<div dir="ltr">I figured it had something to do with the CTL file. I tried deleting the certificate on the CM side and moving it over but that didn't help at all.<br><br>Thanks. This is good information.<br><br><div class="gmail_quote">
On Wed, Sep 3, 2008 at 4:22 PM, Wes Sisk <span dir="ltr"><<a href="mailto:wsisk@cisco.com">wsisk@cisco.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div bgcolor="#ffffff" text="#000000">
Ahh, that says it all:<br>
<br>
"TFTP NOT AUTHORIZED"<br>
<br>
It appears you have CTL files enabled, I.E. cluster security. Your
options are:<br>
1. disable cluster security on CM so phones no longer use CTL files<br>
-or-<br>
2. manually touch every phone to erase the CTL file:<br>
<br>
settings<br>
4) security<br>
**# to unlock<br>
5) CTL file<br>
Erase softkey<br>
<br>
The existing CTL file tells the phone to not trust the new TFTP
server. You're getting the security you asked for when you implemented
CTL.<br>
<br>
/Wes<br>
<br>
Jeff Garvas wrote:
<blockquote type="cite"><div><div></div><div class="Wj3C7c">
<div dir="ltr">This part of it is entirely labbed up on my desk so
there isn't much sensitive. For brevity I've included what I believe
is all of the relevant config. Just experimenting so there are not
dial peers or fxo connections yet.<br>
<br>
I assumed the phones would be told to download whatever is defined in
the load command by model, but it appears that they're remembering
their original call manager configuration and ignoring the CME load
command but pulling the right option 150 address, etc via DHCP. I dug
around in the 7911 status messages and saw each of:<br>
<br>
"DNS Timeout CiscoCM1", "TFTP NOT AUTHORIZED: <a href="http://192.168.1.129" target="_blank">192.168.1.129</a>", "CTL update failed",
two attempts to resolve a hostname based call manager from the old
configuration, "No DNS Server IP", and a "File Not Found" with no
detail on the filename being sought.<br>
<br>
...but none of the tftp or sccp debugging on the router is revealing
any attempts to communicate with the router for any files or images.<br>
<br>
Here is the CME router:<br>
<br>
boot system flash:c2800nm-advipservicesk9-mz.124-20.T.bin<br>
!<br>
!<br>
ip cef<br>
no ip dhcp use vrf connected<br>
ip dhcp excluded-address <a href="http://192.168.1.129" target="_blank">192.168.1.129</a><br>
!<br>
ip dhcp pool VOICE<br>
network <a href="http://192.168.1.128" target="_blank">192.168.1.128</a>
<a href="http://255.255.255.192" target="_blank">255.255.255.192</a><br>
option 150 ip <a href="http://192.168.1.129" target="_blank">192.168.1.129</a>
<br>
default-router <a href="http://192.168.1.129" target="_blank">192.168.1.129</a>
<br>
domain-name <a href="http://foo.com" target="_blank">foo.com</a><br>
!<br>
tftp-server flash:P00307020200.bin<br>
tftp-server flash:P00307020200.loads<br>
tftp-server flash:P00307020200.sb2<br>
tftp-server flash:P00307020200.sbn<br>
tftp-server flash:P00403020214.bin<br>
tftp-server apps11.8-3-2-27.sbn<br>
tftp-server cnu11.8-3-2-27.sbn<br>
tftp-server cvm11sccp.8-3-2-27.sbn<br>
tftp-server dsp11.8-3-2-27.sbn<br>
tftp-server jar11sccp.8-3-2-27.sbn<br>
tftp-server SCCP11.8-3-3S.loads<br>
tftp-server term06.default.loads<br>
tftp-server term11.default.loads<br>
!<br>
telephony-service<br>
load 7911 SCCP11.8-3-3S<br>
load 7960-7940 P00307020200<br>
max-ephones 30<br>
max-dn 30<br>
ip source-address <a href="http://192.168.0.1" target="_blank">192.168.0.1</a>
port 2000<br>
max-conferences 8 gain -6<br>
transfer-system full-consult<br>
create cnf-files version-stamp Jan 01 2002 00:00:00<br>
!<br>
!<br>
ephone-dn 1 dual-line<br>
number 1000 secondary 2025551111<br>
!<br>
!<br>
ephone-dn 2 dual-line<br>
number 1112 secondary 2025551112<br>
!<br>
!<br>
ephone 1<br>
device-security-mode none<br>
mac-address 001B.0C18.3E0C<br>
button 1:2 2:1<br>
!<br>
ephone 2<br>
device-security-mode none<br>
mac-address 0012.DAAD.3143<br>
button 1:2 2:1<br>
!<br>
ephone 3<br>
device-security-mode none<br>
mac-address 001B.D4A0.5D5E<br>
button 1:2 2:1<br>
!<br>
<br>
<br>
<div class="gmail_quote">On Wed, Sep 3, 2008 at 1:29 PM, Paul <span dir="ltr"><<a href="mailto:asobihoudai@yahoo.com" target="_blank">asobihoudai@yahoo.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div>
<div style="font-family: times new roman,new york,times,serif; font-size: 12pt;">
<div>Let's see your configuration....[preferrably without any
sensitive information in it...]<br>
<font color="#888888"><br>
Paul<br>
</font></div>
<div>
<div>
<div style="font-family: times new roman,new york,times,serif; font-size: 12pt;"><br>
<div style="font-family: times new roman,new york,times,serif; font-size: 12pt;">-----
Original Message ----<br>
From: Jeff Garvas <<a href="mailto:jeff@cia.net" target="_blank">jeff@cia.net</a>><br>
To: <a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
Sent: Wednesday, September 3, 2008 9:47:14 AM<br>
Subject: [cisco-voip] Moving phones from CM 4.1.3 to a CME / 12.4(20)T<br>
<br>
<div dir="ltr"><br>
I'm experimenting with CME in a 12.4(20)T install (2811, 3560) and
trying to move phones from a CUCM 4.1.3 environment to CME. <br>
<br>
If I take a 7911 phone that is working in the CUCM environment and move
it to the labbed up CME install it boots, states that its configuring
IP, configuring the CM list, and then goes back to configuring IP. It
remains looping indefinately, but if I do a factory reset the phone
will upgrade and register to CME.<br>
<br>
CME is configured to 'load 7911 SCCP11.8-3-3S' and there is a matching
ephone configured as well, but it appears as if nothing is every
queried via tftp.<br>
<br>
If I query the settings in the phone itself while its looping it still
knows about the CUCM settings despite its new found DHCP / TFTP values.<br>
<br>
Is there a way to get the phone to upgrade/downgrade its image without
doing a physical factory reset? I'd like to be able to modify phones
"in place" without needing to physically touch them.<br>
<br>
If I take the 'upgraded' phone back to the CUCM cluster it immediately
upgrades without being factory reset. Am I missing something in the
CME configuration that could permit this?<br>
<br>
<br>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
</div>
</blockquote>
</div>
<br>
</div>
</div></div><pre><hr size="4" width="90%">
_______________________________________________
cisco-voip mailing list
<div class="Ih2E3d"><a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>
</div><div class="Ih2E3d"><a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a>
</div></pre>
</blockquote>
</div>
</blockquote></div><br></div>