[cisco-voip] VCS Expressway upgrade, 8.7 to 12.5

Pawlowski, Adam ajp26 at buffalo.edu
Fri Nov 15 13:44:24 EST 2019


We’re at 12.5.3 and probably moving to 12.5.5/12.5.6 somewhere in the Holiday timeframe when everything quiets down a bit.

There hasn’t been really any significant issue upgrading from 8 -> 12, but there have been a couple of bugs that largely are all resolved by deleting and rebuilding whatever the thing is that is misbehaving.

The requirement for the _cup_login and _cisco-uds SRVs went away though it still endlessly logs a warning about not finding them, but it will work.

You do also gain the ability to play with the openssl cipher strings but in my limited experience trying to change those to bump them up a notch, it ends up breaking XMPP or something.

Adam

From: cisco-voip <cisco-voip-bounces at puck.nether.net> On Behalf Of Jonathan Charles
Sent: Friday, November 15, 2019 11:59 AM
To: Ryan Huff <ryanhuff at outlook.com>
Cc: cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] VCS Expressway upgrade, 8.7 to 12.5

Thanks, the latest is 12.5.6, released last week, I am avoiding it like the plague...and the bug fix doesn't apply to us.

I am going with 12.5.5 (released in August).

I already have release keys (Cisco AM sent them over)...

Hybrid services are on a separate VCS-C that is already 12.5.

My plan is to get new certs if we have any issues


Thanks!


Jonathan

On Fri, Nov 15, 2019 at 10:46 AM Ryan Huff <ryanhuff at outlook.com<mailto:ryanhuff at outlook.com>> wrote:
A couple of thoughts for you...


  *   Get the software release key for 12.x now (you'll be asked to enter it during the upgrade in the GUI). You'll need to work with TAC > GLO for this if (and I assume this would be your case) the existing 8.7 serial is active in Cisco's licensing system. The caveat to trying to do this with Cisco's self-service license re-host tool is that while the 8.7 serial is active, it won't allow you to assign the new 12.x software release PAK to the serial because the serial is already assigned to another software release key.

     *   Take a backup first, your only roll back option is to re-install 8.7 and restore the backup.

  *   Your VMware Hypervisor needs to be 6.0/5/7.

  *   If you have Hybrid Services configured, make sure the management connector is up to date first.

  *   SSL Certificate validation changed a bit in 8.8+

     *   Verify proper forward / reverse DNS for all the relevant touch points
     *   Make sure the Expressway certificate trust is up-to-date with all the current CUCM,CUC,IMP identity certificates (self-signed) or CA certificates (public CA signed certificates).
     *   no duplicate certificates in the Expressway trusts
Beyond that, just pay attention to the caveats list in the upgrade doc for your version of 12.5.x (12.5.4 is the latest I think).

Thanks,

Ryan

________________________________
From: cisco-voip <cisco-voip-bounces at puck.nether.net<mailto:cisco-voip-bounces at puck.nether.net>> on behalf of Jonathan Charles <jonvoip at gmail.com<mailto:jonvoip at gmail.com>>
Sent: Friday, November 15, 2019 10:57 AM
To: cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net> <cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>>
Subject: [cisco-voip] VCS Expressway upgrade, 8.7 to 12.5

Can we just upgrade directly or do we need to go to an intermediary version first?

Also, any gotchas besides new certificates?


Jonathan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20191115/89fbc6d2/attachment.htm>


More information about the cisco-voip mailing list