Cisco Unified MeetingPlace Release 6.1 -- Troubleshooting Cisco Unified MeetingPlace Directory Services

From DocWiki

Revision as of 21:23, 28 March 2011 by MeetingPlace Moderator (Talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Cisco Unified MeetingPlace Release 6.1 > Cisco Unified MeetingPlace Directory Services




This page provides instructions for troubleshooting problems that may occur after Directory Services is installed and the MetaLink agreements are run.


Contents

Troubleshooting Connectivity Problems

If you experience problems with Directory Services, do the following procedures to ensure that Directory Services has not lost its connection to the Cisco Unified MeetingPlace Audio Server system:


To Verify that Cisco Unified MeetingPlace Directory Services Services are Running
  1. From the Windows Start menu, choose Settings > Control Panel > Services.
  2. In the right pane of the Services window, verify that the status of the following services is Started:
    • Cisco Unified MeetingPlace Gateway SIM
    • Cisco Unified MeetingPlace Directory Server


To Verify that Cisco Unified MeetingPlace Directory Services Is Logging In to the Cisco Unified MeetingPlace Audio Server
  1. From the Windows Start menu, choose Run.
  2. Open a command prompt window by entering cmd.
  3. Telnet into the Cisco Unified MeetingPlace Audio Server standalone or network server.
  4. Enter gwstatus.
  5. Verify that the status of the gateway is OK.


Troubleshooting Nonpropagating Corporate Directory Entries

Do the procedures in the following sections, as applicable:


Troubleshooting Nonpropagating Corporate Directory Entries

After creating MetaLinks between Cisco Unified MeetingPlace and your corporate directory, you may find that some entries in the directory do not propagate to the Cisco Unified MeetingPlace system.


To Troubleshoot Nonpropagating Corporate Directory Entries
  1. Check the error logs in each MetaLink suspense file folder. See the Monitoring Cisco Unified MeetingPlace Directory Services for more information.
  2. Review the predefined synchronization business rules.
  3. Inspect the source and target directories (Corporate Directory, Cisco Unified MeetingPlace Directory Services, Cisco Unified MeetingPlace) to locate the synchronization problem.
  4. Correct the problem and synchronize again.
    Note: The most common problem is that the corporate directory entry did not match Directory Services filter requirements. Because the corporate directory is the source directory, correcting the problem in the corporate directory will trigger updates in Cisco Unified MeetingPlace Directory Services and Cisco Unified MeetingPlace.
  5. See the Searching the Corporate Directory, the Searching the Cisco Unified MeetingPlace Directory Services Server, and the Searching for a User on the Cisco Unified MeetingPlace Server for search procedures for each directory type.

NOTE: In order for the user to synchronize to Cisco Unified MeetingPlace Directory Services, the VUName attribute must be 17 digits or less. If you are using Cisco Unified Communications Manager, then the user ID attribute must also be 17 digits or less. Only digits (numbers) are allowed; alpha characters are not allowed. Use the MPPlugin to configure the attributes for Cisco Unified MeetingPlace. See Cisco Unified MeetingPlace Directory Services Plug-In Functions.



Viewing MetaLink Suspense Logs

Suspense files are error logs that record all errors encountered by a MetaLink during synchronization. They provide details such as the time of the failed exchange, the name of the entry that could not be created, updated, or deleted, and a brief description of the failure. A typical Cisco Unified MeetingPlace Directory Services configuration includes at least two MetaLinks:

  • A Cisco Unified MeetingPlace directory MetaLink-a link between the Cisco Unified MeetingPlace server and the Cisco Unified MeetingPlace Directory Service server.
  • An Active Directory/LDAP MetaLink-a link between the Cisco Unified MeetingPlace Directory Services server and the Corporate LDAP directory.


Each MetaLink requires a suspense file folder. Create the folder inside the C:\mpdslog directory, and specify the name of the folder in the SuspensePath attribute in the agreement file for the MetaLink.


The suspense file syntax identifies the type of log: xaaaaaa-yyyymmddhhmm.nnn, where

  • x is the character "I" for import or "E" for export.
  • aaaaaa is the ID for the failed agreement.
  • yyyymmdd is the date the suspense file was created.
  • hhmm is the local time the suspense file was created.
  • nnn is an extension to differentiate files created at the same time (starts at "001").


Use Notepad to open the log and display information on entries that failed to synchronize. Following are several event log error record examples.


Example 1

The following error record indicates that the entry for user Jane Smith has a conflict username XPENDING with user John Doe.

/*********************************************************************/

/* Error LDAP0037: MetaLink has determined that entry */

/* cn=jane.smith,ou=employee, ou=People,o=company.com in */

/* system LDAP correlates with entry /o=comp.com/ou=people/n */

/* m=XPENDING in system DCD. However, the second entry is already linked to */

/* entry cn=john.doe,ou=employee, ou=people,o=company.com */

/* in the first system. This is an error, and the link needs to be removed */

/* before this change can by synchronized. */

/******************************************************************/

Modify [0][24]tsSBLCeQlU64Lfj3g3Urlg==

(1 attempt)


Example 2

The following error record indicates that the entry for this user in the corporate directory did not contain a value for the mandatory attribute VUName (Profile Number):

/*********************************************************************/

/* Error LDAP0019: An error occurred performing an attribute mapping in */

/* the Abs_Person section of the DCD system. Error MLK6106: Attribute */

/* mapping component: No value could be obtained for the mandatory */

/* attribute 'VUName'. */

/*********************************************************************/

Modify [0][24]p0j+oLdF/0WAWwP0wuP3kQ==

(1 attempt)


Example 3

The following error record indicates that the Cisco Unified MeetingPlace MetaLink attempted to modify an entry after another MetaLink had already locked the directory for another task. In this case, you can rerun this log later to make the needed modification to Cisco Unified MeetingPlace Directory Services.

/*******************************************************************/

/* Error MPML0056: MetaLink failed to synchronize a change to entry '34791' */

/* in the 'MPML' system to a Modify of entry */

/* '/o=acme.com/ou=people/nm=000946613' in DCD. */

/* Description of error: Error MLK0053: The directory is too busy to */

/* complete this operation */

/**************************************************************/

Modify [16]MeetingPlaceUser[5]34791

(1 attempt)


Example 4

The following error indicates user g120008 has a duplicate profile number with another user:

/*********************************************************************/

/* Error MPML0042: MetaLink failed to synchronize a change of entry */

/* '/o=comp.com/ou=people/nm=g120008' from system DCD because of a */

/* communications error with system MPML. Error:[29703] MPAdd: NewObj */

/* returned error: 9219 */

/*********************************************************************/

Add [16]MeetingPlaceUser[52]AAfSBxgUAzQJAI8xzpV6WeTRvizbNAkAAAAH0gcYFBwSD3BNRl4=

(1 attempt)


Replaying Suspense Files

After viewing errors in a suspense file, you can correct the indicated error on your corporate directory server; then, replay the suspense file to make the needed modification to Cisco Unified MeetingPlace Directory Services.


On a successful replay, the suspense file is automatically deleted. If synchronization should fail during a replay, an additional suspense file is generated.


Replay suspense files in the order they were created because repeated synchronization attempts may produce several suspense files resulting from the same entry problem. In this case, replaying the first suspense file is sufficient to reestablish synchronization.


To Replay a Suspense File
  1. From the Windows Start menu, choose Run.
  2. Enter cmd to open a command prompt window.
  3. Change to the directory containing the suspense file.
  4. Enter the dcdrepl <filename> command, where filename is the suspense file to be replayed.
    For example, if you found an error in the suspense file I0000001-200108131312.001, enter dcdrepl I0000001-200108131312.001 at the command prompt to replay the log and modify the entry in Cisco Unified MeetingPlace Directory Services.


Searching the Corporate Directory

The sample search file in this procedure is for a directory entry (ln=doe) that did not propagate to the Cisco Unified MeetingPlace system.


To Search a Corporate Directory
  1. To verify the entry in the corporate directory, use an LDAP browser utility.
  2. Create a search batch file. The following is a sample search file:
    ldapsearch -b "ou=people,o=company.com" -h its4.company.com -p 389 -D
    "uid=MeetingPlaceou=applications,o=company.com" -w mp147sy "sn=doe"
  3. From the Windows Start menu, choose Run.
  4. Open a command prompt window by entering cmd.
  5. Run the batch file:
    C:\temp\tools\search.bat > search_output.txt.
  6. Open the file search_output.txt and check if there are any attributes in the entry that do not follow the correlation rules in your MetaLink configuration file.


Searching the Cisco Unified MeetingPlace Directory Services Server

The sample search is this procedure is for a directory entry (ln=doe) that did not propagate to the Cisco Unified MeetingPlace system.


To Search the Directory Services Directory
  1. On the Cisco Unified MeetingPlace Directory Services server, go to Start > Programs > DC Directory Administrator and log in with username Admin.
  2. Choose Tools > Find.
  3. Create a new search filter and activate the search criteria by clicking Add.
  4. Using the Attribute, Rule and Value drop-down menus, choose LastName, Equals, and Doe.
  5. Click the Set button; then, click the Find button on the right side.
  6. When the entry is found, double-click the entry to display its Properties window.
    If you cannot find the entry, it has not been propagated to Cisco Unified MeetingPlace Directory Services.
  7. For found entries, click the MeetingPlaceUserPage9 tab in the Properties window to display information on the source of the entry (LDAP or MP) and determine if the entry has been updated in the corporate directory.
    The BootSource attribute indicates the source of the entry (ldap or MP).
    The UpdateSource attribute indicates if it has been updated (ldap), or not (MP).


Searching for a User on the Cisco Unified MeetingPlace Server

The sample search in this procedure is conducted to verify that a directory entry (username `doe') has propagated to the Cisco Unified MeetingPlace server.


To Search for a User on the Cisco Unified MeetingPlace Server
  1. Log in to MeetingTime.
  2. Find the username with last name doe.


Monitoring Cisco Unified MeetingPlace Directory Services

Use the following tools to monitor Directory Services server activities:

  • Real-time Cisco Unified MeetingPlace MetaLink logs. The Cisco Unified MeetingPlace MetaLink suspense folder contains two real-time transaction logs:
    • MPML-export.log, for entries exported from Cisco Unified MeetingPlace Directory Services to the Cisco Unified MeetingPlace system
    • MPML-import.log, for entries imported into Cisco Unified MeetingPlace Directory Services from the Cisco Unified MeetingPlace system
You can open these logs to monitor the live transaction by using Notepad or a third-party trace utility such as tail.exe (downloadable from the Internet).
  • Event logs. You can monitor transactions between Cisco Unified MeetingPlace Directory Services and the Cisco Unified MeetingPlace system by using the following event logs:
    • GWSIM eventlog
    • Windows Application Event Log. Cisco Unified MeetingPlace Directory Services uses the following Windows2000 services: MeetingPlace Directory Server and Cisco Unified MeetingPlace Gateway SIM.


To start or stop the MeetingPlace Directory Server service, go to Start > Settings > Control Panel > Administrative Tools > Services, then start or stop the MeetingPlace Directory Server service. Or from the Windows Start menu, choose Run and enter cmd to open a command prompt window, then enter the "net start mpdirectory" or "net stop mpdirectory" command.


To check the startup process, go to the Windows Application Event Log, open a real-time Cisco Unified MeetingPlace MetaLink log, or open the event logs in the suspense folders for each MetaLink. If you restart the server but still have errors, e-mail all error logs to a Cisco Unified MeetingPlace Directory Services support engineer and discuss the problem before you take further action.


Viewing the Windows Application Event Log

After creating a MetaLink between LDAP and Cisco Unified MeetingPlace Directory Services, there is network activity but no profiles get pulled in. The event log continuously displays warning messages that the time limit has been exceeded.


Event Type: Warning

Event Source: MPDirectory

Event Category: (5)

Event ID: 5203

Computer: WTC70-MPDSSR02

Description of error: A search of entry 'ou=people,o=xxx,c=US' in LDAP server 'dircsvr01.prod.xxx.com' failed.

Description of error: 3: Timelimit exceeded, BASE, 14.


For systems with approximately 200,000 profiles in the corporate directory (within the same organizational unit), do the following:

  1. Make sure that profile used by Directory Services (in the MetaLink) has administrator configuration set as needed including parameters:
    • "Look through limit" is set to the number of entries greater than the number of profiles to be synched on Directory Services.
    • "Size limit" is set to the previous number.
    • "Time limit" and "Idle timeout" are set to 7200 (seconds).
  2. In the MetaLink (.mmu) file, add or change the following:
    • "LDAPTimeout =7200"
  3. In the dccustom.ini file, add or change the following:
    • [Metalink - General]
    • ...
    • LDAPTimeout=7200
  4. Restart the Directory Services server (mpdirectory service) and start synchronizing.


Clearing the Cisco Unified MeetingPlace Directory Services Database and Recreating the Admin Node

Occasionally, you may need to clear the Cisco Unified MeetingPlace Directory Services database and recreate all MetaLinks. After you clear the database, recreate the Admin Node, which is the root of the directory.


To Clear the Cisco Unified MeetingPlace Directory Services Database and Recreate the Admin Node
  1. From the Windows Start menu, choose Run.
  2. Enter cmd to open a command prompt window.
  3. Enter the following commands:
    net stop mpdirectory
    cleandsa
    (push any key when prompted)
    net start mpdirectory
  4. After Cisco Unified MeetingPlace Directory Services starts up, go to Start > Programs > DCDirectory Administrator. At the profile selection window, accept the Default Profile and click Next.
  5. Choose None from the Auth Level drop-down menu; then, click Finish.
  6. When the server configuration warning appears, click OK. This indicates that the directory does not have an Admin root node, and allows you to create a new Admin Node.
  7. Enter a password in the Password field. This password is used for Cisco Unified MeetingPlace Directory Services replication between Cisco Unified MeetingPlace Directory Services servers. (Even if you are not using this feature in this implementation, you must enter a password to proceed.) Leave the Has a Superior check box unchecked. Click Next.
  8. Click the Uniqueness Enforced check box, and click Next.
  9. Enter Admin in the Administrator Name box and specify a password in the Password and Confirm Password text boxes. This is the username and password that is used by the administrator to log in to the Cisco Unified MeetingPlace Directory Services console. Click Finish. The console window displays.
  10. Return to the command prompt and enter the net stop mpdirectory command, followed by the net start mpdirectory command.
  11. After Cisco Unified MeetingPlace Directory Services restarts, return to the console window. Right-click comp.com, choose New, then choose OrganizationUnit.
  12. Enter people in the Directory Name text box. Click OK.
  13. In the Add New OrganizationalUnit:people dialog, click Apply, then OK.
    A new subtree, people, appears under comp.com. This subtree will receive imported entries from the SunOne LDAP Directory and Cisco Unified MeetingPlace directory.
  14. Choose View > Mode, then choose either List or MeetingPlace User.
    • List mode displays only the username in the console, which is suggested for displaying a large database.
    • MeetingPlace User mode displays more entry attributes but also requires more time and memory to display a large database. We do not recommend that you use MeetingPlace User mode for databases with more than 10,000 entries.
    After you have recreated the Admin Node for Cisco Unified MeetingPlace Directory Services, you are ready to resynchronize the entries in the corporate LDAP directory and the Cisco Unified MeetingPlace directory.

Repopulating the Cisco Unified MeetingPlace Directory Services Database

Repopulating the Cisco Unified MeetingPlace Directory Services database require recreating MetaLink agreements with both the Cisco Unified MeetingPlace Audio Server and the corporate LDAP directory. These MetaLink agreements will scan all entries in the corporate LDAP directory or the Cisco Unified MeetingPlace directory and reimport or update entries.


There are two events for which you must recreate the LDAP directory and Cisco Unified MeetingPlace MetaLinks:

  • You have cleared the Cisco Unified MeetingPlace Directory Services database and want to repopulate it from scratch.
  • You have deleted the existing MetaLinks, and want to reinitialize the synchronization (total refresh).


Note: It may take some time to synchronize updates from Cisco Unified MeetingPlace Directory Services to Cisco Unified MeetingPlace.


To Repopulate the Cisco Unified MeetingPlace Directory Services Database
  1. Recreate the Cisco Unified MeetingPlace MetaLink. For instructions, see the Creating a MetaLink Agreement Between the Cisco Unified MeetingPlace Audio Server and the Directory Services Server.
  2. View the contents of the mp.mmu.out file and Windows application log for errors. See the To Monitor the MetaLink Agreement.
  3. Recreate the LDAP directory MetaLink. See the To Run the MetaLink Agreement File.
  4. View the contents of the ad.mmu.out or ldap.mmu.out file and the Windows application log for errors. See the To Monitor the Corporate Directory MetaLink Agreement.


Preventing Anonymous Access to Cisco Unified MeetingPlace Directory Services

Cisco Unified MeetingPlace Directory Services does not allow anonymous login in its default configuration. To allow anonymous access to the directory, you can execute the CLEANDSA command-line utility. CLEANDSA clears the directory and removes all MetaLinks and accounts, restoring it to a "clean install" state.


To Reinstate the Anonymous Access Restriction
  1. From the Windows Start menu, choose Run.
  2. Enter cmd to open a command prompt window.
  3. Enter the cdsadmin no-anonymous command.
    The following text displays to indicate that the anonymous access restriction has been restored:
    Performing DSA-Administration (no-anonymous)...
    DSA-Administration succeeded - See C:\Program Files\Cisco Systems\MeetingPlace
    Directory Services\dcdsrvr\run\dcx500\config\no-anonymous.txo



Improving the Performance of the Directory Services Server

To improve the perfomance of the Directory Services server you can update the memory cache section of the dccustom.ini file.


Restrictions

Cisco Unified MeetingPlace Directory Services must be installed as a standalone component and not reside on the same server as the Web Server or any gateways or integrations.


Procedure
  1. Navigate to the dccustom.ini file.
  2. Add or change the following values:
    • [DA - Cache]
    • StandardVolSize=524288
    • FastVolSize=40000
    • IndexVolSize=50000
    • SearchKeysNodeSize=262144
    • SearchKeysExtSize=262144
    • [Standard configuration]
    • MaxNumEntries=70000
    • TypNumEntries=70000
  3. Save and close the file.


Resolving Memory Errors on the Directory Services Server

Cisco Unified MeetingPlace Directory Services will generate warnings complaining about buddy memory allocation if you implement the update from Microsoft at this location: http://www.microsoft.com/technet/security/Bulletin/MS08-028.mspx

Follow this procedure to change the configuration to avoid memory errors:


Procedure
  1. Navigate to the dccustom.ini file.
  2. Add or change the following values:
    • [Standard configuration]
    • MaxNumEntries=70000
    • TypNumEntries=70000
  3. Save and close the file.

Rating: 0.0/5 (0 votes cast)

Personal tools