<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>What CUCM version exactly are you facing the below problem with?<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Arial","sans-serif";color:#1F497D'>Best Regards,<o:p></o:p></span></p><p class=MsoNormal style='background:white'><span style='font-size:11.0pt;font-family:"Arial","sans-serif";color:#1F497D'>Ahmed Elnagar | CCIE#24697 Voice</span><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> cisco-voip-bounces@puck.nether.net [mailto:cisco-voip-bounces@puck.nether.net] <b>On Behalf Of </b>Justin Steinberg<br><b>Sent:</b> Tuesday, December 14, 2010 2:13 AM<br><b>To:</b> Jason Burns<br><b>Cc:</b> cisco voip<br><b>Subject:</b> Re: [cisco-voip] CM 8 ITL and TFTP problems<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>What firmware are your phones running ?<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><p class=MsoNormal>I have a TAC case open on this. It is definitely a problem with the Trust Verification Services (TVS) and Initial Trust List (ITL) setup.<o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>A new out of the box phone connects to CM TFTP, downloads the proper firmware (CM 8.0.3a and 7945 SCCP 9.0.3). Then the phone registers. Immediately after that, the phone updates the ITL file. Then the phone begins to reject the configuration file (phone doesn't get proper time zone among other things). The ringlist.xml.sgn, background images, corporate directory (https i guess), personal directory (https?) also don't work. <o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>TAC has tried a few things but still having the problem and we will look into it more tomorrow.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>I did upload 8.5.2sr1 firmware to CM TFTP including term45.defaults. I then factory reset a 7945 phone having the ITL problem with firmware 9.0.3 and when the phone resets and applys 8.5.2sr1 everything works fine. <o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Documentation on exactly how ITL works and what it is verifying is not good. In my case, the phone is definitely getting an ITL file, but for whatever reason the subsequent files it receives from the same CM server are being rejected by the ITL verification.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>This is a new install of 8.0.3a precutover. This makes me nervous about any existing deployments upgrading to a CM8 version with ITL - especially since I don't really understand the ITL process and can't find much doc on it. Having to manually go around and delete ITL files off of phones would be a pain. I'm not sure if that will be required in my case, but I'll update the list as I learn more.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>On Sun, Dec 12, 2010 at 9:34 PM, Jason Burns <<a href="mailto:burns.jason@gmail.com">burns.jason@gmail.com</a>> wrote:<o:p></o:p></p><p class=MsoNormal>Justin,<o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Option 150 is usually an array of IPv4 addresses. This is how I have it setup with my CUCM 8 cluster and my phones are downloading their configuration files successfully. Your config as you've described it should be fine.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>I'd be curious to see if the phone is downloading the config file and then rejecting it, or if the phone isn't able to contact the TFTP server.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>One great way to check is to go to the webserver on the IP Phone (if it's in a state where the web server is active) and download the console log files.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>The phone is going to try downloading the config file, and then compare the signature in the file with the ITL file contents. Post back the contents of the console logs, or let us know if you see any errors there. A good first troubleshooting step is to restart the TFTP service on CUCM and then delete the ITL from the phone. This will make sure the phone and the server have the same copy of the ITL file. (The phone will download the new ITL as soon as you delete it.)<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>-Jason<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p><div><div><div><p class=MsoNormal>On Thu, Dec 9, 2010 at 10:34 PM, Justin Steinberg <<a href="mailto:jsteinberg@gmail.com" target="_blank">jsteinberg@gmail.com</a>> wrote:<o:p></o:p></p></div></div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in'><div><div><p class=MsoNormal>New cm 8 install and I'm having issues with the 7945 phones not being<br>able to download files (ringlist, phone config file, etc) from TFTP.<br><br>I think it is related to ITL and the security by default.<br><br>My CM is setup User system>server as IP address. My voice vlan dhcp<br>scopes are setup with IP addresses for the option 150 values.<br><br>When I look at the phone, under the security section and ITL section I<br>see the TFTP server is referred there as the FQDN.<br><br>I think my prob is the dhcp scope is IP and do it's not matching the ITL value.<br><br>Has anyone dealt with this or understand what is going on?<br><br>Justin<o:p></o:p></p></div></div><p class=MsoNormal>_______________________________________________<br>cisco-voip mailing list<br><a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br><a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><o:p></o:p></p></blockquote></div><p class=MsoNormal><o:p> </o:p></p></div></div><p class=MsoNormal><o:p> </o:p></p></div></div><DIV> </DIV>Disclaimer: NOTICE The information contained in this message is confidential and is intended for the addressee(s) only. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorized use, disclosure, copying or alteration of this message is strictly forbidden. Raya will not be liable for direct, special, indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any malicious code or virus being passed on. Views expressed in this communication are not necessarily those of Raya.If you have received this message in error, please notify the sender immediately by email, facsimile or telephone and return and/or destroy the original message. </body></html>