[cisco-voip] VCS Expressway upgrade, 8.7 to 12.5

Jonathan Charles jonvoip at gmail.com
Sun Nov 17 18:54:18 EST 2019 

I re-uploaded the root and intermediate CA certificate... still get the
same error...

I also tried adding a new AXL user... same error...


Jonathan

On Sun, Nov 17, 2019 at 5:48 PM Ryan Huff <ryanhuff at outlook.com> wrote:

> Likely certificate / trust issues..
>
> Sent from my iPhone
>
> On Nov 17, 2019, at 18:36, Jonathan Charles <jonvoip at gmail.com> wrote:
>
> 
> Yep, we are running into clustering issues...
>
> Getting *Inactive: (Remote host is reachable but connection is not
> established. Either refresh this page, or check the credentials.)*
>
> For IMP connection, so MRA is down...
>
> Still looking for a fix...
>
>
> Jonathan
>
> On Fri, Nov 15, 2019 at 7:17 PM Erick Bergquist <erickbee at gmail.com>
> wrote:
>
>> I’ve done 2 8.11.x to 12.5.5 fine (clustered setup, 4). There is a bug
>> with clustering to watch out for but I did not encounter it. The 12.5 Cisco
>> download page has a note and link about this.
>>
>> Currently working on jabberd process high memory consumption issue on one
>> node that has been present since 8.11.x which 12.5 had memory leak fix for
>> but still an issue. Slow memory increase over time just on one of the edge
>> nodes.
>>
>> Going to look over 12.5.6 release notes now....
>>
>> Erick
>>
>>
>>
>> On Fri, Nov 15, 2019 at 3:28 PM Matt Jacobson <m4ttjacobson at gmail.com>
>> wrote:
>>
>>> If that is the case, then I would double check that it is supported. In
>>> the release notes there is a chart for supported platforms based on
>>> serial numbers. If it is a legacy Tandberg box, then I suspect 12.x may not
>>> work out for you.
>>>
>>> On Fri, Nov 15, 2019 at 14:30 Jonathan Charles <jonvoip at gmail.com>
>>> wrote:
>>>
>>>> This is a legacy Tandberg VCS for video only... no MRA, no remote
>>>> phones... just inbound and outbound sip video...
>>>>
>>>>
>>>> Jonathan
>>>>
>>>> On Fri, Nov 15, 2019 at 12:44 PM Pawlowski, Adam <ajp26 at buffalo.edu>
>>>> wrote:
>>>>
>>>>> We’re at 12.5.3 and probably moving to 12.5.5/12.5.6 somewhere in the
>>>>> Holiday timeframe when everything quiets down a bit.
>>>>>
>>>>>
>>>>>
>>>>> There hasn’t been really any significant issue upgrading from 8 -> 12,
>>>>> but there have been a couple of bugs that largely are all resolved by
>>>>> deleting and rebuilding whatever the thing is that is misbehaving.
>>>>>
>>>>>
>>>>>
>>>>> The requirement for the _*cup*_login and _cisco-uds SRVs went away
>>>>> though it still endlessly logs a warning about not finding them, but it
>>>>> will work.
>>>>>
>>>>>
>>>>>
>>>>> You do also gain the ability to play with the openssl cipher strings
>>>>> but in my limited experience trying to change those to bump them up a
>>>>> notch, it ends up breaking XMPP or something.
>>>>>
>>>>>
>>>>>
>>>>> Adam
>>>>>
>>>>>
>>>>>
>>>>> *From:* cisco-voip <cisco-voip-bounces at puck.nether.net> *On Behalf Of
>>>>> *Jonathan Charles
>>>>> *Sent:* Friday, November 15, 2019 11:59 AM
>>>>> *To:* Ryan Huff <ryanhuff at outlook.com>
>>>>> *Cc:* cisco-voip at puck.nether.net
>>>>> *Subject:* Re: [cisco-voip] VCS Expressway upgrade, 8.7 to 12.5
>>>>>
>>>>>
>>>>>
>>>>> Thanks, the latest is 12.5.6, released last week, I am avoiding it
>>>>> like the plague...and the bug fix doesn't apply to us.
>>>>>
>>>>>
>>>>>
>>>>> I am going with 12.5.5 (released in August).
>>>>>
>>>>>
>>>>>
>>>>> I already have release keys (Cisco AM sent them over)...
>>>>>
>>>>>
>>>>>
>>>>> Hybrid services are on a separate VCS-C that is already 12.5.
>>>>>
>>>>>
>>>>>
>>>>> My plan is to get new certs if we have any issues
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Thanks!
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Jonathan
>>>>>
>>>>>
>>>>>
>>>>> On Fri, Nov 15, 2019 at 10:46 AM Ryan Huff <ryanhuff at outlook.com>
>>>>> wrote:
>>>>>
>>>>> A couple of thoughts for you...
>>>>>
>>>>>
>>>>>
>>>>>    - Get the software release key for 12.x now (you'll be asked to
>>>>>    enter it during the upgrade in the GUI). You'll need to work with TAC > GLO
>>>>>    for this if (and I assume this would be your case) the existing 8.7 serial
>>>>>    is active in Cisco's licensing system. The caveat to trying to do this with
>>>>>    Cisco's self-service license re-host tool is that while the 8.7 serial is
>>>>>    active, it won't allow you to assign the new 12.x software release PAK to
>>>>>    the serial because the serial is already assigned to another software
>>>>>    release key.
>>>>>
>>>>>
>>>>>    - Take a backup first, your only roll back option is to re-install
>>>>>       8.7 and restore the backup.
>>>>>
>>>>>
>>>>>    - Your VMware Hypervisor needs to be 6.0/5/7.
>>>>>
>>>>>
>>>>>    - If you have Hybrid Services configured, make sure the management
>>>>>    connector is up to date first.
>>>>>
>>>>>
>>>>>    - SSL Certificate validation changed a bit in 8.8+
>>>>>
>>>>>
>>>>>    - Verify proper forward / reverse DNS for all the relevant touch
>>>>>       points
>>>>>       - Make sure the Expressway certificate trust is up-to-date with
>>>>>       all the current CUCM,CUC,IMP identity certificates (self-signed) or CA
>>>>>       certificates (public CA signed certificates).
>>>>>       - no duplicate certificates in the Expressway trusts
>>>>>
>>>>> Beyond that, just pay attention to the caveats list in the upgrade doc
>>>>> for your version of 12.5.x (12.5.4 is the latest I think).
>>>>>
>>>>>
>>>>>
>>>>> Thanks,
>>>>>
>>>>>
>>>>>
>>>>> Ryan
>>>>>
>>>>>
>>>>> ------------------------------
>>>>>
>>>>> *From:* cisco-voip <cisco-voip-bounces at puck.nether.net> on behalf of
>>>>> Jonathan Charles <jonvoip at gmail.com>
>>>>> *Sent:* Friday, November 15, 2019 10:57 AM
>>>>> *To:* cisco-voip at puck.nether.net <cisco-voip at puck.nether.net>
>>>>> *Subject:* [cisco-voip] VCS Expressway upgrade, 8.7 to 12.5
>>>>>
>>>>>
>>>>>
>>>>> Can we just upgrade directly or do we need to go to an intermediary
>>>>> version first?
>>>>>
>>>>>
>>>>>
>>>>> Also, any gotchas besides new certificates?
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Jonathan
>>>>>
>>>>> _______________________________________________
>>>> cisco-voip mailing list
>>>> cisco-voip at puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>>> <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data=02%7C01%7C%7C7cabc92fc21049a2d5fb08d76bb6f0ec%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637096305774852260&sdata=C%2FDLDp38mxaaNsvKyGNwHPEl%2FmhDZhVJ%2B6YpGzS%2FB%2Bc%3D&reserved=0>
>>>>
>>> _______________________________________________
>>> cisco-voip mailing list
>>> cisco-voip at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>> <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data=02%7C01%7C%7C7cabc92fc21049a2d5fb08d76bb6f0ec%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637096305774862265&sdata=FzsQBabmjjY1VUEwH0mTgiOGl3qs%2BiyM4Zm1QsR4AEc%3D&reserved=0>
>>>
>> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
>
> https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpuck.nether.net%2Fmailman%2Flistinfo%2Fcisco-voip&data=02%7C01%7C%7C7cabc92fc21049a2d5fb08d76bb6f0ec%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637096305774892286&sdata=cdlrEIKDc1VPe7FQtAdLT%2FpSn%2FJRQ%2BdqG%2Bv0pvpw7V4%3D&reserved=0
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20191117/d09d513c/attachment.htm>

More information about the cisco-voip mailing list