[cisco-voip] Odd phone Firmware upgrade issue - 8811 at firmware 10.3.1-20 won't upgrade on CUCM 12.0 but will on 10.5

Brian V bvanbens at gmail.com
Wed Jan 9 18:05:40 EST 2019 

The only log i can share a a photo of the phone.  Since it's fresh out of
the box it doesn't seem to enable the web interface until it can perform an
initial connection to a CUCM.  Photo below of out of box phone connected to
CUCM 12.0 SU2.  Repeat the procedure with a CUCM 10.5.2 and it upgrades
code just fine.
[image: image.png]

On Wed, Jan 9, 2019 at 8:55 AM Ryan Ratliff (rratliff) <rratliff at cisco.com>
wrote:

> My current working theory is that CUCM 12 seems to use an EC certificate
> on the HTTPS service that newer phones use to download firmware (
> https://<cucm>:6972) , and the old firmware doesn’t support it.  But if
> this was true, why didn’t the 8811 phone fall back to plain-old TFTP over
> UDP 69.
>
>
> You are correct that TFTP uses an HTTPS cert on that port, but Jabber is
> the only client that uses 6972 (it’s based on the Tomcat cert as well).
> Endpoints will use TCP 6970 and until UCM 12.5 won’t do any HTTPS for TFTP.
>
> The biggest difference I can think of between TFTP signed files on 12.0
> and 10.5 is that the key signing files on 12.0 is going be the SHA2 private
> key that goes with the ITLRecovery cert. On 10.5 it’s likely still a SHA1
> key for the CallManager.pem cert.
>
> Can you provide the specific error you saw regarding the default config
> file?
>
>  - Ryan Ratliff
>
> On Jan 8, 2019, at 11:53 PM, Dana Tong <dana.tong at yellit.com.au> wrote:
>
> You said you were able to get them upgraded on a 10.5x cluster and then
> connected them to the 12.x cluster? Did you delete the ITL file when trying
> to update on the 12.x cluster? Or have I misinterpreted the steps you tried
> here.
>
> Regards,
> Dana
>
>
> *From:* cisco-voip <cisco-voip-bounces at puck.nether.net> *On Behalf Of *Brian
> V
> *Sent:* Wednesday, 9 January 2019 12:23 PM
> *To:* cisco-voip at puck.nether.net
> *Subject:* [cisco-voip] Odd phone Firmware upgrade issue - 8811 at
> firmware 10.3.1-20 won't upgrade on CUCM 12.0 but will on 10.5
>
> Odd phone Firmware upgrade issue - 8811 at firmware 10.3.1-20 won't
> upgrade on CUCM 12.0 but will on 10.5
>
> 8811 shipped with 10.3.1.-20 firmware, CUCM 12 and CUCM 10.5 both have
> default load for 8811 phones set to 12-1-1SR1-4.
>
> Customer acquired some new 8811 phones with super old firmware. Unboxed
> them and attached to the network where other IP phones (8851,8861) are up
> and registered to CUCM 12.0.1.22900-11.  The 8811 would not upgrade code.
> It had an error in the phone log about the default xml config file.  Tried
> resetting security settings, full factory reset, etc..  Nothing worked.  I
> was suspecting the old "2-hop upgrade" might be needed, but that didn’t
> work either.
>
> I then erased the phone again and connected it to a CUCM 10.5.2 SU2 system
> with the latest device pack.  The default phone load on this CUCM 10.5 was
> the same as CUCM 12.0 and the 8811 phone was still at firmware 10.3.1-20.
> The phone upgraded code no problem.
>
> Once the phone was on firmware 12.1.1SR1-4, it registered fine to CUCM
> 12.0.
>
> My current working theory is that CUCM 12 seems to use an EC certificate
> on the HTTPS service that newer phones use to download firmware (
> https://<cucm>:6972) , and the old firmware doesn’t support it.  But if
> this was true, why didn’t the 8811 phone fall back to plain-old TFTP over
> UDP 69.
>
> I have a TAC case open, but not making much headway yet.
>
> The big issue is that I have 100's more of these 8811 phones in boxes and
> having to unbox each of them and temporally connecting to a CUCM 10.5 to
> get firmware upgraded is not a task I'm looking forward to.
>
> Recap:
> 8811 phone at firmware 10.3.1-20 firmware will directly upgrade to
> firmware 12-1-1SR1-4. on CUCM 10.5 but won't do the exact same thing on
> CUCM 12.0-SU2
>
> Any thoughts on this issue ?
>
> Brian Van Benschoten
> Presidio
>
>
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190109/227de255/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 4589582 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190109/227de255/attachment-0001.png>

More information about the cisco-voip mailing list