Cisco Cisco TelePresence Video Communication Server Expressway
Configuring VCS authentication methods
VCS Deployment Guide: Authenticating Devices (VCS X7.0)
Page 17 of 44
5. Click Save.
The VCS should join the AD domain. If you receive an error message, check the following:
•
•
the configuration settings on this page, including the username and password
•
the VCS’s CA certificate, private key and server certificate (CA certificate information is not
replicated across cluster peers)
replicated across cluster peers)
Add non-primary Domain Controllers and Kerberos Key Distribution Center servers
(optional)
(optional)
This step is only required if you are not using DNS SRV lookups of <AD DOMAIN> to obtain the
address details of the Domain Controller servers and the Kerberos Key Distribution Center servers.
address details of the Domain Controller servers and the Kerberos Key Distribution Center servers.
1. Go to
VCS configuration > Authentication > Devices > Active Directory Service
.
2. Enter up to 4 further Domain Controller server addresses (up to 5 in total).
3. Enter up to 4 further Kerberos Key Distribution Center server addresses and port numbers (up to
5 in total).
4. Click Save.
5. If the VCS is part of a cluster, check that the configuration entered on the master peer has been
replicated to each other peer.
Enable NTLM authentication challenges
When Active Directory details have been configured and the VCS has been joined into the AD domain,
VCS can now be configured to challenge Movi (4.2 or later) with NTLM authentication challenges.
VCS can now be configured to challenge Movi (4.2 or later) with NTLM authentication challenges.
1. Go to
VCS configuration > Authentication > Devices > Configuration
.
2. Ensure that NTLM protocol challenges is set to Auto.
Never use On, as this will send NTLM challenges to devices that may not support NTLM (and
therefore they may crash or otherwise misbehave).
therefore they may crash or otherwise misbehave).
3. Click Save if required.
4. If the VCS is part of a cluster, check that any configuration changes entered on the master peer
have been replicated to each other peer.
Configure Movi and test Active Directory database (direct)
authentication
authentication
You are recommended to use a Movi configuration that already authenticates successfully using either
provisioning or VCS authentication. This means that Movi’s Advanced settings (Internal VCS,
External VCS and SIP domain entries) are correctly configured.
provisioning or VCS authentication. This means that Movi’s Advanced settings (Internal VCS,
External VCS and SIP domain entries) are correctly configured.
1. Sign in to Movi:
a. In the Username field, configure <AD Short Domain Name>\username
(this field is not case sensitive).
b. In the Password field, enter the password as configured in the Active Directory database for
the chosen user.
2. Click Sign in.
A successful registration confirms that authentication of provisioning and registration of Movi to a
VCS now works using Active Directory database (direct) authentication.
VCS now works using Active Directory database (direct) authentication.