[cisco-voip] 79xx and Firmware 9-2-1
Dennis Heim
Dennis.Heim at cdw.com
Wed Jan 4 22:36:30 EST 2012
Unified FX makes a product the can remotely wipe ITL's.
Dennis Heim
Senior Engineer (Unified Communications)
CDW Advanced Technology Services
10610 9th Place
Bellevue, WA 98004
425.310.5299 Single Number Reach (WA)
317.569.4255 Single Number Reach (IN)
317.569.4201 Fax
dennis.heim at cdw.com<mailto:dennis.heim at cdw.com>
cdw.com/content/solutions/unified-communications/<http://www.cdw.com/content/solutions/unified-communications/>
From: cisco-voip-bounces at puck.nether.net [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Matthew Berry
Sent: Wednesday, January 04, 2012 7:29 PM
To: Mike King; Cisco VoIPoE List
Subject: Re: [cisco-voip] 79xx and Firmware 9-2-1
Aside from a factory reset, you could try deleting the ITL file off the phone. Yes, it is still a manual process, but it isn't as time consuming as a factory reset (process below).
I spoke with a TAC engineer last month about this. It has been identified as a bug and will be resolved in a future release. Unfortunately, I can't locate the bug ID for it. I will email him and see if I can get a response.
Steps to delete ITL file:
1. Select Settings
2. Select Security Configuration (4)
3. Select Trust List (5)
4. Press * * # (Padlock in upper righthand corner will unlock)
5. Select ITL File (2)
6. Select More
7. Select Erase
8. Phone will display "Erasing CTL and ITL files" and reset
9. Phone will optionally upgrade firmware
Thanks,
Matthew Berry, CCIE #26721 (Voice)
Sr. Unified Communications Engineer, CDW
+1.763.592.5987 | protocol.by/matthewberry
From: Mike King <me at mpking.com<mailto:me at mpking.com>>
Date: Wed, 4 Jan 2012 22:06:24 -0500
To: Cisco VoIPoE List <cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>>
Subject: Re: [cisco-voip] 79xx and Firmware 9-2-1
Ok.
Any idea's on how this happened? I'm very interested in not repeating this experience.
We added the latest devicepack, the Cius 9-2-3.cop file, and then rebooted all servers in our cluster.
Since the latest devicepack included 9-2-1 for our phones, all our phones updated. At this point, I have no idea how many phones are affected, but I have reports from nearly all of my sites, so it must be a significant number.
No settings where changed on the PUB/SUB's other than the addition of the the two .cop files. I find it very disheartening/disturbing that such a minor *normal* maintenance item is going to cost me the amount of hours it's going to take to fix this.
Other than buying 3rd party software (Thanks Steve!), Cisco needs to put some serious thought in a way to fix this. I'm not the first sad story involving this *Feature*. I know I won't be the last. Touching every single phone in my environment (Because how else can you verify if it's failing or not) is not really a solution. We have sites in other states, and most of our operation is remote support.
Is factory default the only Cisco answer?
On Wed, Jan 4, 2012 at 6:24 PM, Mike King <me at mpking.com<mailto:me at mpking.com>> wrote:
I have one of those sinking feelings in my stomache...........
(Clip of the phone web interface)
1856: NOT 18:01:32.717962 SECD: tvsReqAuthenticateCertificate: Received the response from TVS proxy, status: 1
1857: ERR 18:01:32.719531 SECD: Authentication failed for the HTTPS conn via TVS
1858: NOT 18:01:32.720438 SECD: srvr_cert_vfy: ** srvr cert verify FAILED ** <10.1.1.1>
1859: ERR 18:01:32.721527 SECD: EROR:clpState: SSL3 alert write:fatal:handshake failure:<10.1.1.1>
1860: ERR 18:01:32.722625 SECD: EROR:clpSetupSsl: ** SSL handshake failed, <10.1.1.1> c:9 s:11
1861: ERR 18:01:32.723402 SECD: EROR:clpSetupSsl: SSL/TLS handshake failed, <10.1.1.1> c:9 s:11
1862: ERR 18:01:32.724086 SECD: EROR:clpSetupSsl: SSL/TLS setup failed, <10.1.1.1> c:9 s:11
1863: ERR 18:01:32.724720 SECD: EROR:clpSndStatus: SSL CLNT ERR, srvr<10.1.1.1>
1864: ERR 18:01:32.725353 SECD: EROR:secErr_errStr: *** bad err table ***
1865: ERR 18:01:32.726020 SECD: EROR:secErr_errStr: ** SEC-ERR: code:3(N/A) subcode:9(UNKNOWN_CERT)
1866: ERR 18:01:32.726704 SECD: EROR:clpSndStatus: ** SEC-ERR: desc <HTTPS cert failed auth via TVS>
1867: ERR 18:01:32.727436 SECD: EROR:clpWriteToClntSock: write() err, clnt closed ?!, errno 32, <10.1.1.1> c:9 s:11
1868: ERR 18:01:32.728124 SECD: EROR:clpSndStatus: failed to send SSL/TLS conn status, <10.1.1.1> c:9 s:11
1869: NOT 18:01:32.730813 SECD: clpDelClnt: closing conn to <10.201.27.5>, c:14, s:-1
1870: NOT 18:01:32.731684 SECD: clpDelClnt: Closing the local socket now
1871: NOT 18:01:32.740853 SECD: clpDelClnt: closing conn to <10.1.1.1>, c:9, s:11
1872: NOT 18:01:32.742630 SECD: clpDelClnt: Closing the local socket now
On Wed, Jan 4, 2012 at 6:17 PM, Mike King <me at mpking.com<mailto:me at mpking.com>> wrote:
I've seen mention of TVs failure on the logs. What impact would that be?
On Jan 4, 2012 6:08 PM, "Dennis Heim" <Dennis.Heim at cdw.com<mailto:Dennis.Heim at cdw.com>> wrote:
I know I have seen that where there were issues with SBD/TVS certificate issues in the past.
Dennis Heim
Senior Engineer (Unified Communications)
CDW Advanced Technology Services
10610 9th Place
Bellevue, WA 98004
425.310.5299<tel:425.310.5299> Single Number Reach (WA)
317.569.4255<tel:317.569.4255> Single Number Reach (IN)
317.569.4201<tel:317.569.4201> Fax
dennis.heim at cdw.com<mailto:dennis.heim at cdw.com>
cdw.com/content/solutions/unified-communications/<http://www.cdw.com/content/solutions/unified-communications/>
From: cisco-voip-bounces at puck.nether.net<mailto:cisco-voip-bounces at puck.nether.net> [mailto:cisco-voip-bounces at puck.nether.net<mailto:cisco-voip-bounces at puck.nether.net>] On Behalf Of Mike King
Sent: Wednesday, January 04, 2012 3:04 PM
To: Cisco VoIPoE List
Subject: [cisco-voip] 79xx and Firmware 9-2-1
I'm having a weird problem with our 7900's (7941/7945 7961/7965)
The Corporate Directory won't work on some of the phones. (We've eliminated everything but the phone's themselves, I actually have two phones, on the same subnet, one exhibits behavior, one doesn't)
It says "requesting...." then eventually says Host does not respond.
We finally decided to try downgrading the phone back to 9.1.1 SR1s.
The phones that don't display the corporate directory, they also don't downgrade.
I've Reset/Restarted from CM
I've done the **#** from the keypad
I've unplugged the phone, and plugged it back in.
I've unplugged the phone, waited 5 minutes, and plugged it back in. Doesn't downgrade.
I tried a factory reset, (# key, then 123456789*0#) and the phone will then download the correct version. (I guess it has to at this point)
(And the corporate directory started working again.)
Idea's besides visiting every phone?
_______________________________________________ cisco-voip mailing list cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net> https://puck.nether.net/mailman/listinfo/cisco-voip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20120105/d2e9c668/attachment.html>
More information about the cisco-voip
mailing list