Professional Documents
Culture Documents
0 Release Notes
PURPOSE ..................................................................................... 5
PUBLICATION HISTORY ............................................................. 5
AVAYA AURA™ CONTACT CENTER SOFTWARE ................... 6
REQUIRED SOFTWARE VERSIONS ..................................................................................... 6
SOFTWARE DOWNLOADS ............................................................................................... 8
Service Packs ...................................................................................................... 8
Additional Patches ............................................................................................... 8
REMOTE ACCESS ........................................................................................................ 9
Purpose
This document contains known issues, patches and workarounds specific to this build and does
not constitute a quick install guide for Contact Centre components. Please refer to the
information below to identify any issues relevant to the component(s) you are installing and then
refer to the Avaya Aura Contact Center Installation and Commissioning guides for full installation
instructions.
Details of fixed issues (CRs) are included in the readme instructions with each Service Pack.
Publication History
Issue Change Summary Author(s) Date
0.002 Updates for MAS 153 upgrade & QFE and new download Mark Valentine 11/08/2010
location for Service Packs
0.003 Updates to software lineup information and to list of Michael Walsh 26/08/2010
available patches Peter Flannery
8.0.0.152 * AvayaAura_CCCC_6.0.201.0-0045_ServicePack
AvayaAura_CCMS_6.0.201.0-0045_ServicePack
AvayaAura_CCT_6.0.201.0-0052_ServicePack
AvayaAura_CCMM_6.0.201.0-0036 _ServicePack
AvayaAura_CCMA_6.0.201.0-0055_ServicePack
AvayaAura_SCE_6.0.201.0-0323_ServicePack
AvayaAura_CCMSU_6.0.201.0-0020_ServicePack
AvayaAura_CCWS_6.0.201.0-0004_ServicePack
* DVD versions 8.0.0.145 & 8.0.0.142 & 8.0.0.140 from pre-GA installations are also supported, but it is
recommended that all new installations, post July 31st 2010, use the GA DVD (8.0.0.152) in order to
support install-time patching, which is mandatory post GA. The older DVD versions will not support
install time patching.
Users upgrading pre-GA installations from an RU_03/RU_06 patch line-up to the latest service packs
should remove all previous updates and pay particular attention to the Readme for the
AvayaAura_CCCC_6.0.201.0-0045_ServicePack. This details the requirement to install the
AvayaAura_CCCC_6.0.201.0-0045_ServicePack manually before launching the Patch Manager to
facilitate installation of all the other Service Packs.
Users with pre-GA installations will also need to consult the ‘Media Application Services (MAS)’ notes
within the ‘MBT and CS1000 SIP Installations’ section for instructions on how to upgrade the MAS
server to the GA MAS build.
Service Packs are installed on your base software and contain the latest software updates.
These updates should be deployed on a system as outlined in the readme instructions for each
updated.
The following patches are required to be installed after the installation of Service Pack 1 on your
system.
The following patches are optional to be installed after the installation of Service Pack 1 on your
system.
If you are running a migration from NES CCMS 6.0 or NES CCMS 7.0, the following patch is
required
Software Downloads
All Avaya Aura Contact Center software will be available from the following location.
http://support.avaya.com/css/appmanager/public/support/Downloads/P0793/6.0.x/C201089102458380_9
Service Packs
When you browse to this location you will see:
Additional Patches
When you browse to the Service Pack location you will also see the additional patches:
When all files are downloaded you should open file the zip files using Winzip or similar
application. The contents of the compressed image should then be extracted a location on your
hard-disk.
Remote Access
The AACC product will be supported during beta trial using the Remote Desktop Connection
(RDC) Microsoft Windows utility.
This utility will allow the Avaya support or design resource to remotely access the customer
server from a remote PC and be able to administer the server as if logged in directly to that
server.
RDC uses port 3389 so this port should be enabled on all co-resident or standalone servers in
the AACC solution installed.
Pre-Requisite Software
Pre-Requisite Software does not install successfully
When you launch setup.exe a number of pre-requisite software are installed on your system to enable the
successful installation of your AACC software.
A problem could be encountered with the installation of the Microsoft Visual C++ Runtime Libraries (x86)
Redistributable Setup. If you encounter this problem you will receive the following error message:
This issue is a know problem and is caused by An unsuccessful install of prior Windows Updates OR Custom MSI
packages could have left over faulty registry keys under HKEY_LOCAL_MACHINE\COMPONENTS. The Microsoft
knowledge base article, KB 970652, (http://support.microsoft.com/kb/970652/en-us ) outlines the problem and
provide a link to a resolution.
To address the problem please follow the steps as outlined in the Microsoft article
http://support.microsoft.com/default.aspx?scid=kb;EN-US;946414
DVD Controller
Pre Installation Instructions
INSTALLATION OF PRODUCT UPDATES
It is highly recommended that that you update your system with the latest product updates when
setting up your system.
Product Updates should be downloaded to the local system prior to the installation of your
AACC software. During the installation you will be prompted to provide the folder where these
updates are located.
Before proceeding with the installation of additional components ensure that the following
services are stopped:
• All Contact Center Services via SCMU
• CCMA SymposiumWC service via Microsoft Services console
• CCT Contact Center Tomcat Service via Microsoft Services console
Installation Instructions
Q02155356 Error during migration from 7.0 to AACC 1.0 with install time patching
During the installation of the CCMM component with a database migration from NES Contact Center 7.0 an error is
sometimes displayed when applying ReleaseUpdate_06 at install-time.
Work Around:
To avoid an installation problem during the an install-time migration with an install-time patch it is recommended
that you perform the following steps:
1. Perform you Contact Center 7.0 Backup as recommended in the AACC 1.0 documentation
2. Install your AACC 1.0 CCMM component follow the installation instruction as outlined in the Installation
Guide with the following exception:
a. Do not select to migrate your data during the installation
b. Select the Service Packs to install on your system.
3. After the installation of the CCMM component perform the migration of your data from your backed-up
Contact Center 7.0 database
Configuration Issues
None.
Work Around:
To avoid this problem occurring please remove all patches and service packs for the selected component prior to its
un-installation from the system.
2. Select the patch for the component being uninstalled and click 'Remove'.
Co-Res Installations
Pre Installation Instructions
None.
Installation Instructions
None.
Configuration Issues
None.
PVI Checker
Pre Installation Instructions
Please refer to the Planning &Engineering Guide (NN44400-210), for all recommendations
regarding the minimum machine specification required. The PVI checker will block installation of
AACC1.0 on any machine that does not meet the minimum specifications.
Installation Instructions
None.
Configuration Issues
None.
Installation Instructions
Install time patching of the AvayaAura_CCCC__ServicePack is mandatory.
Configuration Issues
Prior to using the Contact Center Patch Manager for the first time you must have installed the
latest Common Components Service Pack
Installation Instructions
None
Configuration Issues
When a Restore is running do not stop the process or reboot the server. If the restore process is
interrupted, this can lead to issues with the database.
If the restore process has been interrupted, check that the Cache Instance Service is running. If
the service is running, procede with completing the restore. If the service is not running and
cannot be started from Windows Service, contact Avaya support
The following list of patches is required for the AACC / MBT integration. Note that version
5.2.1.3.6 is the GA version of MBT, with which AACC is aligned. On top of this, the following
patches need to be added:
http://support.avaya.com/css/appmanager/public/support/Downloads/P0358/5.2.x/C20106101032583
520_7
The following list of packages and patches are required for the AACC / CS1000 integration:
Required packages for Converged Office are: 77, 153, 164, 242, 243, 324
41, 42, 43, 50, 114, 155, 214,
215, 218, 247, 311, 324
Required packages for SIP CTI are: 77, 153, 164, 242, 243, 324
41, 42, 43, 50, 114, 155, 214,
215, 218, 247, 311, 324
Apply CS 1000 Patch MPLR29656 (required for call control and reporting)
Apply CS 1000 Patch MPLR28954 (required for TR87 control on CS1k Rls 6.0 only)
Apply CS 1000 Patch MPLR28884 (resolves 1-way speech path on SIP REFER)
Apply CS 1000 Patch MPLR27991 (resolves SIP REFER issue on Sig Server)
Apply CS 1000 Patch MPLR29180 (required for DNIS Support)
3) Supervisor Operation
A Supervisor cannot login to CCAD. This is the same limitation as that which existed in the
NES 7.1 Express product.
4) Music On Hold
For MBT installations, ‘Music on Hold’ is provided by the Media Services that co-reside on
the MBT platform. Details on how to configure music on hold can be obtained from the
following Aura CM document:
Note this means that the Event Handler for ‘Music on Hold’ in SCE becomes redundant for
MBT. To be clear, this means that the Event Handler for ‘Music on Hold’ should not be
configured for MBT installations, as this will result in duplicate music files being played to the
party on hold (one from MBT, the second from the MAS).
The following call flow is not supported for MBT Integration with AACC. This is the same
limitation as that which existed in the NES 7.1 Express product, as the call flow in question is
not a typical contact center call flow.
- Agent is active on a DN call (i.e. a call that was made out from the agent set, or a call
that came directly to the agent’s DN).
- This call cannot be transferred/conferenced to the Contact Center’s Route Point
Address.
6) Default URI
In a SIP-enabled AACC the Default URI needs to be explicitly configured. The reason for this
is that since the call is not anchored on a VDN on the CM, there is no default destination to
send a call that has encountered a routing issue.
The Default URI can be configured in the Global Settings page of CCMA, and should be
configured as a numeric value.
7) TLS Certification
The TLS certification between the AACC and the AES needs to be completed to ensure that
Agent sets can be controlled by AACC. The knowledge transfer slides have covered this
certification and should be referred to here:
http://uconnect.demoavaya.com/atk00884oenevent/event/event_info.html
Configuration Issues
Transport Layer Security (TLS) configuration Issue
An issue has been observed when creating the Server certificate for AES. The issue was
caused by an incorrect time zone setting on the MBT server. The time zone was set to
Etc/GMT+1, but should have been Europe/Berlin, which is GMT+2 (during Daylight Savings
Time). This meant that the Cert would not be activated until an hour later since the time zone
was incorrect.
Resolution:
To avoid this problem, ensure that the time zone on the MBT server is correct.
2) After upgrade from Essential CTI check box is selected but associated fields show as disabled.
The data is still populated. If the user deselects & then reselects the check box it functions as
normal.
3) Presence, Registration and CTI fields only validate IPs and not FQDN.
Once the system has been configured to use TLS for CTI control, to enable SIP to communicate
in TLS a new utility has been created called Certificate Manager, see Appendix A for textual
description of how to use the Certificate Manager. This utility will allow the customer to create
and store certificates in a secure manner on the server and then enable TLS communication
with Avaya’s MBT.
Appendix B also contains a series of screen shots on how to use the Certificate Manager. This
complements Appendix A which has more detail.
Note: Services must be restarted if the securities certificates have not been configured
beforehand see Appendix A; and/or if TLS has been selected from another protocol already
been used, i.e. A change from TCP to TLS for example. This is due to the fact that SIP needs to
load in the security certificates once they have been created and this can only be done on start-
up.
Appendix C is a step by step guide on how to sign a certificate, get a root certificates from a
Certificate Authority. This appendix has a series of screen shots which will guide the user
through this process.
Upon connecting to CCT, multiple agents could get an acquisition failure error after a HA
switchover. The reason this occurs is because all the CSTA sessions for agent's DN have been
used up. This will happen to an agent who has not received any voice calls during the
switchover. The solution is to increase number of sessions for the DNs (the default number of
sessions per DN on CS1K is set to 3).
Procedure steps
Step Action
1 Contact the Avaya Communication Server 1000 expert to make configuration changes to
number of sessions for a DN.
Procedure steps
Step Action
1 If this occurs, launch Windows Task Manager. The HA utility will be running under a
java*32 executable. Kill this process and re-launch the HA utility. This operation will have no
effect on the HA operation
A QFE (MAS Patch) is available for the GA Contact Center MAS build (MAS 6.4.0.153) and
should be applied to all MAS systems, both Co-Res and standalone. The QFE (QFE-platform-
6.4.0.153-0001-win.zip) is available from the following location:
http://support.avaya.com/css/appmanager/public/support/Downloads/P0793/6.0.x/C201089102458380_9
Please download the file and extract the README.txt file to a separate location. Then follow the
instructions contained within the readme to install the QFE on your MAS.
Contact Center MAS installations installed with a DVD Version lower than the GA (152) version,
have the Beta (6.4.0.112) build of MAS installed. These installations must have the MAS
installation upgraded to the GA (6.4.0.153) build.
Once the upgrade to build 153 is complete, follow the ‘Installing MAS QFE’ section above to
install the latest QFE on the upgraded MAS.
Installation Instructions
Install time patching of the AvayaAura_CCT__ServicePack is mandatory.
Configuration Issues
None.
Issue details:
After upgrading the solution to RU_06 it may not be possible to login agents. CCMS can not replicate
with CCMS.
Workaround:
Restart the CCMS_OAM_CMF_Service or restart the CCMS server.
If this step is not performed then the NDL OAM service will fail to start on the server.
Installation Instructions
Q02138296 CCMS8 OAM: FirstBoot compilation of scripts should only be run on fresh install
When performing a migration, post install the following key
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\OAM_Service\FirstBoot
Should be set to 0.
Q02137248 CCMS8:Enterprise license was downgraded to Essential after restoring DB from CC7
After a restore of a CCMS 6.0 or 7.0 license, the package will be defaulted to Essential. The license
offerings have changed from 7.0 to 8.0. When the 7.0 database is restored, then the old settings are
restored.
After a migration has been run post install, then Server Setup Configuration must be launched and
the correct package and optional features need to be selected. Simple License Mappings
• CCS200 => Enterprise
• CCS300 => Enterprise + Networking Optional Feature
• CCS350 => NCC
• Express (voice only) => Essential
• Express (multimedia included) => Enterprise
Configuration Issues
The default password for the sysadmin user has been changed from nortel to avaya1.
License Manager
Installation Instructions
License options have changed in AACC 6.0; Simple License Mappings from CCMS 7.0 to
AACC 6.0 are as follows.
CCS200 => Enterprise
CCS300 => Enterprise + Networking Optional Feature
CCS350 => NCC
Express (voice only) => Essential
Express (multimedia included) => Enterprise
.
Configuration Issues
None.
Server Utility
Installation Instructions
Install time patching of the AvayaAura_CCMSU__ServicePack is mandatory.
Configuration Issues
None.
The Sybase Open Client is only required on the CCMA server if the server is going to be used to
manage a pre 7.0 CCMS or NCC server.
CCMA Restores:
This procedure has changed and is illustrated by the screen captures below:
1. Click on the Restore Tab to being the CCMA restore.
2. Choose the backup file to restore. These are date/time stamped by default.
Installation Instructions
Install time patching of the AvayaAura_CCMA__ServicePack is mandatory.
Configuration Issues
Preserve customer data:
Note that this feature is not supported by AACC. To preserve customer data for this build:
• Perform a full back of the system using the CCMA backup/Restore application
• Uninstall CCMA (no preserve customer data option)
• Install CCMA
• Restore data from the backup
Custom Historical Reports created with pre 9.0 Crystal Designer may not work correctly:
Custom historical report templates that were created using a version of Crystal designer prior to
9.0 may not display correctly when run through this release. Certain fields on the reports are no
longer supported by the Crystal Reports 2008 runtime. The reports must be updated to replace
these fields. Please contact the CCMA team if this issue arises.
subsequently login attempts to CCMA fails with an “invalid password” or “http:500” error. If this
issue occurs on a system that is co-res with CCMM, the CCMA_DefaultAppPool should be recycled
within the IIS management console. If the issue occurs on a system that is not co-res with CCMM,
IIS should be reset on the CCMA server using the “iisreset” command from the “Start-Run”
command box.
In addition, the Wclient_DA_COM.exe process should be killed it appears within the Windows Task
Manager.
Q02165524 Error adding SIP agent with multiple sections in domain portion of URI e.g.
sip.avaya.com
Incorrect validation on the SIP URI field results in an error popup when the domain portion of the
URI contains more than one “.”.
This issue is resolved by patch AvayaAura_CCMA_6.0.201.21-0077_Patch.
Installation Instructions
Install time patching of the AvayaAura_CCT__ServicePack is mandatory.
Configuration Issues
None.
Workaround
Use CCMA to add and assign Windows users to agents. This is the preferred method.
Workaround
Click the cancel button to continue or selection the option to not present the dialog in future and
continue.
Installation Instructions
Install time patching of the AvayaAura_CCMM__ServicePack is mandatory.
Note: AAAD web page can state that “This machine has the correct version of the .NET
Framework 3.5 installed.” When it is not installed as on an Agent Desktop PC if the Microsoft
.NET 3.5 framework is installed and then uninstalled from the PC the Microsoft Internet Explorer
browser sometimes does not pick up on the uninstall and sends the incorrect information to the
CCMM Server. This does not affect install or launch functionality of the web page.
Configuration Issues
None.
Q02164298 CCMM: MCMC Service restarting after service shutdown on SIP/CoRes Systems
The MCMC service restarts intermittently after getting shutdown. This is due to the service recovery
settings in Windows Service Control. By default these are set to restart the service after 1 minute if
it terminates. On shutting down the MCMC service there is an intermittent issue where the service
terminates instead of shutting down cleanly hence the service is restarted by service recovery.
Workaround(to get MCMC service to remain shutdown):
Switch off the failure recovery in Windows Service manager using the following steps:
1. Launch Start->Run
2. Enter “services.msc” and enter
3. Select the service “CCMM Multimedia Contact Manager”, Right click and select properties.
4. Select the “Recovery” tab.
5. Change the settings under First, Second and Subsequent failures from “Restart the Service”
to “Take no Action”
Note: Setting should be changed back to “Restart the Service” when system operational.
** Users who did not install the AvayaAura_CCMM_6.0.201.0-0036 _ServicePack at install time
and are installing the Service pack manually (e.g. Beta users) may encounter an error during the
AvayaAura_CCMM_6.0.201.0-0036 _ServicePack installation because of MCMC restarting.
Carry out steps 1 -> 5 above to prevent MCMC restarts and install the service pack again.
Installation Instructions
Install time patching of the AvayaAura_SCE__ServicePack is mandatory.
Configuration Issues
None.
Workaround:
During the download of the Service Creation Environment, when prompted with the dialog to ‘run’
or ‘save’ the ‘Service Creation Environment.msi’, the user should click on the ‘save’ option to save
the .msi locally, they can then double click on the file which will take the user through the wizard to
install the latest version of the Service Creation Environment.
Workaround Steps:
1) Right click on the invalid SimpleGreeting application
2) From the context menu select delete and delete the applications
3) Right mouse click on the application folder and from the context-menu, select new
application.
4) Type in the name of the flow i.e. SimpleGreeting
5) From the drop-down menu select the SimpleGreeting template.
Security Framework
Installation Instructions
None.
Configuration Issues
None.
Installation Instructions
None.
Configuration Issues
None.
Installation Instructions
None.
Configuration Issues
The Log Archiver provides a feature where archives can be copied (or mirrored) to a DVD.
There is, however, a limitation in a Microsoft API that is used by this feature to communicate
with the DVD drive hardware. As a result, certain DVD drives will not work. Microsoft does not
provide a list of compatible drives so it is impossible to comprehensively state which drives will
or will not work. The following two lists detail the hardware that was tested in the Avaya test
labs.
It is expected that most drives will not exhibit the problem. To check if your drive is supported,
open the Log Archiver configuration window, click the Settings tab, click the Mirror Settings
button, select the Disc tab and click on the Detect Media button. If you see the error message
below, your drive is not supported.
Installation Instructions
None.
Configuration Issues
None.
Q02137735 [M&I] Agent By Skillset Post Call Processing stat not working with Multiplicity
Details:
Post Call Processing (also known as After Call Work) is the time the agent spends performing
activities relating to the contact that has just been completed. The agent signals the start of PCP by
entering the Not Ready state. When the agent is working on multiple contacts PCP is not pegged
until the last contact is released.
Workaround:
No workaround currently available.
The SIP CTI link between CCMS and AES employs the protocol, Transport
Layer Security (TLS), to provide this secure communication. TLS is enabled
through the use of signed security certificates, utilizing public and private
encryption keys, which enable SIP-CCMS to recognize other servers over a
network.
Prerequisites
• Install Contact Center Manager Server. See Avaya Next Generation
Contact Center Installation (NN44400311).
• Commission Contact Center Manager Server. See Avaya Next Generation
Contact Center Commissioning (NN44400312).
Navigation
• Creating a Certificate Store using Certificate Manager
• Generating a Certificate Signing Request File
• Signing aGenerating a Certificate Signing Request File
The user has the choice of several companies which deal with signing certificate signing
requests for customers. The other option is to promote a windows server to be a certificate
authority, but please note this private CA will not be trusted by other companies and is trusted
inside that organisation sphere of influence only.
The following steps are based on having your own CA and not using a third party CA
1. Using the CA web service to issue requests : type in http:\\ CAserverName\certsrv into
a browser
NOTE: When creating certificates for SIP CC and MBT connectivity there is a
requirement for a custom certificate template. It is based on a Web Template but
with the addition of Client and Server Authentication. Please refer to Annex D
of the Avaya Aura Application Enablement Services Implementation Guide
for MS LCS 2005 or MS OCS 2007 on how to create this template.
2. Enter in the Administrator username and password: This allows access to the CA server
web site. See below
3. From the options shown, select the Request a Certificate option and then
select Advanced Certificate Request
4. Select the second option Submit a certificate request by using a base-64-encoded
CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded
PKCS #7 file.
5. The next stage is where we copy the contents of the CSR file generated earlier into
the Saved Request field. SIP CC and MBT require a custom template to be generated; it
is basically a Web Server template with the addition of client and server authentication.
Select this template before hitting Submit
6. Leave the encoded option in DER and select the Download certificate link.
7. Save the file onto your server. It will be named certnew.cer.
8. This is now the signed certificate. Place this back on the server for which it is assigned
to and then add it to the certificate store using the Certificate Manager Utility.
Procedure steps
StepAction
1 Log on to the server where you want to create the certificate store.
2 Click Start, All Programs, Avaya, Contact Center, Common Utilities.
3 Select Certificate Manager.
4 In the Certificate Store tab, FQDN and Password fields are mandatory,
The rest of the fields are optional. They can be left blank if desired. But it is
recommended to fill in these fields if an external Certificate Authority is
signing a Certificate Signing Request (CSR).
Attention: The FQDN must be the full machine name of the server that the Certificate
Store resides on. It is also case sensitive. This field is auto populated with the FQDN
read from the underlying operating system. It can be modified if required. The
password fields have been pre-populated with a default password “__avaya” (double
underscore followed by name). This can be changed to a bespoke password if
desired
5 Once all of the information required is entered, Select Create Store, the
private key is created that is used in the private-public key encryption.
6. This will automatically bring up the Certificate Request tab displaying the
newly created Certificate Signing Request file contents.
--End--
Variable definitions
Variable Value
Full Computer Name (FQDN) The hostname and parent domain which fully
qualifies the computer where the store is created.
For example: <computerX.DomainY.com>
Two Letter Country Code The country code where the system is located.
Variable definitions
The tab displays the contents of the Certificate Signing Request (CSR) file which
can be copied directly and signed. Or if they wish to, the tab also displays the
location of the physical CSR file on the hard disk. This can also be copied and
emailed to an external Certificate Authority for signing.
The customer can take the CSR to a Certificate Authority or its own Certificate
Authority and receive a signed security certificate. The system can use the
signed security certificate to configure a trust relationship between servers.
If the Certificate Signing Request (CSR) is not signed straight away, the next time
the user logs in they have to select the tab and the contents of the CSR file will
still be present along with the Signing Request Status field indicating Pending
status.
Once signed and placed into the store via the Add Certificate Tab this status will
change to Signed status to indicate to the returning user that this CSR has been
signed already.
Prerequisites
• Speak with your System Administrator on how to obtain a signed certificate
and root certificate from a Certificate Authority.
• Save both signed and root certificates as DER format using the custom
AES template.
Procedure steps
StepAction
1 Log on to server containing the store.
2 Click Start, All Programs, Avaya, Contact Center, Common Utilities.
3 Select Certificate Manager.
4 Select Certificate Request tab.
5. Check to see if the CSR has been signed, if not proceed to sign it.
9 Select Close.
Attention: After you complete this process, the certificate must be signed by a
Certificate Authority. Contact your System Administrator for the preferred method for
obtaining the signed certificate request file. Save the signed certificate on the server
containing the Certificate Store.
--End--
Variable definitions
Variable Value
Certificate Store Status Indicates if the Certificate Store has been created.
Variable definitions
The user has the choice of several companies which deal with signing certificate signing
requests for customers. The other option is to promote a windows server to be a certificate
authority, but please note this private CA will not be trusted by other companies and is trusted
inside that organisation sphere of influence only.
The following steps are based on having your own CA and not using a third party CA
1. Using the CA web service to issue requests : type in http:\\ CAserverName\certsrv into
a browser
NOTE: When creating certificates for SIP CC and MBT connectivity there is a
requirement for a custom certificate template. It is based on a Web Template but
with the addition of Client and Server Authentication. Please refer to Annex D
of the Avaya Aura Application Enablement Services Implementation Guide
for MS LCS 2005 or MS OCS 2007 on how to create this template.
2. Enter in the Administrator username and password: This allows access to the CA server
web site. See below
3. From the options shown, select the Request a Certificate option and then
select Advanced Certificate Request
4. Select the second option Submit a certificate request by using a base-64-encoded
CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded
PKCS #7 file.
5. The next stage is where we copy the contents of the CSR file generated earlier into
the Saved Request field. SIP CC and MBT require a custom template to be generated; it
is basically a Web Server template with the addition of client and server authentication.
Select this template before hitting Submit
6. Leave the encoded option in DER and select the Download certificate link.
7. Save the file onto your server. It will be named certnew.cer.
8. This is now the signed certificate. Place this back on the server for which it is assigned
to and then add it to the certificate store using the Certificate Manager Utility.
Automatically
This is where the user selects the folder which contains the signed and
root certificates. Once folder is selected they can select Add all
Certificates which will automatically determine which a signed
certificate is and which is a root certificate and add them to the store
accordingly.
Note: If multiple signed and root CA certificates reside in the store, the
will all be added blindly, but there can only be one signed certificate
and if one exists already the user will be prompted to overwrite or
cancel the operation. Subsequent signed certificates are then added
but are not used in this release.
Manually
This is where the user can browse for individual signed and root CA
certificates and are added on a one by one basis. There are individual
fields specifically for signed and root CA certificates.
Prerequisites
• Save the Certificate files on your certificate store computer.
Procedure steps
StepAction
1 Log on to server containing the store.
2 Click Start, All Programs, Avaya, Contact Center, Common Utilities.
3 Select Certificate Manager.
4. Go to the Add Certificate tab.
6 Depending on what insertion option taken:
Auto: Browse to a directory which contains the certificates and then
select the Add all Certificates button
Manual: Based on the type of certificate you wish to add, browse to its
location and either selects Add CA Certificate button or Add Signed
Certificate button
7 Select Close.
--End--
Variable definitions
Variable Value
Auto: Browse button Select the folder on the server where the
certificates are stored
This will list all of the certificates that reside in the
Auto: Select folder field
directory selected.
Once pressed all certificates in the directory will
Auto: Add All Certificates be added. If a signed certificate exists already a
button dialog will prompt to overwrite or cancel.
Manual: Browse (signed and There are two separate browse buttons, one for
root) signed certificates and one for manual. Both allow
the user to select the file to be inserted in the
store.
Manual: Add Signed Certificate This will add the root signed certificate to the
button store.
Variable definitions
Prerequisites
• Save the Certificate files on your certificate store computer.
Procedure steps
StepAction
1 Log on to server containing the store.
2 Click Start, All Programs, Avaya, Contact Center, Common Utilities.
3 Select Certificate Manager.
4 Select the Store Maintenance tab,
5 In Certificates list, select the certificate(s) to remove.
6 Select Remove, to remove the selected certificates from the store.
7 Select Close.
--End--
Variable definitions
Variable Value
Prerequisites
• Certificates must have been added already to the store to view them
Procedure steps
StepAction
1 Log on to server containing the store.
2 Click Start, All Programs, Avaya, Contact Center, Common Utilities.
3 Select Certificate Manager.
4 Select the Display Certificates tab,
5 Select the certificate in the list to view its details.
6 Select Close.
--End--
Variable definitions
Variable Value
The FQDN must match the value entered into AES where the server is placed in as a trusted
server. Choose a password; enter in values to the other fields if you wish as they are not
mandatory and hit Create Store.
You should see the following screen if it has created the store
Upon creating the store a Certificate Signing Request is created automatically and the contents
of the file are displayed on this tab. The user can copy this directly and get it signed or they can
go to the location of the CSR file, shown in the tab, and copy it from there or email the file to an
external CA for signing.
Note the Pending signing status, this is to inform users that don’t sign the CSR straight away
and they close and log back into CM that it needs to be done. Once signed and the signed
certificate placed into the Certificate Store this status will change to Signed.
If there are any errors they will be logged in the log directory under Common Components
D:\Avaya\Logs\Common Components
File Name : CC_CMLogging.log
Once the store is created and you close the Certificate Manager, when re-launched the
Certificate Manager will prompt you for the store password.
This password is used when accessing the features of the Certificate Manager and if entered in
incorrectly, even though the Certificate Manager will launch, it will not allow any access to its
features. The user will be presented with the following message. Close Certificate Manager and
re-enter the password again.
Automatic allows you to select a folder which contains both the signed and root CA, and just
press Add All Certificates button. The CM will determine which are root and Signed certificates
and add accordingly.
Manual allows the user more control of what type they wish to add one at a time
Certificates to be added
As before you must add a signed and root certificate for SGM to launch.
This will enable the Remove button which will remove any selected certificates from the store.
Multiple certificates can be removed.
Select one of the entries and the details of the certificate will appear in the Certificate Detail
window as shown below.
Change Password
Certificate Manager allows the user to change the password entered in when the store was first
created. On the Certificate Store tab , select the change password button and change the
password as required.
Help
There is online help which can be accessed via the Help button or the Help Menu.
Troubleshooting
Keytool is the command line tool that can be used to add/remove/etc items from a Certificate
store. You can use this to see if the certificates have been added.
Keytool is part of the JRE and a quick search should locate it on the hard disk. Generally it is in
the following location:
C:\Program Files\Rational\Common\java\jre\bin
So some simple commands to check out the keystore
Check which certificates are in a Java keystore
Appendix C – Certificates
The new Certificate Manager utility has the ability to generate certificate signing requests (CSR).
The generation of these files is only the first step in obtaining a security certificate for the SIP
contact center. See Appendix A for step by step guide of the Certificate Manager
The next step is to sign the request, and to do this requires the following infrastructure to be in
place beforehand.
Note: To establish TLS communication not only is a signed certificate required, but also a CA
Root certificate. This document will show you how to obtain both
1. Go to a commercially available security certificate company and get them to sign the CSR.
This would involve a fee for a proper security certificate OR you could get a temporary certificate
with limited life from them for free. Either way you would have to pick one and send them the
CSR file to be signed.
2. Make one of your servers/domain controllers a Certificate Authority and sign the CSR inside
your own organisation. This has obvious advantages in that you can sign as many certificates as
you want and they are free with no time limitations. Disadvantages are that you CANNOT use
these certificates outside your organisation as other organisations would have no idea who
signed the certificates and therefore will not trust them.
To make a Windows 200X server a CA you need the OS DVD and add/Remove windows
components and install the additional CA component. Windows installation guides should have
the relevant information on this procedure.
So once you have a CA in place you can sign the CSR file.
Select the Request a Certificate option and then Select Advanced Certificate Request. See
next
Then select the second option Submit a certificate request by using a base-64-encoded
CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7
file
The next stage is where we copy the contents of the CSR file generated earlier into the Saved
Request field. SIP CC and MBT require a custom template to be generated; it is basically a
Web Server template with the addition of client and server authentication. Create this
template and name it appropriately and then select it in the Certificate template drop box,
The screen show below shows a standard web Server template; please use the custom
one you have created instead.
This is now the signed certificate. Place this back on the server for which it is assigned to and
then add it to the certificate store using the Certificate Utility.
On the CCMS server, launch the following: CA web service again (like before)
This time select the Download a CA certificate, certificate chain, or CRL link
and as before save it to the designated directory so that it can be read in.
The policy file can be imported onto a server using “Windows Firewall with Advanced Security”
under start->Administrative Tools (see below).
The current AACC Windows Firewall policy is available from the Service Pack download
location.