[cisco-voip] Phones Not Getting Auth, Idle, Services URLS, etc
Matthew Loraditch
MLoraditch at heliontechnologies.com
Wed Jun 29 17:03:35 EDT 2011
Wes,
Yes this is a rehome (Manual Migration from BE5000 to a regular cluster). Albeit the old Cluster is at 7.1.3 so there wouldn't be a previous ITL right?
Here are some of the errors from the phone:
1509: ERR 16:59:31.572693 JVM: Startup Module Loader|cip.cfg.t:? - handleTftpRetry: Non-Recoverable TFTP error detected (retry updateCTL once)
1510: NOT 16:59:31.574275 JVM: Startup Module Loader|cip.cfg.t:? - DELETE ConfigFile:(ram/SEP00260BD749E9.cnf.xml)WAS SUCCESSFUL
1511: ERR 16:59:31.579573 SECD: EROR:lookupCTL: UCM not in TL, NOT_FOUND
1512: NOT 16:59:31.595766 SECD: loadTvsSrvrCfg: Not in EMCC mode.Loading the flash file :/flash0/sec/misc/tvs.conf
1513: ERR 16:59:31.596807 SECD: EROR:loadTvsSrvrCfg: Failed to find (/flash0/sec/misc/tvs.conf) : error : No such file or directory
1514: ERR 16:59:31.606514 SECD: EROR:lookupCTL: UCM not in TL, NOT_FOUND
1515: WRN 16:59:31.614962 SECD: WARN:lookupSRST: SRST in list, no valid cert, look for some CA
1516: NOT 16:59:31.615673 SECD: lookupSRST: SRST, no CA present, try NONSECURE
And
1709: NOT 16:59:35.163941 SECD: getTvsSrvrSock: TVS server info: IP : , tvsPort : -1, ipMode : -1, timeout : -1, dscpValue : 0, srvrRetries : 0
1710: ERR 16:59:35.164612 SECD: EROR:getTvsSrvrSock: No more tvs servers available
1711: NOT 16:59:35.165427 SECD: sendErrRespToClient: Sending the failed response to all TVS client and cleaning up
1712: NOT 16:59:35.167244 SECD: tvsReqQueryCertificate: Received the response from TVS proxy, status: 1
1713: NOT 16:59:35.167906 SECD: tvsReqQueryCertificate: The cert len received is 0
1714: NOT 16:59:35.169642 SECD: Failed validation using TVS, 0============>
1715: ERR 16:59:35.170584 SECD: EROR:verifyFile: sgn verify file failed </usr/ram/SEP00260BD749E9.cnf.xml>, errclass 8, errcode 19 (signer not in CTL)
1716: ERR 16:59:35.171327 SECD: EROR:verifyFile: verify FAILED, </usr/ram/SEP00260BD749E9.cnf.xml>
Matthew Loraditch, CCVP, CCNA, CCDA
1965 Greenspring Drive
Timonium, MD 21093
support at heliontechnologies.com<mailto:support at heliontechnologies.com>
(p) (410) 252-8830
(F) (443) 541-1593
Visit us at www.heliontechnologies.com<http://www.heliontechnologies.com/>
Support Issue? Email support at heliontechnologies.com<mailto:support at heliontechnologies.com> for fast assistance!
From: Wes Sisk [mailto:wsisk at cisco.com]
Sent: Wednesday, June 29, 2011 4:55 PM
To: Matthew Loraditch
Cc: cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] Phones Not Getting Auth, Idle, Services URLS, etc
There is a common issue going on right now where server rebuilds, name changes, ip changes, and rehoming phones to new clusters can cause this behavior. Have you do any of those? Alternatively, are you seeing an authorization or authentication failures in the phone console logs (they are visible by browsing to phone or from phone UI)?
See:
CSCto51228 SBD: OS CLI does not give enough warning about ITL certificate regen
CSCto51300 SBD: OS Web GUI does not give enough warning about ITL certificate regen
As another alternative, if you delete the CTL and ITL phone from the phone (it will have at least an ITL with 8.x) then does it properly receive configuration changes? If so, then your phones and server are now out of sync for security. The recovery is to manually delete all CTL,ITL files.
Regards,
Wes
On 6/29/2011 4:26 PM, Matthew Loraditch wrote:
I am doing a new install and I cannot get the phones to pull these, they pull their configs as the lines work, can make and take calls, but they only show one active CM (yes the CMG has all servers) and all the config URLS are blank . This is 8.5.1SU1.
I am sure there is something I am missing but I can't figure it out. This is only happening so far on 794X phones. My CIPC gets everything fine.
Matthew Loraditch, CCVP, CCNA, CCDA
1965 Greenspring Drive
Timonium, MD 21093
support at heliontechnologies.com<mailto:support at heliontechnologies.com>
(p) (410) 252-8830
(F) (443) 541-1593
Visit us at www.heliontechnologies.com<http://www.heliontechnologies.com/>
Support Issue? Email support at heliontechnologies.com<mailto:support at heliontechnologies.com> for fast assistance!
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20110629/e9f897d2/attachment.html>
More information about the cisco-voip
mailing list