[cisco-voip] Enable DNS

Ryan Ratliff (rratliff) rratliff at cisco.com
Wed Nov 12 16:56:23 EST 2014


More specifically if the phones have the ITLRecovery key on them (look at the phone's web page on newer firmware) then yes it'll work.  Once generated the ITLRecovery shouldn't ever be regenerated and DRS will back it up.

-Ryan

On Nov 11, 2014, at 12:06 PM, Brian Meade <bmeade90 at vt.edu<mailto:bmeade90 at vt.edu>> wrote:

Right.  But download a backup of the key before doing anything.  Usually the phones will all register fine after an ITL issue.  You'll usually just see new config updates not trusted.  This can be a really big deal if you use Extension Mobility though and the phone configs are changing all the time as people sign in/out.

On Tue, Nov 11, 2014 at 11:58 AM, Heim, Dennis <Dennis.Heim at wwt.com<mailto:Dennis.Heim at wwt.com>> wrote:
With the recovery key thing, will that process work after you have screwed yourself and the phones won’t register?

Dennis Heim | Collaboration Solutions Architect
World Wide Technology, Inc. | +1 314-212-1814<tel:%2B1%20314-212-1814>
<image001.png><https://twitter.com/CollabSensei>
<image002.png><image003.png><tel:+13142121814><image004.png>


From: bmeade90 at gmail.com<mailto:bmeade90 at gmail.com> [mailto:bmeade90 at gmail.com<mailto:bmeade90 at gmail.com>] On Behalf Of Brian Meade
Sent: Tuesday, November 11, 2014 11:49 AM

To: Heim, Dennis
Cc: cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
Subject: Re: [cisco-voip] Enable DNS


Since you're on 10.5, you can also take a backup of the ITL recovery key that you can use to recover with if anything goes wrong:
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/rel_notes/10_0_1/delta/CUCM_BK_C206A718_00_cucm-new-and-changed-1001/CUCM_BK_C206A718_00_cucm-new-and-changed-1001_chapter_010.html#CUCM_RF_S1EF9820_00

Make sure all the devices are using a CM Group with both servers in it so they have a 2nd TVS server they can use and just do one server at a time making sure the phones get the updated ITLs before doing the next server.

You could be really safe and set "Prepare Cluster for Rollback to 8.x" to "True", make your DNS changes, then change it back to "False".

Brian

On Tue, Nov 11, 2014 at 11:21 AM, Heim, Dennis <Dennis.Heim at wwt.com<mailto:Dennis.Heim at wwt.com>> wrote:
I meant ITL’s. We are in non-secure mode, so ITL’s only. This is 10.5SU1.

Dennis Heim | Collaboration Solutions Architect
World Wide Technology, Inc. | +1 314-212-1814<tel:%2B1%20314-212-1814>
<image001.png><https://twitter.com/CollabSensei>
<image002.png><image003.png><tel:+13142121814><image004.png>


From: bmeade90 at gmail.com<mailto:bmeade90 at gmail.com> [mailto:bmeade90 at gmail.com<mailto:bmeade90 at gmail.com>] On Behalf Of Brian Meade
Sent: Tuesday, November 11, 2014 11:08 AM
To: Heim, Dennis
Cc: cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
Subject: Re: [cisco-voip] Enable DNS

What CUCM version?  Also you mention CTLs so is this a mixed-mode cluster?

On Tue, Nov 11, 2014 at 10:39 AM, Heim, Dennis <Dennis.Heim at wwt.com<mailto:Dennis.Heim at wwt.com>> wrote:
I have a 2 node cluster that currently has DNS disabled. My intention is to configure and enable DNS. I know this will regenerate all the certificates at once. My understanding is that as long as I do not do both nodes at the same time and all the endpoints register with the other server all will be well. However, any endpoints that are offline will require their CTL’s to be cleared.

Has anyone seen anything different?

Dennis Heim | Collaboration Solutions Architect
World Wide Technology, Inc. | +1 314-212-1814<tel:%2B1%20314-212-1814>
<image001.png><https://twitter.com/CollabSensei>
<image002.png><image003.png><tel:+13142121814><image004.png>



_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip



_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20141112/64a435d8/attachment.html>


More information about the cisco-voip mailing list