Friday, December 27, 2019

Cisco Collaboration Lab for Forensics

Note: originally submitted for requirement in DFS-575 at Champlain College Online for MS in Digital Forensics. This work as been reformatted and changed from the original submission.



    Executive Summary

    Cisco, Inc. engineers a complete unified communications system which works over an IP system containing its routers, switches, and server products. Cisco Unified Call Manager (CUCM) is a PBX (Public Branch eXchange) providing voice services. Cisco Unified Call Manager Instance Messenger and Presence (IM&P, or CUP) and Cisco WebEx servers can be added to a Cisco Unified Communications cluster provides video, instance messaging, and presence capabilities. This lab setups a configuration for testing Cisco’s instance messenger and presence capabilities specifically with Cisco Jabber for Windows client. It explains in detail the configuration of how the lab should be configured which includes how to download the proper software for each location. The lab takes about two to four hours to configure depending on system capabilities and familiarity with Cisco’s unified configuration console.

    Architecture Overview

    The Lab consists of the following virtual devices:
    • 1 x pfSense Firewall (v. 2.4.4-p3)
    • 1 x Windows Server 2019 Standard Desktop
    • 1 x Cisco Unified Call Manager (v12.5) - CUCM
    • 1 x Cisco Unified Call Manager Instance Messenger & Presence (v12.5) - IM&P, or CUP
    • 2 x Windows 10 Professional Clients

    The lab is virtualized with VMWare Workstation 15 Pro using Arch Linux OS (https://www.archlinux.org). The host is a Dell Precision 4800 running a Intel i7-4900MQ and 32G of RAM.

    Cisco Jabber Desktop Client Architecture

    Per Cisco Collaboration System 12.x Solution Reference Network Designs (SRND)(2018), Cisco Jabber uses “a common set of services to provide various Cisco collaboration features, including instant messages and presence, audio, video, web collaboration, visual voicemail, and [more].” As shown in figure below, Cisco Jabber may connect to the following devices:
    • Unity Connection (Voice Mail)
    • Unified Call Manager ( Call Control/Configuration)
    • LDAP Directory (Contact Searching)
    • WebEx Messenger/Meetings (Web Conferencing)
    • Instant Messenger & Presence
    • Other Endpoints.

    Software Requirements and Prerequisites

    The following sections contains all the software information which includes download links and extra information to download each piece of software used for the Unified Communications Systems (UCS) lab. This does not include any forensics or other software.

    pfSense

    1. pfSense’s main page: https://www.pfsense.org
    2. Choose Download.
    3. Under Select Image to Download:
      1. Version 2.4.4.-p3 (version used for lab)
      2. Architecture: AMD64 (64-bit)
      3. Installer: CD Image (ISO) Installer
      4. Mirror: Choose closest mirror
    4. This will download the ISO file (as of this lab):
      1. Name: pfSense-CE-2.4.4-RELEASE-p3-amd64.iso.gz
      2. SHA256: a4bac4b9cde96b1775141666f92b40992437303520a1bad2f2b8e7f50f775834

    Windows Server 2019

    1. Microsoft Evaluation Center - https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2019
    2. Under Start your evaluation, select ISO and click Continue.
    3. Fill out the form and hit Continue.
    4. Select English from the drop down and click Download.
    5. This will download the ISO file (as of this lab):
      1. Name: 17763.737.190906-2324.rs5_release_svc_refresh_SERVER_EVAL_x64FRE_en-us_1.iso

    Windows 10

    1. Microsoft’s Download Windows 10: https://www.microsoft.com/en-us/software-download/windows10
    2. Choose Download tool now.
    3. This download the Media Creation Tool
    4. Accept the Applicable notices and license terms
    5. Select Create installation media for another PC
    6. Click Next
    7. On the Select language, architecture, and edition screen and use the following options:
      1. Language: English (United States)
      2. Edition: Windows 10
      3. Architecture: 64-bit (x64)
    8. Click Next
    9. On the Choose which media to use:
      1. Select ISO file
      2. Click Next
    10. Choose a file name then click Next

    Cisco Unified Communications

    1. Cisco Unified Communications Manager 12.5 – https://www.cisco.com/c/en/us/support/unified-communications/unified-communications-manager-version-12-5/model.html
    2. Cisco Unified Communications Manager IM and Presence Service 12.5 – https://www.cisco.com/c/en/us/support/unified-communications/unified-communications-manager-im-presence-service-version-12-5/model.html
    3. You will need a Cisco account and license to download from the site. This guide does not go into detail on gaining this software.
    4. You will need both the Bootable ISO and virtual machine template for 12.5(1) for both products located at the above link under Downloads on each respective support pages.

    Cisco Jabber for Windows

    1. Cisco Software for Cisco Jabber – https://software.cisco.com/download/home/284324806/type/284006014/release/12.5(1)
    2. You will need a Cisco account and license to download from the site. This guide does not go into detail on gaining this software.

    Creating Virtual Machines

    pfSense

    Virtual Machine
    Note: This is using VMware Workstation Pro 15.
    1. File > New Virtual Machine...
    2. From the New Virtual Machine Wizard:
    3. Choose Typical (recommended).
    4. Hit Next.
    5. On the Guest Operating Systems Installation screen:
      1. Choose Installer disk image file (iso):
      2. Click Browse…
      3. Navigate to where you unzipped the file from above.
      4. Click Next.
    6. (Linux Host Only) On Select a Guest Operating System:
      1. Click Next.
    7. On the Name the Virtual Machine screen:
      1. Virtual Machine Name: pfSense (UCS)
        Note: UCS is Unified Communications System.
      2. Location: Choose to keep default or hit Browse to change the location of the virtual machine files.
      3. Click Next.
    8. On the Specify Disk Capacity screen:
      1. Maximum disk size (GB): 8
      2. Keep Split Virtual disk into multiple files selected.
      3. Click Next.
    9. On the Ready to Create Virtual Machine screen:
      1. Choose Customize Hardware…
        1. (Optional) Change the memory from 256MB to 512MB or 1GB.
          See https://docs.netgate.com/pfsense/en/latest/book/hardware/minimum-hardware-requirements.html
        2. Choose Add… (at the bottom of the screen).
        3. Select Network Adapter and click Finish.
          1. Make sure Connected and Connect at power on are checked.
          2. Change Network Connection from NAT to Bridged.
            Note: NAT can be used if Bridged does not work properly.
            See: Configuring Bridged Networking - https://docs.vmware.com/en/VMware-Workstation-Pro/15.0/com.vmware.ws.using.doc/GUID-3D56BF46-5980-48F1-AB47-CC0CDB814D8B.html
        4. Select Network Adapter 2
          1. Make sure Connected and Connect at power on are checked.
          2. Change Network Connection from NAT to LAN segment.
          3. Click LAN Segments….
          4. Click Add.
          5. Type UCS and hit <Enter>.
          6. Click Ok.
          7. Under LAN segment:, use the dropdown box to select UCS from the list.
        5. Click Finish.
    10. After the Wizard closes, the virtual machine will immediately boot and load the ISO.
    Installation
    1. Select <Accept> on the Copyright and distribution notice.
    2. Select Install and select <Ok>.
    3. Select Continue with default keymap (default is US) and select <Select>.
    4. Select Auto (UFS) and select <Ok>.
    5. Select <No> to make any manual changes.
    6. Wait for installation to complete.
    7. Select <Reboot> to boot the system.
    8. The ISO will automatically be removed from the virtual CD-ROM drive.
    Configuration
    The following screen should appear if the installation went properly:
    WAN (wan), or em0, should have an IP address from the local network. LAN (lan), or em1, is the IP address used for the default gateway for all devices in the lab. 

    From here, pfSense can be configured with the proper ip addresses and DHCP configuration.
    1. Select <Accept> on the Copyright and distribution notice.
    2. Select Install and select <Ok>.
    3. Select Continue with default keymap (default is US) and select <Select>.
    4. Select Auto (UFS) and select <Ok>.
    5. Select <No> to make any manual changes.
    6. Wait for installation to complete.
    7. Select <Reboot> to boot the system.
    8. The ISO will automatically be removed from the virtual CD-ROM drive.
    Then you need to install Open VM tools which allow VMware Workstation to manage the guest system. From the Menu, do the following:

    1. Type 8
    2. Type pfSsh.php playback installpkg “pfSense-pkg-open-vm-tools” <Enter>
    3. Wait for installation to complete.
    4. Type reboot <Enter>
    Remove the ISO by right clicking the virtual machine from the Library, click Removable Devices > CD/DVD(IDE) > Disconnect

    Configuration from another Virtual Machine
    NOTE: Do this AFTER configuration of Windows Server VM.

    Then open a browser and navigate to https://10.0.0.1, and do the following:
    1. Login with default account/password (admin/pfsense)
    2. Click Next
    3. Click Next
    4. On the General Information:
      1. (optional) Change hostname
      2. Domain: federation.local
      3. Primary DNS Server (Windows Server): 10.0.0.2
    5. Click Next
    6. On the Time Server Information:
      1. Time server hostname: 10.0.0.2
      2. Timezone: American/New_York
    7. Click Next
    8. On the Configure WAN Interface:
      1. Scroll to bottom and hit Next.
    9. On the Configure LAN Interface:
      1. Click Next.
    10. On the Admin Password:
      1. Type “pfsense” in both boxes
        Note: this is the default and fine for this lab
    11. Click Reload.
    12. Click Finish.
    13. Click Accept on the copyright notice.
    14. From the menu bar, click Service > DHCP Server. Change the following options:
      1. Range: 10.0.0.50 - 10.0.0.100
      2. WINS Server: 10.0.0.2
      3. DNS servers: 10.0.0.2
      4. Domain name: federation.local
      5. Domain search list: federation.local
      6. NTP Server 1: 10.0.0.2
    15. Scroll to the bottom and click Save.
    16. Close the browser. The configuration is saved.

    Windows Server

    Virtual Machine
    Note: This is using VMware Workstation Pro 15.
    1. File > New Virtual Machine...
    2. From the New Virtual Machine Wizard:
      1. Choose Typical (recommended).
      2. Hit Next.
      3. On the Guest Operating Systems Installation screen:
        1. Choose I will install the operating system later.
          Note: Windows Server may have an issue if you attempt to use the VMware easy install/auto-detection without a cd key when you choose the ISO on this screen.
    3. On Select a Guest Operating System:
      1. Select Microsoft Windows under Guest operating system
      2. Select Windows Server 2016 under Version.
      3. Click Next.
    4. On the Name the Virtual Machine screen:
      1. Virtual Machine Name: Windows Server 2019 (UCS)
        Note: UCS is Unified Communications System.
      2. Location: Choose to keep default or hit Browse to change the location of the virtual machine files.
      3. Click Next.
    5. On the Specify Disk Capacity screen:
      1. Maximum disk size (GB): 40
      2. Keep Split Virtual disk into multiple files selected.
      3. Click Next.
    6. On the Ready to Create Virtual Machine screen:
      1. Choose Customize Hardware…
        1. Change the memory from 256MB to 4GB.
        2. Change the Processors from 1 to 2.
        3. Select Network Adapter
          1. Make sure Connected and Connect at power on are checked.
          2. Change Network Connection from NAT to LAN segment.
          3. Under LAN segment:, use the dropdown box to select UCS from the list.
      2. Click Finish.
    7. Open the virtual machine settings by selecting the machine on the left, and choosing Edit virtual machine settings. Then do the following:
      1. Select CD/DVD (IDE)
      2. Insure that Connect at power on is checked.
      3. Under Connection, select Use ISO image file and click Browse…
      4. On the Browse for ISO Image, select the ISO image downloaded and click Open.
      5. Choose Options at the top.
      6. Click the Advance
        1. Under Firmware Type, change it from BIOS to UEFI
      7. Click Save to close the settings window.
    8. Power on the virtual machine.
    9. At the Press any key to boot from CD prompt, hit any key to boot the CD-ROM and continue the installation.
    Installation
    1. Click Next.
    2. Click Install now
    3. Choose Windows Server 2019 Standard Evaluation (Desktop Experience)
    4. Click Next
    5. Click I accept the license terms checkbox.
    6. Click Next
    7. Click Custom: Install Windows only (advanced)
    8. Click Next on the Where do you want to install Windows? Screen.
    9. Wait for the Installation to finish.
    10. The computer will reboot.
    Configuration
    1. After reboot, change Administrator password.
    2. Log into the computer with the Administrator user account.
    3. Install VMware Tools:
      1. On the menu bar, click VM > Install Vmware Tools…
      2. Open Windows Explorer, click This PC
      3. Double-click the CD-ROM drive (which has the VMware tools ISO inserted).
      4. Click Next.
      5. Keep Typical selected and click Next.
      6. Click Install.
      7. Click Finish and click Yes to reboot the computer.
    4. After the reboot for VMware tools, the following configurations need to be made
      1. Rename the server
      2. Change server’s ip address
      3. Installing Active Directory (AD) Services (which installs DNS)
      4. Configuring AD with organizational units, 2 Machine Accounts, and 2 Users
      5. Configuring DNS with A and PTR records for firewall, AD Server, and Unified Communication Servers
      6. The following script will perform all the functions above. The same functions can also be completed manually through Server Manager application (not covered here).
      7. Save this script as “C:\Configure2019Server.ps1”
      8. Double-click to run script. Wait for it to complete. It will restart the computer twice.

    Cisco Unified Communication Servers

    Create Cisco Answer Files
    Answer files provide a method for performing unattended installations of a wide range of Cisco products. It also provides a method to create the same systems for testing purposes.

    You can either follow the instructions to generate the answer files below or download the floppy disks and skip past this section.
    1. Open Microsoft Edge or Mozilla Firefox and go to Cisco Unified Communications Answer File Generator - https://www.cisco.com/c/en/us/applicat/content/cuc-afg/index.html

      Try either browser to download the XML file. If you have trouble with one, then use the other one.
    2. The following table will list all of the options:

      Clusterwide Configuration
      Hardware
      Primary Node Installed On Virtual Machine
      Product
      Product Cisco Unified Communications Manager IM and Presence
      Version 12.5.1
      Administrator Credentials
      Administrator Username cucmadmin
      Password <password>
      Confirm Password <password>
      Security Password
      Security Password <security password>
      Password <security password>
      Confirm Password <security password>
      Application User Credentials
      Application Username cucmuser
      Password <password>
      Confirm Password <password>
      Certificate Information
      Organization Federation
      Unit Star Force
      Location Saturn
      State UN
      Country United States of American
      SMTP
      No Changes
      Cisco Unified Communications Manager (Publisher) Configuration
      NIC Interface Settings
      No changes
      Network Information
      Host Name cucm1
      IP Address 10.0.0.120
      IP Mask 255.255.255.0
      Gateway Address 10.0.0.1
      DNS
      Configure Client DNS Checked
      Primary DNS 10.0.0.2
      Domain federation.local
      Time Zone
      Region America
      Time Zone American/New_York
      Network Time Protocol
      NTP Server 1 10.0.0.2
      NTP Server 2 us.pool.ntp.org
      Cisco Unified Communications Manager IM and Presence Node Configuration
      NIC Interface Settings
      No changes
      Network Information
      Host Name cup1
      IP Address 10.0.0.121
      IP Mask 255.255.255.0
      Gateway Address 10.0.0.1
      IM & P Domain Name
      IM & P Domain Name federation.local
      DNS
      Configure Client DNS Checked
      Use Primary Node DNS settings Checked
      Time Zone
      Use Primary Node Zone Setting Checked
    3. Click Add CUCM IM and Presence Node
    4. Click Generate Answer Files
    5. Create two folders: cucm and cup
    6. A new window opens, click each of the download buttons. When the next window opens, right click the window, choose “View Source” and copy the XML in the window.
    7. Save a copy cluster configuration as clusterConfig.xml in both folders.
    8. Save a copy cucm as platformConfig.xml in cucm.
    9. Save a copy cup as platformConfig.xml in cup.
    10. Open a browser and download the BFI (Boot Floppy Image) application from the following url: https://www.softpedia.com/get/System/Boot-Manager-Disk/BFI.shtml
    11. Extract the bfi.exe with 7Zip, or another extraction tool.
    12. From powershell run:
            > .\bfi.exe -v -f=”cucm.flp” .\cucm\
            > .\bfi.exe -v -f=”cup.flp” .\cup\
    13. This will generate a “.flp” file which is needed in the next step.
    Creating Virtual Machine for CUCM 
    Note: This is using VMware Workstation Pro 15.
    1. File > Open…
    2. Navigate to the virtual machine template file (.ova). Example: cucm_12.5_vm13_v1.0.ova), select the file from the file explorer window, and click Open.
    3. On the Store the new Virtual Machine screen:
      1. Name: Cisco Call Manager 12.5 (Pub)
      2. Location: Keep default or change location by hitting the Browse....
      3. Click Next
    4. On the Deployment Options screen:
      1. Select CUCM 2500 user node
      2. Click Import.
    5. After a few secs, a new virtual machine is created.
    6. Right click the virtual machine, choose Settings
    7. Change Memory from 6GB to 4GB or 2GB.
    8. Select the CD/DVD (IDE) drive.
      1. Select Connect at power on.
      2. Select Use ISO Image and choose your ISO.
    9. Select the Floppy drive
      1. Select Connect at power on
      2. Select cucm.flp created earlier.
    10. Select Network Adapter
      1. Under Network Connection, select LAN Segments
      2. In the drop down, choose UCS
    Creating Virtual Machine for CUCM IM & P
    Note: This is using VMware Workstation Pro 15.
    1. File > Open…
    2. Navigate to the virtual machine template file (.ova). Example: cucm_im_p_12.5_vmv13_v1.0.ova), select the file from the file explorer window, and click Open.
    3. On the Store the new Virtual Machine screen:
      1. Name: Cisco Call Manager IM & P 12.5
      2. Location: Keep default or change location by hitting the Browse....
      3. Click Next
    4. On the Deployment Options screen:
      1. Select CUCM IM and Presence 150 UC user node
      2. Click Import.
    5. After a few secs, a new virtual machine is created.
    6. Right click the virtual machine, choose Settings
    7. Select the CD/DVD (IDE) drive.
      1. Select Connect at power on.
      2. Select Use ISO Image and choose your ISO.
    8. Select the Floppy drive
      1. Select Connect at power on
      2. Select cup.flp created earlier.
    9. Select Network Adapter
      1. Under Network Connection, select LAN Segments
      2. In the drop down, choose UCS
    Installation
    1. Since the answer files are being used, both servers will be installed basically at the same time.
    2. Power on the CUCM virtual machine.
    3. Hit Esc on power to show the boot menu. Use the arrow keys and select CD-ROM Drive.
      Note: If you are having trouble getting the menu, see “Accessing the BIOS when the POST screen clears too quickly (1004129)” (https://kb.vmware.com/s/article/1004129)
    4. Choose Skip at the Disk Found prompt.
    5. Choose Yes at the Proceed with Install prompt.
    6. Power on the IM & P virtual machine.
    7. Hit Esc on power to show the boot menu. Use the arrow keys and select CD-ROM Drive.
    8. Choose Skip at the Disk Found prompt.
    9. Choose Yes at the Proceed with Install prompt.
    10. Wait until both servers have a login prompt from the console. This completes the installation of the operating system and software.
    Enable Services for CUCM and CUP
    1. Open a browser and navigate to https://10.0.0.120
    2. Login with cucmuser and <password> set in answer file.
    3. Top right, change the drop next to Navigation to Cisco Unified Serviceability and Click Go.
    4. Goto Tool > Service Activation
    5. Under Select Server, select cucm1.federation.local and click Go.
    6. Check the following Services (others are unchecked)
      1. Cisco CallManager
      2. Cisco CTIManager
      3. Cisco Device Activation Service
      4. Cisco Dialed Number Analyzer Server
      5. Cisco Dialed Number Analyzer
      6. Cisco Tftp
      7. Cisco AXL Web Server
      8. Cisco Certificate Authority Proxy Function
      9. Cisco DirSync
    7. Click Save
    8. Under Select Server, select cup1.federation.local and click Go.
    9. Check the following Services (others are unchecked)
      1. Cisco AXL Web Service
      2. Cisco SIP Proxy
      3. Cisco Presence Engine
      4. Cisco XCP Connection Manager
      5. Cisco XCP Directory Service
      6. Cisco XCP Authentication Service
    10. Click Save
    11. Top right, change the drop next to Navigation to Cisco Unified IM and Presence Administration and Click Go
    Configuration for CUCM
    1. Open a browser and navigate to https://10.0.0.120
    2. Login with cucmuser and <password> set in answer file.
    3. Goto System > Server:
      1. Click Find.
      2. Check for:
        1. cucm1.federation.local
        2. cup1.federation.local
      3. If missing, click Add New for each missing server. Click Save after each addition.
    4. Goto System > Phone NTP Reference
      1. Click Find.
      2. Check for:
        1. 10.0.0.2
      3. If missing, click Add New
        1. IP Address: 10.0.0.2
        2. Description: Phone NTP
        3. Mode: Directed Broadcast
        4. Click Save
    5. Goto System > Date and Time Group
      1. Click Find.
      2. Click CMLocal.
      3. Set TimeZone to (-5:00 American/New_York).
      4. Click Add Phone NTP Reference.
      5. Click Find.
      6. Check the box next to 10.0.0.2 and click Add Selected. It should appear in the box above the button.
      7. Click Save
      8. Click Apply Config.
    6. Goto System > Security > SIP Trunk Security Profiles
      1. Click Add New.
      2. Name: IMP-SIP-Trunk-Profile
      3. Description: IM & P SIP Trunk Profile
      4. Check the following options (others remain unchecked)
        1. Accept Presence Subscription
        2. Accept out-of-dialog refer
        3. Accept unsolicited notification
        4. Accept replaces header
    7. Goto Call Routing > Class of Control > Partition
      1. Click Add New.
      2. Partition Information
        1. Name: PT_Phones; All user phones
      3. Click Save
    8. Goto Call Routing > Class of Control > Partition.
      1. Click Add New
        1. Name: CSS_Routine
        2. Description: Routine Calling
        3. Selected Partitions
          1. PT_Phones
    9. Goto User Management > User Settings > UC Service
      1. Click Add New.
      2. Choose the UC Service Type and use the settings from the list below:
        1. Directory
          1. Product Type: Enhanced Directory
          2. Name: federation.local
          3. Description: Federation Enhanced Directory
          4. Host Name: win-srv-ad.federation.local
          5. Port: 389
          6. Protocol: TCP
          7. Connection Type:Global Catalog
          8. Use Secure Connection: Checked
        2. Directory
          1. Product Type: Directory
          2. Name: federation.local (basic)
          3. Description: Federation Basic Directory
          4. Host Name: win-srv-ad.federation.local
          5. Port: 389
          6. Protocol: TCP
      3. IM and Presence
        1. Product Type: Unified CM (IM and Presence)
        2. Name: Federation IM and Presence
        3. Description: Federation IM and Presence
        4. Host Name: cup1.federation.local
      4. Jabber Client Configuration (jabber-config.xml)
        1. Product Type: Jabber
        2. Name: Federation Jabber Client Config
        3. Jabber Configuration Parameters
          Section Parameter Value
          Phone CcmcipServer1 10.0.0.120
          Phone CtiServer1 10.0.0.120
          Presence PresenceServerAddress 10.0.0.121
        4. Click Save.
    10. Goto User Management > User Settings > Service Profile
      1. Click Add New.
      2. Service Profile Information
        1. Name: Federation Service Profile
      3. Directory Profile
        1. Primary: federation.local
        2. Use UDS for Contact Resolution: Checked
        3. Use Logged On User Credential: Checked
        4. Recursive Search on All Search Bases: Checked
      4. IM and Presence Profile
        1. Primary: Federation IM and Presence
      5. Jabber Client Configuration (jabber-config.xml) Profile
        1. Common: Federation Jabber Client Config
      6. Click Save
    11. Goto User Management > User/Phone Add > Universal Line Template
      1. Click Sample Line Template with TAG usage examples
      2. Click Copy at type
      3. Name: Federation Line Template
      4. Route Partition: PT_Phones
      5. Voice Mail Profile: NoVoiceMail
      6. Calling Search Space: CSS_Routine
      7. Click Save
    12. Goto User Management > User/Phone Add > Universal Device Template
      1. Click Sample Device Template with TAG usage examples
      2. Click Copy at type
      3. Name: Federation Line Template
      4. Click Save
    13. Goto User Management > User Settings > User Profile
      1. Name: Standard Federation User Profile
      2. Description: Standard Federation User Profile
      3. Universal Device Template
        1. Mobile and Desktop Device: Federation Device Template
      4. Universal Line Template: Federation Line Template
      5. Allow End User to Provision their own phone: Checked
    14. Goto User Management > User/Phone Add > Feature Group Template
      1. Click Add New.
      2. Feature Group Template
        1. Name: Default Federation Template
      3. Features
        1. Home Cluster: Checked
        2. Enable User for Unified CM IM and Presence: Checked
        3. Services Profile: Federation Service Profile
        4. User Profile: Standard Federation User Profile
        5. Allow Control of Device from CTI: Checked
        6. Enable Mobility: Checked
    15. Goto LDAP > LDAP System
      1. Enable Synchronizing from LDAP Server: Checked
      2. LDAP Server Type: Microsoft Active Directory
      3. LDAP Attribute for User ID: sAMAccountName
      4. Click Save
    16. Goto LDAP > LDAP Directory
      1. Click Add New
      2. LDAP Directory Information
        1. LDAP Configuration Name: federation.local
        2. LDAP Manager Distinguished Name: ciscodirsync@federation.local
        3. LDAP Password: <password of user in Active Directory>
        4. LDAP User Search Base: DC=federation;DC=local
        5. Synchronize: Users Only
      3. LDAP Directory Synchronization Schedule
        1. Perform a Re-sync Every: 1 DAY
      4. Group Information
        1. User Rank: 1-Default User Rank
        2. Access Control Groups:
        3. Standard CCM End Users
        4. Standard CTI Allow Control of Phones supporting Connected Xfer and conf
        5. Standard CTI Enabled
      5. Feature Group Template: DefaultFederationTemplate
      6. Apply mask to synced telephone numbers to create a new line for inserted users: Checked
      7. Mask: 731XXXXXXX
      8. Assign new line from pool list if one was not created based on a synced LDAP telephone number: Checked
        1. DN Pool Start: 3310000
        2. DN Pool End: 3310199
      9. LDAP Server Information
        1. Host Name or IP Address for Server: 10.0.0.2
        2. LDAP Port 389
      10. Click Save
      11. Click Perform Full Sync Now
    17. Goto LDAP > LDAP Authentication
      1. LDAP Authentication for End Users
        1. Use LDAP Authentication for End Users: Checked
        2. LDAP Manager Distinguished Name: ciscodirsync@federation.local
        3. LDAP Password: <password of user in Active Directory>
        4. LDAP User Search Base: DC=federation;DC=local
      2. LDAP Server Information
        1. Host Name or IP Address for Server: 10.0.0.2
        2. LDAP Port: 389
      3. Click Save.
    18. Goto LDAP > Search Configuration
      1. LDAP Search for enterprise users through UDS
        1. Enable user search to Enterprise Directory Server: Checked
        2. LDAP Manager Distinguished Name: cucmdirsync@federation.local
        3. LDAP Password: <password of user in Active Directory>
        4. LDAP User Search Base: OU=Users;OU=Corporate;
          DC=federation;DC=local
        5. Recursive search on All Search Bases: Checked
      2. UC Service Directory Information
        1. Set Primary Server to federation.local (basic).
        2. Click Save.
    19. Goto Device > Trunk
      1. Click Add New.
      2. Trunk Information:
        1. Trunk Type: SIP Trunk
        2. Device Protocol: SIP
        3. Trunk Service Type: None (Default)
      3. Device Information
        1. Device Name: IMP-SIP-Trunk
        2. Description: IMP-SIP-Trunk
      4. Inbound Calls:
        1. Calling Search Space: CSS_Routine
      5. SIP Information
        1. Destination
          1. Destination Address: 10.0.0.120
          2. Destination Port: 5060
        2. SIP Trunk Security Profile: IMP-SIP-Trunk-Profile
        3. SIP Profile: Standard SIP Profile
      6. Click Save.
      7. Click Reset, then Reset, then Close.
    20. Goto User Management > End User
      1. Click Find.
      2. If no users are listed, then do the following:
        1. Goto System > LDAP Directory
        2. Click Perform Full Sync Now
        3. Then, return to User Management > End User.
      3. If Still no users, check LDAP settings and user account in Active Directory:
        1. User: marsha.fields

          User Information
          Self-Service User ID: 3310000
          PIN: 3310000
          Digest Credentials: 3310000
          User Profile: Standard Federation User Profile
          User Rank: 1-Default User Rank

          Service Settings
          Home Cluster: Checked
          Enable User for Unified CM IM and Presence: Checked
          UC Service Profile: Federation Service Profile

          Extension Mobility
          Allow Control of Device from CTI: Checked

          Mobility Information
          Enable Mobility: Checked

          Permission Information
          Groups:
          Standard CCM End Users
          Standard CTI Allow Control of Phones Supporting Conf and Xfer
          Standard CTI Enabled
        2. User: joe.smith

          User Information
          Self-Service User ID: 3310001
          PIN: 3310001
          Digest Credentials: 3310001
          User Profile: Standard Federation User Profile
          User Rank: 1-Default User Rank

          Service Settings
          Home Cluster: Checked
          Enable User for Unified CM IM and Presence: Checked
          UC Service Profile: Federation Service Profile

          Extension Mobility
          Allow Control of Device from CTI: Checked

          Mobility Information
          Enable Mobility: Checked

          Permission Information
          Groups:
          Standard CCM End Users
          Standard CTI Allow Control of Phones Supporting Conf and Xfer
          Standard CTI Enabled
    21. Goto Device > Phone
      1. Per User Phone
        1. Click Add New.
        2. Phone Type: Cisco Unified Client Services Framework
        3. Click Next.
        4. Fill out using Device Settings below then click Save and Apply Config.
        5. Click Line [1] under Association
        6. Fill out using Line Settings below then click Save and Apply Config.
      2. User: marsha.fields

        Device Settings:
        Device Name: CSF00001
        Description: Marsha Fields CSF
        Device Pool: Default
        Phone Button Template: Standard Client Services Framework
        Common Phone Profile: Standard Common Phone Profile
        Owner User ID: marsha.fields
        Primary Phone: Federation Universal Phone Template
        Allow Control of Device from CTI: Checked
        Device Security Profile: Universal Device Template - Model-independent Security Profile

        Line Settings:
        Directory Number: 331000
        Route Pattern: PT_Phones
        Description: Marsha Fields CSF
        Alerting Name Marsha Fields
        Allow Control of Device from CTI: Checked
        Associated Devices: CSF00001
        Calling Search Space: CSS_Routine
        Display (Caller ID): Marsha Fields
        Line Text label: 3310000
        External Phone Number Mask: 731XXXXXXX
        Forwarded Call Information Display on Device:
        Caller Number: Checked
        Redirected Number: Checked
        Users Associated with Line: Fields, Marsha
      3. User: joe.smith

        Device Settings:
        Device Name: CSF00002
        Description: Marsha Fields CSF
        Device Pool: Default
        Phone Button Template: Standard Client Services Framework
        Common Phone Profile: Standard Common Phone Profile
        Owner User ID: joe.smith
        Primary Phone: Federation Universal Phone Template
        Allow Control of Device from CTI: Checked
        Device Security Profile: Universal Device Template - Model-independent Security Profile

        Line Settings:
        Directory Number: 331001
        Route Pattern: PT_Phones
        Description: Marsha Fields CSF
        Alerting Name Marsha Fields
        Allow Control of Device from CTI: Checked
        Associated Devices: CSF00002
        Calling Search Space: CSS_Routine
        Display (Caller ID): Joe Smith
        Line Text label: 3310001
        External Phone Number Mask: 731XXXXXXX
        Forwarded Call Information Display on Device:
        Caller Number: Checked
        Redirected Number: Checked
        Users Associated with Line: Smith, Joe
    22. Goto User Management > End User
      1. Do the following per user. This associates the phone and primary line to each user.
      2. Hit Save after each modification.
      3. User: marsha.fields

        Device Information
        Controlled Devices: CSF00001

        Directory Number Associations
        Primary Extension: 3310000 in PT_Phones
      4. User: joe.smith

        Device Information
        Controlled Devices: CSF00002

        Directory Number Associations
        Primary Extension: 3310001 in PT_Phones
    Configuration for IM & P
    1. Open a browser and navigate to https://10.0.0.121
    2. Login with cucmuser and <password>
    3. Goto Presence > Settings > Standard Configuration
      1. CUCM IM and Presence Publish Trunk: IMP-SIP-Trunk
        Note: If missing, check CUCM Device > Trunk to see if is configured. If not, then look above to find the configuration.
      2. Click Save
    4. Goto Presence > Gateways
      1. Click Add New
      2. Presence Gateway Type: CUCM
      3. Description: Federation Default GW
      4. Presence Gateway: 10.0.0.120
      5. Click Save
    5. Goto Messaging > Settings
      1. Check the following options (others remain unchecked)
        1. Enable instant messaging
        2. Allow clients to log instant message history
        3. Allow cut & paste in instant messages
    6. Goto Application > Client Settings
      1. TFTP Servers
        1. Primary TFTP Server: 10.0.0.120
      2. Cisco Unified Personal Communication LDAP Attribute Mapping
        1. Directory Server Type: Microsoft Active Directory
      3. Click Save
    7. Goto Application > CCMCIP Profile
        1. Click Add New
        2. Name: CUCM-CCMIP
        3. Primary CCMCIP Host: 10.0.0.120
        4. Backup CCMCIP Host: 10.0.0.120
        5. Make this the default CCMCIP Profile for the system: Checked
      1. Click Save.

    Windows 10 Clients

    Virtual Machine
    Note: This is using VMware Workstation Pro 15
    1. Two Windows 10 Virtual Machines were created using the below settings.
      1. VM Name: Windows 10 Client (UCS-1)
        Windows Host: WIN-UCS-1
      2. VM Name: Windows 10 Client (UCS-2)
        Windows Host: WIN-UCS-2
    2. File > New Virtual Machine...
    3. From the New Virtual Machine Wizard:
      1. Choose Typical (recommended).
      2. Hit Next.
      3. On the Guest Operating Systems Installation screen:
        1. Choose Installer disk image file (iso):
        2. Click Browse…
        3. Navigate to where you unzipped the file from above.
        4. Click Next.
      4. On the Name the Virtual Machine screen:
        1. Virtual Machine Name:<use list above>
          Note: UCS is Unified Communications System.
        2. Location: Choose to keep default or hit Browse to change the location of the virtual machine files.
        3. Click Next.
      5. On the Specify Disk Capacity screen:
        1. Maximum disk size (GB): 40
        2. Keep Split Virtual disk into multiple files selected.
        3. Click Next.
      6. On the Ready to Create Virtual Machine screen:
        1. Choose Customize Hardware…
        2. Select Network Adapter
          1. Make sure Connected and Connect at power on are checked.
          2. Change Network Connection from NAT to LAN segment.
          3. Under LAN segment:, use the dropdown box to select UCS from the list.
        3. Click Close
      7. Click Finish
    4. After the Wizard closes, the virtual machine will immediately boot and load the ISO.
    Installation
    1. When virtual machines loads, press any key to start the installation process within 3 secs of virtual machine booting.
    2. Click Next
    3. Click Install now
    4. Click I don’t have a product key
    5. Choose Windows 10 Pro and Click Next
    6. Click the checkbox to accept the license terms and click Next
    7. Click Custom: Install Windows only (advanced)
    8. Click Next
    9. Wait for the Installation to complete. This will take a few mins.
    10. Click Yes to keep United States region.
    11. Click Yes to keep US keyboard layout.
    12. Click Skip.
    13. Do one of these:
      1. If virtual machine has internet access: Click Next
      2. If virtual machines does not have internet access: Click I do not have internet access
    14. Click Setup for an organization
    15. Click Next
    16. Click Domain join instead
    17. On Who’s going to use this computer? screen: Admin
    18. Click Next
    19. Click Next (no password)
    20. Click No
    21. Click Decline
    22. Click Accept
    Configuration
    1. Install VMware Tools
      1. In VMware Workstation, click VM > Install VMware Tools…
      2. Open File Explorer
      3. Double-click DVD Drive
      4. Click Yes
      5. VMware Tools Setup will start.
      6. Click Next
      7. Click Next
      8. Click Install
      9. Click Finish
      10. Click Yes
    2. Join to Domain
      1. Type Win + Pause to open System Properties
      2. Click Change settings
      3. Click Change…
      4. Change computer name
      5. Select Domain under Member of
      6. Type: federation.local
      7. Hit <enter>
      8. Login with administrator domain account
      9. Computer will reboot
    3. Change TimeZone
      1. Right-Click the clock on the bottom left.
      2. In the menu, click Adjust Time/Date
      3. Set TimeZone to (UTC-5:00) Eastern Time (US & Canada)
      4. Hit the “X” at the top to close.
    4. (Optional) Install software
      1. Open browser and navigate to https://patchmypc.com/home-updater-overview
      2. Click on Download Patch My PC Home Updater
      3. Click on Download Patch My Home Update 4.1.0.3
      4. Click Save
      5. Click Run
      6. Authenticate with domain administrator
      7. Choose the following applications:
        1. Mozilla Firefox
        2. Foxit Reader
        3. 7-Zip
        4. LibreOffice

    No comments:

    Post a Comment