TMS & IIS You Need to Play Nice!
So one of the many projects I have is to upgrade our aged and dusty legacy Tandberg Management System version 10. To a new shiny Cisco TMS system version 14.1.1. Given the limited number of endpoints we decided to forgo the pain of doing an upgrade and decided to just stand up a new install and then flash cut over endpoints. Of this I am appreciative given the pain of the current CUCM upgrade I’m going through.
So everything is going swimmingly I’ve read over the install guide, I have a nice new 2008R2 x64 virtual machine built with all the software dependencies. Our DB team has created me a blank TMSNG database with a limited user account. And I’ve got my new license keys and feature keys from the old system. Things couldn’t be going better. I run through the install, answer the questions per the guide and all is well. I’m able to open the TMS web interface on the server it logs me right in with my AD credentials. Great I know it works but I don’t want to work on this thing via RDP so I might as well open up a new window on my machine in IE and start the configuration there.
I do so and I’m greeted with this:
What do you mean Unauthorized? You just logged me in on the local machine with my AD credentials. Hrmm now given my history of working with what feels like all the world of IT at times I know IIS can be the fickle creature when it comes to permissions. So I head off to Start > Administrative Tools > Internet Information Services (IIS) Manager. TMS installs itself into the Default Web Site assuming there is nothing already running on IIS, so I expand that. Given that I’m trying to access http://my-server/tms logic demands I should probably look at the authentication settings for the TMS virtual directory. So I double-click Authentication well that’s odd Windows Authentication is enabled. Lets look deeper, so I right-click Windows Authentication and select Providers. I think I see the issue. Negotiate is above NTLM in theory it should work but I don’t know enough about our AD / client setup to know if Kerberos is happy and working as it should be. Given that we just got off Novell I’m going to wager possibly not. So a simple test I move NTLM to the top of the list, and say ok. This change does not require a reset of IIS or services. Loaded up my TMS server URL on my laptop’s IE and what do you know I’m logged right into a happy TMS screen awaiting my commands.
Now to move on to the rest of the moving all the old endpoints over. I’m sure that will be fun…..