[cisco-voip] UCM 8 phone config files, weird service URL problem

Matthew Loraditch MLoraditch at heliontechnologies.com
Fri Aug 5 12:52:49 EDT 2011 

That second bug is fun, not sure if it originated from me, but definitely had a fun day with Wes , et al, tracking down what was basically the exact same issue.


Matthew Loraditch, CCVP, CCNA, CCDA
1965 Greenspring Drive
Timonium, MD 21093 
support at heliontechnologies.com
(p) (410) 252-8830
(F) (443) 541-1593

Visit us at www.heliontechnologies.com 
Support Issue? Email support at heliontechnologies.com for fast assistance!


-----Original Message-----
From: cisco-voip-bounces at puck.nether.net [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Wes Sisk
Sent: Friday, August 05, 2011 12:44 PM
To: Carlos G Mendioroz
Cc: cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] UCM 8 phone config files, weird service URL problem

8.0 introduced the 'security by default' feature. This includes signing every config file among other things. If phones are not adhering to the configuration file then most likely authentication of the signature is failing. This is common when registering phones between multiple clusters, performing switch-version to other versions, and a few other circumstances that cause CTL/ITL files to become mismatched between the phones and associated CUCM servers.  For some background on this see:
https://supportforums.cisco.com/docs/DOC-15799
CSCto87262    Centralized TFTP with CUCM 8 SBD requires workaround
CSCtr42021    TVS unable to update ITL file after rollback from a 
refresh upgrade

Regards,
Wes


On 8/5/2011 12:25 PM, Carlos G Mendioroz wrote:
> The phone config file. I was hoping for a CLI way to get it, but tftp 
> will do. I did not know that it was also available via http!
> Phones starting with 8.0 firmware seem to not pay attention to 
> unsigned configuration files, if my traces don't lie :) But that's 
> another thing.
>
> You have definitly made into my contact list :)
>
> Thanks again.
> -Carlos
>
> Wes Sisk @ 5/8/2011 13:00 -0300 dixit:
>> Carlos,
>>
>> No abuse.  Thanks for sharing your experience.
>>
>> Which 'config file' do you mean? You can download the phone's config 
>> file from the CM TFTP server via TFTP or HTTP.
>> tftp: tftp get mycm SEP<mac>.cnf.xml
>> http: http://mycm:6970/SEP<mac>.cnf.xml
>>
>> If the phone is subscribed to more than one service then the phone 
>> hits the service URL on CM and CM returns a list of services to 
>> choose from.  Use a packet capture to see that or have your browser 
>> act like the phone by pointing to the phone services URL and passing 
>> the devicename parameter the same way the phone does when performing 
>> its http get.
>>
>> Regards,
>> Wes
>>
>> On 8/5/2011 11:50 AM, Carlos G Mendioroz wrote:
>>> That makes sense. Thanks a bunch!
>>> Any pointers to config file location/access ? (Not that I'm abusing 
>>> of your knowledge :)
>>>
>>> -Carlos
>>>
>>> Wes Sisk @ 5/8/2011 12:25 -0300 dixit:
>>>> A phone service is added in CM and users can subscribe.  When a 
>>>> user subscribes they supply user specific credentials. This creates 
>>>> a record in the the database that assembles the URL and all 
>>>> parameters unique to the user.
>>>>
>>>> Now, if an admin figures out the base URL is incorrect they can 
>>>> correct. However, that does not correct the URL for every user that 
>>>> previously subscribed to the service.
>>>>
>>>> Looks like some progress has been made on this:
>>>> http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/admin/8_6_1/ccmc
>>>> fg/b06phsrv.html#wpmkr1032683
>>>>
>>>> "If the service was modified after subscriptions existed, click 
>>>> Update Subscriptions to rebuild all user subscriptions. You must 
>>>> update subscriptions if you changed the service URL, removed a 
>>>> phone service parameter, or changed the Parameter Name for a phone 
>>>> service parameter. "
>>>>
>>>> Regards,
>>>> Wes
>>>>
>>>>
>>>> On 8/5/2011 10:41 AM, Carlos G Mendioroz wrote:
>>>>> Hi,
>>>>> I've run into a weird problem where a phone was using a bad URL to 
>>>>> access a service. /emapp/EMappServlet instead of /emapp/EMAppServlet.
>>>>>
>>>>> That should be a user (admin) typo, but the curious thing was that 
>>>>> the phone next to it was using the right URL.
>>>>> I'm trying to understand how that could have happened. Any ideas ?
>>>>>
>>>>> On a related issue, is there any way to look at the phone 
>>>>> configuration files ?
>>>>>
>>>>> I'd appreciate any info. Thanks in advance.
>>>
>
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

More information about the cisco-voip mailing list