[cisco-voip] CTL cert - migration to diff cluster
Brian Meade
bmeade90 at vt.edu
Wed Jan 25 01:22:52 EST 2017
You have to update TFTP on the DHCP scopes so it doesn't reach back out for
the CTL. You can also manually delete the CTL on the old cluster and
restart TFTP so it doesn't have it to redownload.
I wouldn't worry too much about the CTL though. I would disable rollback
so the phones get the ITL again then import the certs from the new cluster
to the old cluster using the process described here-
https://supportforums.cisco.com/document/60716/migrating-ip-phones-between-clusters-cucm-8-and-itl-files#Bulk_Certificate_Export
With that process, the phones will authenticate the new cluster by using
the ITL/TVS on the old cluster. Once they are on the new cluster, delete
the CTLs again and they won't get them back again.
This is assuming the clusters were built with different IPs.
On Wed, Jan 25, 2017 at 12:54 AM, Pavan K <pav.ccie at gmail.com> wrote:
> Folks,
> Could use some help with a migration issue..
>
> Ucm 8.6 encrypted with tokens that are no longer available.
> Have about 2k 7945 phones with CTL and ITL installed.
>
> Trying to migrate these phones to a diff nonsecure cluster running ucm 10.
>
> I was able to get the ITL file erased using the rollback enterprise
> parameter.
>
> Every time I delete the CTL file, phone reboots and downloads it again.
> Phone security profile has been updated to non secure and there is no LSC
> on the phones.
>
> Need the CTL file off the phone long enough to switch vlans.
>
> What are my options ?
>
>
>
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20170125/1159da77/attachment.html>
More information about the cisco-voip
mailing list