This document describes one reason for the failure of agents to log on
to the Cisco Agent Desktop. Agents fail to log on because of a failure to
access the secondary Lightweight Directory Access Protocol (LDAP) server. The
LDAP server can be either the Active Directory service or the Data Connection
(DC) Directory service for fault tolerance in a Cisco IP Contact Center (IPCC)
Express Edition environment.
However, because the integration is done on the Cisco CallManager LDAP
configuration, the user information is downloaded from the LDAP directory to
the Cisco CallManager local database, which in turn is synched down to Cisco
Response Solution (CRS) periodically via the AXL API. User authentication
requests are sent to the Cisco CallManager via the AXL API, then relayed to the
external LDAP directory service, if configured.
Cisco recommends that you have knowledge of these topics:
The information in this document is based on these software and
The information in this document was created from the devices in a
specific lab environment. All of the devices used in this document started with
a cleared (default) configuration. If your network is live, make sure that you
understand the potential impact of any command.
Technical Tips Conventions for more information on document
When the primary LDAP server goes down, agents are unable to log on to
the Cisco Agent Desktop even though the secondary LDAP server is functional and
available. This Cisco Agent Desktop software error message appears:
07:08:28 01/11/2005 INFO DAClient
Could not get agent testuser
07:08:28 01/11/2005 FATAL FastCall FC0254
Unable to connect to Directory Services:
<Failed to bind to LDAP server. Can't contact LDAP server>
The log file indicates that there is no attempt to connect to the
secondary LDAP server. A possible reason is that the Cisco Desktop Product
Suite is not configured for the LDAP fault tolerance.
You need to perform two sets of steps in order to solve the LDAP server
Complete these steps:
Choose Start > Programs > Cisco CRA Administrator
> Application Administrator to log into the CRA
The Authentication window appears:
Figure 1 – Authentication Screen
Enter your username in the User Identification
Enter your password in the Password field.
Click Log On.
The Configuration and Repository window appears.
Choose System > Configuration and
Figure 2 – Configuration and Repository
The Directory Setup window appears (see Figure
Enter the IP address of the secondary LDAP server in the Director
Host Name field. Separate this address by a comma from the IP address of the
primary LDAP server.
Figure 3 – Directory Setup: Step 1 of 2
Figure 4 – Directory Setup: Step 2 of 2
Choose the correct profile from the Profile Name
The Explorer User Prompt appears:
Figure 5 – Explorer User Prompt
Click Next in the Directory Setup window.
The initial Directory Setup window is displayed again with the IP
addresses of the primary and secondary LDAP servers:
Figure 6 – Directory Setup: Updated
Stop and start the engine for the changes to take
Back up all the workflow changes (for example, customized screen
pops or options, if any).
Remove all the Desktop Software on the CRS Server (see
Figure 7 – Remove Desktop Software on the CRS
Remove Desktop Administrator.
Remove RASCAL Server.
Remove Desktop Server.
Remove VoIP Server.
Remove Desktop Base.
Note: Ensure that Desktop Base is the last component
you remove, after you have removed all the other components. There is no
specific sequence for the removal of the other components.
Reboot the CRS Server.
Run the full CRS installer in order to reinstall the desktop
Rerun the setup for the previously installed service
Restore the workflow changes, if any.
Complete these steps:
Remove the Cisco Agent Desktop software on the desktop workstation
of the agent in this sequence (see Figure 8):
Figure 8 – Sequence to Remove Desktop Software on the Agent
Remove Desktop Supervisor.
Remove Desktop Agent.
Remove Desktop Base.
Reboot the workstation of the agent.
Reinstall all the Cisco Agent Desktop software that you just
removed from the desktop workstation of the agent.
You can also use the Registry Editor to fix this issue on the desktop
workstation of each agent. Complete these steps:
Click Start > Run.
The Run dialog box appears.
Enter regedit32, and click
The Registry Editor window appears (see Figure
Locate the LDAP_HOSTA and the
LDAP_HOSTB keys in this path:
Update the values of these two registry keys with the IP addresses
of the primary and secondary LDAP servers.
Figure 9 – Registry Navigation Path
User authentication requires access to a user database in the LDAP
server. If the LDAP server is down or unavailable, you cannot access the CRS
Administration web interface and agents cannot log in. Therefore, install a
redundant LDAP server to provide high availability. Cisco CallManager allows
you to configure multiple LDAP servers to provide redundancy.
Complete these steps in order to add new servers for LDAP failover in
IPCC Express 4.x. In this example, you are adding two CallManager servers for
On the CRS server, login to the CRS Appadmin page. Go to
System > LDAP Information and make sure
both the CallManager servers are listed here.
On the CRS Appadmin page, go to Tools >
User Management. Then, click on the hyperlink for
Cisco CallManager LDAP. Make sure both the CallManager servers
are listed here.
On the CRS server, go to Start >
Programs > Cisco CRS Administrator and
launch the Cisco CRS Serviceability Utility. Click the
CallManager LDAP Information tab and make sure both the
CallManager servers are listed here.
In the Cisco CRS Serviceability Utility, click
File > Change Connection and you will see
CRS Bootstrap Information. This also needs to have both the
LDAP servers listed. If one is missing, the CRS Engine will not start correctly
when the first LDAP server is down. Add the second, if necessary, and click