Cisco Unified Contact Center Express

LDAP Server Failover Configuration for IPCC Express Edition

Document ID: 64130

Updated: Mar 17, 2008



This document describes one reason for the failure of agents to log on to the Cisco Agent Desktop. Agents fail to log on because of a failure to access the secondary Lightweight Directory Access Protocol (LDAP) server. The LDAP server can be either the Active Directory service or the Data Connection (DC) Directory service for fault tolerance in a Cisco IP Contact Center (IPCC) Express Edition environment.

However, because the integration is done on the Cisco CallManager LDAP configuration, the user information is downloaded from the LDAP directory to the Cisco CallManager local database, which in turn is synched down to Cisco Response Solution (CRS) periodically via the AXL API. User authentication requests are sent to the Cisco CallManager via the AXL API, then relayed to the external LDAP directory service, if configured.



Cisco recommends that you have knowledge of these topics:

  • Cisco CallManager

  • Cisco IPCC Express Edition

  • Cisco Desktop Product Suite

Components Used

The information in this document is based on these software and hardware versions:

  • Cisco CallManager

  • Cisco IPCC Express Edition

  • Cisco Desktop Product Suite

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.


Refer to Cisco Technical Tips Conventions for more information on document conventions.


When the primary LDAP server goes down, agents are unable to log on to the Cisco Agent Desktop even though the secondary LDAP server is functional and available. This Cisco Agent Desktop software error message appears:

07:08:28 01/11/2005 INFO   DAClient
  Could not get agent testuser
07:08:28 01/11/2005 FATAL  FastCall FC0254
 Unable to connect to Directory Services:
 <Failed to bind to LDAP server. Can't contact LDAP server>


The log file indicates that there is no attempt to connect to the secondary LDAP server. A possible reason is that the Cisco Desktop Product Suite is not configured for the LDAP fault tolerance.


You need to perform two sets of steps in order to solve the LDAP server failover:

  • Set 1: On the CRS server.

  • Set 2: On the desktop of each agent.

On the CRS Server

Complete these steps:

  1. Choose Start > Programs > Cisco CRA Administrator > Application Administrator to log into the CRA Administrator.

    The Authentication window appears:

    Figure 1 – Authentication Screen


  2. Enter your username in the User Identification field.

  3. Enter your password in the Password field.

  4. Click Log On.

    The Configuration and Repository window appears.

  5. Choose System > Configuration and Repository.

    Figure 2 – Configuration and Repository


    The Directory Setup window appears (see Figure 3).

  6. Enter the IP address of the secondary LDAP server in the Director Host Name field. Separate this address by a comma from the IP address of the primary LDAP server.

    Figure 3 – Directory Setup: Step 1 of 2


  7. Click Next.

    Figure 4 – Directory Setup: Step 2 of 2


  8. Choose the correct profile from the Profile Name list.

  9. Click Edit.

    The Explorer User Prompt appears:

    Figure 5 – Explorer User Prompt


  10. Click OK.

  11. Click Next in the Directory Setup window.

    The initial Directory Setup window is displayed again with the IP addresses of the primary and secondary LDAP servers:

    Figure 6 – Directory Setup: Updated Configuration


  12. Stop and start the engine for the changes to take effect.

  13. Back up all the workflow changes (for example, customized screen pops or options, if any).

  14. Remove all the Desktop Software on the CRS Server (see Figure 7):

    • Remove Desktop Administrator.

    • Remove RASCAL Server.

    • Remove Desktop Server.

    • Remove VoIP Server.

    • Remove Desktop Base.

      Note: Ensure that Desktop Base is the last component you remove, after you have removed all the other components. There is no specific sequence for the removal of the other components.

    Figure 7 – Remove Desktop Software on the CRS Server


  15. Reboot the CRS Server.

  16. Run the full CRS installer in order to reinstall the desktop software.

  17. Rerun the setup for the previously installed service release.

  18. Restore the workflow changes, if any.

On the Desktop of Each Agent

Through the Add/Remove Programs Window

Complete these steps:

  1. Remove the Cisco Agent Desktop software on the desktop workstation of the agent in this sequence (see Figure 8):

    1. Remove Desktop Supervisor.

    2. Remove Desktop Agent.

    3. Remove Desktop Base.

    Figure 8 – Sequence to Remove Desktop Software on the Agent Desktop


  2. Reboot the workstation of the agent.

  3. Reinstall all the Cisco Agent Desktop software that you just removed from the desktop workstation of the agent.

Through the Registry Editor

You can also use the Registry Editor to fix this issue on the desktop workstation of each agent. Complete these steps:

  1. Click Start > Run.

    The Run dialog box appears.

  2. Enter regedit32, and click OK.

    The Registry Editor window appears (see Figure 9).

  3. Locate the LDAP_HOSTA and the LDAP_HOSTB keys in this path:

  4. Update the values of these two registry keys with the IP addresses of the primary and secondary LDAP servers.

    Figure 9 – Registry Navigation Path


Set up LDAP Failover for Multiple LDAP Servers in IPCC Express 4.x

User authentication requires access to a user database in the LDAP server. If the LDAP server is down or unavailable, you cannot access the CRS Administration web interface and agents cannot log in. Therefore, install a redundant LDAP server to provide high availability. Cisco CallManager allows you to configure multiple LDAP servers to provide redundancy.

Complete these steps in order to add new servers for LDAP failover in IPCC Express 4.x. In this example, you are adding two CallManager servers for LDAP failover.

  1. On the CRS server, login to the CRS Appadmin page. Go to System > LDAP Information and make sure both the CallManager servers are listed here.

  2. On the CRS Appadmin page, go to Tools > User Management. Then, click on the hyperlink for Cisco CallManager LDAP. Make sure both the CallManager servers are listed here.

  3. On the CRS server, go to Start > Programs > Cisco CRS Administrator and launch the Cisco CRS Serviceability Utility. Click the CallManager LDAP Information tab and make sure both the CallManager servers are listed here.

  4. In the Cisco CRS Serviceability Utility, click File > Change Connection and you will see CRS Bootstrap Information. This also needs to have both the LDAP servers listed. If one is missing, the CRS Engine will not start correctly when the first LDAP server is down. Add the second, if necessary, and click Sync.

Related Information

Updated: Mar 17, 2008
Document ID: 64130