[cisco-voip] 'interesting' EMCC behavior

Erick Wellnitz ewellnitzvoip at gmail.com
Tue Oct 8 16:27:11 EDT 2013


No, as soon as I get the 404 not found response in regards to the .sgn
config file the logout is initiated.


On Tue, Oct 8, 2013 at 3:16 PM, Brian Meade (brmeade) <brmeade at cisco.com>wrote:

>  Erick,****
>
> ** **
>
> Does the user ever show up in the Remotely Logged-In Device Report on the
> home cluster?****
>
> ** **
>
> Brian Meade****
>
> ** **
>
> *From:* Erick Wellnitz [mailto:ewellnitzvoip at gmail.com]
> *Sent:* Tuesday, October 08, 2013 4:03 PM
> *To:* Ryan Ratliff (rratliff)
> *Cc:* Brian Meade (brmeade); cisco-voip
> *Subject:* Re: [cisco-voip] 'interesting' EMCC behavior****
>
> ** **
>
> I may have found something but I'm not sure.****
>
>  ****
>
> In the packet capture, I see that the request
> for SEPXXXXXXXXXXXX.cnf.xml.sgn is sent to the user's cluster but is not
> found.  At that point the logout is initiated.****
>
> ** **
>
> On Mon, Oct 7, 2013 at 10:51 AM, Erick Wellnitz <ewellnitzvoip at gmail.com>
> wrote:****
>
> And this:****
>
>  ****
>
> 7730: WRN 09:00:37.155813 SECD: WARN:getTLInfoFromFile: ** phone has no TL
> file /flash0/sec/ctl//CTLFile.tlv****
>
> ** **
>
> On Mon, Oct 7, 2013 at 10:48 AM, Erick Wellnitz <ewellnitzvoip at gmail.com>
> wrote:****
>
> The only 'abnormal' thing I see is this:****
>
>  ****
>
> 7739: WRN 09:00:37.178303 SECD: WARN:getTLInfoFromFile: TL signer's issuer
> name too big, may truncate****
>
> ** **
>
> On Fri, Oct 4, 2013 at 6:26 PM, Ryan Ratliff (rratliff) <
> rratliff at cisco.com> wrote:****
>
> I it's easier get the console logs there will likely be something there to
> go off.
>
> Sent from my iPhone****
>
>
> On Oct 4, 2013, at 5:10 PM, "Erick Wellnitz" <ewellnitzvoip at gmail.com>
> wrote:****
>
>   The profile logs in, phone resets, profile gets logged out, phone
> resets and displays 'extension mobility unavailable.****
>
>  ****
>
> We believe it is somehow related to DNS because when we register a phone
> to one of the 9.1 clusters in the other location login works as expected.
> I haven't had a chance to do a packet capture yet.****
>
> ** **
>
> On Fri, Oct 4, 2013 at 4:00 PM, Ryan Ratliff (rratliff) <
> rratliff at cisco.com> wrote:****
>
> By the way what's the error code that the phone displays?  EM has been
> better than most about having useful errors, even if they are subject to
> the secret decoder ring. ****
>
> ** **
>
> -Ryan ****
>
> ** **
>
> On Oct 4, 2013, at 4:10 PM, Erick Wellnitz <ewellnitzvoip at gmail.com>
> wrote:****
>
> ** **
>
> Yes, it is also the primary tftp server.****
>
> ** **
>
> On Fri, Oct 4, 2013 at 12:57 PM, Ryan Ratliff (rratliff) <
> rratliff at cisco.com> wrote:****
>
> System->Server values don't impact certificates.  They will impact what
> the phone gets in config files so if you aren't using DNS this will be an
> issue.  Is that pub also the TFTP server that is going to show up in the
> mini-config? ****
>
> ** **
>
> -Ryan ****
>
> ** **
>
> On Oct 4, 2013, at 1:13 PM, Erick Wellnitz <ewellnitzvoip at gmail.com>
> wrote:****
>
> ** **
>
> I always forget about doing a packet capture on the phone.****
>
>  ****
>
> I'm thinking it is cert related because on this one cluster the Publisher
> is set up under servers using it's hostname instead of IP while all the
> others are using IP. ****
>
>  ****
>
> We're going to change this once we get approval then re-export,
> consolidate and import.****
>
> ** **
>
> On Thu, Oct 3, 2013 at 4:49 PM, Brian Meade (brmeade) <brmeade at cisco.com>
> wrote:****
>
> Erick,****
>
>  ****
>
> Can you grab a packet capture from the phone trying to log in?  The packet
> captures seem to show the EMCC issues very clearly.  You should see after
> the login, the phone will download its mini-config with the new TFTP server
> info.  You’ll then see it try to download its ITL from the other cluster.
> If you don’t see the phone request anything after that, most likely it
> didn’t trust the signer of the ITL and it will show the “Extension Mobility
> is unavailable” error message.****
>
>  ****
>
> Usually that means you need to do a Re-Export, Consolidate, Import of the
> certificates.****
>
>  ****
>
> Brian Meade****
>
>  ****
>
> *From:* cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] *On Behalf
> Of *Erick Wellnitz
> *Sent:* Thursday, October 03, 2013 5:01 PM
> *To:* Jason Aarons (AM)
> *Cc:* cisco-voip
> *Subject:* Re: [cisco-voip] 'interesting' EMCC behavior****
>
>  ****
>
> That's the odd thing.  All of the traces look like it is successful but
> the phone (7965) resets, logs the user out and displays a message that
> extension mobility is not available without an error code.  I get similar
> behavior on the 8945 but without the message.****
>
>  ****
>
> I've gon through the EMCC guide a number of times and nothing sticks out
> as obvious.****
>
>  ****
>
> On Thu, Oct 3, 2013 at 3:41 PM, Jason Aarons (AM) <
> jason.aarons at dimensiondata.com> wrote:****
>
> I was using 8.6 the first time I setup EMCC to another 8.6 box.****
>
>  ****
>
> *From:* cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] *On Behalf
> Of *Anthony Holloway
> *Sent:* Thursday, October 03, 2013 3:39 PM
> *To:* Erick Wellnitz
> *Cc:* cisco-voip
> *Subject:* Re: [cisco-voip] 'interesting' EMCC behavior****
>
>  ****
>
>  ****
>
> I have one idea.****
>
> EMCC does not work very well in 8.5 because you cannot "home" a user to a
> cluster.  Therefore, if your LDAP integrations are the same for each
> cluster, it would be impossible to know which cluster the user is homed
> to.  9.1 on the other hand has this feature on the end user page, and thus
> overcomes this limitation.****
>
>  ****
>
> On Thu, Oct 3, 2013 at 1:50 PM, Erick Wellnitz <ewellnitzvoip at gmail.com>
> wrote:****
>
>  I have a strange situation.****
>
>  ****
>
> 3 Clusters. 2 on 9.1 and the other on 8.5  EMCC works except with users
> configured on the 8.5 cluster.  The profile logs in then immediately logs
> out without an error message.****
>
>  ****
>
> Any ideas would be greatly appreciated!****
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip****
>
>   ****
>
>
>
> itevomcid ****
>
>  ****
>
> ** **
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip****
>
> ** **
>
> ** **
>
> ** **
>
> ** **
>
>  ** **
>
> ** **
>
> ** **
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20131008/4e2afa7f/attachment.html>


More information about the cisco-voip mailing list