TelePresence FAQ

From DocWiki

Jump to: navigation, search

Back to Unified Communications FAQ


Training resources

Voice of the Engineer (VoE) Events

  • April 5, 2018 Room Kit Series / LG Displays 2018
  • December 14, 2017 Cisco Collaboration Endpoint Updates- Room Kits and Spark Board

Collaboration Solutions Readiness Engineers (SRE) - Training Documents & Collaboration Solutions Readiness Engineers - Replays

  • Collaboration Meeting Room (CMR) Tech Talk

Go to TelePresence FAQ Content Table


How to create the CSR for vTS using openSSL??

You can use this handy site for such purpose, it will generate the string you need to input into openssl for your CSR and key

OpenSSL CSR Tool

Go to TelePresence FAQ Content Table


What is the role of Conductor??

TP Conductor is, as the name implies, the equivalent of an orchestra conductor. It will pool your MCUs and TP Servers into resource pools, so you can separate resources depending on what kind of conference they need (ad-hoc, rendezvous or scheduled). It will make sure that your resources are optimized, so that calls get accounted correctly, depending on the resolution they're using. It will be a single point of the conference for CUCM for ad-hoc and rendezvous, instead of needing to create two separate configurations per conference resource.

You can go through the datasheet for some more info: Cisco TelePresence Conductor Data Sheet

Go to TelePresence FAQ Content Table

Why do I have a different screen layout for the same conference that is handled by Conductor??

If you're using more than one vTS or MCU, even if it's the same conference, the layout is kept independent per bridge.

Go to TelePresence FAQ Content Table

What options do I have to deploy a Conductor??

The 3 options are:

  • Cisco TelePresence Conductor Essentials
  • Cisco TelePresence Conductor Select
  • Cisco TelePresence Conductor

Full info is here: Cisco TelePresence Conductor Data Sheet

Please notice that even though you can deploy and configure Conductor without a license, this model is NOT TAC supported. Support for this particular Conductor model is via Cisco Support Communities only

Go to TelePresence FAQ Content Table

I'm having problems integrating Conductor as an ad-hoc CFB over HTTPS, what's wrong??

This can manifest in two ways:

  • Conductor will show as Unregistered under CFB
  • Ad-hoc conferences will fail

For Conductor showing as Unregistered, you have the SIP trunk configured using IP address, and Override SIP Trunk Destination as HTTP address is unchecked, but you have Use HTTPS checked

Under such circumstances, you're hitting bug: cscut10254 HTTPS fails between CUCM and Conductor
All you need to do, is uncheck Use HTTPS and it will register.

The second scenario would be that it registers but ad-hoc still fails, as you checked the Override SIP Trunk Destination as HTTP address options and type in the FQDN of Conductor, and it's present in the SAN from Conductor certificate.

Then you're hitting bug: cscut22572 Unable to create HTTPS connection between Conductor and CUCM using FQDN
The problem here is that Conductor is not doing the reverse DNS lookup, and it fails to create the conference.

So, in the end, you will need to rely on IP address to register them both, and also avoid using HTTPS.

Go to TelePresence FAQ Content Table


Can I configure DX series endpoints in TMS??

No, there is an enhancement request for that: CSCup84943 TMS Support for DX series

Go to TelePresence FAQ Content Table

How can I install signed certificates to TMS??

The procedure has been nicely outlined here:

Go to TelePresence FAQ Content Table


Can I use SQL 2012 for TMSAE??

Please review the information from this bug: CSCus73220 Add support for SQL 2012 for TMSAE

Go to TelePresence FAQ Content Table


What is the RTT requirements if I'm going to deploy the DB server in a separate location for TMSXE to work??

It follows the same guideline as TMS:

Network The latency between the Cisco TMS server and the SQL server must not exceed 20 ms.
Cisco TMS Installation and Upgrade Guide

Go to TelePresence FAQ Content Table

VCS & Expressways

Training resources

Voice of the Engineer (VoE) Events

  • March 22, 2018 VCS Basics Part II
  • March 8, 2018 VCS Basics Part I

Go to TelePresence FAQ Content Table

Where can I download the Expressway images for install??

There are no Expressway images, the same installation file for VCS, is used to create both VCSs and both Expressways, what product, and capabilities it ends up with, depends completely in the licenses that you will upload to them

Go to TelePresence FAQ Content Table

What is the difference between VCS and Expressways??

The expressways are a subset of the features offered by the VCSs, the main difference is that EXP-C does not allow for registration of devices, it only works as a proxy for CUCM registration, and that Expressways always need to be deployed in pairs to work, whereas you can use VCS-C without a VCS-E.

UPDATED 6/11/2018
Starting with x8.8 the SIP registration to EXP-C has been enabled
x8.9 enabled H.323 registration
Currently the feature gap between VCS and expressway is not so large as it used to be.

Go to TelePresence FAQ Content Table

How to configure a secure SIP trunk to CUCM??

This is really a very basic procedure, specially if you have already signed all your CSRs with a public CA, or an internal CA, all steps are outlined here:
Secure SIP Trunk between CUCM and VCS Configuration Example

Go to TelePresence FAQ Content Table

Where can I find the MRA configuration guides??

They're all under the VCS documentation, under Configuration Guides

Go to TelePresence FAQ Content Table

How can I configure B2B??

I will part from the point in which you already have MRA configured and working, then we will add B2B on top of that configuration.
I will use the terms VCS and Expressways as the same thing over this explanation.
As this is not a basic feature from CUCM or VCS, I assume a good level of familiarity and experience is in place before doing this, if not, then I strongly suggest you to review the MRA configuration guides and VCS guides here: VCS

The first step, will be to create a SIP trunk from CUCM to your VCS-C, since you have MRA configured, ports 5060 and 5061 are already taken by that configuration, so make sure to use another set of ports for the SIP trunk from CUCM to VCS-C, we'll use 6060 and 6061.
In CUCM create a new SIP trunk security profile for non-secure with settings:

  • Device security mode = Non Secure
  • Incoming Transport Type = TCP+UDP
  • Outgoing Transport Type = TCP
  • Incoming port = 6060
  • Accept unsolicited notification = checked
  • Accept replaces header = checked

And create a secure profile with settings:

  • Device security mode = Encrypted
  • Incoming Transport Type = TLS
  • Outgoing Transport Type = TLS
  • X.509 Subject Name = FQDN of EXP-C
  • Incoming port = 6061

You can use either one, then you need to configure a SIP trunk to VCS-C using one of the above SIP profiles, this will only secure the communication between VCS-C and CUCM, nothing else, either can be used. It's up to personal preference, and / or business requirements.

On your VCS-C configure a neighbor zone to CUCM, make sure to change the port according to the transport type you choose, 6060 or 6061, if you fail to do so, and leave 5060 or 5061 this will fail. If you will be using TLS, if you set TLS verify mode to ON, the Peer address will need to be the FQDN, if you set it to Off, then you can use IP address. For non-secure zones, you can use either one, usually IP is the preferred option.

Now, a separate traversal zone will be required between EXP-C and EXP-E, additional to the one that was created for MRA, once again, you need to set another port for this, or you will break the MRA configuration. The default port is 7001, we will be using 7003

Create your new traversal zone between the VCS servers, and make sure to set the port as 7003.

One EXP-E a DNS zone will be required for the outbound routing, create a new DNS zone, choose whether you want H.323 and SIP, or only SIP. If SIP, which most likely will be the one you want, choose the TLS verify mode as you require, remember that if you want to set it to on, you will need to have Public CA signed certificates. Same for media encryption, that will depend on business needs, and the configuration from the other end, as they will ultimately dictate whether the call fails or is established.

Now, to the required routing for this to work

On CUCM, you will configure a SIP route pattern, that matches anything (*.*), and sends it towards the SIP trunk you created. Make sure you have properly configure the Cluster Fully Qualified Domain Name under the Service Parameters.
On VCS-C, configure whatever transform rules you want to be applied, and the search rule pointing to the traversal zone
On VCS-E, configure a catch all search rule that points to the DNS zone

Very important, this calls will consume Rich Media Session licenses (or traversal calls licenses), you will consume 1 license per call, on each server, so make sure you have the same amount of licenses on both.

The SRV records that will be used for B2B are: port 5081 port 5080 port 5080 port 1719 port 1720

Go to TelePresence FAQ Content Table

Is SSO over MRA supported??

Yes, but you require VCS 8.5.2, CUCM / IM&P / CUC 10.5(2) and Jabber 10.6 for this to work.
Page 29 Single Sign-On (SSO) over the Collaboration Edge

Go to TelePresence FAQ Content Table

Is it possible to use both Jabber MRA and Jabber guest in an existing VCS cluster?

A: No, the Jabber Guest and MRA are two separate entities. As long as you are using two separate VCS pairs for each, then you should be good. There is no design guide that includes both. Below are links for each.

Jabber Guest:


Go to TelePresence FAQ Content Table

What can I do if I need a VCS-E / EXP-E for my DMZ, but want a dedicated appliance??

Unfortunately since x8.5 there are no longer appliances you can physically place in the DMZ. From a configuration point of view, you can simply use different NICs from the same server to have servers in your internal network, and others with access to the DMZ, however, many customers have a dedicated physical space which is separated from the internal network for the DMZ and won't allow that, on those scenarios, a dedicated virtualization server (or an existing one) would be required to deploy them.

Go to TelePresence FAQ Content Table


Training resources

Collaboration Solutions Readiness Engineers (SRE) - Training Documents & Collaboration Solutions Readiness Engineers - Replays
Following material is only in the replays link:

  • The Ultimate Cisco Jabber Specialist Features Tech Talk – Collab-Edge with Cisco Expressway

Go to TelePresence FAQ Content Table

What is the recommended MRA deployment, single NIC or dual NIC??

The recommendation is to use dual NIC to avoid NAT reflection and using more resources per call, compared to a dual NIC deployment where the call flow is simplified as it only traverses from the external NIC to the internal NIC. Any deployment should look in first place to do a dual NIC deployment.

Go to TelePresence FAQ Content Table

Are there any tools to troubleshoot MRA calls??

Yes, it was recently made available an Expressway SIP Call Analyzer, it can be found here:

UPDATED 6/11/2018
Some more material for MRA troubleshooting:

Go to TelePresence FAQ Content Table

Can I configure mutual TLS authentication??

This is not currently possible, not sure when this might happen, but there is an enhancement request for that:

  • CSCuu05976 Expressway doesn't verify the Mobile Remote Access client certificate.

UPDATED 6/11/2018
The only way in which you can perform dual factor authentication is when using SSO via an iDP and then using the certificate installed on the device as part of the authentication.

Go to TelePresence FAQ Content Table

Can I limit user access via MRA to just certain users / groups??

This is something that has come up quite often lately, how to limit the users who can use MRA, or how to limit them to just a subset of the features they have internally. For example Full UC on-prem but just IM&P over MRA, or phone-only over MRA.

This is currently not possible, there is already an enhancement request asking for this:

  • CSCux35528 Block some users from having Access to MRA
  • CSCus94318 Support the ability to restrict Collaboration Edge login for given users

UPDATE 7/12/16
The few methods you can use, and this are just workarounds are:

  • Multiple domains

As the name implies, you'd need to configure, at least, two domains in your organization, they will both work internally, but you will only configure one for MRA. This is obviously a very big change, and would mean anyone who is in the domain not configured for MRA on EXP-C, would not be able to login. If you're already running multi-domain and want to prevent users from a certain domain to use MRA, but allow the other ones, this option would be perfect for you.

  • SSO

I know about this method, but I'm not an SSO expert, but if you're using SSO for MRA, you can use security groups to prevent the authentication. (if someone knows how this would work and is willing to explain, reach me). I'm assuming it might be able to do something like split horizon DNS and prevent login from outside the organization, not sure.

  • RemoteAccess parameter

I'll start by saying that this would be a NOT SUPPORTED METHOD and it seems only works halfway.
The RemoteAccess parameter was only meant to be used with Jabber 9.6, but not with any higher release, and since then has stopped being supported:

  • CSCuy21990 Remove RemoteAccess from Jabber Configuration Parameters guide

I have not tested this, but it seems it would only prevent you from registering to CUCM, but you would still get IM&P services, I have not tried this method, I'll try to test this. My assumption was that the Jabber code had removed the ability to parse that parameter, but it seems some releases still use it. I'll confirm that in the logs once I test it.

If you still want to try it:


And once again, the previous method is NOT OFFICIALLY SUPPORTED as the bug states that the parameter is no longer supported.

UPDATED 6/21/2018
CUCM 12.0 has enabled a parameter to allow the users to have either full UC, phone only, or no services over MRA. The necessary Jabber version to do this is yet to be released, but this is already in the works.

Mobile and Remote Access Policy for Jabber

UPDATE 7/30/18
x8.11 now enables the ability to enforce the CUCM configuration to prevent certain users to use MRA. It was a preview feature on all x8.10.x releases.

Access Policy Support over MRA

From X8.10, the Cisco VCS will enforce MRA access policy settings specified on the Unified CM. These are optionally configured on the user profiles in Unified CM, to define which services individual users can access (None, IM&P, Voice & Video, or All).

Refer to the bottom of page 10 for all the information: Cisco VCS Release Note x8.11

Go to TelePresence FAQ Content Table

Is Extension Mobility supported with MRA??

CSCvd68778 is resolved in this release, which means that Extension Mobility works via MRA for those Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series phones that support MRA.

Cisco Expressway X8.10.4 Release Notes

Go to TelePresence FAQ Content Table

Can the MRA credentials be persistent??

You can enable this parameter to do that:

User Credentials Persistent for Expressway Sign in

Controls if the phone stores the users' sign-in credentials. When disabled, the user is always sees the prompt to sign into the Expressway server for Mobile and Remote Access (MRA).

If you would like to make it easier for users to log in, you enable this field so that the Expressway login credentials are persistent. The user then only has to enter their login credentials the first time. Any time after that (when the phone is powered on off-premise), the login information is prepopulated on the Sign-in screen.

Configure User Credentials Persistent for Expressway Sign-In

Go to TelePresence FAQ Content Table

Which features are supported over MRA for IP Phones??

For 88XX series: Phone Features Available for Mobile and Remote Access Through Expressway
For 78XX series: Phone Features Available for Mobile and Remote Access Through Expressway

Also make sure to review the MRA configuration guides for a list of NOT supported features.

Do notice that the information on the links might change overtime, and there might be some discrepancies between the different documents that refer to feature compatibility with MRA. In such case, please reach out to your Cisco SE, or open a TAC case to confirm which document has the correct information. It might be a case of simply the documentation not being updated in a timely manner.

Go to TelePresence FAQ Content Table

Can I use LDAP over MRA??

Yes, CUCM 11.5 introduced this feature, the caveat is that you need to use a single configuration for the whole cluster, and cannot be segmentes as with UC Services and Service Profiles:

Directory Server User Search for Cisco Mobile and Remote Access Clients and Endpoints

Jabber will still communicate with UDS, but UDS will be used as a proxy to the LDAP search.

If this feature is not configured, MRA will default to UDS as directory source:

LDAP contact resolution — The client cannot use LDAP for contact resolution when outside of the corporate firewall. Instead, the client must use UDS for contact resolution.

When users are inside the corporate firewall, the client can use either UDS or LDAP for contact resolution. If you deploy LDAP within the corporate firewall, Cisco recommends that you synchronize your LDAP directory server with Cisco Unified Communications Manager to allow the client to connect with UDS when users are outside the corporate firewall.

Supported Services

Go to TelePresence FAQ Content Table

Will my calls persist if I move from on-prem to MRA or viceversa??

No, unfortunately they won't as you will change the path for the RTP and it's not possible to do that. This is explained in the Jabber documentation:

Session Persistency — The client cannot recover from audio and video calls drop when a network transition occurs. For example, if a users start a Cisco Jabber call inside their office and then they walk outside their building and lose Wi-Fi connectivity, the call drops as the client switches to use Expressway for Mobile and Remote Access.
Supported Services

Additional mobility features including GSM handoff and session persistency.
Unsupported Endpoint Features

Go to TelePresence FAQ Content Table

Can I transfer files when using MRA??

Yes, but you need managed file transfer to be configured in the IM&P server to do this. P2P file transfer is not supported.

  • Peer-to-peer file transfer when using IM and Presence Service and Jabber is not supported over MRA. These features are supported over MRA:

- Managed File Transfer (MFT) with IM and Presence Service 10.5.2 and later and Jabber 10.6 and later clients.
- File transfer with WebEx Messenger Service and Cisco Jabber.

Unsupported Endpoint Features

Go to TelePresence FAQ Content Table

Can I share my screen over MRA??

Yes, however this is only possible over a BFCP screen share, which means an active call is required. IM only screen share is not supported over MRA. Also notice that mobile Jabber clients are limited to receiving a screen share.

Supported Services

Go to TelePresence FAQ Content Table

Do I need to register devices on-prem before using them with MRA??

This one will depend on your scenario, for the most simple scenario in which you use the same domain internally and externally there is no need for this. IP Phones should also be able to use MRA (assuming a valid public CA was used to sign EXP-E certificate).

If you configured any specific settings in the jabber-config.xml, those will not take effect until the client downloads the file over MRA.

If you have a multi-domain scenario in which there is a need to use the voice services domain parameter, then it will not work from the outside as Jabber doesn't have the jabber-config.xml with that information.

Under such circumstances you can deploy the client with that information upon install with CLI switches, via custom install with an MDM, or using a configuration URL to provide the necessary parameters to the client:
Deploy Cisco Jabber Applications

Some more information can be found here: First Time Signing into Jabber Using Expressway for Mobile and Remote Access

Whenever possible, do have your users use Jabber on-prem before they move to MRA to make sure they have the jabber-config.xml with all the necessary configuration.

Go to TelePresence FAQ Content Table

Can I use multiple domains internally and externally??

Yes, you can, refer to the following documentation which outlines how to configure this deployment:
Configure Mobile and Remote Access through Expressway/VCS in a Multi-Domain Deployment

Go to TelePresence FAQ Content Table

What certificates do I need for MRA??

The exact certificate requirements will depend on what you're going to use in your deployment, the MRA configuration guide and Cisco VCS Certificate Creation and Use Deployment Guide elaborate on the exact requirements, they both can be found here:
Configuration Guides

The MRA x8.10 guide covers this in page 24, VCS Certificates.

My suggestion for the initial MRA configuration is to use an internal CA to sign the basic certificates for both servers (or all your servers for redundant deployments), establish the initial MRA configuration and trust between the servers, add your domains and UC servers, at this point in time you should know what features you will use, MRA, XMPP federation, mixed mode in CUCM, etc. The CSR tool from each server is a great tool which will automatically fill in the information based on what you enabled for each domain you configured. One of the few things you need to manually populate are the CUCM phone security profiles (if applicable). Once you have finalized the details of which fields need to be in your certificates, you can generate the CSR and have it signed.

Go to TelePresence FAQ Content Table

Do I need to use a public CA for all servers??

No, there is no need for that. The only certificate which you want from a public CA is the one from EXP-E, all the other certificates can be signed by a private CA or a public CA. Self-signed certificates also work, but I don't recommend using them as it adds a lot of overhead in the certificate exchange to create the trust between servers.

You could use a private CA to sign the certificate from EXP-E, but then the problem would be that in order to use MRA, you would need to manually distribute the root/intermediate certificates who signed it to all devices. That is the main reason why you want to use a public CA, to remove that dependency and use the public root CA which is already in the certificate trust store of the devices.

Go to TelePresence FAQ Content Table

Are there certificate requirements if I use IP Phones over MRA??

Yes, 78xx and 88xx IP Phones have a limited set of public CA root certificates installed, and you need one of them to sign the certificate from EXP-E in order to use them. The list can be found here:

Some Telepresence devices have the ability to install root CAs, which means they could use a private CA, but it would only be applicable to those devices. Thus, it's recommended to use a public CA for all hard endpoints which will be used over MRA.

Go to TelePresence FAQ Content Table

Can I use contact pictures over MRA??

Yes, but this will require the use of a web server to host them, and yo white list such server in order for MRA devices to access the pictures.

Directory photo resolution — To ensure that the client can download contact photos, you must add the server on which you host contact photos to the white list of your Cisco Expressway-C server. To add a server to Cisco Expressway-C white list, use the HTTP server allow setting. For more information, see the relevant Cisco Expressway documentation.

Supported Services

Go to TelePresence FAQ Content Table

Can I record calls over MRA using BiB??

Yes, it is a preview feature from x8.10.2 until x8.10.4, and has become fully supported with x8.11, review page 10 from the below document for all the specifics on requirements for support.

Cisco VCS Release Notes x8.11

Go to TelePresence FAQ Content Table

Can I use multi-line over MRA??

Yes, this is now possible with Jabber for Windows 12.1

Multiline Support for All Lines Over MRA—Multiline is supported on all lines (primary and secondary) when using Cisco Jabber for desktop in Mobile and Remote Access (MRA) mode.
Release Notes for Cisco Jabber for Windows 12.1

Multiline requirements can be found here: Multiline

There is no clear indication of a required expressway version for this, but I'd recommend you use x8.10.4 or x8.11

Go to TelePresence FAQ Content Table

CMS - Cisco Meeting Server

Training resources

Much of the material requires Partner, Distributor or Cisco employee level to be accessed, I'm sorry about that, nothing I can do as that is outside of my control.

Foundation training for CMS would be the following 3 courses:

Additional training:

Voice of the Engineer (VoE) Events

  • May 24, 2018 CMS Update

Collaboration Solutions Readiness Engineers (SRE) - Training Documents & Collaboration Solutions Readiness Engineers - Replays

  • Cisco Meeting Server (CMS) v2.3 w/ Microsoft Interoperability
  • Cisco Meeting Server (CMS) Basics

Go to TelePresence FAQ Content Table

Can I enable DB clustering with just two nodes??

No, that is not possible, the model for DB redundancy of CMS requires odd number of servers, the choices are 3 or 5 servers, any other combo is not supported

Note: Do not create a database cluster of 2 nodes, as it reduces resiliency rather than increase it. Using an odd number of nodes aids resiliency in the case of network partitions, and Cisco recommends running at least 3 database nodes. There is currently a limit of 5 database nodes in a cluster.
Deployment Planning and Preparation Guide

Go to TelePresence FAQ Content Table

How can I reset/recover the admin password for CMS??

There is currently no way to do so, there's an enhancement request for it:
Cisco Meeting Server virtual machine needs a password reset procedure

Go to TelePresence FAQ Content Table

Can I configure LDAP redundancy with CMS??

There is no true LDAP redundancy with CMS, some details on how to do something similar are in this bug:
Partial LDAP redundancy via DNS, requires ICMP

Go to TelePresence FAQ Content Table

Can I script LDAP to do a sync every x hours/days??

CMS doesn't provision any method to schedule an LDAP sync, this would need to be performed manually, or create a script to send the commands and do it.

Go to TelePresence FAQ Content Table

I'm using CMS 2.3 and the link to download the CMA client is not available / doesn't work??

That is related to this bug:
Web client doesn't show "download CMA link"
There is currently no fixed version listed as I'm writing this (6/11/18)

Go to TelePresence FAQ Content Table

What should be the CMS VM specs on a CMS 1000??

It seems that there have been some instances in which the VM on the CMS 1000 server has not been properly configured, and you get a basic install as if you deployed the OVA from with much less resources (8 vCPU / 16 GB vRAM). In order to fix this, you need to manually modify the specs of the VM.

  1. Upgrade your VM HW, if it shows VM version 8 you won't be able to adjust as required. It should show version 11 after the VM HW upgrade.
  2. After the VM HW upgrade, adjust the specs as follows:
    • 2 sockets * 35 cores
    • 58 GB vRAM
  3. Save your settings.

Once you re-configure your VM specs as explained, you will get the performance outlined in the data sheet for a CMS 1000

Go to TelePresence FAQ Content Table

Can I share a CMS 1000 / 2000 and install more than one CMS instance??

No, you cannot, both the CMS 1000 and 2000 are dedicated HW appliances which are meant to run a single instance of CMS to provide the guaranteed performance that is outlined in the data sheets.

Go to TelePresence FAQ Content Table

How can I tell if I have single or multi branding license??

You can verify this directly in the cms.lic file, open the file and you will see something similar to this:

"expiry": "2019-June-15",
"level": "10"

Level 10 means you have single branding license, level 20 means multi branding license.

Go to TelePresence FAQ Content Table

Can I request or take control of the screen share??

Unfortunately this is not currently possible, engage your SE/AM to submit a PER so this can be considered for a future release.

Go to TelePresence FAQ Content Table

What browsers are supported for WebRTC??

In the latest release of CMS, which is 2.3.x as I write this, the only browser that is supported is Chrome, as explained in the Release Notes:

2.3 New WebRTC App and Web Bridge
Version 2.3 of the Meeting Server introduces the new WebRTC app which receives and transmits higher quality video using H.264, and has an improved user interface, similar to the new Cisco Meeting App version 1.10 for Windows, Mac and iOS. Chrome is the only browser currently supported for this version of the WebRTC app.

Other browsers will show a link to launch CMA.

Go to TelePresence FAQ Content Table

How do I license CMS??

This is a bit tricky, specially if you get different PAKs or buy licenses at a later date.
ALL the licenses for your CMS server need to be in a single file, which HAS to be named cms.lic (any other filename won't be recognized).

The license is tied to the MAC address of the server, you can find the MAC address with the command:

ipv4 a

And that is the MAC that you will use for any licenses that you want to add to that particular server, the licensing portal will aggregate any new licenses to the existing license file, and you will then use that new license file.

Appendix A of the Deployment Planning and Preparation Guide explains the licensing and how SMP and PMP licenses are used.

Remember that the recording licenses are not tied to the actual recording server, but they have to be attached to the server running CallBridge.

Go to TelePresence FAQ Content Table

How can I use CMS and CUCM??

Depending on your CUCM version you can use it for ad-hoc conferences just as your SW CFB, or you might be limited to just using it for direct calls. You can refer to the official documentation here: Configuration Guides and refer to the appropriate Cisco Meeting Server x.x with Cisco Unified Communications Manager Deployment Guide for your version. As older documentation is often removed, that's why I don't provide a direct link to the document.

I also made a video in which I show the integration:

The most important things to consider if you plan to perform the ad-hoc integration are the following:

  • Make sure to point to the WebAdmin port as CUCM will send API calls.
  • If you're not using the built-in admin user, create a CMS user with API privileges.
  • I strongly suggest using the TLS integration.
  • Use CA signed certificates, do not use the self-signed certificates from CMS.
  • The WebAdmin and CallBridge certificate(s) need to be uploaded to the CallManager-trust store (as per the official guide), if you have the root CA that signed those CMS certificates already in the CallManager-trust store, this would not be required. If you have the root / intermediate CA that signed the CMS certificates in the CallManager-trust store, that will work.
  • The other way around is also necessary, you would need to upload the CA who signed the CallManager certificate to your CMS. Uploading the CallManager certificate to CMS would also work, but is not an absolute requirement. I need to confirm if it would only be the CCM certificate, or also the Tomcat certificate.
  • Ideally, you will sign the CUCM and CMS certificates with the same CA, and that will remove the need to any certificate exchange as the root CA who signed both servers will already be in the x-trust and the CMS server.

Go to TelePresence FAQ Content Table

Can I modify the LDAP fields while doing the import??

Yes, sometimes you might want to add/remove/replace something from the LDAP fields and this is possible. CMS uses the GNE ERE regex standard, you can find some examples in appendix D:
Appendix D More information on LDAP field mappings

Go to TelePresence FAQ Content Table

I have users with duplicate fields while doing the LDAP sync and it's failing, what can I do??

Unfortunately there is no way to filter or exclude users when there are duplicate fields. In this scenario the whole sync will fail until this is addressed with the LDAP filter to completely exclude one, or to change the value that is causing the problem.

Go to TelePresence FAQ Content Table

Can I modify the timeout for MMP and GUI??

No, unfortunately there is no way to do that. I suggest you reach out to your SE / AM to submit a PER so this can be considered in a future release.
A workaround for MMP is to use "syslog follow" to keep the session open.

Go to TelePresence FAQ Content Table

Can I modify the password expiry time for my MMP users??

Yes, you can set it with the command:

user rule password_age <number>

Enforces a maximum age for passwords in days

Page 31 from Cisco Meeting Server Release 2.3 MMP Command Line Reference

You can use a really high value like 999999 to make sure it doesn't expire.

The "timeout" for users will not reset once you configure this, it will keep on going to the value it was configured for. You can use the command:

user expire <username>

To force users to set a new password and use the new value for the age parameter. Depending on your password settings you might be able to use the same password, or you might be forced to use a new one.

Go to TelePresence FAQ Content Table

Can I use CMS as a recording appliance??

As MediaSense is now EOS/EOL, there seems to be some misunderstanding regarding CMS and the ability to record calls.
Yes, CMS can record calls, but it can only record calls that are happening within a CMS space, not using BiB or NBR.
Using CMS to record calls would be the equivalent of using CUC to record calls, you'd need to conference CMS in your call to a space which has been configured to record.
The recording feature from CMS is not a suitable replacement for a dedicated recording appliance as MediaSense, you would need to look at 3rd party options for this.

Go to TelePresence FAQ Content Table

P2P calls different from CUCM P2P calls??

I think this is worth explaining as this works differently from CUCM, which is what most people are used to.
In CUCM the call signaling always goes to the CUCM server, and media usually flows directly between the endpoints, which means there needs to be connectivity between them to allow the audio/video streams to reach each device.
In CMS all calls are handled by the Call Bridge, a P2P call is really: Endpoint 1 -- CMS Call Bridge -- Endpoint 2
Above scenario would be for two users using either WebRTC or CMA in order to place a call between each other.

Go to TelePresence FAQ Content Table

CMM - Cisco Meeting Management

Is there an emergency login in case the LDAP configuration doesn't work??

Unfortunately there is no such option, that is the same reason why the first time wizard tells you to make sure to properly configure the user access as otherwise you would need to start from scratch.

Go to TelePresence FAQ Content Table

Can I generate a CSR in order to have it signed??

No, unfortunately CMM doesn't provide the option to generate a CSR, as the product will be used with CMS, you can use CMS to generate the CSR and have it signed, to then upload it to CMM

Go to TelePresence FAQ Content Table

How do I install and configure CMM??

You can find all the related documentation here: Cisco Meeting Management

I also made a video in which I show how to install and how to configure:

Go to TelePresence FAQ Content Table

Why does the meeting duration show a negative value or don't start at 0 seconds??

This is due to the fact that the timer you see in CMM is calculated client side, if there is a delta between the machine in which you access CMM and the CMM server, you can see this behavior while the meeting is active. Once the meeting ends, the duration time will be calculated based on the CDR records and will reflect the correct value.

Go to TelePresence FAQ Content Table

Can I integrate with TMS??

Yes, starting with CMM and TMS 15.7 you can integrate them, and you will see scheduled meetings (which use CMS) in the Meetings tab of CMM.
The CMM documentation contains the instructions for enabling this, and is quite easy to configure.

Go to TelePresence FAQ Content Table

Can CMM help me manage my recordings??

No, currently there is no such feature. CMM can only control the recording status of a meeting, but doesn't connect / monitor the repository for the recordings.
If you're interested in such feature, please engage your AM to submit a PER.

Go to TelePresence FAQ Content Table

Back to Unified Communications FAQ

Any comments, questions, suggestions, contributions, etc. please send them to Please make sure the subject is formatted "UC FAQ <anything else>" as I'll have rules in my mail to match them, otherwise, they'll end up in my spam folder.

Rating: 2.3/5 (3 votes cast)

Personal tools