Troubleshoot CUCM Web (GUI) Issues

Available Languages

Download Options

  • PDF     (262.1 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (263.0 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (291.5 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:April 23, 2015
Document ID:118927

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes reasons that the Cisco Unified Communications Manager (CUCM) user page and web pages are not displayed or yield errors.

    Prerequisites

    Requirements

    Cisco recommends that you have knowledge of CUCM.

    Components Used

    The information in this document is based on CUCM versions 7.x/8.x/9.x/10.x.

    The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

    Flow Diagram

    The flow diagram for web access on CUCM is shown here:

    Flow Diagram

    Problem 1: Database Communication Error

    When you try to log in to the CUCM Admin web page from Publisher, the "Database communication error" is received.

    Cisco Unified CM Administration

    You are able to log in to the CUCM Admin web page from Subscriber, but any changes on CUCM cause one of these errors:

    "Error occurred during retrieve information from database. java.sql.SQLException: No DELETE permission." or "Add failed. The Insert privilege is required for this operation."

    Status Error Occurred

    Status Add Failed

    This issue can occur when you try to log in to the server after changes are made in the Publisher server, such as when the hostname or IP address is changed either through the CLI or the Operating System (OS) Admin page.

    In this case, revert the changes made back to the old configuration in order to let you log in.

    If no changes were made to CUCM Publisher and you still receive the Database Communications Error message, then check these items:

    • Enter the utils dbreplication runtimestate command in order to check the DBreplication Status.

    Confirm that the status of replication is 2 on all nodes without any errors or mismatches.

    • Determine whether a Cisco database (DB) service currently runs. A Cisco DB not started on Publisher could also cause this issue.

    The error/symptom on Subscriber is different because Subscriber uses its own A Cisco DB process which runs fine. However, when you try to update the configuration, Subscriber contacts A Cisco DB on Publisher which does not work and causes an error on Subscriber as well. Also, the inability to access the CUCM page of Publisher is possibly because of a database communication error where Informix does not accept any more connections.

    The utils dbreplication runtimestate command does not work:

    admin:utils dbreplication runtimestate
    File "/usr/local/cm/bin/DbReplRTstate.py", line 578, in ?
       fin = open(tfile, 'r')
    IOError: [Errno 2] No such file or directory: 
    '/var/log/active/cm/trace/dbl/sdi/getNodes'

    This issue is also documented by Cisco bug ID CSCtl74037. The workaround for this is to enter these commands from the CLI:

    utils service stop A Cisco DB
    utils service start A Cisco DB

    and stop the Cisco Express Forwarding (CEF) service from the serviceability page.

    Enter the utils service start A Cisco DB command in order to start the A Cisco DB service.

    If the service does not start, then call the Cisco Technical Assistance Center (TAC) in order to start the service from root. TAC verifies the issue with root access. In few cases, if the DB is corrupted then a rebuild of CUCM is necessary.

    Problem 2: Connection to the Server Cannot Be Established (Unable to Access the Remote Node)

    You are unable to access the other CUCM nodes from the Serviceability page of the CUCM that you are currently logged in.

    Choose Cisco Unified Serviceability > Tools > Control Center Feature/Network Services > Select Server > Go.

    The error message displayed is "Connection to the Server cannot be established (Unable to access remote node)."

    Connection to the Server cannot be Established - Unable to Access the Remote Node

    Workaround

    Log in to each CUCM node separately in order to access Serviceability and Activate/Deactivate services.

    Solution

    1. Check whether the Tomcat certificate is expired. (Choose Cisco OS Administration > Security > Certificate Management > tomcat.pem). If expired, regenerate the Tomcat certificate and restart the Tomcat service.
      • If you use a Certificate Authority (CA) signed certificate, get the Tomcat Certificate Signing Request (CSR) re-signed by the CA, re-upload it back, and restart the Cisco Tomcat service with the utils service restart Cisco Tomcat command.
      • If you use a self-signed certificate on the affected server, regenerate the Tomcat certificate with the set cert regen tomcat command from the CLI or from OS Admin and then restart the Cisco Tomcat service with the utils service restart Cisco Tomcat command.

        This known defect is documented in Cisco bug ID CSCth44399.

    2. Confirm the validity of Tomcat certificates. Check whether the Tomcat trust certificate of the problematic node is on the other node. If it is not on the node, download the Tomcat trust certificate of the problematic node and upload it to the other node as Tomcat trust. Then, regenerate the Tomcat certificate on the problematic node and restart the Tomcat service on both nodes.

    Problem 3: Connection to the Server Cannot Be Established (Unknown Error)

    You are unable to access the other CUCM nodes from the Serviceability page of the CUCM that you are currently logged in. Choose Cisco Unified Serviceability > Tools > Service Activation/Control Center Feature/Network Services > Select Server > Go.

    The error message displayed is "Connection to the Server cannot be established (Unknown Error)."

    Connection to the Server Cannot be Established - Unknown Error

    Workaround

    Log in to each CUCM node separately in order to access Serviceability and Activate/Deactivate services.

    Solution

    1. Enter the utils dbreplication runtimestate command to check for any dbreplication issues in the CUCM cluster.
    2. Restart the Tomcat Service with the utils service restart Cisco Tomcat command.
    3. Check for any Tomcat certificate (tomcat-trust) serial number mismatches on the nodes.
    4. Choose Cisco OS Administration > Security > Certificate Management > tomcat.pem and check whether the Tomcat certificate is expired. If expired, regenerate the Tomcat certificate and restart the Tomcat service.
      • If you use a CA signed certificate, get the Tomcat CSR re-signed by the CA, re-upload it back, and restart the Cisco Tomcat service with the utils service restart Cisco Tomcat command.
      • If you use a self-signed certificate on the affected server, regenerate the Tomcat certificate with the set cert regen tomcat command from the CLI or from OS Admin and then restart the Cisco Tomcat service with the utils service restart Cisco Tomcat command.

        These known defects are documented in Cisco bug ID CSCui29232 and Cisco bug ID CSCud67438.

    Problem 4: Connection to the Server Cannot Be Established (Certificate Exception)

    You are unable to access the other CUCM nodes from the Serviceability page of the CUCM that you are currently logged in.

    Choose Cisco Unified Serviceability > Tools > Service Activation/Control Center Feature/Network Services > Select Server > Go.

    The error message displayed is "Connection to the Server cannot be established (Certificate Exception)."

    Connection to the Server Cannot be Established - Certificate Exception

    Workaround

    Log in to each CUCM node separately in order to access Serviceability and Activate/Deactivate services.

    Solution

    1. Enter the utils dbreplication runtimestate command in order to check for any dbreplication issues in the CUCM cluster.
    2. Restart the Tomcat Service with the utils service restart Cisco Tomcat command.
    3. Check for any Tomcat certificate (tomcat-trust) serial number mismatches on the nodes.
    4. Choose Cisco OS Administration > Security > Certificate Management > tomcat.pem and check whether the Tomcat certificate is expired. If expired, regenerate the Tomcat certificate and restart the Tomcat service.
      • If you use a CA signed certificate, get the Tomcat CSR re-signed by the CA, re-upload it back, and restart the Cisco Tomcat service with the utils service restart Cisco Tomcat command.
      • If you use a self-signed certificate on the affected server, regenerate the Tomcat certificate with the set cert regen tomcat command from the CLI or from OS Admin and then restart Cisco the Tomcat service with the utils service restart Cisco Tomcat command.

        This known defect is documented in Cisco bug ID CSCup10995.

    Problem 5: GUI Access Very Slow

    CUCM Web/GUI access on Publisher and Subscriber is very slow.

    GUI Access Very Slow

    Solution

    1. CUCM Admin always queries the database of the publisher when available. See the diagram in the Flow Diagram section.
    2. Check for any network issues/network delays. This happens if the clustering is done over a Wide Area Network (WAN).
    3. Restart the Cisco Tomcat Service from the CLI/Secure Shell (SSH) with the utils service restart Cisco Tomcat command.
    4. Schedule a maintenance window and reboot the CUCM nodes.
    5. If the problem occurs again, contact the TAC with these logs:
      • Call Manager (Detailed) Traces
      • Tomcat Logs (logs from output of the file get activelog tomcat/logs/* command from the CLI)
      • Event Viewer Application Log
      • Event Viewer System Logs
      • Cisco Real-Time Information Server (RIS) DataCollector Perfmon Logs
      • Service Manager Logs
      • Output of these commands from the CLI of CUCM: 
        utils diagnose test
        utils ntp status
        show process load cpu
        show process load memory
        show process using-most cpu
        show process using-most memory
        utils core active list
      • Cisco Integrated Management Controller (CIMC) Logs 

    These known defects are documented in Cisco bug ID CSCub02337 and Cisco bug ID CSCui86571.

    Problem 6: Unable to Copy/Paste the Password in the End User Login Page

    Copy/paste to the Password field in the CUCM End user login page does not work.

    The paste operation of the password into the Password field in CUCM End user login page is not supported.

    This does not work with Internet Explorer (IE), Firefox, or Chrome.

    Unable to Copy or Paste the Password in the End User Login Page

    Copy/paste of the password is not allowed on end user pages because of the security risk. This is added as part of CUCM Version 9.1.2 and later.

    However, it has been noticed that the copy/paste function still works with a few versions of CUCM 10.x, which is documented in Cisco bug ID CSCus84153 and Cisco bug ID CSCus84152.

    Problem 7: Unable to Access ELM with Firefox and Chrome

    You are unable to access Enterprise License Manager (ELM) with Firefox and Chrome, but this works fine with IE. When you log in to ELM with Firefox or Chrome, none of the options are available.

    Unable to Access ELM with Firefox and Chrome

    This known defect is documented in Cisco bug ID CSCul30396.

    This issue has been fixed in versions of CUCM 9.1.2.11900-10 and later. ELM can be accessed with Firefox, IE, and Chrome.

    Problem 8: Web Page Logs Out Automatically

    The CUCM web page logs out automatically after its idle timeout expires.

    You can set the web page timeout with these commands from the CLI of CUCM.

    show webapp session timeout
    set webapp session timeout
    admin:set webapp session timeout ?

    Syntax

    set webapp session timeout minutes

    Minutes is mandatory and is the number of minutes after which sessions are declared to be invalid. The range is 5 to 99999.

    admin:set webapp session timeout 5

    If you continue with this operation, it sets the session-timeout for web sessions to 5 minutes after the Cisco Tomcat service has been restarted or after the server has been rebooted.

    Continue (y/n)?y
    Tomcat session-timeout updated to 5 minutes.

    The Cisco Tomcat service needs to be restarted for the changes to take effect immediately. This disconnects active web sessions.

    Continue (y/n)?y

    Do not press Ctrl-C while the service RESTARTS. If the service has not restarted properly, enter the same command again.

    Service Manager is running

    Cisco Tomcat[STOPPING]

    Cisco Tomcat[STOPPING]

    Cisco Tomcat[STOPPING]

    Cisco Tomcat[STOPPING]

    Commanded Out of Service

    Cisco Tomcat[NOTRUNNING]

    Service Manager is running

    Cisco Tomcat[STARTING]

    Cisco Tomcat[STARTING]

    Cisco Tomcat[STARTED]

    The Cisco Tomcat service restarted successfully. New web sessions time out after 5 minutes. The current session-timeout used for web sessions and applications is 5 minutes.

    Problem 9: Unable to Access the Admin/User Web Page of CUCM

    You are unable to access the Admin/User web page of CUCM.

    1. Verify whether the user credentials are correct. If you have entered the wrong credentials, you receive this error.

      Unable to Access the Admin or User Web Page of CUCM

    2. Verify whether the User has correct permissions (Roles and User Groups) configured. If they are not correctly configured, the web page prompts the login page again without any error messages.

    Problem 10: Local Agent does not Respond, the Primary or Local Agent Down

    You are unable to access any options from the Disaster Recovery System (DRS) page of CUCM after you log in. 

    "Local Agent does not respond." This is possibly due to Primary or Local Agent down. 

    Local Agent does not Respond - the Primary or Local Agent Down

    1. Check the IPsec certificate and confirm the validity. If it is expired, regenerate the IPsec certificate. 
    2. Restart the Cisco DRF Primary and DRF Local service.

    Related Information

    Revision History

    Revision Publish Date Comments
    1.0
    23-Apr-2015
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    • Jomon Augustine
      Technical Consulting Engineer
    • Krishna Pradeep Venugopalan
      Technical Consulting Engineer

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products