IOS Toll Fraud Prevention

I was recently configuring a VG202 (yeah that little cutie) for a customer and when making inbound test calls they were failing:-

I checked the configuration and there was no reason for the call to fail, did a debug voip ccapi inout and saw the following error:-

>>>>CCAPI handed cid 19 with tag 2000 to app “_ManagedAppProcess_TOLLFRAUD_AP
*Mar  9 02:41:02.915: //19/0050FCDF0800/CCAPI/ccCallDisconnect:
Cause Value=21, Tag=0x0, Call Entry(Previous Disconnect Cause=0, Disconnect C

Hmm.. i thought this was only applicable to IOS 15.X and above but seems like i was wrong, looks like this 12.4(20r)YA1 has Toll Fraud mechanism

The following command <voice iec syslog>will also help you get toll fraud debugs;

*Mar  9 02:36:17.163: %VOICE_IEC-3-GW: Application Framework Core: Internal Erro
r (Toll fraud call rejected): IEC= on callID 13
*Mar  9 02:36:17.283: %VOICE_IEC-3-GW: Application Framework Core: Internal Erro
r (Toll fraud call rejected): IEC= on callID 14

you can either create a trusted ip access or disable it totally; see Toll-Fraud Prevention Feature in IOS Release 15.1(2)T for more information

What is Presence & Cisco Unified Presence Server

Presence is the ability to show the status of a user; idle/busy/away, devices they are contactable on and how best to contact them. Simply put it “is the aggregation point of availability represented by a single or multiple devices associated with a user account that can be monitored by users”

At the core, presence is a person’s willingness and ability to communicate utilising all network connected mediums available to them to make them more contactable and productive.

Available mediums are integrations to conferencing resources, calendar, email & IM clients. Utilising these one can make an informed decision as to what maybe the best method of contacting a user. On the other end, users can set their status and also enable features such as SNR that allows them to advertise a single number and be contactable on multiple devices; when a user is called on a deskphone; their home phone/cell phone can simultaneously ring and when connected the call can be transferred to the deskphone/remote phone without any or very little media interruption. Users can also have voice messages delivered to their email inbox, can visually chose what message they wish to listen to and so on.

Cisco UC clients consists of the following;
Cisco IP Communicator (CICP). A windows application that offers softphone capabilities, the same as a deskphone would

Cisco UC Integration for MS Office Communicator (CUCIMOC)-  An Client service Framework (CSF) application that provides services such as softphone, mid-call control, desktphone control, IM

Cisco Unified Mobile Communicator (CUMC)- an application for mobile phones and smartphones that allows users to place/receive calls, access corporate directory, view user status, access voicemails, utilise MeetingPlace and Webex conferencing etc.

Cisco Unified Personal Communicator (CUPC) – this provides integration and a single interface to a wide variety of services such as call control, video, im, web conferencing, voicemail. it also allows you the ability to Click-to-dial from MS Excel/Outlook/Word and even the web

Cisco unified Video Advantage (CUVA)- adds video functionality to an ip phone by utilisng deskphones or CIPC utilising existing network infrastructure.

Cisco Presence Server
Cisco Unified Presence Server (CUPS) is the core component of the Cisco Presence solution, it is a separate product integrates directly into CUCM as an extended application.  As outlined in RFC 2778 there are 3 basic components to a presence solution;

  • [Collect Status] Presence Service: This service aggregates and distributes presence information between clients
  • [Publish Status] Presentities: Clients that provide presence information to the presence service to be stored and delivered. Presentities publish their service to the presence server using a PUBLISH or REGISTER message for SIP/SIMPLE Clients or XML Presence Stanza for XMPP clients. It can be DN or SIP uniform resource identifier (URI) that resides outside or within a cluster
  • [Consume Information] Watchers: these are Presence clients that receive presence information from the presence service. They do this by
    • Fetching: retrieves current presence information from presence service about a presentity; done upon user request
    • Subscribing: retrieves current and future presence information from the presence service about a presentity. Provides ongoing subscription to receive status updates

Components of Cisco Unified Presence

  • Cisco IM and Presence Service
  • Unified Communications Manager (CUCM)
  • Cisco Jabber
  • Meetingplace or MeetingPlace Express
  • Unity or Unity Connection
  • Unified Video Conferencing or meeting place Express VT
  • Cisco IP Phones
  • LDAP Svr 3.0
  • Third Party Presence Server/XMPP Clients/Applications

An Illustration of Components;

CM Presence Capabilities
When a IP Phone sends a watcher request, CUCM manages the request locally and if the presentity is located on a separate CUCM cluster or CUPS it forwards the request across the SIP trunk to the external service (provided the user is in the SUBSCRIBE CSS & Presence group that allows the watcher to monitor the requested presentity).When CUCM receives a SIP NOTIFY response on thr trunk it responds to the SIP Line-side presence request by sending a SIP NOTIFY message to the watcher indicating the current status of the presence entity. The services that are natively supported on CUCM are BLF/SpeedDials and Call history logs

CM Presence with SCCP
since CUCM supports SCCP endpoints as presence watchers and there are no SCCP trunks, SCCP endpoints can request the presence status of a presentity to the CUCM by sending SCCP Messages. If the presentity resides within the same cluster CUCM responds back indicating the current status of the Presentity. If it resides outside the CUCM Cluster, CM routes a SUBSCRIBE request out a appropriate SIP trunk based on the SUBSCRIBE css, Presence Group & SIP Route Pattern. When CUCM receives a SIP NOTIFY it responds to the SCCP line-side presence request bysending SCCP messages to the presence watcher, indicating the current status of the presence watcher.

CM Presence Policy
you can create a policy in CM for users who request presence status, inorder to do this you will need to configure a CSS specifically to route SIP SUBSCRIBE messages for presence status and status of users in another group.

CM Subscribe Calling Search Space
The first thing to do is to define a SUBSCRIBE css. CM uses this to determine how to route this request  from a watcher (a phone or a Trunk) The SUBSCRIBE css is associated to the watcher and lists the partitions the watcher is allowed to ‘see’. This operates independently of normal CP routing.

This can be assigned on Devices or on a User (EM). A SUBSCRIBE with a CSS set to <None> will reject subscription messages as unknown. If a valid CSS is specified, SUBSCRIBE Messages are routed properly./

Presence Groups
The second aspect of the presence policy is presence groups. By default they are all assigned to the Standard Presence Group. A Presence group controls the destination a watcher can monitor

Cisco IM & Presence Cluster
Cisco IM and Presence Cluster consist of upto 6 server’s incl one designated as a publisher . The architecture being the same as a CUCM cluster. Within a cluster you can have a subcluster which can have upto 2 servers upto 3 clusters in a CUP Server cluster without redundancy. The CUP Server publisher uses the database of the CUCM Publisher and can support only one CUCM cluster. User assignment is done automatically using Sync Agent. Synchronisation can be anything between 5 mins for 500/1000 users upto 70 minutes for 70000 users (platform dependant) – this takes alittle longer when CUCM is integrated to CUP cluster and not CUPS Publisher

Computer Telephony Integration Quick buffer Encoding (CTI-QBE) is used between the CUCM & CUP Clusters for CTI Functionality at user level. This allows CUP Server to control phones and provide functionality such as deskphone control from a software client. LDAP integration is via the CUCM and not with the external LDAP Server. AXL/SOAP on CUPS is used to provide database synchronisation from the CUCM Cluster.

Federation to other CUCM Clusters and MS Lync/OCS Server is done via the same CUP Server.

Cisco Unified Presence Fundamentals – Cisco Press
UC SRND 9.x – Update new info

CUCM 7.1.3 upgrade -> 7.1.5 procedure

Upgrade Process for CUCM v7.1.3 -> 7.1.5

Step 1: go to and download the UCS files


Step 2: Once downloaded combine the files and burn the .ISO to CD
you can combine the fine in Windows via the c ommand prompt using teh following command:

COPY /B UCSInstall_UCOS_7.1.5.10000-12.sgn.iso_part1of2+UCSInstall_UCOS_7.1.5.10000-12.sgn.iso_part2of2 UCSInstall_UCOS_7.1.5.10000-12.sgn.iso

Step 3: Verify the Checksum Value

64fa77e1ec9c9ede6f4066e36b631954 UCSInstall_UCOS_7.1.5.10000-12.sgn.iso

Step 4: insert the Disk to the local server where you wish to install the upgrade and navigate to Upgrades > Install/Upgrade.
The Software Installation/Upgrade window displays.
From the Source list, choose DVD.
Enter a slash (/) in the Directory field.
Press Next to continue

or utils system upgrade from the CLI

Step 5: you have the option to “reboot to upgraded partition” or “Do not reboot after upgrade.” select the latter and next

You can check the installation status on the CLI:

Step 6: When installation is completed, select Finish

Step 7: To Upgrade choose: Settings > Version; then, click Switch Version.
The system restarts and runs the upgraded software

or Via the CLI:

utils system switch-version

Perform Upgrade on the Publisher first then subsequent subscriber nodes. Finally perform a DBreplication repair on the publisher

utils dbreplication reset all

Continue reading

ISDN Disconnect “Cause i = 0x829F”

Caller is able to recieve calls but unable to make calls, when making a call they get a  flat dial tone.

Traces show the following:

Dec 20 10:51:51.676: ISDN Se0/0/0:15 Q931: RX <- DISCONNECT pd = 8  callref = 0x
Cause i = 0x829F – Normal, unspecified

The Cause code 82 is related to the receiving equipment (telco switch) requesting to use a channel that is not activated on the interface for calls.

This looks like an issue with BT who have deactivated the line (in this case, due to not paying bills)

Continue reading

Cluster Manager service connectivity test

Dec  10 12:04:54 AXD-SUB1 local7 6 : 2432: Dec 10 12:04:54.257 UTC :  %CCM_CLUSTERMANAGER-CLUSTERMANAGER-6-CLM_PeerState: Current ClusterMgr session state. Node’s Name or IP:AXD-PUB Node’s State:POLICY_INJECTED App ID:Cisco Cluster Manager Cluster ID: Node ID:AXD-SUB1

noticed the above notification in the CUCM syslog every few minutes. This is a connectivity test performed by the CUCM cluster manager service to the Publisher . This is a unecessary alert as there is no policy state change.

This can only be stopped by a TAC Engineer, the process is as follows:

1) Create a TAC user account

admin:utils remote_account enable
admin:utils remote_account create ciscotac 30

2) on the Subscriber stop the Cluster Manager Service

admin:utils service stop Cluster Manager
Service Stopped
Cluster Manager [STOPPED]

3) Cisco TAC will apply the following command in root to disable cluster manager notification:-

[root@AXD-SUB1 ~]# /usr/local/platform/bin/clm/clm_ctl set clm_network_test_timer 0

4) restart the service cluster manager service

admin:utils service start Cluster Manager
Service Started
Cluster Manager [STARTED]

This Service may cause drop outs on the phone system, and best done out of hours. It takes a few minutes (more like seconds) to complete. Continue reading

Extracting the MoH file from CUCM

something i noticed while looking through the DRF was the location of the MoH files,

Server        : BMML-PUB
Feature       : CCM
Component     : MOH
Time Completed: 2011-12-01-09-37-57
Result Code   : 0
Result String : SUCCESS
=================================== Backing up the MOH files
/usr/local/cm/sftp/mohprep/SampleAudioSource.g729.wav Continue reading