This document provides installation instructions for Unified CCE 12.5(1) ES33. It also contains a list of Unified CCE issues resolved by this engineering special. Review all installation information before installing the product. Failure to install this engineering special as described can result in inconsistent Unified CCE behavior.
This document contains these sections:
In the Product
Alert Tool, you can set up profiles to receive email notification of new
Field Notices, Product Alerts, or End of Sale information for your selected
products.
The Product
Alert Tool is available at https://www.cisco.com/cisco/support/notifications.html.
This ES upgrades
CiscoSSL based on OpenSSL 1.0.2(x) to CiscoSSL based on OpenSSL 1.1.1h. This
upgrade is necessitated by OpenSSL announcement to make 1.0.2 (LTS) End of Life
on Dec 31, 2019. Please refer to https://endoflife.software/applications/security-libraries/openssl
for additional details. Since most of the CCE components have a dependency
on OpenSSL, this ES must be treated as a mandatory ES and should be applied
prior to applying any future ES’s on the impacted components. The list of
impacted components are covered in subsequent sections following the
traditional ES release notes format. Along with OpenSSL defect (CSCvw90939)
upgrade, this ES also includes fixes for 4 additional defects as well.
12.5(1)
This section lists the Unified
CCE components on which you can and cannot install this engineering special.
You can install Unified CCE
12.5(1) ES33 on these Unified CCE components if you would need to apply only
the SSL fix:
·
PG
·
Dialer
·
Router
·
AW (client - admin client, distributor)
·
AW-HDS
When you install Unified CCE
12.5(1) ES33 on these Unified CCE components, it will address the non OpenSSL
related defects mentioned below.
·
AW
·
AW-HDS
Do not install
this engineering special on any components other than the following:
Installation of this patch requires that
all Unified CCE services be shut down during the entire period of
installation. It is always recommended to install this ES during a scheduled
downtime.
Note: To apply only the SSL
fix, Unified CCE 12.5(1) ES33 installer is to be run on the all the 4 components
i.e. PG, Dialer, Router, AW (client - admin client, distributor. However,
if the fix is required for the other defects please install the Unified CCE
12.5(1) ES33 installer on the AW or AW-HDS machine ONLY.
Check the version of tomcat installed by running <ICM HOME>\tomcat\bin\version.bat . If its 9.0.37 or higher, then do the following steps
Note: Remove patches in the reverse order of
their installation. For example, if you installed patches 3, then 5, then 10
for a product, you must uninstall patches 10, 5, and 3, in that order, to remove
the patches from that product.
This section provides a list of
significant Unified CCE defects resolved by this engineering special. It
contains these subsections:
Note: You can view more information on and
track individual Unified CCE defects using the Cisco Bug Search tool, located
at: https://bst.cloudapps.cisco.com/bugsearch/search?null.
This section lists caveats
specifically resolved by Unified CCE 12.5(1) ES33.
Caveats in this section are
ordered by UNIFIED CCE component, severity, and then identifier.
Identifier |
Severity |
Component |
Headline |
CSCvw90939 |
6 |
security |
Multiple Vulnerabilities in openssl |
CSCvv51017 |
1 |
dbconfig |
Unable to Set the deploymentType to PCCE2k |
CSCvw45522 |
3 |
dbconfig |
Business Hours does not load departments if departments are more than 25 |
CSCvv53307 |
2 |
ova |
PCCE not correctly validate CPU speed |
CSCvu91011 |
2 |
web.config.ui |
CCEadmin uses the first Finesse cluster credentials for Subscriber of the second cluster |
Caveats are ordered by severity
then defect number.
Defect Number: CSCvv51017
Component: dbconfig
Severity: 1
Headline: Unable to Set the deploymentType to
PCCE2k
$$PREFCS
Symptom: Unable to Set the deploymentType to PCCE2k getting system
inventory error while setting the deployment type
Conditions: while setting the deployment type to pcce2k
Workaround: On 12.6, there is no workaround. On 12.5 with any ES between
ES12 and ES28 installed, then uninstall those ES to set the deployment type.
Further Problem Description:
Defect Number: CSCvu91011
Component: web.config.ui
Severity: 2
Headline: CCEadmin uses the first Finesse cluster
credentials for Subscriber of the second cluster
When Test SSO is
performed the CCEadmin uses the first Finesse cluster credentials for
Subscriber of the second cluster
Symptom: When Test SSO is performed, CCEadmin uses the first Finesse
cluster's credentials for Subscriber node of the second cluster and it fails to
register.
Conditions: SSO failing for the Finesse second cluster subscriber Two
finesse cluster configured with different credentials.
Workaround: Use the same GUI password across all Finesse clusters
Further Problem Description:
Defect Number: CSCvv53307
Component: ova
Severity: 2
Headline: PCCE not correctly validate CPU speed
Symptom: HW model
HPE
Synergy 480 Gen10, as per compatibility matrix supported, it is 2.5 GHZ
speed,
but based on the doc Caveated Support for VMware CPU Reservations and
Distributed Resource Scheduler
(https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/uc_system/virtualization/cucm-vmware-support.html)
it
is expected 99.75% can retun value for speed, it is expected behaviour.
CCEAdmin code also needs to be adjust to handle this value. 000000124:
172.26.121.41: Aug 24 2020 13:10:10.072 +0300:
%CCBU_http-bio-127.0.0.1-8080-exec-10-3-REST_API_EXCEPTION:
%[exception=com.cisco.ccbu.api.jaxb.error.ApiException: deploymentType:
The
virtual machine host properties are invalid.
[layoutResults=[VMLayoutResult[layoutName=PCCE_SPEC, isValid=false,
results=[ESX Server: sideA ESX Server Properties Valid: false Found CPU
Speed:
2.49 Found CPU Family: Intel(R) Xeon(R) Gold 6248 CPU @ 2.50GHz
Conditions: PCCE deployment
Workaround: N/A
Further Problem Description:
Defect Number: CSCvw45522
Component: dbconfig
Severity: 3
Headline: Business Hours does not load departments
if the number of departments is more than 25.
Symptom: PCCE 12.5 2k
SPOG freezes if the number of departments is more than 25. In Business Hours
config, if you load 26 departments, it breaks; if you load 25, it works fine.
Conditions: PCCE 12.5 SPOG is used
Workaround: Use 25 or less departments
Further Problem Description:
Defect Number: CSCvw90939
Component: security
Severity: 6
Symptom: This product includes Third-party
Software that is affected by the vulnerabilities identified by the following
Common Vulnerability and Exposures (CVE) IDs: CVE-2018-0739 CVE-2019-1551
CVE-2019-1563 CVE-2019-1547 CVE-2019-1552 CVE-2020-1968 CVE-2020-1971 This bug
was opened to address the potential impact on this product.
Conditions: Device with default configuration.
Workaround: Not currently available.
Further Problem Description: CVE-2018-0739 CVE-2019-1551 CVE-2019-1563
CVE-2019-1547 CVE-2019-1552 CVE-2020-1968 CVE-2020-1971 have been assigned to
document this issue. Additional information on Cisco's security vulnerability
policy can be found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
Identifier |
Severity |
Component |
Headline |
Comments |
ES32 |
3 |
dialer |
SIP Outbound Dialer removes CallID from hash, causing record to stuck in "A" state in DL table |
|
You can access current Cisco
documentation on the Support pages at the following sites:
To provide comments about this
document, send an email message to the following address:
contactcenterproducts_docfeedback@cisco.com
We appreciate your comments.
Cisco.com is a starting point for
all technical assistance. Customers and partners can obtain documentation,
troubleshooting tips, and sample configurations from online tools. For Cisco.com
registered users, additional troubleshooting tools are available from the TAC
site.
Cisco.com provides a broad range
of features and services to help customers and partners streamline business
processes and improve productivity. Through Cisco.com, you can find information
about Cisco and our networking solutions, services, and programs. You can also
resolve technical issues with online technical support and download software
packages. Valuable online skill assessment, training, and certification
programs are also available.
Customers and partners can
self-register on Cisco.com to obtain additional personalized information and
services. Registered users can order products, check on the status of an order,
access technical support, and view benefits specific to their relationships
with Cisco.
The Cisco TAC site is available
to all customers who need technical assistance with a Cisco product or
technology that is under warranty or covered by a maintenance contract.
If you have a priority level 3
(P3) or priority level 4 (P4) problem, contact TAC by going to https://www.cisco.com/c/en/us/support/index.html.
P3 and P4 level problems are
defined as follows:
In each of the above cases, use
the Cisco TAC site to quickly find answers to your questions.
If you cannot resolve your
technical issue by using the TAC online resources, Cisco.com registered users
can open a case online by using the TAC Case Open tool at the following site: https://mycase.cloudapps.cisco.com/create/start/
If you have a priority level
1(P1) or priority level 2 (P2) problem, contact TAC by telephone and
immediately open a case. To obtain a directory of toll-free numbers for your
country, go to the following sites:
P1 and P2 level problems are
defined as follows: