[cisco-voip] Secure mode problem

Tue Aug 17 10:55:23 EDT 2010

The problem turned out to be the below:

After changing the security profile don't reset the phone from the phone
itself "EM logout, going to setting and pressing **#**, removing the
cable...etc" you have to reset the phone from the phone configuration
page or reset with BAT job any other way to reset the phone will give
you this strange error.

This is applied for first time change only; after that you can restart
the phone the way you want.

 Best Regards;

  Ahmed Elnagar

  Senior Network PS Engineer

  Mob: +2019-0016211

  CCIE#24697 (Voice)

From: cisco-voip-bounces at puck.nether.net
[mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Ahmed Elnagar
Sent: Tuesday, August 17, 2010 2:12 PM
To: Eric Pedersen
Cc: cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] Secure mode problem

That is exactly what I did but I wasn't able to update the CTL file it
said that the tokens in the CTL file is different from the ones that I
have "although they are the same" I managmed it by changing the cluster
mode again to secure mode instead of updating the CTL file and it
worked.

Now I have a very interesting problem and I think it could be a bug:

When trying to change the phone security profile to "from secure to not
or vice versa" the BAT successfully change the phone security profile in
the phone configuration page but the phone cannot register anymore and
gives "Registration rejected Security error" that is when updating more
than one phone via BAT...when I try to update one phone only it works
pretty fine without a problem...anyone faced this strange behavior??

 Best Regards;

  Ahmed Elnagar

  Senior Network PS Engineer

  Mob: +2019-0016211

  CCIE#24697 (Voice)

From: Eric Pedersen [mailto:eric.pedersen at sait.ca] 
Sent: Monday, August 16, 2010 6:04 PM
To: Ahmed Elnagar; cisco-voip at puck.nether.net
Subject: RE: Secure mode problem

You can try deleting the CTL file manually and recreating it: "file
delete tftp CTLfile.tlv". As long as you generate the new file with the
same tokens as the first time the phones should take it.

From: cisco-voip-bounces at puck.nether.net
[mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Ahmed Elnagar
Sent: August 16, 2010 5:55 AM
To: cisco-voip at puck.nether.net
Subject: [cisco-voip] Secure mode problem

Dear all;

I have this wired problem with CUCM 6.1.4...this morning I converted the
cluster to secure mode using 2 e-tokens from Cisco then I restarted the
whole cluster....after a while a phone restarted and the phone did not
go alive again...after investigation I found the following errors on the
phone page

13:25:11 31: Name=SEP0024C4FE6616 Load= SCCP42.8-5-4S File Auth Fail:
CTFFile.tlv

                13:25:11 9: Name=SEP0024C4FE6616 Load= SCCP42.8-5-4S
TFTP Error

                13:25:11 20: Name=SEP0024C4FE6616 Load= SCCP42.8-5-4S
Last=Phone-Keypad

I tried to run the CTL client again but it gives me  message that the
CTL file is corrupted....and when I select to update the CTL file it
give me an error saying to use the same Etokens that I used to create
the CTL file "although they are the same".

As a workaround I restart the tftp service and the phone boot normally;
if the phone is restarted for any reason it hangs again with the same
error.

Any ideas?

  Best Regards;

  Ahmed Elnagar

  Senior Network PS Engineer

  RAYA Building El Motamiez District, 6th of October, Egypt 

  Mob: +2019-0016211

  Phone: +202 3827 6000 Ext.2475

  Website: www.rayacorp.com <http://www.rayacorp.com/> 

  E-mail: ahmed_elnagar at rayacorp.com

  CCIE#24697 (Voice)

Disclaimer: NOTICE The information contained in this message is
confidential and is intended for the addressee(s) only. If you have
received this message in error or there are any problems please notify
the originator immediately. The unauthorized use, disclosure, copying or
alteration of this message is strictly forbidden. Raya will not be
liable for direct, special, indirect or consequential damages arising
from alteration of the contents of this message by a third party or as a
result of any malicious code or virus being passed on. Views expressed
in this communication are not necessarily those of Raya.If you have
received this message in error, please notify the sender immediately by
email, facsimile or telephone and return and/or destroy the original
message. 

Disclaimer: NOTICE The information contained in this message is confidential and is intended for the addressee(s) only. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorized use, disclosure, copying or alteration of this message is strictly forbidden. Raya will not be liable for direct, special, indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any malicious code or virus being passed on. Views expressed in this communication are not necessarily those of Raya.If you have received this message in error, please notify the sender immediately by email, facsimile or telephone and return and/or destroy the original message. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20100817/ee255f77/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 1801 bytes
Desc: image001.jpg
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20100817/ee255f77/attachment.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 2210 bytes
Desc: image002.jpg
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20100817/ee255f77/attachment-0001.jpe>