Mailing List Archive

DNS and LDAP Domain name change - current process node is IP
A customer has had a domain name, this includes the DNS and the active
directory integration. I am trying to pull together the necessary steps for
each application.

Below is what I have deduced from the documentation so far

*Change Domain name CUCM, Pub and Sub*

The CUCM processNode name is the IP address (System - > Server) changing
the domain name will have no effect on the CTL/ITL files as phones only
reference the IP currently.
Remove each server from PLM and add back in post-change
Security certs will need to be re-signed by the root CA
Each domain name and DNS change will need to be completed independently and
db replication status to be checked before moving onto subscriber.
Current Active directory authentication and LDAP authentication will be
moved from one server to another. The usernames are the same between the
the Active Directory domains so the device associations should remain when
the LDAP integration is change between one AD domain to another.

Change Domain name IMP, Pub and Sub

Security certs will need to be re-signed by the root CA
Each domain name and DNS change will need to be completed independently and
db replication status to be checked before moving onto subscriber.

*CUC*
Security certs will need to be re-signed by the root CA
Each domain name and DNS change will need to be completed independently and
db replication status to be checked before moving onto subscriber.
LDAP is used to manually "import" user name/extension then the users are
added manually
SMTP is used for voicemail to mail integration instead of unified messaging
so no changes needed as the mail server details remains the same.

I've also seen reports of mgcp sccp gw's unregistering if relying on DNS
but the IP is used for each MGCP registration.

I would appreciate a heads up if you have encountered any issues with
similar changes.

--
- Nick
Re: DNS and LDAP Domain name change - current process node is IP [ In reply to ]
what are you trying to do? Do you need to add a domain name to UC servers that currently do not have a domain name?

Sent from my iPhone

On Nov 11, 2019, at 18:21, Nick Britt <nickolasjbritt@gmail.com> wrote:

?
A customer has had a domain name, this includes the DNS and the active directory integration. I am trying to pull together the necessary steps for each application.

Below is what I have deduced from the documentation so far

Change Domain name CUCM, Pub and Sub

The CUCM processNode name is the IP address (System - > Server) changing the domain name will have no effect on the CTL/ITL files as phones only reference the IP currently.
Remove each server from PLM and add back in post-change
Security certs will need to be re-signed by the root CA
Each domain name and DNS change will need to be completed independently and db replication status to be checked before moving onto subscriber.
Current Active directory authentication and LDAP authentication will be moved from one server to another. The usernames are the same between the the Active Directory domains so the device associations should remain when the LDAP integration is change between one AD domain to another.

Change Domain name IMP, Pub and Sub

Security certs will need to be re-signed by the root CA
Each domain name and DNS change will need to be completed independently and db replication status to be checked before moving onto subscriber.

CUC
Security certs will need to be re-signed by the root CA
Each domain name and DNS change will need to be completed independently and db replication status to be checked before moving onto subscriber.
LDAP is used to manually "import" user name/extension then the users are added manually
SMTP is used for voicemail to mail integration instead of unified messaging so no changes needed as the mail server details remains the same.

I've also seen reports of mgcp sccp gw's unregistering if relying on DNS but the IP is used for each MGCP registration.

I would appreciate a heads up if you have encountered any issues with similar changes.

--
- Nick
_______________________________________________
cisco-voip mailing list
cisco-voip@puck.nether.net
https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&amp;data=02%7C01%7C%7C1c991cdfa1ba4d1a875408d766fde4db%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637091112956630527&amp;sdata=Fl%2B6R%2F1feUBCLif%2Ft1TUCSKkEgMoZlbzfy3jz87ORhg%3D&amp;reserved=0
Re: DNS and LDAP Domain name change - current process node is IP [ In reply to ]
Sorry the ask it so change from the DNS suffix of customername.us.com to
customer.com.

Also the users from customername.us.com have been moved into a
customername.com OU on different LDAP servers with the same usernames.

The servers are configured with a DNS domain and DNS servers but they
process node ID is the IP address of the servers (without the suffix)

Does that make sense?

On Mon, Nov 11, 2019 at 3:26 PM Ryan Huff <ryanhuff@outlook.com> wrote:

> what are you trying to do? Do you need to add a domain name to UC servers
> that currently do not have a domain name?
>
> Sent from my iPhone
>
> On Nov 11, 2019, at 18:21, Nick Britt <nickolasjbritt@gmail.com> wrote:
>
> ?
> A customer has had a domain name, this includes the DNS and the active
> directory integration. I am trying to pull together the necessary steps for
> each application.
>
> Below is what I have deduced from the documentation so far
>
> *Change Domain name CUCM, Pub and Sub*
>
> The CUCM processNode name is the IP address (System - > Server) changing
> the domain name will have no effect on the CTL/ITL files as phones only
> reference the IP currently.
> Remove each server from PLM and add back in post-change
> Security certs will need to be re-signed by the root CA
> Each domain name and DNS change will need to be completed independently
> and db replication status to be checked before moving onto subscriber.
> Current Active directory authentication and LDAP authentication will be
> moved from one server to another. The usernames are the same between the
> the Active Directory domains so the device associations should remain when
> the LDAP integration is change between one AD domain to another.
>
> Change Domain name IMP, Pub and Sub
>
> Security certs will need to be re-signed by the root CA
> Each domain name and DNS change will need to be completed independently
> and db replication status to be checked before moving onto subscriber.
>
> *CUC*
> Security certs will need to be re-signed by the root CA
> Each domain name and DNS change will need to be completed independently
> and db replication status to be checked before moving onto subscriber.
> LDAP is used to manually "import" user name/extension then the users are
> added manually
> SMTP is used for voicemail to mail integration instead of unified
> messaging so no changes needed as the mail server details remains the
> same.
>
> I've also seen reports of mgcp sccp gw's unregistering if relying on DNS
> but the IP is used for each MGCP registration.
>
> I would appreciate a heads up if you have encountered any issues with
> similar changes.
>
> --
> - Nick
> _______________________________________________
> cisco-voip mailing list
> cisco-voip@puck.nether.net
>
> https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&amp;data=02%7C01%7C%7C1c991cdfa1ba4d1a875408d766fde4db%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637091112956630527&amp;sdata=Fl%2B6R%2F1feUBCLif%2Ft1TUCSKkEgMoZlbzfy3jz87ORhg%3D&amp;reserved=0
>
>

--
- Nick
Re: DNS and LDAP Domain name change - current process node is IP [ In reply to ]
From a server perspective, just make sure the forward A record and reverse PTR record for the new FQDN exist BEFORE using the CLI command to run the sanity check scripts to change the domain. You can change the DNS records shortly before running the CLI command, but not for long as it would eventually cause cluster replication issues. Make sure the reverse PTR for the old FQDN is removed/changed to point at the NEW FQDN.

Regarding the processNode names.. no real impact to leave them as IP references (changing them to FQDN can offer some advantages and conveniences when dealing with MRA, Expressway, IM & Presence).

If you do decide to change CUCM’s server references to FQDN at some point, make sure all server nodes have a forward and reverse DNS record and make sure all phones/devices have access to DNS servers that can resolve the CUCM server’s FQDN (this step is really important). Also, make sure to adjust/verify the Enterprise Parameter URLs for authentication and directories (though they can usually be left to use IP references without issue).

Certs are regenerated; so with public CA certs that means a new CSR and certs after the change. With self-signed certs, you just get new certs that’ll need to be re-trusted by tour browser or imported into your device’s truststore.

Sent from my iPhone

On Nov 11, 2019, at 18:47, Nick Britt <nickolasjbritt@gmail.com> wrote:

?
Sorry the ask it so change from the DNS suffix of customername.us.com<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcustomername.us.com&data=02%7C01%7C%7C2609025ca7364935d96f08d767019242%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637091128749175619&sdata=PbdJpfrUqvvG7cS7uBJq0ll6fv47o0R5mj1EWkTkb4c%3D&reserved=0> to customer.com<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcustomer.com&data=02%7C01%7C%7C2609025ca7364935d96f08d767019242%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637091128749175619&sdata=eIpn94qwo9a%2BYBGJs1XEJl1JAQVy5Qyb5KyzxNitE%2Fk%3D&reserved=0>.

Also the users from customername.us.com<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcustomername.us.com&data=02%7C01%7C%7C2609025ca7364935d96f08d767019242%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637091128749185630&sdata=UdD3B4rmbmUnK03CRqmlmBToeKW9Fk3DZywPFf79Ygg%3D&reserved=0> have been moved into a customername.com<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fcustomername.com&data=02%7C01%7C%7C2609025ca7364935d96f08d767019242%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637091128749195642&sdata=kJeOUvsQs1AZ5xYP7IipTdqAga%2FXGa13gpJRc0QFK8A%3D&reserved=0> OU on different LDAP servers with the same usernames.

The servers are configured with a DNS domain and DNS servers but they process node ID is the IP address of the servers (without the suffix)

Does that make sense?

On Mon, Nov 11, 2019 at 3:26 PM Ryan Huff <ryanhuff@outlook.com<mailto:ryanhuff@outlook.com>> wrote:
what are you trying to do? Do you need to add a domain name to UC servers that currently do not have a domain name?

Sent from my iPhone

On Nov 11, 2019, at 18:21, Nick Britt <nickolasjbritt@gmail.com<mailto:nickolasjbritt@gmail.com>> wrote:

?
A customer has had a domain name, this includes the DNS and the active directory integration. I am trying to pull together the necessary steps for each application.

Below is what I have deduced from the documentation so far

Change Domain name CUCM, Pub and Sub

The CUCM processNode name is the IP address (System - > Server) changing the domain name will have no effect on the CTL/ITL files as phones only reference the IP currently.
Remove each server from PLM and add back in post-change
Security certs will need to be re-signed by the root CA
Each domain name and DNS change will need to be completed independently and db replication status to be checked before moving onto subscriber.
Current Active directory authentication and LDAP authentication will be moved from one server to another. The usernames are the same between the the Active Directory domains so the device associations should remain when the LDAP integration is change between one AD domain to another.

Change Domain name IMP, Pub and Sub

Security certs will need to be re-signed by the root CA
Each domain name and DNS change will need to be completed independently and db replication status to be checked before moving onto subscriber.

CUC
Security certs will need to be re-signed by the root CA
Each domain name and DNS change will need to be completed independently and db replication status to be checked before moving onto subscriber.
LDAP is used to manually "import" user name/extension then the users are added manually
SMTP is used for voicemail to mail integration instead of unified messaging so no changes needed as the mail server details remains the same.

I've also seen reports of mgcp sccp gw's unregistering if relying on DNS but the IP is used for each MGCP registration.

I would appreciate a heads up if you have encountered any issues with similar changes.

--
- Nick
_______________________________________________
cisco-voip mailing list
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&amp;data=02%7C01%7C%7C1c991cdfa1ba4d1a875408d766fde4db%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637091112956630527&amp;sdata=Fl%2B6R%2F1feUBCLif%2Ft1TUCSKkEgMoZlbzfy3jz87ORhg%3D&amp;reserved=0<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data=02%7C01%7C%7C2609025ca7364935d96f08d767019242%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637091128749205647&sdata=PWGp2aWmgaOLOwtFD6qx9U3KVdlfrQG9cTxxQzDKnss%3D&reserved=0>


--
- Nick