[cisco-voip] TLS Error on Phone after reset

Jason Burns burns.jason at gmail.com
Thu Feb 7 20:40:05 EST 2013 

Give this a read through and see if any of the troubleshooting steps help
you out. It has a "Step by Step" of every item in the process that you need
to check. If you walk through those and things are still broken then I
would say you need a TAC case and to dig into some advanced logs.
https://supportforums.cisco.com/docs/DOC-18834

I would compare the CallManager.pem certificates in OS Administration to
the certificates inside of "show ctl", then go through the rest as well.

Also, Chris did have some good questions about the model, firmware version,
and extent of the problem.


On Thu, Feb 7, 2013 at 11:06 AM, Reto Gassmann <voip at mrga.ch> wrote:

> Hi Jason
>
> thanks for your Input. I have set an email address to get a notification
> if a certificate expires.
> I have also checked all the certificates and they are valid at least until
> 2015. (CAPF.pem ist valid until May 5 22:00:41 2015 GMT)
>
> Any other ideas?
>
> Thanks
> Reto
>
>
> 2013/2/7 Jason Burns <burns.jason at gmail.com>
>
>> Reto and Chris,
>>
>> I wonder how long this cluster has been installed and using security. The
>> CAPF certificates and LSC Certificates have a lifetime of 5 years from the
>> date of generation. It could be possible that these certificates (Either
>> CAPF or the individual LSC certificates) have expired.
>>
>> I would check the OS Administration page under Security > Certificates
>> and view the validity period of the CAPF.pem certificate. Also, now would
>> be a good time to go into OS Admin > Security > Certificate Monitor and
>> configure a valid email address so you can be emailed for future
>> certificate expiration. Keep in mind that this means you'll need to enter a
>> valid SMTP server under  OS Admin > Settings > SMTP
>>
>> Even if I'm wrong hopefully you got some good info ;)
>>
>> -Jason
>>
>>
>> On Thu, Feb 7, 2013 at 9:53 AM, Chris Ward (chrward) <chrward at cisco.com>wrote:
>>
>>>  What is the model and firmware version of the phones facing this
>>> issue? Is it all phones or just a subset?****
>>>
>>> ** **
>>>
>>> +Chris****
>>>
>>> Unity Connection TME****
>>>
>>> ** **
>>>
>>> *From:* cisco-voip-bounces at puck.nether.net [mailto:
>>> cisco-voip-bounces at puck.nether.net] *On Behalf Of *Reto Gassmann
>>> *Sent:* Thursday, February 07, 2013 9:45 AM
>>> *To:* cisco-voip at puck.nether.net
>>> *Subject:* [cisco-voip] TLS Error on Phone after reset****
>>>
>>> ** **
>>>
>>> Hello group
>>>
>>> we have a problem with our phones that started this afternoon. If a
>>> phone restarts for any reason (reset oder network unplugged) it shows a TLS
>>> Error (TLS Error: [CUCM IP]).****
>>>
>>> We can fix the problem, when we go to the device in the CUCM
>>> Administration and choose Install/Upgrade in the CAPF Information section.
>>> After resetting the Device the IPPhone starts and updates the
>>> certificate. ** **
>>>
>>>
>>> What could cause such a behaviour and how could we fix it?****
>>>
>>> We have a CUCM 7.1(3a) and have the phones authenticated.****
>>>
>>> Thanks Reto****
>>>
>>> _______________________________________________
>>> cisco-voip mailing list
>>> cisco-voip at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20130207/355f6cd1/attachment.html>

More information about the cisco-voip mailing list