This document describes the process to troubleshoot Secure Computer Telephony Integration (CTI) for Cisco Unified Communication (UC) Integration with IBM Sametime.
Cisco recommends that you have knowledge of Cisco Unified Communications Manager.
The information in this document is based on Cisco Unified Call Manager Release 8.x.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
- Ensure the security token has been installed on the Cisco Call Manager.
Ensure the user has enabled security features.
- Go to Call Manager Admin Page > System > Enterprise Parameters > Security Parameters.
- If the Cluster Security Mode is "0", this indicates the Certificate Trust List (CTL) client is not configured or not installed in the security mode.
- The Cluster Security Mode is "1" when it has been installed.
Ensure the "Standard CTI Secure Connection" is added to the group permissions.
Verify the client Certificate Authority Proxy Function (CAPF) files are created and are named properly.
- Go to Call Manager Admin Page > User Management > End User -> Permissions Information.
Verify the client and server certificate files have been downloaded successfully.
- Go to Call Manager Admin Page > User Management > End User CAPF Profile.
- Ensure the CAPF files for the user are created.
- The format for CAPF file Instance ID must be <Call Manager User ID><num> where <num> is an integer from "0" to "4".
Ensure that these fields are properly configured in the Secure CTI Connection section of the Configuration Utility:
- These files are located at:
- Windows XP: C:\Documents and Settings\<username>\Local Settings\ Application Data\Cisco\SametimePhone\Certificates\ (Windows XP)
- Windows 7: C:\Users\<username>\AppData\Local\Cisco\SametimePhone\Certificates\
- The directory name starts with <username><server> and should contain:
- At least one server file
- A client file
- A CTL file
- Example files for user "johndoe":
- "Use Secure Connection" flag is checked
- TFTP server (usually the Call Manager Server)
- TFTP port (default 69)
- CAPF server (usually the Call Manager Server)
- CAPF port (default 3804)
- Go to Sametime preferences > Cisco > Phone Control, and ensure the "Servers" field is not editable. It is not allowed to change the security servers at runtime.
The administrator can set this field as read-only, but if it is editable the Secure CTI is not enabled.