Table of Contents
ECE
My Notes
UCCE - Integration
- Log to system ECE admin Page http://ucce-ece-ws.mydomain.com/system
- Set System\Shared Resource\Services\Unifed CCE\EAAS process to automatic and start (should go running)
- Set System\Shared Resource\Services\Unifed CCE\Listener process to automatic and start (should go running)
- Set Partitions\Default\Services\Unified CCE\EAAS - configure for port 38001 and set to automatic & start - the MR PG PIM connects to this (check FW is allows)
- Set Partitions\Default\Services\Unified CCE\Listener- Set to Automatic & Start - this monitors CTI
- How does ECE know what the address of the CTI servers are?
- Via the UCCE AW PG2 Config - (old interface - check CTI addresses (use IP addresses) are configured)
URLs
- Lite Agent - (Advisor Login without Finesse) - https://myegainwebserver.mydomain.xyz/system/web/apps/login/
- Management & Authoring Console - https://myegainwebserver.mydomain.xyz/system/web/view/platform/common/login/root.jsp?partitionId=1
Install / Config Tips
PCCE CCE Admin - ECE Gadget Rendering Issues
- The CCE Admin tomcat server accesses the ECE Gadget from the ECE Web server using HTTPS. If the Tomcat does not have the CA Certification, TLS fails to establish and you will not be able to view the ECE Admin Gadget within CCE Admin. Hence you need to add the ECE Web cert (or if signed by a CA / Intermediate cert, you would add the CA root and intermediary certs) into the CCE Java CA keystore on the CCE Admin Tomcat Servers (AW-HDS-DDS)
- Use KeyStore Explorer (run as admin) to import CA to CA keystore (keystore is located here: C:\Program Files (x86)\Java\jre1.8.0_181\lib\security) - (the default keystore password is 'changeit'). Run keystore as an admin and make sure to save the file after importing the trusted certs.
- Make sure the ECE Web server FQDN is set in the ECE config (also available on PCCE Admin ECE Gadget)
- C:\ECE\eService\templates\finesse\gadget\spog\spog_config.js - uses the FQDN for web_server_name (Otherwise you will get a cert error)
- Note - also do this for the Agent Gadget config file - C:\ECE\eService\templates\finesse\gadget\agent\ece_config.js
- The account you use to login into CCE GUI must have its LDAP 'userPrincipalName' attribute set, as ECE looks up this attribute to search for the account via LDAP (see next LDAP setup).
- Configure ECE SSO Partition Admin setup is configured similar to below. This is needed even if you do NOT use SSO. This is required for the PCCE ECE gadget to work. If you want to use SSL for LDAP (which you should), the ECE server verifies the cert of the LDAP server - I have a keystore file that contains the LDAP server certs or the CA cert that signed them on the ECE Server, updated it to contain the Private CA cert using KeyStore Explorer
- Note - Spell userPrincipalName correctly! (I didn't and you get a Java error in ECE Application Logs when you try to log in on SPOG!)
- Review the ECE Application logs to see any errors if this is not working correctly.
- Note if you get the following error then reconfigure the LDAP integration to use Global Catalog port 3268 or 3269 (SSL)
Exception in LDAP authentication <@> javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'DC=example,DC=com'
- Note - if you want to use SSL for your LDAP lookup (recommended) do not use the certca store located in C:\ECE\jdk\lib\security - it seems to get overwritten, so i copied the cacert file and updated it with the CA certs for the LDAP servers and stored it in a different location as per screen shot below.
- Configure Application Path List - as per the ECE PCCE Installation Guide (MultiChannel - Email, Outbound, Chat).
- Configure CCE SQL Integration on PCCE ECE SPOG and import MultiChannel and PG and then import a Script
- Enable Agents for ECE
Pick / Pull Emails in ECE
Enable Pick Pull While In Not Ready
To Enable Pick Pull While In Not Ready you need to set the below registry key to “1” on the UCCE Router
[HKEY_LOCAL_MACHINE\SOFTWARE\Cisco Systems, Inc.\ICM\ucce\RouterA\Router\CurrentVersion\Configuration\Config] "EnablePickPullWhileInNotReady"=dword:00000001
Note - to be able to search from a specific Queue - you must assign the relevant Skillgroup to the ECE Queue
- Chat and Email Gadget → Department → Business Rules: Queues.
- Select Queue and assign relevant SG on the “Skill Groups” tab
Pull Emails
You need to select which Queues you want to pull from when not Ready. Select Options and then select the queues as per below:
Outbound ECE Emails
- Create a Skillgroup in the ECE OUtbound Domain and assign all agents to it.
- Create a Calltype
- Create a Routing Script with the above Skillgroup (copy an inbound Email script) and assoicate with the above calltype
- Create a Dialnumber in the ECE_Outbound MRD and assoicate the above calltype
- Import this Dialnumber into ECE (which then becomes a ECE Queue)
- Log agent into ECE Gadget - Test by viewing real time table for that agent and confirming it logged into ECE_Outbound MRD and try sending an email.
Jasper Reports
Admin API
PUT /system/ws/v19/administration/service/instance/998/stop /system/ws/v19/administration/service/instance/998/start PUT /system/ws/v19/administration/service/process/998/stop /system/ws/v19/administration/service/process/998/start
Add Data to Chat before it is passed into the StartChat()
- Add specific context is added to the customer object before it is passed into the StartChat()
method.
Web Callbacks - Quick Start Guide
- Create a copy of the callback folder “C:\ECE\eService\templates\callback\Rainbows” and update the Entry Point URL to use your custom template
- Disable Country Code from been used in Popup - by setting to 'useContryCode' to '0' in the eGain JavaScript File 'eGainLiveConfig.js'
- Create a Calltype , and a Dialed Number ECE Data Routing Client and Voice
- Create an ECE queue for a callback and a delayed callback and link to the Cisco Script (calltype) and map the relevant ECE variables to the CCE Call Variables as per below
- In the ICM script - set the Desktop Layout you want to use and reset the ANI to prefix it with a '9' or whatever you need for an outside line etc, i.e. its the ANI which is presented to the script by ECE which is the callback number.
the ICM script should also check the number and make sure it length and leading digits are “allowed” - otherwise send to a Error Call type and release the call, Not sure if ECE has any way to forbid some numbers - and relying on form restrictions is not sufficient
Importing UCCE Agents into ECE (not needed for PCCE)
When importing users - they are imported to a specific department.
Partition → Integration → Unified CCE → Unified CCE → Configuration
Bottom Right of page → Click on the Import button.
- Select Department Name
- Select Users Tab
- Select PG and Peripheral
- Click the + button and find and import the agent
Chat Queuing
Max queue time - global setting (you can reduce it in the ICM Script by using a lower Wait timer).
- Partition → Integration → Setting → Web Chat (in seconds).
ECE Web Server Authentication
Check the Account is using correct credentials in IIS
- Open IIS Manager
- Select the Default Site (and then repeat for desktop and system)
- on the Actions Windows (Right Hand side) - select Basic Settings
- Select Test Settings
Give read account access to the CONFIG folder
Do NOT do below - as it will break the rights on the SCHEMA folder. This prevents the Default App Pool work process from starting successful.
- The error you get in the event logs is: “The worker process failed to initialize correctly and therefore could not be started. The data is in the error.”
- Error code is 80070005
However if you do - to revert SCHEMA folder as it should be:
- By switching the Default App Pool to run under LocalSystem fixed the above issue (DefaultAppPool - > Advanced Setting) but when running under the default “ApplicationPoolIdentity” is the worker process fails.
- To fix it when using “ApplicationPoolIdentfity” - assign Read & Execute, List and Read rights to the SCHEMA folder (This is the default - but seemed to be overridden by below) -
“ALL APPLICATION PACKAGES”, “USERS” and if it lets you - you can also add “ALL RESTRICTED APPLICATION PACKAGES”
==== Below needs to be reviewed and corrected - as you do not want or need to change the rights to the SCHEMA folder.
- Change the owner of the Config folder and sub-folder from SYSTEM to your own account (which should be a local admin) (the one you are logged in as).
- Right click Config→ Properties → Security → Advanced
- Change Owner - and make sure BOTH check-boxes are selected
- “Replace owner and sub containers & objects” and “Replace all child objects permissions….”
- Now you can add / edit your ece account to have read access - the steps are:
- Close Properties windows and reopen again
- Right click Config→ Properties → Security → Advanced
- add / edit your ECE Web server account to have read access
- and make sure again check “Replace all child objects permissions….” check-box
- This should now work WITHOUT an error and you can go into a sub directory and confirm if has the correct rights
- Revert back the owner of CONFIG and sub-folders to SYSTEM as before , i.e. <computername>\SYSTEM (make sure to check the two check-boxes as before) - sub folders and child object permissions.
X-Frame-Options and Content-Security-Policy HTTP Response Headers
The ECE webserver by default sets the X-Frame-Options and Content-Security-Policy to the value set in wsname parameter (which is passed as a URl variable). This allows the gadget and Chat form to be allowed as a iframe within the Finesse Server or the customers website.
However this could be hacked to set these values to whatever you set in the wsname - hence a possible security risk. To workaround this issue - we can fix this in the ECE Web Server IIS URL rewrite module - by updating the web.config file. the below only set the parameters for an allowed whitelist of the domains (and any sub domains) of “domain1.com or domain2.com”
- Backup the web.config file
- Edit and save the web.config file with below changes (change the domain1.com / domain2.com to your relevant domains).
- Restart the IIS Server and clear your browser cache before retesting.
Find and Replace as following in the ECE IIS web.config file:
Find:
"wsname=((http[s]?)(:|%3A)(/|%2F)(/|%2F)([_0-9a-z-.@:%_\+~#=]*))"
Replace:
"wsname=((http[s]?)(:|%3A)(/|%2F)(/|%2F)([a-z0-9-]+[.])*(sub.domain1\.com|domain2\.com)(&|%26|$))"
The above issues - the below should allow empty domains ….
<add input="{QUERY_STRING}" pattern="wsname=((http[s]?)(:|%3A)(/|%2F)(/|%2F)([a-z0-9-]+\.)*(domain1\.com|domain2\.com)(&|%26|$))" />
Find:
<action type="Rewrite" value="ALLOW-FROM {C:2}://{UrlDecode:{C:6}}" replace="true" />
Replace:
<action type="Rewrite" value="ALLOW-FROM {C:2}://{UrlDecode:{C:6}{C:7}}" replace="true" />
Find:
<action type="Rewrite" value="frame-ancestors 'self' {C:2}://{UrlDecode:{C:6}}" replace="true" />
Replace:
<action type="Rewrite" value="frame-ancestors 'self' {C:2}://{UrlDecode:{C:6}{C:7}}" replace="true" />
This is an extract of the default config file for above
<outboundRules>
<rule name="XFrame_wsname">
<match serverVariable="RESPONSE_X_Frame_Options" pattern=".+" negate="true" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true">
<add input="{QUERY_STRING}" pattern="wsname=((http[s]?)(:|%3A)(/|%2F)(/|%2F)([_0-9a-z-.@:%_\+~#=]*))" />
<add input="{UNENCODED_URL}" pattern="/(?:web/apps|web/integration/view/platform/common/login|templates/selfservice|templates/finesse/gadget|web/view/platform/common/login|web/controller|templates/chat|web/view/live/customer)/" />
</conditions>
<action type="Rewrite" value="ALLOW-FROM {C:2}://{UrlDecode:{C:6}}" replace="true" />
</rule>
<rule name="CSP-wsname">
<match serverVariable="RESPONSE_Content_Security_Policy" pattern=".+" negate="true" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true">
<add input="{QUERY_STRING}" pattern="wsname=((http[s]?)(:|%3A)(/|%2F)(/|%2F)([_0-9a-z-.@:%_\+~#=]*))" />
<add input="{UNENCODED_URL}" pattern="/(?:web/apps|web/integration/view/platform/common/login|templates/selfservice|templates/finesse/gadget|web/view/platform/common/login|web/controller|templates/chat|web/view/live/customer)/" />
</conditions>
<action type="Rewrite" value="frame-ancestors 'self' {C:2}://{UrlDecode:{C:6}}" replace="true" />
</rule>
<rule name="CSP-wsname">
<match serverVariable="RESPONSE_Content_Security_Policy" pattern=".+" negate="true" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="true">
<!-- One step: extract domain and validate -->
<add input="{QUERY_STRING}"
pattern="wsname=((http[s]?)(:|%3A)((/|%2F)(/|%2F))(([^&/]+)\.(mydomain1\.com|mydomain2\.com)))" />
<!-- Check for the correct page path -->
<add input="{UNENCODED_URL}"
pattern="/(?:web/apps|web/integration/view/platform/common/login|templates/selfservice|templates/finesse/gadget|web/view/platform/common/login|web/controller|templates/chat|web/view/live/customer)/" />
</conditions>
<!-- Use captured protocol and domain -->
<action type="Rewrite"
value="frame-ancestors 'self' {C:2}://{UrlDecode:{C:5}}"
replace="true" />
</rule>
Email OAuth
- Note - to add the token the username / password you log in to Microsoft as - must be the username/password setup for that email account and not the user that happens to be logged into the OS. So you need to disable IE11 Integrated Authentication - as per below.
- Note - I didn't have to reboot, I just closed and reopened IE.
Deleting / Clearing an Activity
Permissions
All of the following are required:
- User must have 'Edit' action on 'Activity' resource or 'Manage Utilities' action on 'Utilities' resource.
- The activity must either belong to the user's home department, or to a department in which the user is a foreign user.
In PCCE - the above permissions are added by adding in ECE → User → Relationships:
- Manage Completed Activity
Deleting Attachments
Changing the AW which ECE connects to
Read the readme and Run utility at the following location.
D:\ECE\Utilities\awdb_server_refresh
Example URLs for ECE 12.5
Stopping ECE Data Script
@echo off REM Stop the Cisco Service net stop "Cisco Service" REM Wait 5 minutes, then kill any remaining java or javaw ECHO Waiting 5 minutes before continuing timeout /t 600 /nobreak taskkill /IM java* /f REM Restart Cisco Service net start "Cisco Service" ECHO Cisco Service is restarted, please monitor task manager to validate when system is running.
ECE Database Memory Config
USE master GO sp_configure 'show advanced options', 1; GO RECONFIGURE; GO sp_configure 'min server memory', 3072; GO RECONFIGURE; GO sp_configure 'max server memory', 10240; GO RECONFIGURE; GO
Upgrade TIPS
There's two different ISOs for ECE that can do a full install or an upgrade from a non 12.6 version
- ECE_12.6_Upgrade - this is only used for “normal” upgrades and for doing the upgrade of a file server/DB server in a Tech Refresh
- ECE_12.6_Fresh - This is used to install all the servers for fresh install.
Note - you cannot use the ES to do an install or upgrade. Install Upgrade with base versions above and then apply the updates.
Summary of Tech Refresh
Short version:
- Stand up all new servers
- Go to your file server and copy the install directory from the old server to the new
- Restore DB backups to your new SQL server
- Disable SQL jobs - see upgrade guide
- Run the upgrader
- Give the new server info.
ECE Java CA Cert Store
- <install_dir>\env\jdk\lib\security\cacerts
and NOT
- <install_dir>\jdk\lib\security\cacerts
The latter - gets overwritten at startup!
ECE Databases - simple overview
- eGActiveDB is where all the operating data is. All the actual chats, emails, etc. are stored in this database. The users here are the agents as well as the PA level users.
- eGMasterDB contains the configuration for the system as a whole. It has the DSM tables which describe where everything is, etc. The only users in the EGPL_USER table are sa level users. This is where the global config settings are, etc.
- eGMasterDB will have the largest log file because it gets the constant ping updates while eGActiveDB will have the largest data file because it has all the customer data, etc.
Microsoft Graph API Permissions for ECE
Provide Graph API permissions to ECE for your email accounts.
1. Navigate to the https://developer.microsoft.com/en-us/graph/graph-explorer in incognito mode.
2. Login to the URL https://developer.microsoft.com/en-us/graph/graph-explorer using the service/admin credentials configured for the email accounts in ECE solve application.
3. Provide consent to below Microsoft graph API endpoints: