TAC Time

Collaboration
Aug 2016

Multi-Service Voice

Introducing Release 16 Denali

New Release Numbering for IOS-XE-based Platforms
Replaces IOS-XE 15/3S Releases on
ASR 1000-Series, CSR 1000v and ISR
4000-Series platforms
Same software infrastructure, feature,
functionality, behavior and user experience

Major Release Number

Feature Release Number

16 . 3 . 1 Denali
Build Number

Feature Release Name

Release 16.3.1 introduces support for UC features and has feature parity with IOS XE 3.17S
Minimum hardware requirements on
the ASR platform

ASR1001-X, ASR1002-X

ASR1004/1006 RP2, ESP20, SIP40

Requires ROMMON upgrade to 16.2(1r) release

on ISR 4000-Series platforms
Use the show platform or show rom-monitor r0
commands to determine current ROMMON
(Firmware) Version

Cisco Unified Border Element (CUBE)

Latest Release - CUBE 11.5.2
IOS-XE Denali 16.3.1 ASR1000-Series and ISR 4000-Series platforms
Adds support for

Multi-VRF and Enhancements (Up-to 54 instances, VRF-based Inbound dial-peer matching)

CVP Survivability TCL script with High-Availability

Session-ID: End-to-End Session Identification (Internet-Draft)

Audio Quality Metrics (AQM)

Consumption of Forked 18x Responses with SDP

SIP Trunk Multi-Tenancy

Remember, CUBE/SRST
co-location deployment
is not fully supported!

IOS 15.6(3)M ISR G2 2900-Series and 3900-Series platforms

Adds support for

Multi-VRF Enhancements (Up-to 54 instances, VRF-based Inbound dial-peer matching)

Consumption of Forked 18x Responses with SDP

SIP ITSP T.38 Fax Switchover Challenge

SIP

SIP

ITSP
INVITE (g711ulaw)

200 OK (g711ulaw)

INVITE (g711ulaw)
200 OK (g711ulaw)

RTP (g711ulaw)
INVITE (T.38)
200 OK (T.38)

Expected Behavior
Terminating endpoint initiates
RE-INVITE switchover to T.38
Observed Behavior
Some ITSPs will not initiate the
switchover to T.38

INVITE (T.38)

Workaround
200 OK (T.38)

1.
2.

Switch to fax pass-through

If using a fax-server,
configure it to initiate the
RE-INVITE switchover

Troubleshooting Tip

Session-ID
End-to-end session identifier

Use the show call active voice

brief output to view the UUIDs
for each active call

CUBE

CUCM

Uses the Session-ID SIP header field

Comprised of two UUIDs. One each for

the terminating and originating endpoints

INVITE
Session-ID: AAAA;remote=0000

Product

Software Version

CUCM

11.0.1

Jabber

11.5

78xx/88xx IP Phones

11.0

IOS/IOS-XE

15.6(2)T/16.3.1

Wireshark

1.99.8-327

200 OK
Session-ID: BBBB;remote=AAAA
ACK
Session-ID: AAAA;remote=BBBB

Cisco Unity Express Virtual (CUE-V)

Latest Release - CUE-V 9.0.0
Transition from bare-metal to Virtual Machine (VM) installation
Supported on:
ISR 4000-Series Virtual Service Containers KVM

Supports up to 200 mailboxes and 200 voicemail recording hours

Requires IOS XE 3.17S or later, 8GB of memory, NIM-SSD (ISR 4400) or SSD-MSATA (ISR 4300)
with minimum of 50GB of free space, 8GB compact flash

VMware ESXi 5.1 and later on UCS B/C-Series and UCS E-Series Service Modules (SM)

Supports up to 500 mailboxes and 600 voicemail recording hours

Requires 1.1 GHz CPU, 1GB of memory and 100GB of storage for 1-100 mailboxes, 60 hours of
recording

Requires 1.9 GHz dual-core CPU, 4GB of memory and 100GB of storage for 101-500 mailboxes and
600 hours of recording

ISR 4000-Series DSP Sharing and TDM

Clocking
Architecturally different from the ISR G2 (2900/3900) Series
PVDM4 (DSP) MB slot 0/4 can only be
used for IP Voice (DSPFarm) Services

IP Voice Services can use DSP resources

from PVDMs on NIM slots

Voice ports on each NIM require their own

DSP resources to be locally available
Each NIM has its own clocking domain

Recommended Clocking Configuration

1.

Add the network-clock synchronization

automatic command (non-default)

2.

Remove the network-clock

synchronization participate <slot/subslot>
command for each T1/E1 NIM (default)

3.

Do not use clock source internal to provide

clocking to line. Instead, use the clock
source network command.

For voice T1/E1 NIMs, make sure to

purchase PVDM4 DSP add-on card
Analog FXS/FXO NIMs have built-in DSP
resources. They do not use PVDM4s

Ref. CDET#
CSCvb01800

CUCM
Raees Shaikh

Field Issues
Touchless VM Install: Introduced in CUCM v10.5
https://tools.cisco.com/squish/454Fc
CSCux90747
denials

VMware Tools 10.0 update fails on CUCM 10.5/11.0 with selinux

Fix: Standalone COP file ciscocm.VMwareTools2016a.cop.sgn posted to CCO

Software Downloads in the Unified Communications Manager / CallManager / Cisco
Unity Connection Utilities sections for CUCM 10.5 & 11.0
https://tools.cisco.com/squish/aa336

Latest Release CUCM v11.5

Key Features:

Enterprise Directory User Search

Expands user search beyond 150000 users

Enables clients or endpoints registered over MRA to search the enterprise directory

TFTP Scale Architectural Improvements

CUCM Mega-Cluster scale enhancement - *Requires BU Approval
Location Aware Services
Cisco Spark Hybrid Services

Upgrade Simplicity:

New Upgrade Document - http://www.cisco.com/c/en/us/support/unifiedcommunications/unified-communications-manager-callmanager/products-installationguides-list.html

Enhanced PCD for Upgrade & Migrate operation

Prime Collaboration PSIRTs

Critical: Cisco Prime Collaboration Assurance Default Account Credential Vulnerability
(CSCus62707)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-pca

A service account exists with a trivial default password and shell access. Workaround is to
change the account password, details in advisory. Applies to all 9.x and 10.x versions, fixed
in 11.x.

Critical: Cisco Prime Collaboration Provisioning Lightweight Directory Access Protocol

Authentication Bypass Vulnerability (CSCuv37513)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160629cpcpauthbypass

Using LDAP authentication, LDAP users can authenticate using incorrect password. Patch is
available. Applies to 10.6 SP2 only, patch is available on CCO.

VCS / Expressway

Latest Software Updates

X8.8 27 June 2016

Release Notes (VCS)
Release Notes (Expressway)
Registrations On Expressway (SIP)
New Call Licensing Model on Expressway
Skype for Business 2015 and 2016 Windows Desktop Client Support
Broker for Microsoft SIP Traffic
Multistream Support
Service Setup Wizard
Large VM CPU Reservation Reduced (25600 MHz to 16000 MHz)

X8.8.1 26 July 2016

Maintenance Release
FIPS Compliance

Release Notes (VCS)

Release Notes (Expressway)

VCS/Expressway Hot Issues

Reverse DNS records for CUCM and Expressway-E

CSCuz84372 Update or Re-Invite messages received in the Default

zone

New requirement in X8.8 for MRA

Incoming messages can only be classified against the default zone or the
collab-edge zone when MRA is enabled

CSCva18731 Calls to/from S4B Android >= v6.4.0.5 fail due to ICE.
MS now use one RTP port and one RTCP port to mux audio and video
streams
MS no longer advertises UDP Relay Candidates for edge traversal to our
LyncGW B2BUA trunk
Potential workaround answer calls as audio only then escalate to video

Slides by TAC engineers Luis Campos and Luis Garcia

VCS/Expressway Hot Issues

CSCuy59366 Expressway X8.7.2 introduced a change in ciphers supported. This

may break some TLS connectivity with older products.

CSCva17367 Certificates with more than a single intermediate CA may cause

clustering to fail if TLS verification is set to anything other than Permissive

CSCuz45032 If certain DNS records are missing (ie: _cisco-phone-tftp._tcp) and

the DNS server does not quickly return that these records do not exist the VCS
may take too long to respond to get_edge requests. This may prevent MRA login.

CSCuv65202 Jabber softphone registration may continuously cycle due to

Expressway being unable to decode invalid SIP from CUCM

Slides by TAC engineers Luis Campos and Luis Garcia

VCS Service Checker

Runs DNS queries against the VCS SRV records necessary for SIP, H323,
XMPP and Collab-Edge.

Checks if signaling ports 1720, 5060, 5061, 8443, 5222 and 5269 are
reachable.

Externally accessible from https://cway.cisco.com/tools/SrvRecord

Slides by TAC engineers Luis Campos and Luis Garcia

Cisco Meeting Server

(Formerly Acano)

What is CMS?

Cisco recently purchased Acano and has rebranded their software as the
Cisco Meeting Server

CMS is a new TelePresence bridge with an extremely high call capacity

CMS Log Collector

Unofficial tool that can generate a log bundle for CMS and Acano servers

Available at http://cmslogcollector.com/

Preferred log format for Cisco TAC analysis

IP Phones

Expansion Module Boot Loop

7900 series phones with a key expansion module (KEM)

attached

Extension Mobility (EM) in use

After upgrading CUCM from 10.5(2) to 11.x the EM Device

Profile configuration page in CUCM is missing the
expansion module information CSCva88127

8831 NR (No Radio)

For environments where DECT (Digital Enhanced Cordless

Telecommunications) radios cannot be used due to regulations or
preference

There is a firmware version available from TAC that will permanently

disable the DECT radio on existing 8831 phones.

No new device type in CUCM (like the 8851 vs 8851NR)

8821 Wireless Profile Provisioning

Using a USB to Ethernet dongle
connected to the dock for network
access
Does not support Voice VLAN
Does not support 802.1x
Remember to add option 150 to
the data VLAN

Unified Communications Endpoints

TelePresence & Desktop Video

August, 2016

Device Firmware to UCM Device Pack Tracking

Cisco Unified IP Phone Feature and Cisco Unified Communications
Manager Device Pack Compatibility Matrix

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/compa
t/devpack_comp_mtx.html

New Endpoint Support

Link Device Pack to endpoint software release

Latest TelePresence Endpoint Software Updates

CE 8.2.0 27 June 2016

Release Notes (link).

Collaboration Endpoint Software support for Cisco DX70 and DX80

Cisco Spark on-boarding for the Collaboration Endpoint portfolio

Touch 10 UI changes

CE8.1.0 08 April 2016 Release Notes (link).

Cisco Spark activation for Cisco TelePresence SX10 (CTS-SX10N-K9)

New visual design

In-Room Control

PresenterTrack

Proximity updates

TC 7.3.6 19 April 2016

Release Notes (link)

Fixes critical security bug CSCuz26935 (CVE-2016-1387)

TC7.3.6 Discontinued support for TLS 1.0

TC7.2.0, TC7.2.1, TC 7.3.2, TC7.3.3, TC 7.3.4 and TC7.3.5 deferral (Deferred 4th of May 2016)

Please read the deferral notice for more information:

http://www.cisco.com/c/dam/en/us/td/docs/telepresence/endpoint/software/tc7/release_notes/cisco-tc720-tc721-tc732-tc733-tc734-tc735-deferral-notice.pdf

Latest TelePresence IX Endpoint Software Updates

IX 8.1.2.1(3) 03 August 2016 Release Notes (link)
There are no new features in this release. This release provides bug fixes only
Fix for Hot bug: CSCuy94674 (Main displays see black display after rebooting).
IX8.1.2(12) 05 July 2016
Restored support for H.265 video Codec.
Compatibility with Updated TelePresence Immersive Endpoints Releases for OpenSSL
Fixes
IX 8.0.6(7) 24 August 2016

This release extends support for DTMF tones and also fixes an intermittent segment
switching issue.

IX8.0.5(1) - 14 August 2016

This release improves backward compatibility with the Gradual Decoder Refresh (GDR)
feature and fixes an issue related to the whiteboard microphone audio.

Latest TelePresence DX Software

CE8.2.1 8 July 2016 Release Notes (link)
This is a minor release and only contains bug fixes

CE8.2 27 June 2016

CiscoDX70/80 with software 10.2.5(207) and above can be converted to

Collaboration Endpoint software CE.

Release 10.2(5.212)SR4 Android Based

This is a minor release and only contains bug fixes.

Endpoints Hot issues

DX Desktop IP Phones
CSCva20069
idle state.

DX70/DX80 unit suddenly reboots in call or in

This bug still under investigation. It is affecting DX70/80 running CE8.2.x

TAC Hot Issues RSS Feeds: https://supportforums.cisco.com/docs/DOC-5727

Endpoints Hot issues

Telepresence Codecs & Non-Immersive Endpoints

CSCux85199

Microphone LED and function not working as designed

Affects SX20

Resolved in TC7.3.5 or CE8.0.1

CSCuz26935 (CVE-2016-1387) Cisco TelePresence XML API Authentication

Bypass Vulnerability

Wont show up until the SpeakerTrack system is hard booted on the affected software.

Resolved in TC7.3.6, CE8.1.1 and CE8.2

CE8.1.0 and TC7.3.6 - Discontinued support for TLS 1.0 for HTTPS

Rendered TMS management impossible unless TMS is configured for medium-high security mode.

Tracked by CSCuz85912, resolved in TMS 15.3 so TMS will support TLS 1.2 at medium security mode.

CE8.0.0 - Updated CA certificates for Collaboration Edge

The list of CA certificates recognized by the endpoint when connecting to the CUCM via Expressway (Collaboration
Edge) infrastructure has been updated.

Endpoints Hot issues

Telepresence IX Immersive Endpoints

CSCuy94674 Main displays see black display after rebooting

First Time Setup must be completed

Each step in FTS must be completed and saved. Exit Setup button will cause all previous tests to be lost.

This includes tests that arent applicable to the install.

IX Displays are LCD, similar to MX700, MX800

TX used Plasma displays.

The picture on an LCD will look different as compared to a Plasma, especially at severe angles.

This is normal due to the nature of the display technologies. Setting the proper expectation with customers
is critical.

New IX Aux Display Model

In the near future new IX systems with Cisco AUX displays will begin shipping with a new model.

The new displays no longer have a DVI input, and it is fully supported to use the HDMI input ONLY on these
displays (any AUX displays with DVI should use DVI).

The new displays will ship with an HDMI-DVI adapter to allow the use of the same HDMI-DVI cable included
with the IX.

Collaboration Endpoint Software support for

Cisco DX70/DX80
Cisco DX70 and Cisco DX80 with software version 10.2.5.207 and above can be converted to
Collaboration Endpoint Software.
This process removes the Android-based operative system and all apps, and the system becomes
a pure TelePresence device aligned with the Collaboration Endpoint portfolio.
There are two ways to perform the upgrade:
Using Cisco UCM
Using Cloud Upgrader tool

upgrade.cisco.com (Web page with all the instructions on how to do the upgrade)

All information about the upgrade, different methods or how to go back to Android based software
can be found on the following link:

https://www.cisco.com/c/dam/en/us/td/docs/telepresence/endpoint/ce82/dx80-dx70convert-between-CE-android-based-software.pdf

Cisco Spark
August, 2016

What's new in Cisco Spark?

Message Flags

New feature that allows you to Flag a message for

follow up.

The Cisco Spark for Windows 10 Mobile (UWP)

Beta Program is Ending August 31st

The app will be removed from the Windows App Store.

Technical support will be discontinued.
We recommend that you use Cisco Spark for Windows
on your Windows Surface tablet

Spark Room Systems Update

Now supported in Australia
Expanded Endpoint Support:

Cisco TelePresence SX10

Cisco TelePresence SX20
Cisco TelePresence SX80
Cisco TelePresence MX200 G2
Cisco TelePresence MX300 G2
Cisco TelePresence MX700
Cisco TelePresence MX800
Cisco DX70
Cisco DX80

Spark Common Issues

Confusion of Activation codes

Spark Call 78xx / 88xx IP Phones

Use Cloud Upgrader to get

phones to Spark-ready OS

Customers cannot unregister a directory

sync connector.
Forms Authentication is required for SSO
with Spark.

Spark Room Systems

Ensure if DHCP is giving Option 42,

given NTP server is reachable

(Alt TFTP to IP of upgrade.cisco.com)

Dir Sync & SSO

vs.

Spark Call Phone is registering

after providing activation code

Spark convert users

Must have admin with the same

domain.

Spark Hybrid Services

Directory Connector
Directory Connector
installed on a trusted
Windows Domain
Server 2003, 2008
R2, or 2012 as admin

Calendar Connector

Messenger Cloud

Call Connector

Future Connector

Expressway X8.7.1
Directory

Exchange

Cisco UC

Future

Cisco UC =

Exchange 2010 SP3 or 2013

Unified CM 10.5(2) SU3

O365 support currently in test

HCS 10.6.x

Great reference Deploying Cisco Spark Hybrid Services:

http://www.cisco.com/c/dam/en/us/td/docs/solutions/PA/maroon/hybridswp.pdf

EDGE

WebEx Cloud

Cisco
Collaboration Cloud