[cisco-voip] CUC voicemail certificate issue and UCCX
Anthony Holloway
avholloway+cisco-voip at gmail.com
Sat Feb 17 10:05:13 EST 2018
Right, ok so a few things here.
First up, the notification says "Certificate name:<unityconn02hostname>.der
Unit:tomcat-trust" and I don't see that cert in your tomcat-trust on 01.
So, I'm not too certain what it's actually complaining about. Could be a
red herring.
Next, I think you should fix your NTP since the utils diagnose command
complained about it. Can you issue the command utils ntp status, and share
that?
Also, you shouldn't use Windows servers as NTP servers. It is possible to
do it right, but it's not supported by Cisco.
"Using Windows Time Services as an NTP server is not recommended or
supported because Windows Time Services often use Simple Network Time
Protocol (SNTP), and Linux-based Unified CM cannot successfully synchronize
with SNTP."
Source: CUCM 10.5 SRND
<https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/srnd/collab10/collab10/netstruc.html#pgfId-1185637>
Then, usually when I see DNS unreachable, but they're pingable/resolving
for me (e.g., utils network host), that typically means you have more than
one PTR record entered for your server. Double check that you have no
duplicate A or PTR records in DNS.
That's about all I've got for you at the moment. Good luck.
On Sat, Feb 17, 2018 at 6:34 AM naresh rathore <nareh84 at hotmail.com> wrote:
> anyone??
>
> *From:* naresh rathore <nareh84 at hotmail.com>
> *Sent:* Friday, February 16, 2018 3:01 PM
> *To:* Anthony Holloway
>
> *Cc:* cisco-voip at puck.nether.net
> *Subject:* Re: [cisco-voip] CUC voicemail certificate issue and UCCX
>
> hi Anthony,
>
>
>
> thanks for the reply.
>
>
>
> 1. for unity connection 01, i have to browse couple if times. most of
> the times i get This site can’t be reached for unityconnection02,
> thats not the case.
>
>
>
> 2. I see WARNING: DNS unreachable message on gui. but i am able to ping
> both DNS servers and also i am able to ping using hostnames.
>
>
> 3.
> admin:utils diagnose test
>
> Log file: platform/log/diag5.log
>
> Starting diagnostic test(s)
> ===========================
> test - disk_space : Passed (available: 18327 MB, used: 10261 MB)
> skip - disk_files : This module must be run directly and off hours
> test - service_manager : Passed
> test - tomcat : Passed
> test - tomcat_deadlocks : Passed
> test - tomcat_keystore : Passed
> test - tomcat_connectors : Passed
> test - tomcat_threads : Passed
> test - tomcat_memory : Passed
> test - tomcat_sessions : Passed
> skip - tomcat_heapdump : This module must be run directly and off hours
> test - validate_network : Passed
> test - raid : Passed
> test - system_info : Passed (Collected system information in
> diagnostic log)
> test - ntp_reachability : Passed
> test - ntp_clock_drift : Passed
> test - ntp_stratum : Failed
> The reference NTP server is a stratum 5 clock.
> NTP servers with stratum 5 or worse clocks are deemed unreliable.
> Please consider using an NTP server with better stratum level.
>
> Please use OS Admin GUI to add/delete NTP servers.
>
> skip - sdl_fragmentation : This module must be run directly and off hours
> skip - sdi_fragmentation : This module must be run directly and off hours
>
> Diagnostics Completed
>
>
> 4. find the attached images of ucservice page, certificate list page and
> tomcat certificate of both unityconnection01 and 02.
>
>
> Regards
>
> Naresh
> ------------------------------
> *From:* Anthony Holloway <avholloway+cisco-voip at gmail.com>
> *Sent:* Friday, February 16, 2018 12:03 PM
> *To:* naresh rathore
> *Cc:* cisco-voip at puck.nether.net
> *Subject:* Re: [cisco-voip] CUC voicemail certificate issue and UCCX
>
> Can you paste a screenshot of your CUC 01 and 02 Tomcat certs?
>
> I agree with you that a cert issue would prevent Jabber from connecting to
> VoiceMail. Also, do you have your UC Service in CUCM for CUC defined as
> FQDN with HTTPS? Screenshot?
>
> On Thu, Feb 15, 2018 at 11:29 PM naresh rathore <nareh84 at hotmail.com>
> wrote:
>
> hi,
>
>
>
> I think because of this issue, when i connect Jabber within my office,
> show connection status on Jabber shows voicemail as "not connected. waiting
> To retry".
>
>
> Regards
>
> ------------------------------
> *From:* cisco-voip <cisco-voip-bounces at puck.nether.net> on behalf of
> naresh rathore <nareh84 at hotmail.com>
> *Sent:* Friday, February 16, 2018 9:31 AM
> *To:* cisco-voip at puck.nether.net
> *Subject:* [cisco-voip] CUC voicemail certificate issue and UCCX
>
>
> hi,
>
>
>
> i am currently facing following issue.
>
>
>
>
> 1. when i connected jabber internally. show connection showed
> voicemail status as not connected. i logged into unity connection via ssh
> and saw following messageadmin:Feb 16 13:00:00
> <unityconn01hostname> local99 0 : 832: <unityconn01hostname>: Feb 16
> 2018 02:00:00 AM.248 UTC : %UC_CERT-0-CertExpired: %[Message=Certificate
> expiration Notification. Certificate name:<unityconn02hostname>.der
> Unit:tomcat-trust Type:own-cert Expiration:Sun Dec][AppID=Cisco Certificate
> Monitor][ClusterID=][NodeID=<unityconn01name>]: Certificate has
> Expired and needs to be changed at the earliest
>
>
> when i logged into OS of both unity connection 01 and 02. In certificate
> management, couldnt find any certificate which expired today.
>
>
> is there any other location where we can check expired certificate? what
> should be done to resolve this issue.
>
>
>
> Regards
>
>
> Naresh Rathore
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20180217/bbb6f498/attachment.html>
More information about the cisco-voip
mailing list