[cisco-voip] 'interesting' EMCC behavior

Erick Wellnitz ewellnitzvoip at gmail.com
Tue Oct 8 16:02:35 EDT 2013 

I may have found something but I'm not sure.

In the packet capture, I see that the request
for SEPXXXXXXXXXXXX.cnf.xml.sgn is sent to the user's cluster but is not
found.  At that point the logout is initiated.


On Mon, Oct 7, 2013 at 10:51 AM, Erick Wellnitz <ewellnitzvoip at gmail.com>wrote:

> And this:
>
>
> 7730: WRN 09:00:37.155813 SECD: WARN:getTLInfoFromFile: ** phone has no TL
> file /flash0/sec/ctl//CTLFile.tlv
>
>
> On Mon, Oct 7, 2013 at 10:48 AM, Erick Wellnitz <ewellnitzvoip at gmail.com>wrote:
>
>> The only 'abnormal' thing I see is this:
>>
>>
>> 7739: WRN 09:00:37.178303 SECD: WARN:getTLInfoFromFile: TL signer's
>> issuer name too big, may truncate
>>
>>
>> On Fri, Oct 4, 2013 at 6:26 PM, Ryan Ratliff (rratliff) <
>> rratliff at cisco.com> wrote:
>>
>>>  I it's easier get the console logs there will likely be something
>>> there to go off.
>>>
>>> Sent from my iPhone
>>>
>>> On Oct 4, 2013, at 5:10 PM, "Erick Wellnitz" <ewellnitzvoip at gmail.com>
>>> wrote:
>>>
>>>   The profile logs in, phone resets, profile gets logged out, phone
>>> resets and displays 'extension mobility unavailable.
>>>
>>> We believe it is somehow related to DNS because when we register a phone
>>> to one of the 9.1 clusters in the other location login works as expected.
>>> I haven't had a chance to do a packet capture yet.
>>>
>>>
>>> On Fri, Oct 4, 2013 at 4:00 PM, Ryan Ratliff (rratliff) <
>>> rratliff at cisco.com> wrote:
>>>
>>>> By the way what's the error code that the phone displays?  EM has been
>>>> better than most about having useful errors, even if they are subject to
>>>> the secret decoder ring.
>>>>
>>>> -Ryan
>>>>
>>>>  On Oct 4, 2013, at 4:10 PM, Erick Wellnitz <ewellnitzvoip at gmail.com>
>>>> wrote:
>>>>
>>>> Yes, it is also the primary tftp server.
>>>>
>>>>
>>>> On Fri, Oct 4, 2013 at 12:57 PM, Ryan Ratliff (rratliff) <
>>>> rratliff at cisco.com> wrote:
>>>>
>>>>> System->Server values don't impact certificates.  They will impact
>>>>> what the phone gets in config files so if you aren't using DNS this will be
>>>>> an issue.  Is that pub also the TFTP server that is going to show up in the
>>>>> mini-config?
>>>>>
>>>>> -Ryan
>>>>>
>>>>>  On Oct 4, 2013, at 1:13 PM, Erick Wellnitz <ewellnitzvoip at gmail.com>
>>>>> wrote:
>>>>>
>>>>>  I always forget about doing a packet capture on the phone.
>>>>>
>>>>> I'm thinking it is cert related because on this one cluster the
>>>>> Publisher is set up under servers using it's hostname instead of IP while
>>>>> all the others are using IP.
>>>>>
>>>>> We're going to change this once we get approval then re-export,
>>>>> consolidate and import.
>>>>>
>>>>>
>>>>> On Thu, Oct 3, 2013 at 4:49 PM, Brian Meade (brmeade) <
>>>>> brmeade at cisco.com> wrote:
>>>>>
>>>>>>  Erick,****
>>>>>>
>>>>>> ** **
>>>>>>
>>>>>> Can you grab a packet capture from the phone trying to log in?  The
>>>>>> packet captures seem to show the EMCC issues very clearly.  You should see
>>>>>> after the login, the phone will download its mini-config with the new TFTP
>>>>>> server info.  You’ll then see it try to download its ITL from the other
>>>>>> cluster.  If you don’t see the phone request anything after that, most
>>>>>> likely it didn’t trust the signer of the ITL and it will show the
>>>>>> “Extension Mobility is unavailable” error message.****
>>>>>>
>>>>>> ** **
>>>>>>
>>>>>> Usually that means you need to do a Re-Export, Consolidate, Import of
>>>>>> the certificates.****
>>>>>>
>>>>>> ** **
>>>>>>
>>>>>> Brian Meade****
>>>>>>
>>>>>> ** **
>>>>>>
>>>>>> *From:* cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] *On
>>>>>> Behalf Of *Erick Wellnitz
>>>>>> *Sent:* Thursday, October 03, 2013 5:01 PM
>>>>>> *To:* Jason Aarons (AM)
>>>>>> *Cc:* cisco-voip
>>>>>> *Subject:* Re: [cisco-voip] 'interesting' EMCC behavior****
>>>>>>
>>>>>> ** **
>>>>>>
>>>>>> That's the odd thing.  All of the traces look like it is successful
>>>>>> but the phone (7965) resets, logs the user out and displays a message that
>>>>>> extension mobility is not available without an error code.  I get similar
>>>>>> behavior on the 8945 but without the message.****
>>>>>>
>>>>>>  ****
>>>>>>
>>>>>> I've gon through the EMCC guide a number of times and nothing sticks
>>>>>> out as obvious.****
>>>>>>
>>>>>> ** **
>>>>>>
>>>>>> On Thu, Oct 3, 2013 at 3:41 PM, Jason Aarons (AM) <
>>>>>> jason.aarons at dimensiondata.com> wrote:****
>>>>>>
>>>>>> I was using 8.6 the first time I setup EMCC to another 8.6 box.****
>>>>>>
>>>>>>  ****
>>>>>>
>>>>>> *From:* cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] *On
>>>>>> Behalf Of *Anthony Holloway
>>>>>> *Sent:* Thursday, October 03, 2013 3:39 PM
>>>>>> *To:* Erick Wellnitz
>>>>>> *Cc:* cisco-voip
>>>>>> *Subject:* Re: [cisco-voip] 'interesting' EMCC behavior****
>>>>>>
>>>>>>  ****
>>>>>>
>>>>>>  ****
>>>>>>
>>>>>> I have one idea.****
>>>>>>
>>>>>> EMCC does not work very well in 8.5 because you cannot "home" a user
>>>>>> to a cluster.  Therefore, if your LDAP integrations are the same for each
>>>>>> cluster, it would be impossible to know which cluster the user is homed
>>>>>> to.  9.1 on the other hand has this feature on the end user page, and thus
>>>>>> overcomes this limitation.****
>>>>>>
>>>>>>  ****
>>>>>>
>>>>>> On Thu, Oct 3, 2013 at 1:50 PM, Erick Wellnitz <
>>>>>> ewellnitzvoip at gmail.com> wrote:****
>>>>>>
>>>>>>  I have a strange situation.****
>>>>>>
>>>>>>  ****
>>>>>>
>>>>>> 3 Clusters. 2 on 9.1 and the other on 8.5  EMCC works except with
>>>>>> users configured on the 8.5 cluster.  The profile logs in then immediately
>>>>>> logs out without an error message.****
>>>>>>
>>>>>>  ****
>>>>>>
>>>>>> Any ideas would be greatly appreciated!****
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> cisco-voip mailing list
>>>>>> cisco-voip at puck.nether.net
>>>>>> https://puck.nether.net/mailman/listinfo/cisco-voip****
>>>>>>
>>>>>>   ****
>>>>>>
>>>>>>
>>>>>>
>>>>>> itevomcid ****
>>>>>>
>>>>>> ** **
>>>>>>
>>>>>
>>>>>  _______________________________________________
>>>>> cisco-voip mailing list
>>>>> cisco-voip at puck.nether.net
>>>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>>>>
>>>>>
>>>>
>>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20131008/3a154a82/attachment.html>

More information about the cisco-voip mailing list