[cisco-voip] Bug with mult-server certificate and phones reset every 7 min?
Brian Meade
bmeade90 at vt.edu
Thu Oct 9 14:47:36 EDT 2014
I could see that happening. I'm wondering what about the certificate that
Certificate Change Notification service thinks it's different.
This also means that no one ever actually tested this feature at all on a
live cluster with phones as part of the testing process.
On Thu, Oct 9, 2014 at 2:41 PM, Matthew Loraditch <
MLoraditch at heliontechnologies.com> wrote:
> Yes this is the bug, it is super fun… Migrated to a customer to 10.5 and
> updated the certs.. spent a day finding out this was the bug.. I am eagerly
> awaiting SU1.
>
> Something to do with the sever being on multiple servers it continuously
> sends the cert to the other servers which causes the change notification.
>
>
>
> Matthew G. Loraditch – CCNP-Voice, CCNA-R&S, CCDA
>
> 1965 Greenspring Drive
> Timonium, MD 21093
>
> direct voice. 443.541.1518
> fax. 410.252.9284
>
> Twitter <http://twitter.com/heliontech> | Facebook
> <http://www.facebook.com/#!/pages/Helion/252157915296> | Website
> <http://www.heliontechnologies.com/> | Email Support
> <support at heliontechnologies.com?subject=Technical%20Support%20Request>
>
> Support Phone. 410.252.8830
>
>
>
>
>
> *From:* cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] *On Behalf
> Of *Brian Meade
> *Sent:* Thursday, October 09, 2014 2:32 PM
> *To:* Jason Aarons (AM)
> *Cc:* cisco-voip (cisco-voip at puck.nether.net)
> *Subject:* Re: [cisco-voip] Bug with mult-server certificate and phones
> reset every 7 min?
>
>
>
> That's what it looks like. Starting in CUCM version 8.6, we started
> resetting all registered phones on the cluster whenever a certificate used
> in the ITL changed. This was to prevent the ITL from changing too much at
> once before the phones go the update such as regenerating CallManager.pem
> and TVS.pem at the same time which will force you to have to delete the ITL
> on all phones unless the phones got the updated ITL after the first
> certificate was regenerated.
>
>
>
> It sounds like this bug is due to that behavior but I'm not sure why it
> repeats every 7 minutes. I would expect it to only happen the single time
> when the certificate database is updated.
>
>
>
> On Thu, Oct 9, 2014 at 1:52 PM, Jason Aarons (AM) <
> jason.aarons at dimensiondata.com> wrote:
>
> https://tools.cisco.com/bugsearch/bug/CSCup28852
>
>
>
> The way I read this (it’s not in a fixed version of CallManager yet) is
> that after you Upload Certificate a multi-server certificate you have to
> stop the Cisco Certificate Change Notification (CCMServe > Tools > network
> Services > Cisoc Certificate Change Notification.
>
>
>
> If you don’t do this then the phones will reset every 7 minutes? Am I
> right in reading the bug?
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20141009/e4aa5bbf/attachment.html>
More information about the cisco-voip
mailing list