Mike's PBX Cookbook

Check Registered Elements

In Release 7.5, all elements must register with the Secure Domain in order to function. An element (MGC) might "fall out" of the domain, resulting in service loss.

Follow this procedure to check the status of devices/elements (media gateways), and to re-register if necessary.

LD 117 commands:  reg ucm sys | reg ucm dev <ip-address> | stat ucm info | stat ucm sys refresh

Login to the CS1K (call server) via a TTY (SSH) PuTTy session.

1 Can you log in to the call server with the secure username/password?

2 Are all the media gateways registered?

The Call Server (CS1K) MUST be in the secure domain before checking the elements. Check in LD 117:

=> stat ucm info
The Security Domain IP address is : 10.11.1.15
The Security Domain Fingerprint is: 05:1E:DC:49:FC:F1:03:CF:2B:73:F6:42:C1:81:47:38

Check the elements

If the secure username/password DOES work, check that the elements are also in the secure domain:

=> stat u s refresh
Requesting UCM registration status from devices.
Waiting for status updates from each of the elements...

8 devices successfully reported status
MGX          10.11.1.60      REGISTERED
MGX          10.11.1.57      REGISTERED
MGX          10.11.1.55      REGISTERED
MGX          10.11.1.56      REGISTERED
MGX          10.11.1.59      REGISTERED
MGX          10.11.1.58      REGISTERED
MGC          10.11.1.51      REGISTERED
MGC          10.11.1.52      REGISTERED

Above, all the elements are registered. This is "situation normal"! The system appears OK.

- END OF PROCEDURE -

Join the Secure Domain - CS

If the secure username/password DOES NOT work, the call server is NOT in the UCM Secure Domain, and must be added.

  1. log into the call server with the unsecure password (admin2/0000).
  2. goto LD 117 and type reg u s (register ucm system).

If successful, all elements should be registered sequentially. Check the TTY output for details:

=> reg u s
IP address of the Primary Security Server [10.11.1.15].
User Name (UCM): admin
Password (admin):

These elements are registered with the Call Server
          MGX    10.11.1.60
          MGX    10.11.1.57
          MGX    10.11.1.55
          MGX    10.11.1.56
          MGX    10.11.1.59
          MGX    10.11.1.58
          MGC    10.11.1.51
          MGC    10.11.1.52
Register these 8 elements to the security domain using your credentials if not
already registered? (Y/N)y
Sending messages to 8 elements authorizing them request security domain membership.
Waiting for status updates from each of the elements...............................
...................................................................................
...................................................................................
......No new elements were registered to the security domain.

The call server, and its 8 elements (media gateways) have now all been added to the secure domain...

Log out, and back in, this time using the familiar secure username/password.

Check the elements again.

If the secure username/password DOES work, check the elements again, using stat u s refresh to force an update:

=> stat u s refresh
Requesting UCM registration status from devices.
Waiting for status updates from each of the elements...

8 devices successfully reported status
MGX          10.11.1.60      REGISTERED
MGX          10.11.1.57      REGISTERED
MGX          10.11.1.55      REGISTERED
MGX          10.11.1.56      REGISTERED
MGX          10.11.1.59      REGISTERED
MGX          10.11.1.58      REGISTERED
MGC          10.11.1.51      REGISTERED
MGC          10.11.1.52      UNREGISTERED

Join the Secure Domain

If you can only log into an element with admin2 or pdt2, it needs to be added to the secure domain.

  1. Serial (9600,8,N,1) TTY or TELNET into the Element. Ctrl-O-A-M / Ctrl-L-D-B / Ctrl-P-D-T for login prompt.
  2. Login with the UCM Secure Domain username/password, or a local login with level 2 privilege (eg, admin2/0000).
  3. At the OAM prompt, issue the JoinSecDomain command, and follow the prompts:
oam> JoinSecDomain
IP address of the Primary Security Server: 10.11.1.15
The authenticity of host 10.11.1.15 can't be established.
Remote host fingerprint is: 05:1E:DC:49:FC:F1:03:CF:2B:73:F6:42:C1:81:47:38
Are you sure you want to continue connecting? (Y/N)y

User Name (UCM): admin
Password (admin):

10.11.1.15 (RSA) permanently added to the Authorized key file
oam> 06/06/2012 10:58:53 SEC0037 Security domain membership has been granted.  (Centralized authentication is now enabled.)
06/06/2012 10:58:53 SEC0097 This element has successfully requested membership in the security domain

Log back into the CS1k (call server) and check the status again in LD 117:

=> stat u s refresh
Requesting UCM registration status from devices.
Waiting for status updates from each of the elements...

8 devices successfully reported status
MGX          10.11.1.60      REGISTERED
MGX          10.11.1.57      REGISTERED
MGX          10.11.1.55      REGISTERED
MGX          10.11.1.56      REGISTERED
MGX          10.11.1.59      REGISTERED
MGX          10.11.1.58      REGISTERED
MGC          10.11.1.51      REGISTERED
MGC          10.11.1.52      REGISTERED

Above, all the elements are registered. This is "situation normal"! The system appears OK.

- END OF PROCEDURE -

Also refer to Security Domain Status and UCM Registration Commands.