As of March 30, 2016, E-delivery is the only available delivery option for software ordered from the Product Update Tool (PUT).

For sites that use single-sign-on (SSO) or LDAP authentication, password-aging settings apply to administrator passwords, which are used to sign into the Site Administration portal.

Site administrators can require the use of numeric passwords for call-in users. When enabled, this feature generates a random numeric password for call-in users joining a meeting that requires a password. The meeting invitation email includes the numeric password.

At the end of every month, WebEx automatically generates Meetings and Participants reports. Site administrators receive an email notification when the reports are ready.

Site administrators can download the reports in the following formats:

• Meetings Reports in a CSV file

• Participants Report in a CSV file

• Summary Report in a PDF file

• All three reports in a zip file

This release introduces support for Cisco Jabber Release 11.6.

WebEx plays a message to inform call-in users that the meeting is being recorded when

• A call-in user joins an in-progress meeting that is being recorded.

• A call-in user is in a meeting and the host starts recording the meeting.

A session type is a predefined bundle of features and options (a profile) that site administrators can customize and assign to users. The default session (meeting) type is the PRO session type.

Site administrators can create up to four custom session types. Once created, a session type cannot be deleted; but site administrators can modify or deactivate it.

Site administrators can use session types to make the following features available to users:

• Sharing options (application, desktop, web; and remote control for each of these options)

• Record meeting

• Video capability in meeting

• Audio capabilities (Call-In: On or Off, Call-Me: On or Off, Computer audio: On or Off) subject to the following limitations:

  • At least one of the three options must be enabled.

  • To disable Computer audio, enable Call-In.

  • To enable the Call-Me option, enable Call-In.

Note	You can assign multiple session types to a host account. The available features for a particular meeting depend on the meeting type that the host selects, while scheduling the meeting.

To perform one of the following system-altering operations, obtain the Release 2.7 Open Virtualization Archive (OVA) file.

• Expanding the system

• Adding High Availability

• Adding Internet Reverse Proxy (IRP)

Important

Ordering any CWMS OVA media (full installation media) from the Product Update Tool (PUT), requires the submission of an A2Q form. The A2Q form is required to validate the system architecture.

Site administrators can change the email address for an individual user, or addresses for multiple users in bulk by using one of the following methods:

• The WebEx Administrator portal

• LDAP

• Identity Providers

• A CSV file (edited and imported)

Important

If you plan to use this feature, there are required configuration changes to make and limitations to consider. For more information, see SSO and Email Address Changes and About SSO Configuration.

This release adds support for the following browser versions:

Windows:

• Internet Explorer 11.0.9600.18204

• Chrome 51.0.2704.79 m

• Firefox 47.0

• Edge (only for Windows 10) 25.105860.0.0

Attention

The 64-bit versions of the FireFox and Edge browsers (on any Windows platform) are supported only for starting and joining meetings, by downloading the temporary application. For more information about the limitations for the Edge browser, see Windows 10 and Edge Browser Restrictions.

Mac:

• Safari 9.1.1

• Chrome 51.0.2704.84

• Firefox 47.0

This release supports WebEx Meetings Application version 31.4.0.41 for Windows and Mac.

This release supports the following Cisco Network Recording Player versions:

• Windows: 31.4.0.41

• Mac: 31.0.0.1100

This release supports WebEx Productivity Tools version 2.82.7000.1150 for Windows.

For systems with an existing High Availability (HA) system already attached, the HA system automatically updates when you update the primary system. Ensure that all HA virtual machines are turned on and running before you start the update process.

To add a High Availability (HA) system to your primary system, first deploy the HA system. Then update the HA system to the same version as the primary system. The HA system restarts at the end of the update process. We recommend that you wait an extra 15 minutes after the restart, before you begin to add the HA system to the primary system.

For more information, see the Administration Guide for Cisco WebEx Meetings Server Release 2.7:

http://www.cisco.com/c/en/us/support/conferencing/webex-meetings-server/products-installation-guides-list.html

As part of the Internet Reverse Proxy (IRP) node removal process, the Admin virtual machine sends a remove message to the IRP server. The message removes the IRP server and therefore all external access to the system. The message is sent as clear text, and it is unauthenticated. Well-crafted malicious code could replicate this behavior and lead to a denial of service.

We recommend that you limit access to port 64616, on the IRP node, to the Admin virtual machine only.

The maximum recording size, per recording, is 2.2 GB (existing system limit). For Multi-data Centers, ensure that there is sufficient storage capacity available for all data centers. The maximum number of recordings depends on your storage server capacity. You can estimate the required storage server size for a typical five-year period using the following formula:

Estimated hours of meetings that you expect to be recorded per day * 50-100 MB per hour of recording * five years * 24 hours per day * 365 days per year

There are no per-user storage limitations. The system stores recordings indefinitely until users delete them. To prevent important recordings from being accidentally deleted, there is no setting to enable the automatic deleting of recordings. The storage server retains recordings marked for deletion for up to six months. During that time, users can still archive the recordings to other media.

When you configure a storage server and check Record under Administration Dashboard > Settings > Meetings > Participant Privileges, the Record setting is a system-wide setting. You can also enable or disable recording by Session Types, which you assign to users.

A session type is a predefined bundle of features and options (a profile) that site administrators can customize and assign to users. The default session (meeting) type is the PRO session type. Because of the relationships between the PRO session type and the custom session types, we recommend that you do not modify the PRO session type. The best practice is to create a custom session type to modify.

With this release, the Identity Provider (IdP) server can use any unique and static Active Directory (AD) field as the NameID for SSO configuration. If you plan to use the email address change feature, the email AD field is not static. Change the mapping for the NameID field on the IdP server to a unique AD field other than email. If you do not plan to use the feature to change email addresses, there is no requirement to change the mapping for the NameID field.

Caution

If the NameID field is mapped to the email AD field and you change user email addresses, the system creates a new user account for each changed address. If you plan to change the NameID field mapping from email to another field (such as EmployeeNumber), users must prepare for the change. After you update the NameID fields in AD, have the users log in to CWSM before you change the email addresses. Otherwise, when both the NameID and email address change, no attribute matches the CWMS profile. In this scenario, the existing profile loses the ablity to log into the system and the system creates a new profile.

Outlook synchronizes with the Exchange server once a day. If you change an existing user’s email address on the Exchange server, the change does not immediately propagate to Outlook. Until synchronization occurs, the system receives the user’s former email address and issues a notice that the user cannot be found. A delegate (proxy) user cannot schedule a meeting for the user, or identify them as an alternate host, until after Outlook synchronizes with the Exchange server.

Manually synchronizing the systems does not solve this issue. This limitation is not a CWMS issue; it is the result of Outlook and Exchange design.

See also About SSO Configuration.

The following restrictions apply to Windows 10 and to the Edge browser and Cisco WebEx Meetings Server Release 2.7MR2 and earlier:

• The Edge and Mozilla Firefox 64-bit browsers are supported only for joining and starting meetings, using the WebEx Temporary Folder Solution (TFS). To start or join a meeting, participants must select Run a temporary application to join this meeting immediately each time.

• The temporary application filename consists of the encrypted WebEx Site URL, username, and client machine parameters. Therefore, some filenames are long. The Edge browser truncates long filenames during the file download. The temporary client application depends on the information in the filename; so if the filename is truncated, the temporary application cannot run.

  Warning

  This limitation prevents users with Windows 10 and the Edge browser from joining some meetings on CWMS. The only workaround is to use a different browser to join the meeting.

• The Edge browser does not support the playback of WebEx recordings.

Note	These restrictions do not apply to Cisco WebEx Meetings Server Release 2.7MR3 and later.

The following limitations and restrictions are known to affect virtual desktop infrastructure (VDI) environments.

• Citrix XenDesktop and XenApp are the only desktop virtualization software supported for this release of Cisco WebEx Meetings Server.

• An architectural limitation of the virtual desktop environment can affect video quality. The frame rate may be low, causing a suboptimal experience when sending video.

• Some video files cannot be shared in a virtual desktop environment.

• Remote Access and Access Anywhere are not supported in virtual desktop environments. The underlying Citrix platform removes the Remote Access and Access Anywhere agents after the operating system restarts.

Cisco WebEx Meetings Server runs on VMware virtual machines.

• Both VMware vSphere and VMware vCenter are required to deploy Cisco WebEx Meetings Server. Using the vSphere client, you deploy the Cisco WebEx Meetings Server OVA file on an ESXi host managed by vCenter.

• Purchase VMware vSphere 5.0, 5.0 Update 1, 5.1, 5.5, or 6.0 for use as the hypervisor platform for Cisco WebEx Meetings Server.

  • Buy vSphere directly from Cisco on the GPL (Global Price List). Cisco is an approved VMware partner and distributor. This is convenient for those who want to purchase everything from a single vendor.

  • Purchase vSphere directly from VMware, through enterprise agreements you have directly with VMware.

• Cisco WebEx Meetings Server does not support other hypervisors.

• For more information about hypervisor requirements, see the Planning Guide and System Requirements for Cisco WebEx Meetings Server at http://www.cisco.com/en/US/products/ps12732/prod_installation_guides_list.html.

We strongly recommend using a publicly signed certificate instead of the provided self-signed certificate. User’s browsers trust publicly signed certificates because the list of Root Certificate Authority certificates installed on the computer establishes trust.

For Multi-data Center systems using self-signed certificates, the user receives multiple certificate warnings and must trust and install all certificates to use the system.

When using self-signed certificates, some users might have difficulty joining meetings because browsers by default do not trust such certificates. Users are required to explicitly establish trust in this case before they can proceed to join a meeting on your site. Some users might not understand how to establish trust with such a certificate. Others might be prevented from doing so by administrative settings. Use publicly signed certificates whenever possible to provide the best user experience.

The User Guide provides more information about this issue for users. See the "Meeting Client Does Not Load" topic in the "Troubleshooting" chapter of the Cisco WebEx Meetings Server User Guide at http://www.cisco.com/en/us/products/ps12732/products_user_guide_list.html.

Cisco WebEx Meetings Server supports the following ciphers:

TLS Version 1.1

• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1)

• TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048)

TLS Version 1.2

• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1)

• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1)

• TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1)

• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1)

• TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1)

• TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048)

• TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048)

• TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048)

• TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048)

• TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048)

Translated documentation for this release of Cisco WebEx Meetings Server is published 4–6 weeks after the English-language release.

There is a known issue with Apple iOS 6.x. Single sign-on (SSO) does not work for internal users of iPad/iPhone who are using the Safari 6 web browser. An Apple defect that is fixed in iOS 7 caused this issue. The Safari bug ID is 13484525.

Never change the DNS entries for the hostnames that are configured in your deployment. You can change the hostname of a virtual machine that is part of your deployment. The corresponding IP address is picked up automatically from the DNS. To change the IP address of a virtual machine and keep the same hostname, perform the following steps:

1. Configure a temporary hostname in the DNS.

2. Change the hostname of the virtual machine to the temporary hostname that you configured.

3. Take the system out of maintenance mode for the new hostname change to take effect.

   Your original hostname is not part of the deployment after this change.

4. Change the IP address of the original hostname in the DNS to the new IP address.

5. Change the temporary hostname of the virtual machine to the original hostname.

6. Take the system out of maintenance mode for the hostname change to take effect.

   Now the original hostname is configured with your new IP address.

In this release of Cisco WebEx Meetings Server, the dashboard can fail to display certain meetings as having started. This issue occurs in the following scenario:

A meeting is scheduled with the Allow participants to join teleconference before host setting enabled. A participant joins the meeting by phone but does not join the web portion. The dashboard should indicate that this meeting has started and has one participant but it does not. This issue can cause users to schedule multiple meetings resulting in performance issues.

On your audio configuration settings, G.711 provides better voice quality than G.729. See "About Configuring Your Audio Settings" in the Cisco WebEx Meetings Server Administration Guide for more information.

IP Communicator 7.0.x endpoints joining CWMS meetings can introduce audio quality issues (echo and other noises) to a conference if either of the following conditions occur:

• IP Communicator is not muted.

• A participant using IP Communicator becomes the active speaker.

To prevent this issue, fine tune the IP Communicator environment (for example, the headset, microphone, and speaker) or use a different traditional phone.

Meetings that are started with iOS devices cannot be recorded.

When a meeting fails over from one data center to another, the dial-in and dial-out connections to that meeting do not automatically reconnect. To reestablish the connections, participants hang up and manually dial back in.

When using QuickTime, the following message may appear: "QuickTime failed to initialize. Error # –2093. Please make sure QuickTime is properly installed on this computer."

There are no closed caveats for Cisco WebEx Meetings Server Release 2.7 (Build 2.7.1.12).

There are no open caveats for Cisco WebEx Meetings Server Release 2.7 (Build 2.7.1.12).

The following table lists caveats that were open in Cisco WebEx Meetings Server Release 2.6MR2, and resolved in this release.