Device Pool of Phone, Common Device Configuration of Phone, Route Partition of Line, Calling Search Space of Line, Location of Phone. Make sure you add the corresponding service areas and redo the domain sync. Alternatively, you can enable Non-Restricted DomainSync for the domain and redo the domain sync.

• Domain sync completed successfully, but why were no Cisco Unified Provisioning Manager subscribers created?

– By default, all domain sync rules are disabled. Configure and enable the appropriate domain-sync-related rules and rerun the domain sync for subscribers to be added.

Moving Users between Domains or Services between Service Areas

Cisco Unified Provisioning Manager 1.3 introduced a new batch action file column for deleting users: OnlyFromCUPM. If this column is enabled (set to Y), any services on the subscriber record for the user will be moved to the Global Resources namespace, and the subscribers or their services on the actual device (the call processors or message processor device) will not be removed. If this column is not enabled, the user will be removed from both Provisioning Manager and the device.
This provides you with a way to move users between domains or move subscriber services across service areas. To move users between domains, a batch action file for deleting users can be created as shown in Table 6.

Table 6. A Batch Action File for Deleting Users

OrderType

UserID

Product Name

Domain

OnlyFromCUPM

Service Area

deleteUser

tsmith

*

westcoast

Y

*


* Leave these fields empty (even if something is entered, it will be ignored).
After the batch project is executed, another batch action file for adding users can be created as shown in Table 7.

Table 7. A Batch Action File for Adding Users.

OrderType

UserID

FirstName

LastName

Domain

Product Name

ServiceArea

addUser

tsmith

Tom

Smith

eastcoast

*

*


* Leave these fields empty (even if something is entered, it will be ignored).
Lastly, enable the AssociateOnlyExistingUsers for the desired domain and perform a domain synchronization.

Handling Common Directory Number Mapping across Multiple Service Areas

There are multiple ways to deploy, depending on whether the directory numbers need to have some significance within a domain or significance within a service area.
If directory numbers can be random within the entire domain, the directory number pool can be added to each service area with one limitation. Directory number ranges cannot overlap exactly (that is, they cannot have the same start or end number), but they can overlap and be offset by one number, so you could have block 1 as 1-101, block 2 as 2-102, block 3 as 3-103, and so on. The directory number allocation in Cisco Unified Provisioning Manager will check whether the directory number it would be picking out of a block has been used, so the first service area to pick a directory number will get it and the other service area will then skip it to get the next one. In this design, subscribers get the next available number in the pool.
You may also allocate directory number blocks based on the Calling Search Spaces setup or how many users are expected within a service area. In this case, some network planning needs to be done to decide how to allocate directory numbers. This option may be useful if each service area is to use certain ranges of directory numbers. For example building 1 is in SA1 and has extensions with 1xxxx, and building 2 is in SA2 and has extensions with 2xxxx.
In either case, you can have multiple directory number blocks per service area to fine-tune how the numbers get allocated.

Working with TAPS

The Tool for Auto-Registered Phones Support (TAPS) feature is supported on Communications Manager 4.x, 5.x, and 6.x. So far it is suggested to be used in conjunction with BAT to provide two features:

• Update MAC addresses and download predefined configuration for new phones.

• Reload configuration for replacement phones.

When new phones are added to Cisco Communications Manager, TAPS works in conjunction with BAT to update phones that were added to BAT using dummy MAC addresses. After BAT has been use to bulk add the phones with dummy MAC addresses to Cisco Communications Manager Administration, one can plug the phones into the network. The user can dial a TAPS directory number that causes the phone to download its configuration. At the same time, the phone gets updated in Cisco Communications Manager Administration with the correct MAC address.
For the first case, instead of using the BAT tool to provision the phones with dummy MAC addresses, Cisco Unified Provisioning Manager is extended to be able to provision these phones. During phone order entry, a choice box is presented to the user indicating whether this phone should use a dummy address (only available to users with advanced assignment role). Possible values are "Y" and "N" (default). When the user chooses "Y", the MAC address field will be hidden (and anything previously entered in that field will be cleared) to prevent the user from entering additional values. During order processing, Cisco Unified Provisioning Manager will generate a dummy MAC address that is not currently used in the system. The dummy MAC address assigned by Cisco Unified Provisioning Manager will be an internal MAC address that is not valid in the public domain. Cisco Unified Provisioning Manager will use a specific prefix for the MAC address (first three octets).
For the second case, if Communications Manager TAPS is configured to "Allow Auto-Registered phones to reset with any profile", the user can switch to a new phone simply by using the TAPS feature. Cisco Unified Provisioning Manager just needs to sync back the changes. If Communications Manager TAPS is configured to "Allow Auto-Registered phones to reset with a profile with dummy MAC address", the user can use Cisco Unified Provisioning Manager to change the MAC address of the existing phone to a dummy MAC address and use the same procedure to get the physical MAC address of the new phone updated in Communications Manager.
After a phone with a dummy MAC address is registered, the subscriber needs to be synchronized in order to get the new MAC address. Alternatively, subsequent Cisco Unified Provisioning Manager subscriber and domain sync will bring the system to the latest state.
For batch provisioning, if the product attribute "use DummyAddress" with the value "Y" is provided (value "N" instructs Cisco Unified Provisioning Manager to use existing logic), Cisco Unified Provisioning Manager will ignore the MAC address in the batch file (if presented) and generate a dummy address.
In the subscriber record, the phones configured for TAPS won't be showing any special attribute to indicate that. The only way the user will be able to find that a phone is configured for TAPS is by looking at the device name string next to the phone in the subscriber record, which will show a different prefix (BAT instead of SEP). This will happen only until the TAPS phone logs in to the TAPS application and gets the real address and a subsequent subscriber and domain sync has been done.

How Many Concurrent Users

There is nothing inherent in the code that limits the total number of administrators. The recommendation is to allow 10 users concurrently (5 for the VMWare environment) in a distributed environment.

Handling Autoregistered Phones

Cisco Unified Provisioning Manager requires that autoregistration be turned off on Communications Manager. If autoregistration cannot be disabled, it is recommended to deploy TAPS and then provision the phones through Cisco Unified Provisioning Manager.
For autoregistered phones that are already in the Communications Manager database, when they are synchronized to Cisco Unified Provisioning Manager, they are in the Cisco Unified Provisioning Manager database without association to any user. Cisco Unified Provisioning Manager cannot manage those phones. The workaround is to use the Communications Manager BAT tool to associate users to phones and then resync to the Cisco Unified Provisioning Manager database for Cisco Unified Provisioning Manager to manage them.

Using Cisco IOS Templates to Provision Communications Manager Express/Cisco Unity Express/SRST

• Cisco Unified Provisioning Manager supports some functions without templates:

– Communications Manager Express: Create users, phones, and lines

– Cisco Unity Express: Create users and voicemail boxes

• Cisco IOS template support:

– The Cisco IOS template is a freeform text box that allows commands to be entered and then pushed to the target integrated services router device.

– Commands can have keywords typed in and then a keyword list is created.

– Templates exist in the infrastructure configuration and can be used with any user-assigned keyword.

– Templates also exist as provisioning attributes to phone and line. These templates have predefined keywords FIRSTNAME, LASTNAME, DIRECTORYNUMBER, and USERID.

– A Cisco IOS Software write is executed at the end of each template to save settings on the integrated services router device.

• Caveats for using Cisco IOS templates for Communications Manager Express/Cisco Unity Express/Survivable Remote Site Telephony (SRST):

– All CLI commands entered must be syntactically correct.

– Commands (for example, exit) that change the line configuration mode should not be used.

– Do not use line configuration commands (for example, number or description) in this template. They will overwrite the configuration done by Provisioning Manager when provisioning the line product.

– Do not use phone configuration commands (for example; mac-address, description, button, type, or username) in this template. They will overwrite the configuration done by Provisioning Manager when provisioning the phone product.

– Keywords must be unique and not match any Cisco IOS command tokens or settings. It is recommended that keywords are preceded with a dollar sign to assure uniqueness.

– Templates do not have a provision for interactive responses.

– The button command can only support ":".

– Can send integrated services router setup commands for SRST through the CLI template function but must set up SRST on Cisco Unified Communications Manager through the Cisco Unified Communications Manager GUI interface. (No AXL support is provided for provisioning SRST in Cisco Unified Communications Manager using Cisco Unified Provisioning Manager.)

Window Security Patch Update

We also internally apply critical security patches when they are recommended by our network administrators. Since it is not possible to predict critical patches in advance, we leave this level of discretion to the customer. We do not recommend that automatic updates be enabled.

Cisco Unified Provisioning Manager Licensing

The Cisco Unified Provisioning Manager license dictates the features of Cisco Unified Provisioning Manager available and the number and types of devices that can be managed. During the installation of Cisco Unified Provisioning Manager, you have two options:

Product Evaluation: Good for 90 days and limited to 100 phones, five call processors, and two message processors. The upgrade license file can be registered at a later date at http://www.cisco.com/go/license.

• Copy the license file to the Cisco Unified Provisioning Manager server, in the folder: <CUPM installed directory>\license.

– Server should automatically update the license within a few minutes. However, if it's not updating, go to the UPM System Administration tab, select License Information, and then click the Perform Audit button (located at the top center of that screen).

License status may be viewed through the following:

• System Administration -> License Information

Note: Users can log in to the Cisco licensing site to get license keys for Cisco Unified Provisioning Manager. When users get a new license key after installation or to upgrade the license, the new license key file will need to be manually copied into the fixed directory holding license files. There can be more than one license file in the license key file location. Cisco Unified Provisioning Manager will take the sum of all the phone licenses from all the files. Valid license key files will take precedence over evaluation license files.

Cisco Unified Provisioning Manager checks its database every minute to count the total number of phones that have been synchronized in from publishers. The customer is expected to buy a license that covers all the phones to be managed. If the phones synchronized in the database exceed the phone counts allowed by the license, Cisco Unified Provisioning Manager will not allow another phone to be added (a new order related to adding a phone will fail) until the user removes additional phones from the system or adds additional phone licenses to get the license level raised to manage more phones.

FAQ and Troubleshooting Tips

Install or Upgrade

Problem: Install fails - "msiexec failed with 1625"
Recommended action: The user installing Cisco Unified Provisioning Manager does not have Windows administrator privileges and so cannot create a Windows user account. Clean up the machine, log in as administrator, and try installing again.
Problem: Upgrade fails - "The system is not in a safe state to upgrade at this point. For more details, please check the install.log file."
Recommended action: This indicates that one of the conditions for the system to be in safe state has failed.

• No orders are in the Released state.

• All workflows are in the Finished state.

• No infrastructure, subscriber, or domain synchronizations are running.

• No batch projects are running or are in the active state.

Check the ${installLocation}/install.log file for one of the following messages and correct the condition for the upgrade to continue:

• WARNING: At least one domain synchronization is running.

• WARNING: At least on one device, either subscriber or infrastructure synchronization is running.

• WARNING: At least one batch project is in running/active state.

• WARNING: At least one order is found in released state with extended status not in unrecoverable error.

Problem: Upgrade fails - "Database connection could not be made. Database service may be down, so the upgrade can not be continued."
Recommended action: Go to Control Panel-> Administrative Tools - > Services ->cupmPostgreSQL service.
Select the service, right-click it, and start it.
Problem: Upgrade fails - "WARNING: At least one order is found in released state with extended status not in unrecoverable error."
Recommended action: One of the upgrade requirements is that there should be no pending orders, that is, any orders in the RELEASED state and not in UNRECOVERABLE ERROR status. Please go to the Provisioning Dashboard -> Manage Orders -> Search Orders and search for all orders (by leaving all fields blank). Look at the "Status" and "Extended Status" columns for any orders in meeting the above criteria. Take necessary action to move them away from that state.

Communications Manager Synchronization

Problem: Cisco Unified Communications Manager infrastructure sync fails on 4.1.3 sr2 - "IPT-0600: Software - Failed to create PhoneButtonTemplate object instance."
Recommended Action: The Cisco Unified Communications Manager is incorrectly returning multiple phone templates with the same UUID. This is not correct Cisco Unified Communications Manager behavior and causes Cisco Unified Provisioning Manager to fail. We recommend following up with the Cisco Unified Communications Manager support team.
Problem: Cisco Unified Communications Manager Infrastructure sync fails - "Host or service not found"
Recommended Action: Please make sure there is network connectivity between the Cisco Unified Provisioning Manager server and the Cisco Unified Communications Manager. If so, then make sure that the Cisco Unified Communications Manager AXL web service is enabled.
Problem: Cisco Unified Communications Manager Infrastructure sync completes, but some objects could not be synchronized.
Recommended Action: If during the infrastructure sync Cisco Unified Provisioning Manager has trouble synchronizing infrastructure objects due to the Cisco Unified Communications Manager AXL message being faulty/incompatible, you will see an error message.
This can be due to an unsupported Cisco Unified Communications Manager being synchronized. A workaround is to remove the incompatible infrastructure objects that are causing the error from Cisco Unified Communications Manager.
Problem: Cisco Unified Communications Manager 6.0.1 subscriber sync fails - "Attribute 'SOAPAction' is not allowed to appear in element 'SOAP-ENV:Header'."
Recommended Action: The problem occurs if a new device pack for a new phone model support is installed on Cisco Unified Communications Manager 6.0.1. This is a known Communications Manager issue (CSCsj38775), which is fixed as of version 6.1. A Cisco Unified Communications Manager 6.0.1 Early Release can also be requested.
Problem: Cisco Unified Communications Manager 6.0.1 infrastructure sync fails - "A device error occurred, please check NICE log to determine the problem."
Recommended Action: Cisco Unified Communications Manager is sending an unrecognized namespace. There is a service parameter on Communications Manager that decides the namespace sent in the response. It should be set to true:

1. Log into the Cisco Unified Communications Manager user interface with the following URL: http://<Communications Manager ip address>/ccmadmin. Credentials should be the same as the ones that are provided in Cisco Unified Provisioning Manager while adding the call processor.

2. Go to System -> Service Parameters.

3. Select the correct server in the Server pull-down menu. In the Service pull-down menu, select Cisco Database Layer Monitor.

4. The page refreshes; click the Advanced button at the bottom of the page.

5. In the parameter names section, set the value of the parameter Send Valid Namespace in AXL Response to true. Save the new value.

After doing the above, restart the Cisco Unified Communications Manager services:

1. In the pull-down Navigation menu at the top right corner, select Cisco Unified Serviceability and click Go.

2. Go to Tools -> Service Activation.

3. Select the correct server, and you should see a list of services.

4. Deactivate and activate this service: "Cisco AXL Web Service".

Communications Manager Express and Cisco Unity Express Synchronization

Problem: Communications Manager Express Infrastructure sync fails
Recommended Action: Cisco Unified Provisioning Manager tries to establish a successful Telnet or SSH connection. Cisco Unified Provisioning Manager requires a direct Telnet connection to Communications Manager Express. Please try to create a direct Telnet session with the Communications Manager Express IP address from Cisco Unified Provisioning Manager server and check if that works. If it fails, please look at the nice.log file for more details. Check if you have entered the correct Telnet credentials in Cisco Unified Provisioning Manager and make sure that the Communications Manager Express device is configured to support at least four Telnet sessions.
Problem: A service area with Communications Manager Express assigned won't save because it requires a device pool.
Recommended Action: Communications Manager Express does not have a device pool; however, to be consistent with call managers, it uses a default device pool. Please select Default_Communications Manager Express to create the required service area.
Problem: Cisco Unity Express infrastructure or subscriber sync fails - "Failed to create a session with Cisco Unity Express module"
Recommended Action: The Cisco Unity Express module allows only one connection, and Cisco Unified Provisioning Manager is not able to establish a Telnet session on the Cisco Unity Express module. Close all open Telnet sessions with the Cisco Unity Express module and try again.
Problem: Infrastructure or subscriber sync with Cisco Unity Express fails - "Access Denied, Please check Username/password"
Recommended Action: Cisco Unified Provisioning Manager was unable to create a Telnet or SSH session with the Host router or Cisco Unity Express module due to the following:

• Incorrect device protocol

• Incorrect access password or passwords

• The host router device is set up to use special device prompts.

We recommend the following action:

• Check the host router configuration to see whether it is set to use Telnet, SSHv1, or SSHv2. Update the protocol selection in Cisco Unified Provisioning Manager.

• Get the correct Telnet passwords for the host router device and Cisco Unity Express module and update the device passwords in Cisco Unified Provisioning Manager.

• If your Cisco Unity Express host router device is set up for custom TACACS authentication prompts, check the device authentication prompts and add the prompts in the configuration file in the <Install Dir>\sep\ipt\config\ios\DevicePromts.ini file and restart Cisco Unified Provisioning Manager .

• Check the "line vty" configuration on the host router and make sure it is configured to handle at least five or more Telnet connections.

• Close all open Telnet connections with the host router device to make the connection available for Cisco Unified Provisioning Manager.

Unity and Cisco Unity Connection Synchronization

Problem: Cisco Unity Connection 1.1 infrastructure/subscriber sync fails - "IPT-0200: Communication Failure. Please check your network connectivity."
Recommended Action: This error happens if the IP address for the Cisco Unity Connection device is not reachable or if the TCP/IP port on SQL Server (used for JDBC connection) is not accessible. For the Cisco Unity Connection 1.1 case, the firewall on the Cisco Unity Connection device typically blocks the port for the Cisco Unified Communications case. Please make sure that the firewall allows traffic to go through the SQL Server TCP/IP port. Note that the port on Cisco Unified Communications is different from that of Unity; it's typically 1431 by default.
Please check the port number by going to the SQL Server Properties screen.
Click the Network Configuration button on the SQL Server Network Utility screen, select TCP/IP from the list of Enabled Protocols, and click Properties. The default port is listed there.
Problem: Unity infrastructure/subscriber sync fails - "Access Denied. Please check username/password."
Recommended Action:

1. Make sure that the entire SQL Server is configured for both Windows and SQL Server Authentication. Please use the following steps:

a. Expand Enterprise Manager.

b. Find your server name in the tree on the left.

c. Right-click the server name and select properties.

d. Click the Security folder. Make sure that SQL Server and Windows is checked for the authentication.

2. Create a new database user (check the User Guide for Cisco Unified Provisioning Manager for details).

3. Verify the TCP/IP port used by Cisco Unity:

a. On the Cisco Unity system, select Start -> SQL Server -> Enterprise Manager. The Enterprise Manager appears.

b. From the menu, click Action. Then select Properties. The SQL Server Properties (Configure) dialog box appears.

c. In the General tab, click Network Configuration. The SQL Server Network Utility window appears.

d. Select TCP/IP, and click Properties.

e. In the window that appears, the default TCP/IP port is displayed. Make sure this port number is the one provided in Provisioning Manager.

4. Make sure the newly added username and password get updated on Provisioning Manager.

If the Unity is running Microsoft SQL Server Desktop Engine without Enterprise Manager installed, you have two options to install Enterprise Manager:

• Use Enterprise Manager from another server and register to the one where the new user is required. After registering, create the new user.

• Customer can install the component by running the SQL Server 2000 install by following the steps in "To install client tools only for SQL Server 2000" at http://msdn.microsoft.com/en-us/library/aa197918(SQL.80).aspx.

Batch Operations

Problem: Change phone fails - "Cannot insert device with invalid phone template"
Recommended Action: When performing a change phone, the new Phone Button Template needs to be specified in the batch file if there is a phone type change (for example, a change from a 7961 to a 7960); otherwise, Cisco Unified Provisioning Manager will insert the phone with the old phone template.

Orders

Problem: Unable to cancel an order in the Hold state.
Recommended Action: The Hold state is a valid state for an order. An order goes to this state if the user selects Abort the remainder of the order from the workflow process manager when an order has encountered a failure. This is equivalent to canceling the order after a recoverable or unrecoverable error, indicating to the system not to process the order any further. No action, such as cancel, can be taken on an order in this state as it has run its course of processing.

Others

Problem: A service area or processor deletion was performed, and the affected subscriber records are now out of sync.
Recommended Action: A domain sync needs to be executed after performing the delete operations to clean up and reassign the products accordingly.
Problem: Failed to order "Extension Mobility Access" product - 'IPT-0500: Object Not Valid'
Recommended Action: This can be due to the extension mobility services on the call processor not being properly configured according to the setup on the Cisco Unified Communications Manager. Check that the extension mobility services defined match those on the Cisco Unified Communications Manager.