IPv6 autoconfig behavior in Windows Vista/7

Computers running Windows Vista or Windows 7, by default generate random IPv6 Interface IDs for public and link-local addresses, rather than the EUI-64 based Interface IDs.

I think this is good from a security/privacy standpoint, but from an admin standpoint I feel more at home knowing that the Interface ID comes from the BIA (burned in address).

To disable the random generation and revert back to EUI-64 you can run this as administrator:

netsh interface ipv6 set global randomize­identifiers=disabled


Installing CUPS 8.6.3 and integrating with CUCM 8.6 part 3 of 3

Let’s start with the presence integration to the CUCM.

CUCM Steps:

You no longer have to manually add the CUPS as an Application Server in the CUCM, this is done automatically.

1. System -> Security -> SIP Trunk Security Profile -> Copy the existing Non Secure SIP Trunk Profile

Check the following boxes:
– Accept Presence Subscription
– Accept Out-of-Dialog REFER
– Accept Unsolicited Notification
– Accept Replaces Header
Save it as CUPS Non Secure SIP trunk Profile

2. Device -> Trunk -> Add New -> SIP Trunk
Enter CUPS-SIP-Trunk under the Device Name. Configure your device pool, location, MRGL etc.
Enter the IP address of the CUPS Publisher server under the SIP information/destination.
Select the CUPS Non Secure SIP Trunk profile and the Standard SIP Profile.

3. System -> Service Parameters -> Callmanager ->Default Inter-Presence Group Subscription set to Allow.
System -> Service Parameters -> Callmanager -> CUP PUBLISH Trunk set to CUPS-SIP-Trunk

CUPS Steps:

Desk Phone Control name has been changed to Microsoft RCC. Jabber Desk Phone Control is done via the CTI Gateway Server/Profile.

1. Serviceability -> Network Services -> Stop the Cisco UP XCP Router process.

2. System -> Cluster Topology -> Settings -> Set your domain name.
*This step only applies to those deployments that do not use DNS.

3. System -> Cluster Topology -> DefaultCUPSubcluster -> click on node slot 1 -> change the hostname to the IP address of the CUPS Publisher.
*This step only applies to those deployments that do not use DNS.

4. Presence – Gateway -> Add new
Gateway Type – CUCM
Description – Callmanager
Presence Gateway – IP address of CUCM Publisher

5. Application -> Jabber -> Settings -> Enter the IP address of your TFTP server running on the Publisher and/or Subscriber.

6. Presence -> Routing -> Settings -> Preferred Proxy Listener select Default Cisco SIP Proxy TCP Listener

7. Serviceability -> Tools -> Service Activation – Enable the following
Cisco UP SIP Proxy
Cisco UP Presence Engine
Cisco UP Sync Agent
Cisco UP XCP Connection Manager
Cisco UP XCP Authentication Service
Cisco UP XCP Text Conference Manager

8. Reboot server – OS Administration -> Settings -> Version – Restart

9. System -> CUCM Publisher -> ensure that everything is green

10. Diagnostics -> System Dashboard -> ensure everything is OK.
*Note that it can take up to 10-15 minutes until everything is started.

That’s it for the presence integration. Next I will go through Jabber for Mac and CUPC setup.

Note that IPPM is not covered here.


Installing CUPS 8.6.3 and integrating with CUCM 8.6 part 2 of 3

Be sure to activate AXL Web Services and CTI Manager on your CUCM Publisher before you continue below.

Browse to your CUPS IP address with Internet Explorer or Firefox to continue the setup. Login with your Application administrator account. Next you will see the post install setup.

1. Enter the hostname and IP address of your CUCM Publisher server.

2. AXL is used between the CUPS and CUCM to communicate, For example if you add an end user on the CUCM it will automatically be populated on the CUPS using AXL.

Here you can enter either the ccmadministrator username and password because it has full AXL access, or you can create an application user in the CUCM and assign it to the group “Standard AXL API Access”

3. Enter the cluster security password, this is used for secure communications between the CUCM and CUPS. Note that this is the security password you configured on the CUCM installation, not the CUPS installation.

4. Confirm the post installation settings, ignore the * to the right of the hostname if you do not have DNS configured.
When that’s done click on the home button.

That’s it for the basic CUPS installation. Now it’s time for the presence integration to the CUCM.
Move on to part 3.

Installing CUPS 8.6.3 and integrating with CUCM 8.6 part 1 of 3

Here’s how you install CUPS 8.6.3 and integrate with CUCM 8.6. I will walk through the basic setup and integration. In a later post I will show you how to setup CUPC and Jabber for Mac.

First off, I’m running both CUPS and CUCM in VMware ESXi 5.0. Minimum virtual machine settings for CUPS are 2Gig vRAM, 72Gig SCSI HDD.
CUPS 8.6.3 is still on RedHat 4 32-bit, while CUCM 8.6 is on RedHat 5 3-bit.

During the installation you will configure:

– Apply patch as a part of installation (optional)
– Timezone
– NIC Speed/Duplex
– OS MTU Size
– DHCP/Static IP/Hostname
– DNS Client
– Platform administrator account
– Certificate information
– First or second/third node in the cluster (Publisher or Subscriber)
– NTP Server
– Security Password for cluster communication
– SMTP Server
– Application administrator account

If you have installed any Cisco UC appliance software before this is old news.
Most of the steps are pretty self-explanatory, but some require more explanation.

DNS Client – If you do not have a DNS server, choose no. When DNS is not enabled you should enter only IP addresses (not hostnames) for all network device in your Cisco UC network.

If you have a DNS server, you can enable DNS and specify your DNS servers. Now when you integrate your CUPS with CUCM you can specify the hostname of the CUCM and the DNS server will resolve the hostname to the correct IP.

Cisco recommends not using DNS because it can cause delay and in worst case an outage if your DNS servers fail to resolve the hostnames.

Platform admin account – This is used for all tasks surrounding the OS itself, such as backup/restore, software upgrade and SSH CLI access.

Application admin account – This is used for all the standard CUPS admin tasks such as CUPC/Jabber config, start stop services and CUCM integration.

SMTP Server – If you want the system to send you e-mail notifications you must enter an SMTP server to use for outbound delivery.

The installation can take a couple of hours to complete, when it’s done move on to part 2.

Simple shell script for backup with cleanup

Here’s a simple shell script I’m using for backups on my OpenBSD box.

/bin/tar -zcvpf /backup/htdocs/htdocs_backup_`date +%Y-%m-%d`.tar.gz /var/apache2/htdocs/*
/usr/bin/find /backup/htdocs -type f -mtime +10 -exec rm {} \;

This will tar and gzip everything in htdocs and save the file name with current date.
Then it will check if there are backup files that are older than 10 days, if so delete them.

SIP session refresh bug in IOS 15.1(4)M2 – Call disconnected after 15 minutes

I think I found a bug in IOS 15.1(4)M2 running on a 2911 with CUBE functionality.
The problem was that calls were disconnected after 15 minutes.

SIP trunk from ITSP terminating on CUBE in front of Callmanager 8.6. Default SIP Expires Timer is 1800 seconds (30 minutes), after 15 minutes the UCM sends a new INVITE to refresh the session.

I saw the CUBE sending 3 identical INVITES to the ITSP with no answer what so ever, after the third INVITE the CUBE sends a BYE to disconnect the session.

Upgrading to 15.2(2)T fixed the problem.

Installing PHP 5.3.8 from source on OpenBSD 5.0

I mentioned in my post about Apache 2.2.21 installation from source on OpenBSD 5.0 that I also required PHP 5.3.8.

The latest pre-compiled package for OpenBSD 5.0 is 5.3.6, but the biggest problem is that it’s compiled for Apache 1.3 and not 2.2.x

If you don’t require the latest PHP I recommend building it from ports, there you can specify to build for Apache 2.

However, in my case I had no choice but to install from source. Here is how I did it:

1. download the latest PHP source from http://www.php.net/downloads.php

2. extract the gtar to your temp directory

3. PHP depends on libxml, install with pkg_add libxml

4. ./configure —with-apxs2=/usr/local/apache2/bin/apxs —with-iconv=/usr/local —with-mysql —with-mysqli —with-zlib —with-gd —with-jpeg-dir=/usr/local —with-png-dir=/usr/local —with-freetype-dir=/usr/X11R6
make install

If you just want your vanilla PHP you can skip the stuff in green. My installation however requires additional support.

A strange thing I found when including —with-gd was that I got error: png.h not found.
Searching around I did find png.h in /usr/local/include/libpng/ but even if I specified that dir or just /usr/local it did not work.

I had to make three symlinks in /usr/local/include pointing to the three files in /libpng, then it worked.

Note: when building with gd support and jpeg/png/freetype you need the libfiles for these three, I simply installed the pre-compiled packages for them:

pkg_add jpeg
pkg_add png
pkg_add freetype

5. create a default config file with cp php.ini-development /usr/local/lib/php.ini

6. make install will automatically add the php5 module to Apache, verify that it’s present in /usr/local/apache2/config/httpd.conf
LoadModule php5_module        modules/libphp5.so

7. tell Apache to parse PHP extensions by adding the following to httpd.conf:
<FilesMatch \.php$>
SetHandler application/x-httpd-php

8. create a file called info.php in /usr/local/apache2/htdocs/ edit the file and add:
phpinfo ();

Restart Apache and browse to http://<ip_or_hostname>/info.php to see all information about the PHP build.