Guest

Cisco Unified Communications Manager (CallManager)

Field Notice: *Expired* - FN - 17034 - LDAP connection leak in CTI when user authentication fails


Revised November 29, 2007

March 06, 2002

NOTICE:

THIS FIELD NOTICE HAS BEEN EXPIRED AND IS NO LONGER MAINTAINED OR UPDATED BY CISCO.

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE, WARRANTY OR SUPPORT. USE OF THE INFORMATION ON THIS FIELD NOTICE OR MATERIALS LINKED FROM THIS FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.


Products Affected

CallManager 3.1

Problem Description

Root cause for a CallManager memory leak has been determined and attributed to the failure of a user to properly authenticate when using CTI. This behavior is most commonly seen on CallManager systems immediately following the integration with a customer directory such as AD (Active Directory) or Netscape.

The most common cause in this scenario is that the WebAttendant user, CTIFW (CTI Framework), has not been configured with a valid password in the customer directory. Please note that this problem will occur even on Systems that do not utilize the Web Atetndant since the TCD service is always enabled by default. CCMAdmin->Global Directory and "Add a New User" pages stop working if CTIFW user is not configured or the CTI user's password is incorrect.

In addition, general TCP/IP connectivity issues and various other components such as RIS DC may also fail to function properly.

Problem Symptoms

If the CTIFW user is not configured or the password is incorrect, a TCP connection leak will occur.

After sometime the CCMAdmin->Global Directory and "Add a New User" page stops working. In addition, general TCP/IP connectivity issues and various other components such as RIS DC may also not function properly.

There are several indicators available in determining if this problem is at the root.

Tool

Message

Event Viewer

Error: kCtiProviderOpenFailure - CTI application failed to open provider

CTIconnectionId: 485

Login User Id:

CtiFw ReasonCode: 2362179680

IPAddress: 172.21.12.44

App ID: Cisco CTIManager

Cluster ID: JMTAO-CM2-Cluster

Node ID: JMTAO-CM2 CTI

Application ID: Cisco Telephony Call Dispatcher

Process ID: 0

Process Name: CtiHandler

Provider Name: CTI Framework

Explanation: Application is unable to open provider.

Recommended Action: Check the reason code and correct the problem. Restart

CTIManager if problem persists..

Task Manager

From the Task Manager select the "Processes" tab, click "View" and then "Select Columns..."

Check "Handle Count" and click "OK"

Click on the "Handles" column to sort by handles used.

You will observe that the CTIManager.exe is consuming a large number of handles (> 500).

DOS netstat

Another diagnostic tool is to run "netstat -na" from a DOS command prompt on the CM server. A very large number of established connections to TCP port 389 if CallManager is integrated with AD or port 8404 when CallManager is integrated with DCD.

Workaround/Solution

Configure the ctifw user by following the instructions at: http://www.cisco.com/univercd/cc/td/doc/product/voice/c_callmg/3_0/install/ad_3011.htm#xtocid30717

Step

Action

1

Set the password for the user in the corporate directory using your standard user management tools.

2

On a Cisco CallManager server, choose Start > Run and enter command to open a command prompt. Click OK

3

Enter the command, Passwordutils ; for example, "passwordutils ciscocisco"

4

The previous action generates an enccrypted password. Copy the password into the windows clipboard.

5

Choose Start > Run

6

Enter regedit into the Open Field and then click OK

7

Browse to \\HKEY_LOCAL_MACHINE\Software\Cisco Systems, Inc.\Directory Configuration within the registry.

8

Delete the value CTIFWPW and paste the encrypted password from Step 3 into the field.

9

Restart the Cisco Telephony Call Dispatcher service by choosing Start > Programs > Administrative Tools > Services. Highlight the service in the list; right click on the service and then click Restart from the drop-down list.

10

Repeat Step 2 through Step 9 for each Cisco CallManager server in the cluster.

IMPORTANT: Please note that you must reboot the CM server in all cases to reset the established TCP connections and recover the lost memory.

Alternatively, if you are not using the Cisco WebAttendant and/or the Cisco Telephony Call Dispatcher Service, set it to "manual" or "disabled" from the "Services" control panel.

DDTS

To follow the bug ID link below and see detailed bug information, you must be a registered user and you must be logged in.

DDTS

Description

CSCdv28302 (registered customers only)

LDAP connectoin leak in CTI when user authentication fails

Revision History

Revision

Date

Comment

1.2

29-NOV-2007

Expired Field Notice

1.1

29-NOV-2007

Reformat Document

1.0

06-MAR-2002

Initial Public Release

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.