Cisco Unified Personal Communicator

UC Integration for IBM Sametime and Secure CTI Issues

Document ID: 116300

Updated: Aug 01, 2013

Contributed by Jasmeet Sandhu, Cisco TAC Engineer.



This document describes the process to troubleshoot Secure Computer Telephony Integration (CTI) for Cisco Unified Communication (UC) Integration with IBM Sametime.



Cisco recommends that you have knowledge of Cisco Unified Communications Manager.

Components Used

The information in this document is based on Cisco Unified Call Manager Release 8.x.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.


    1. Ensure the security token has been installed on the Cisco Call Manager.
      • Go to Call Manager Admin Page > System > Enterprise Parameters > Security Parameters.
      • If the Cluster Security Mode is "0", this indicates the Certificate Trust List (CTL) client is not configured or not installed in the security mode.
      • The Cluster Security Mode is "1" when it has been installed.
    2. Ensure the user has enabled security features.
      • Go to Call Manager Admin Page > User Management > End User -> Permissions Information.
    3. Ensure the "Standard CTI Secure Connection" is added to the group permissions.
    4. Verify the client Certificate Authority Proxy Function (CAPF) files are created and are named properly.
      • Go to Call Manager Admin Page > User Management > End User CAPF Profile.
      • Ensure the CAPF files for the user are created.
      • The format for CAPF file Instance ID must be <Call Manager User ID><num> where <num> is an integer from "0" to "4".
    5. Verify the client and server certificate files have been downloaded successfully.
      • These files are located at:
        • Windows XP: C:\Documents and Settings\<username>\Local Settings\ Application Data\Cisco\SametimePhone\Certificates\  (Windows XP)
        • Windows 7: C:\Users\<username>\AppData\Local\Cisco\SametimePhone\Certificates\
        • The directory name starts with <username><server> and should contain:
          • At least one server file
          • A client file
          • A CTL file
        • Example files for user "johndoe":
          • CTLFile.tlv.sgn
          • JtapiServerKeySote-johndoe-johndoe0
          • JtapiClientKeyStore-johndoe-johndoe0
    6. Ensure that these fields are properly configured in the Secure CTI Connection section of the Configuration Utility:
      • "Use Secure Connection" flag is checked
      • TFTP server (usually the Call Manager Server)
      • TFTP port (default 69)
      • CAPF server (usually the Call Manager Server)
      • CAPF port (default 3804)
      • Go to Sametime preferences > Cisco > Phone Control, and ensure the "Servers" field is not editable. It is not allowed to change the security servers at runtime.

The administrator can set this field as read-only, but if it is editable the Secure CTI is not enabled.

Related Information

Updated: Aug 01, 2013
Document ID: 116300