Integrate Recording Controls of AQM to Finesse Desktop

Embed Pause and Resume recording buttons to Cisco Finesse Desktop (AQM required)


Hi buddies,

It’s been long since I last dropped a blog post. I was busy with several projects (always in UC field). One of them included adding Recording Controls to a UCCX deployment along with Advanced Quality Management (AQM, QM, Unified Workforce Optimization, WFO or Calabrio Recording…)

In fact, the Recording Controls are a very important feature, especially for Contact Centers running banking/payment/credit cards activities. No credit card information should be recorded and held on AQM. And it’s a requirement for PCI-DSS. Agents must pause recording during the payment process by phone and then resume the recording afterwards.

I’m so sorry that I didn’t take any screenshots of the configuration. However, I took some notes about some tricks while implementing the Recording Controls. So, the following is not replacing at any way the QM Installation, Integration or Cisco Finesse Administration guides.

Here are my notes on it, in case you find something useful in it.

1- Make a copy of C:\Program Files\Cisco\WFO_QM\Jetty\work\cone_


2- Edit RecordingControls.xml in order de put the IP address de AQM and verify PeripheralID in QMAdmin (users x.teamyy), if the platform is based on UCCX, put periphid=2

3- Reset 3rdpartygadget password in both UCCX-PUB et -SUB via utils reset_3rdpartygadget_password

4- With WinSCP connect to each UCCX (PUB et SUB) and create a folder recordingcontrols

5- Upload the content of the gadget (copied in step 1 and edited in step 2)

6- If you have difficulties uploading the file « finesse-10.0.1.js », create an empty file via WinSCP then copy-paste the text content of finesse-10.0.1.js file

7- Go to sur Finesse Admin, create two Actions: QM Record Start et QM Meta Data

HTTP Request, Finesse Desktop, POST, Other, text/json,

The first is “Record Start”, and the parameters are:

– URL: http://AQM_IP_Address/recordingcontrols/rest/start

– Body : { “peripheral_id”: “2”, “sender_id”: “${loginId}” }

The second is “Meta Data”, and the parameters are:

– URL: http:// AQM_IP_Address /recordingcontrols/rest/metadata

– Body : {

“peripheral_id”: “2”,

“sender_id”: “{loginId}”,

“metadata”: {

“account” : “${callVariable1}”




8- Add Workflow with the parameters

When to perform Actions: When a call is answered

If all conditions are met

then add the two actions under Workflow

9- Go to the Team for which we will add the Recording Controls, then apply the added workflow in step 9.

10- In the desktop layout of the Team, add the following line : <gadget>/3rdpartygadget/files/RecordingControls/RecordingControls.xml</gadget> in the place of










11- Go to QM Admin, Enterprise > Interface Configuration > Role permissions and don’t keep anything but the buttons “Pause” and “Resume”.

12- Test


I may add screenshots if I find some spare time to reproduce the configuration.

Integrating Cisco Meeting Server with Lync/Skype for Business

I have implemented this week multiparty conferencing through the new Cisco’s CMS conferencing product. CMS enables Lync and Cisco users to participate in the same conference with a seamless behavior between Lync and Cisco experience.

The CMS is excellent for organizations where both Lync and Cisco UC deployments are used. (yes, Cisco is best in Telephony, yes Lync is best in Chat & IM, and yes opinions are shared for video/webconferencing)

The configuration is pretty straightforward. I’m really surprised with the ease of the configuration in CMS.

I will not detail how to integrate CMS with CUCM. A prerequisite of the following is that Cisco endpoints eg. Jabber and/or DX endpoints are able to connect to the same Space.

Note that the word “Space” in Cisco meeting Server is actually the equivalent of the Collaboration Meeting Room in Cisco Conductor.

The configuration steps on Lync/SfB Front-End are detailed in the CMS deployment guide Appendix C.

So basically, you need a choose domain for CMS  which needs to be different than the Lync domain. (for example, if your Lync deployment is , you may choose for example the domain to route calls from Lync to CMS). This is because Lync needs to differentiate “Lync internal” calls ( from “Lync external” calls ( You may even choose a completely different domain like “”, not only a different subdomain.

Here are the steps :

1- Download the Root CA certificate that signed the CMS certificate and import it to each Lync Front-End server. Put it in the “Trusted Root Certificate Authorities” folder. The Root CA certificate should be a .cer or .crt or whatever certificate file extension.

Importing the Root CA certificate that signed Lync Front-Ends to CMS is recommended however not required since CMS certificate verification is disabled by default.

2- Open Lync Server Management Shell to create the “Trunk” between Lync and CMS. The “Trunk” with CMS will be of type “Trusted Application Pool”; as far as Lync guys are concerned. Type the following cmdlets :

New-CsTrustedApplicationPool -Identity -ComputerFqdn -site 1 -RequiresReplication $false -ThrottleAsServer $true -TreatAsAuthenticated $true

New-CsTrustedApplication -ApplicationId meetingserver-application -TrustedApplicationPoolFqdn -Port 5061

$x=New-CsStaticRoute -TLSRoute -Destination “” -MatchUri “” -Port 5061 – UseDefaultCertificate $true

Set-CsStaticRoutingConfiguration -Identity global -Route @{Add=$x}

and Finally : Enable-CsTopology

3- That’s it ! From a Lync client call “” and you should be in the virtual room. Don’t forget to open your webcam. Seems that Lync don’t negociate inbound Video until you actually open your webcam and trigger the outbound Video negociation.

4- You may face a problem where the Lync call to “” window appears and then disappears suddenly and the call gets disconnected.
I troubleshooted the issue in the CMS

2017-01-25 16:17:47.805 Info call 25: recognised as Lync
2017-01-25 16:17:47.805 Info call 25: incoming encrypted SIP call from “” to local URI “” (Lync)
2017-01-25 16:17:47.817 Info conference “Test”: unencrypted call legs now present
2017-01-25 16:17:47.922 Info participant “” joined space 32c459e9-fb89-4b5f-96d9-73aab7e5c7f4 (Test)
2017-01-25 16:17:47.962 Info call 25: ending; remote SIP teardown; ICE negotiation in process – connected for 0:00
2017-01-25 16:17:47.962 Info participant “” left space 32c459e9-fb89-4b5f-96d9-73aab7e5c7f4 (Test)

A detailed call trace on CMS will show a SIP BYE message with the cause :
ms-client-diagnostics: 52001;reason=”Client side general processing error.”;UserType=”Callee”;MediaType=”audio”

2017-01-25 16:18:50.797 Info SIP trace: connection 31: incoming SIP TLS data from to, size 699:
2017-01-25 16:18:50.797 Info SIP trace: BYE;transport=tls SIP/2.0
2017-01-25 16:18:50.797 Info SIP trace: Via: SIP/2.0/TLS;branch=z9hG4bKDEEFB2EF.FF22BB7957D3B46E;branched=FALSE
2017-01-25 16:18:50.797 Info SIP trace: Max-Forwards: 69
2017-01-25 16:18:50.797 Info SIP trace: Via: SIP/2.0/TLS;ms-received-port=6174;ms-received-cid=E5400
2017-01-25 16:18:50.797 Info SIP trace: From: <>;tag=d8804dbf7f;epid=eedfaef46a
2017-01-25 16:18:50.797 Info SIP trace: To: “Test” <>;tag=a1ed2fe26aae6b2b
2017-01-25 16:18:50.798 Info SIP trace: Call-ID: 3238de7a9d0547978d0a00d24623c4cb
2017-01-25 16:18:50.798 Info SIP trace: CSeq: 2 BYE
2017-01-25 16:18:50.798 Info SIP trace: User-Agent: UCCAPI/15.0.4893.1000 OC/15.0.4893.1000 (Skype for Business)
2017-01-25 16:18:50.798 Info SIP trace: ms-client-diagnostics: 52001;reason=”Client side general processing error.”;UserType=”Callee”;MediaType=”audio”
2017-01-25 16:18:50.798 Info SIP trace: Content-Length: 0
2017-01-25 16:18:50.798 Info SIP trace: ms-routing-phase: from-uri-routing-done

The problem was that, by default, the “SIP Media Encryption” parameter on CMS (menu Configuration > Call Settings) was set to “disabled”. Since Lync requires encryption you may turn it to “allowed” and everything will work as a charm!

One last thing, the Lync client can also give you the presence status of the room. It will show Ready if nobody is in the Room and “In a call” if a meeting is in progress.

Collaboration Edge with Let’s Encrypt certificate and 7800/8800 IP phones

I have finished few weeks ago a Collaboration Edge deployment through Expressway for a customer.

We used in this deployment the new “free” Certificate Authority aka Let’s Encrypt.

In fact, this authority is supported by 7800/8800 series IP phones as stated by the Certificate Authority Trust List document.

Many websites provides simplified management and generation of Let’s Encrypt certificate (native one requires API integration etc. a hussel!), we used for instance.

We have generated the certificate for ONLY the FQDN of Expressway as Subject Name. We did not put anything as SAN, no top-level domain especially. (Expressway version is 8.7.3 but it should work for later versions)

And it worked like a charm. One last thing is that the certificate has to be regenerated each 3 months so that it keeps current.

He’s my conclusion in two points:

  • Let’s Encrypt is trusted by Cisco IP phones and can be used as the Certificate Authority for Expressway-E
  • Putting ONLY the FQDN of Expressway in the certificate is pretty enough to make phones work outside the corporate LAN


Corporate directory for 7800/8800 IP phones on CME “Host not found”

Last week, I was deploying a new CME with some 7821 IP phones with some 8861 IP phones for the executivess.

However, I faced a problem regarding the corporate directory on those new SIP IP phones.

Phones were stating “Host not found”.

I searched around forums and blogs but didn’t find anything helpful.

As soon as I added the following three commands, the corporate directory worked.

CME(config)#ip http server


CME(config-telephony-service)#url directories http://CME-IP-Address/localdirectory

Following this, the Corporate directory worked like a charm! Yes it doesn’t mean anything to use “telephony-service” which is supposed to be used in case we have Skinny phones. Well not.

Don’t forget to save your config! “wr” 😉