[cisco-voip] Odd phone Firmware upgrade issue - 8811 at firmware 10.3.1-20 won't upgrade on CUCM 12.0 but will on 10.5
Ryan Ratliff (rratliff)
rratliff at cisco.com
Wed Jan 9 09:55:05 EST 2019
My current working theory is that CUCM 12 seems to use an EC certificate on the HTTPS service that newer phones use to download firmware (https://<cucm>:6972<https://%3ccucm%3e:6972>) , and the old firmware doesn’t support it. But if this was true, why didn’t the 8811 phone fall back to plain-old TFTP over UDP 69.
You are correct that TFTP uses an HTTPS cert on that port, but Jabber is the only client that uses 6972 (it’s based on the Tomcat cert as well). Endpoints will use TCP 6970 and until UCM 12.5 won’t do any HTTPS for TFTP.
The biggest difference I can think of between TFTP signed files on 12.0 and 10.5 is that the key signing files on 12.0 is going be the SHA2 private key that goes with the ITLRecovery cert. On 10.5 it’s likely still a SHA1 key for the CallManager.pem cert.
Can you provide the specific error you saw regarding the default config file?
- Ryan Ratliff
On Jan 8, 2019, at 11:53 PM, Dana Tong <dana.tong at yellit.com.au<mailto:dana.tong at yellit.com.au>> wrote:
You said you were able to get them upgraded on a 10.5x cluster and then connected them to the 12.x cluster? Did you delete the ITL file when trying to update on the 12.x cluster? Or have I misinterpreted the steps you tried here.
Regards,
Dana
From: cisco-voip <cisco-voip-bounces at puck.nether.net<mailto:cisco-voip-bounces at puck.nether.net>> On Behalf Of Brian V
Sent: Wednesday, 9 January 2019 12:23 PM
To: cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
Subject: [cisco-voip] Odd phone Firmware upgrade issue - 8811 at firmware 10.3.1-20 won't upgrade on CUCM 12.0 but will on 10.5
Odd phone Firmware upgrade issue - 8811 at firmware 10.3.1-20 won't upgrade on CUCM 12.0 but will on 10.5
8811 shipped with 10.3.1.-20 firmware, CUCM 12 and CUCM 10.5 both have default load for 8811 phones set to 12-1-1SR1-4.
Customer acquired some new 8811 phones with super old firmware. Unboxed them and attached to the network where other IP phones (8851,8861) are up and registered to CUCM 12.0.1.22900-11. The 8811 would not upgrade code. It had an error in the phone log about the default xml config file. Tried resetting security settings, full factory reset, etc.. Nothing worked. I was suspecting the old "2-hop upgrade" might be needed, but that didn’t work either.
I then erased the phone again and connected it to a CUCM 10.5.2 SU2 system with the latest device pack. The default phone load on this CUCM 10.5 was the same as CUCM 12.0 and the 8811 phone was still at firmware 10.3.1-20. The phone upgraded code no problem.
Once the phone was on firmware 12.1.1SR1-4, it registered fine to CUCM 12.0.
My current working theory is that CUCM 12 seems to use an EC certificate on the HTTPS service that newer phones use to download firmware (https://<cucm>:6972<https://%3ccucm%3e:6972>) , and the old firmware doesn’t support it. But if this was true, why didn’t the 8811 phone fall back to plain-old TFTP over UDP 69.
I have a TAC case open, but not making much headway yet.
The big issue is that I have 100's more of these 8811 phones in boxes and having to unbox each of them and temporally connecting to a CUCM 10.5 to get firmware upgraded is not a task I'm looking forward to.
Recap:
8811 phone at firmware 10.3.1-20 firmware will directly upgrade to firmware 12-1-1SR1-4. on CUCM 10.5 but won't do the exact same thing on CUCM 12.0-SU2
Any thoughts on this issue ?
Brian Van Benschoten
Presidio
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190109/a6110749/attachment.html>
More information about the cisco-voip
mailing list