TMS Agent Troubleshoot Procedures

Introduction

This document describes common issues with Cisco TelePresence Management Suite (TMS) Agent, a legacy tool that allows you to provision devices and soft clients such as Cisco Jabber Video for TelePresence, Cisco TelePresence Movi, and Cisco Jabber for iPad when registered to a Cisco Video Communication Server (VCS).

Note: Cisco recommends that you upgrade to the new provisioning solution called TMS Provisioning Extension (TMSPE), but the TMS solution should be functional before you migrate.

Prerequisites

Requirements

Cisco recommends that your system:

• Runs Cisco TMS
  
  
• Uses one or more Cisco TelePresence Movi Option Keys (purchased separately)
  
  
• Uses one or more Cisco VCS Control appliances
  
  
• Uses the Cisco VCS Device Provisioning Option Key (no-charge key obtained from your Cisco representative)

Note: This document does not cover VCS clustering. If a VCS cluster is used, Cisco recommends that each VCS in the cluster be operational, with its configuration replicating properly, before TMS Agent replication is enabled.

Components

The information in this document is based on these software and hardware versions:

• Cisco TMS Versions 12.6.X or 13.X
  
  
• Cisco VCS Control Appliances that run software Versions X6 or X7

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Errors when TMS Agent is Enabled on a Single VCS

This section describes the issues that are encountered when the Cisco TMS Agent is enabled on a single VCS Control Appliance.

Unable to Connect to the Remote TMS Agent

If the Cisco TMS Agent is enabled on a single VCS Control Appliance, you might receive this error message:

If you encounter this issue, verify that a Domain Name System (DNS) hostname is supplied in the Connection tab for the VCS. The DNS must be set up correctly before the TMS server is able to properly connect to the Remote TMS Agent. Reference the DNS Items to Check section of this document for more information.

Also, verify that the device provisioning key is installed. If it is installed, attempt to reboot the VCS Control Appliance.

Note: If you receive the Unable to connect to the TMS agent on this VCS error message on a VCS Expressway Appliance, it is normal behavior because the VCS Expressway Appliance should not have the device provisioning key installed.

Failed to Enable TMS Agent Data Replication

If you receive the Failed to enable TMS agent data replication message from the activity status page (shown in the next image) and there are no errors that provide a reason for the failure, then complete the steps described in the next section. If a reason for the failure exists, then check the other common errors described in this document. 

 

Rebuild the TMS Agent Database on the VCS

In order to rebuild the TMS Agent database on the VCS Control Appliance, you must disable replication on the TMS and then reinstall the TMS Agent database.

Warning: The steps described in this section cause a Cisco TelePresence Movi or Cisco Jabber Video for TelePresence user login failure; users that are currently logged in remain logged in, but new users are unable to log in until replication successfully completes.

Disable Replication on TMS

Complete these steps in order to disable replication on the TMS:

1. From the TMS Systems navigator page, click VCS.
   
   
2. Navigate to the TMS Agent tab and verify that the Replication check-box is unchecked for each VCS.
   
   
3. Wait until Complete is reported on the Activity Status page (the process takes several minutes).

Reinstall the TMS Agent Database on the VCS

Complete these steps in order to reinstall the TMS Agent database on the VCS Control Appliance:

1. Secure Shell (SSH) into each VCS Peer with the Root login.
   
   
2. Enter tmsagent_destroy_and_purge_data for each VCS.
   
   
3. Read the disclaimers and press Y.
   
   
4. Repeat these steps until the process completes with OK.

If the previous steps fail after three attempts, enter these commands (in order):

1. /etc/init.d/S77provisioning stop
   
   
2. /etc/init.d/S76opends stop
   
   
3. /etc/init.d/S76opends uninstall
   
   
4. /etc/init.d/S76opends start
   
   
5. /etc/init.d/S77provisioning start

If the process fails after you enter the previous commands, then remove the device provisioning key (ensure that you document the key value) and wait two to five minutes. Reboot the VCS Control Appliance, add the device provisioning key, and wait another two to five minutes. Then, enter the tmsagent_destroy_and_purge_data command in order to receive visual confirmation that the process completes with OK. Replication can now be enabled.

Directory Service Does Not Run

If an alarm exists on the VCS that indicates whether the directory service runs, then reboot the VCS. If the alarm remains, complete the process described in the Rebuild the TMS Agent Database on the VCS section of this document.

VCS does not Appear in the Replicating Agents List

The VCS does not appear in the list of replicating agents until the TMS Agent successfully replicates the provisioning data. You might receive this error message on the TMS Agent tab in Systems > Navigator:

If you receive this error message, complete these steps:

1. Wait between two and five minutes, and then refresh.
   
   
2. Disable and then enable replication.
   
   
3. If the failure still occurs, ensure that the TMS can communicate with the VCS on these ports:

 

Port 8989 is the replicating port that is used between all replicating partners. This means that the port must be open between each TMS and VCS in the network. The traffic exchanged on this port is encrypted.  

Note: If a firewall is located between the TMS and VCS, Then ports 80 (http) and 443 (https) must be open in addition to the ports previously mentioned.

DNS Errors Enable Replication

If you receive the Unable to enable replication for 'vcs' error message, then a DNS lookup of the TMS host name on the VCS does not match the TMS IP address. If you receive the Failed to enable TMS agent data replication for 'vcs' error message, it means that the event failed to complete and the TMS Agent data replication setup failed for the VCS.

Verify DNS Items

Connect to the TMS via remote desktop, open a command prompt, and enter the nslookup command for the Fully Qualified Domain Name (FQDN) that matches the network address shown at the bottom of the TMS Agent Settings page (nslookup TANDBERG-MS.tandberg.com, for example). Navigate to Administrative Tools > Configuration in order to reach the Settings page.

If TMS is in a redundant setup, each TMS must have a resolvable forward record. The records do not have to match the physical hostname of the Microsoft Windows box. However, if you have more than one forward or reverse lookup assigned to a different hostname or IP address, it can cause the DNS lookup to fail. Once the forward record for the TMS is created, this should no longer be a problem.

Note: There are cases where multiple DNS reverse records cause issues in older TMS versions. In order to eliminate this issue, only one reverse record is recommended. Enter the nslookup command for the IP address (nslookup 10.10.0.1, for example) in order to verify this.

Restore the Local TMS Agent from the Remote TMS Agent

Note: The process that is described in this section is used if the TMS Agent database on the TMS server is corrupt but the VCS database is operational, or if a known operational backup from the TMS does not exist.

Complete these steps in order to restore the local TMS Agent from the remote TMS Agent:

1. Complete the steps described in the Rebuild the TMS Agent Database on the VCS section of this document in order to stop TMS Agent replication for the VCS.
   
   
2. Navigate to Maintenance > Backup, restore the VCS page, and click the Create TMS Agent backup file button. The file saves as a tar.gz file.
   
   
3. Open the tar.gz file in 7-Zip, and click the folders until you reach this location:
   
   
   
   
4. Extract the files to a known location.
   
   
5. Select the files, right-click, and click Compressed (zipped) folder:
   
   
   
   
6. Once the zipped folder is created, double-click it in order to verify that all of the folders appear in the file.
   
   

   Note: If you double-click the zipped folder and there is a single directory that you must open in order to view the folders and app.config, then the process does not work.

   
   
7. Rename the folder as TMSAgentBackup.<year><month><day><time> (TMSAgentBackup.201011071300, for example).
   
   

   Note: The time entry uses the 24-hour format. For instance, a time of 1:00 PM is entered as 1300.

   
   
8. Verify that replication on all devices is disabled. This includes replication between TMS Agents in a TMS redundant setup.
   
   
9. Navigate to Administrative Tools > Configuration > TMS Agent Settings, and clear the Replicating Agents list.
   
   
10. Connect to the TMS via remote desktop and locate the Backup Directory on the TMS Agent Settings page.
    
    
11. Copy the new zipped folder (created in the previous steps) into the Backup Directory.
    
    
12. Refresh the TMS Agent Settings page in order to add the new file to the drop-down menu, as shown:
    
    
    
    
13. Click the Restore Now button.
    
    
14. Once the TMS Agent data restore is successful, run the TMS Agent diagnostics on the local TMS Agent.
    
    
15. Navigate to the Provisioning Directory and verify that the configuration and users appear as expected.
    
    
16. Enable replication on the VCS.

Manually Rebuild the Indexes for the Local TMS Agent Database

Complete these steps if you run TMS Version 13.1 or later and receive index errors while you run the local TMS Agent diagnostics after the Fix button is clicked:

1. Connect to the TMS via remote desktop.
   
   
2. Navigate to Start > Run and enter %OPENDS_HOME%\bat.
   
   
3. Open the file called control-panel.bat and log in with the Lightweight Directory Access Protocol (LDAP) configuration password (default is TANDBERG). It should look similar to this:
   
   
   
   
4. Click Verify Indexes, and you see a screen similar to this:
   
   
   
   
5. Select all Available Indexes and click the Add > button.
   
   
6. Once finished, repeat these steps but click Rebuild Indexes on the OpenDS Control Panel page (step 4).  

Enable TMS Agent in a High-Latency Environment

When you enable replication on the VCSs, 300 ms is the maximum round-trip latency that is allowed for the TMS Agent to properly operate/replicate to all of the replicating peers. The replicating peers are any devices that the TMS Agent runs, such as the TMSs and VCSs. If the round-trip latency is above 200 ms between any of these replicating peers, your infrastructure might experience issues with replication.

If you have a high-latency network, you will most likely experience issues when you enable replication. The attempt results in one of these three outcomes:

• Replication is successful.
  
  
• Errors are received before the Initialize TMS Agent method is executed.
  
  
• Errors are received after the Initialize TMS Agent method is executed.

Complete these steps in order to troubleshoot the two errors:

1. During the replication process, click the Enable TMS agent data replication for system(s) event on the Activity Status page in order to track the progress.
   
   
2. Refresh the page once the process is complete.
   
   
3. If you receive errors before the Initialize TMS agent on VCS Name portion of the process, then you must rebuild the OpenDS database on the VCS.
   
   
4. If you receive errors after the Initialize TMS agent on VCS Name portion of the process, run the TMS Agent diagnostics for the VCS on the TMS Agent Diagnostics page.
   
   
5. If you receive mostly green checks, then test your Cisco Jabber/Movi clients in order to verify whether they can log in.
   
   

   Note: All red checks indicate that the replication process failed and you must rebuild the OpenDS database on the VCS.

Reset the TMS Agent Database Password on TMS

If you receive the unknown error when you set the TMS Agent password on the TMS Agent Settings page, then you can use this procedure in order to reset the Directory Manager Password to the default of TANDBERG. Complete this process once replication on all devices is disabled, which includes replication between TMS Agents in a TMS redundant setup.  

1. Open a command prompt.
   
   
2. Navigate to the OpenDS-2.0\bat directory: cd %OPENDS_HOME%\bat.
   
   
3. Enter the encode-password.bat -s SSHA512 -c TANDBERG > C:\ENCPASSWORD.txt command.
   
   
4. Stop the TMSAgents Windows service, which also stops the OpenDS Windows service.
   
   
5. Open the file named %OPENDS_HOME%\config\config.ldif.
   
   
6. Locate this section:
   
   

   dn: cn=Directory Manager,cn=Root DNs,cn=config
   objectClass: person
   objectClass: organizationalPerson
   objectClass: inetOrgPerson
   objectClass: top
   objectClass: ds-cfg-root-dn-user
   userPassword: {SSHA512}KFfaERuBiOesVUg/mf7EB4xqq5eOOPFDuVBiZCPaBetrgN92rwbe
    JTPiPZ+I3ferqN8D4UgnA5jIBLRbrtUFT9Jld/vN85dg

   
   
7. Replace the userPassword string with the string that is given in the ENCPASSWORD.TXT file (without the quotes).
   
   
8. Remove or rename the app.config file that is located in this directory: TANDBERG\TMS\wwwTMS\Data\TMSAgent\app.config.
   
   
9. Start the TMSAgent Windows service, wait approximately one minute, and the OpenDS Windows service starts as well.
   
   
10. In the TMS Portal, navigate to Administrative Tools > TMS Agent Settings.
    
    
11. Change the password fields to TANDBERG.
    
    
12. Once the process is complete, stop the TMSAgent Windows service, which also stops the OpenDS Windows service.
    
    
13. Remove or rename the app.config file that is located in this directory: TANDBERG\TMS\wwwTMS\Data\TMSAgent\app.config.
    
    
14. Restart the TMSAgent Windows service, which also restarts the OpenDS Windows service.

Another way to verify that the TMSAgent Windows service and OpenDS Windows service are enabled is to open the Windows Task Manager and select the Processes tab in order to verify that there are two java.exe processes that run. The first process starts quickly; the second instance might take one to two minutes before it starts. This means that the services do run, but it does not guarantee that they run properly.  

 

Check the Replication Status

When you check the replication status of a VCS, it helps identify replication issues. In order to check this, navigate to Systems > Navigator in TMS and select the VCS. Click the TMS Agent tab and click the Show replication status button:

  

Tip: If errors are present the box shown in the previous image, they can help you to determine the next steps that must be taken in order to fix the replication issue and can also indicate if a port is blocked.

Related Information

• TMS Provisioning Deployment Guide
• TMS Provisioning Troubleshooting Guide
• VCS Authenticating Devices Deployment Guide X7.1
• VCS Authenticating Devices Deployment Guide X7.0
• VCS Authenticating Devices Deployment Guide X6.1
• Why upgrade to Cisco TMSPE?
• Technical Support & Documentation - Cisco Systems