<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc="urn:schemas-microsoft-com:office:odc" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:rtc="http://microsoft.com/officenet/conferencing" xmlns:D="DAV:" xmlns:Repl="http://schemas.microsoft.com/repl/" xmlns:mt="http://schemas.microsoft.com/sharepoint/soap/meetings/" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ppda="http://www.passport.com/NameSpace.xsd" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcs="http://schemas.microsoft.com/data/udc/soap" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udcp2p="http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss="http://schemas.microsoft.com/office/2006/digsig-setup" xmlns:dssi="http://schemas.microsoft.com/office/2006/digsig" xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:spwp="http://microsoft.com/sharepoint/webpartpages" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:pptsl="http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/" xmlns:spsl="http://microsoft.com/webservices/SharePointPortalServer/PublishedLinksService" xmlns:Z="urn:schemas-microsoft-com:" xmlns:st="�" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=iso-8859-1"><meta name=Generator content="Microsoft Word 12 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Lucida Grande";
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.apple-style-span
{mso-style-name:apple-style-span;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:"Arial","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 3.0cm 70.85pt 3.0cm;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=PT link=blue vlink=purple style='word-wrap: break-word;-webkit-nbsp-mode: space;-webkit-line-break: after-white-space'><div class=WordSection1><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D'>The pricing tool show me this:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D'>Product Number KEY-CCM-ADMIN-K9=<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D'>Product Description CUCM Admin Security Token, 4.3, 6.0, or Newer, CoO Israel<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D'>Price USD 300.00<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D'>I assume this is one Token and that in my case I just need to buy one.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D'>But I also see the PN available in the RMA (SVO) Tool.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D'>So if the RMA is an option, I will try it. I don’t like the idea and the customer much less of spending 300$ just because he forgot the password. It just doesn’t make sense.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D'>Thanks.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D'>Regards,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D'>Antonio Soares, CCIE #18473 (R&S/SP)<br><a href="mailto:amsoares@netcabo.pt"><span style='color:blue'>amsoares@netcabo.pt</span></a><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D'><a href="http://www.ccie18473.net"><span style='color:blue'>http://www.ccie18473.net</span></a><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Arial","sans-serif";color:#1F497D'><o:p> </o:p></span></p></div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Arial","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Ryan Ratliff [mailto:rratliff@cisco.com] <br><b>Sent:</b> quinta-feira, 5 de Maio de 2011 17:25<br><b>To:</b> Antonio Soares<br><b>Cc:</b> 'Joe Martini'; 'Jason Aarons (AM)'; 'Cisco VOIP'<br><b>Subject:</b> Re: [cisco-voip] CTL/Security Token question<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>See Jason's email. You need to buy a new eToken and re-run the CTL client to add it in.<o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>If you find that the eTokens only come in pairs then that's a good thing. Add both the new ones to your file and keep them safely tucked away.<o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal><span style='font-size:13.5pt;font-family:"Helvetica","sans-serif";color:black'>-Ryan<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal>On May 5, 2011, at 11:58 AM, Antonio Soares wrote:<o:p></o:p></p></div><p class=MsoNormal><br><br><span class=apple-style-span><span style='font-size:13.5pt;font-family:"Lucida Grande","serif"'><o:p></o:p></span></span></p><div><div><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Arial","sans-serif";color:#1F497D'>Thanks Joe for the explanation.</span><o:p></o:p></p></div><div><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Arial","sans-serif";color:#1F497D'> </span><o:p></o:p></p></div><div><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Arial","sans-serif";color:#1F497D'>In my case, the customer still has the other token with the known password. My question is how do I replace the token that is locked ? RMA ? The document you mentioned says to purchase a new one but that’s in case you lost it:</span><o:p></o:p></p></div><div><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Arial","sans-serif";color:#1F497D'> </span><o:p></o:p></p></div><div><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Arial","sans-serif";color:#1F497D'><a href="http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/security/4_2_3/secutrbl.html#wp1044526">http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/security/4_2_3/secutrbl.html#wp1044526</a></span><o:p></o:p></p></div><div><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Arial","sans-serif";color:#1F497D'> </span><o:p></o:p></p></div><div><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Arial","sans-serif";color:#1F497D'> </span><o:p></o:p></p></div><div><p class=MsoNormal><span lang=EN-US style='font-size:11.0pt;font-family:"Arial","sans-serif";color:#1F497D'> </span><o:p></o:p></p></div><div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Arial","sans-serif";color:#1F497D'>Regards,</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Arial","sans-serif";color:#1F497D'> </span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Arial","sans-serif";color:#1F497D'>Antonio Soares, CCIE #18473 (R&S/SP)<br><a href="mailto:amsoares@netcabo.pt">amsoares@netcabo.pt</a></span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Arial","sans-serif";color:#1F497D'><a href="http://www.ccie18473.net/">http://www.ccie18473.net</a></span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Arial","sans-serif";color:#1F497D'> </span><o:p></o:p></p></div></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Arial","sans-serif";color:#1F497D'> </span><o:p></o:p></p></div><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm;border-width:initial;border-color:initial'><div><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span class=apple-converted-space><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> </span></span><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>Joe Martini [mailto:joemar2@cisco.com]<span class=apple-converted-space> </span><br><b>Sent:</b><span class=apple-converted-space> </span>quinta-feira, 5 de Maio de 2011 14:44<br><b>To:</b><span class=apple-converted-space> </span>Jason Aarons (AM)<br><b>Cc:</b><span class=apple-converted-space> </span>Antonio Soares; 'Wes Sisk'; 'Ed Leatherman'; 'Cisco VOIP'<br><b>Subject:</b><span class=apple-converted-space> </span>Re: [cisco-voip] CTL/Security Token question</span><o:p></o:p></p></div></div></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal>If the password has been entered incorrectly too many times the token cannot be recovered. Hopefully you still have one with a known password so that you can get a new token to replace the locked one. Then update the CTL file with the new token using the one remaining token that was originally used. That's why it's a requirement to order two, in case one is lost or locked out there is a backup. If you've lost both here's what you'll need to do: <a href="http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/security/4_2_3/secutrbl.html#wp1032731">http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/security/4_2_3/secutrbl.html#wp1032731</a><o:p></o:p></p></div><div><div><p class=MsoNormal> <o:p></o:p></p></div></div><div><div><p class=MsoNormal>Joe<o:p></o:p></p></div></div><div><div><p class=MsoNormal> <o:p></o:p></p></div><div><div><div><p class=MsoNormal>On May 5, 2011, at 9:30 AM, Jason Aarons (AM) wrote:<o:p></o:p></p></div></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal style='margin-bottom:12.0pt'>I would call TAC, installing a new CTL would mean visiting each phone (or use UnifiedFX) and resetting the CTL. Not something you want to have happen.<br><br>-----Original Message-----<br>From:<span class=apple-converted-space> </span><a href="mailto:cisco-voip-bounces@puck.nether.net">cisco-voip-bounces@puck.nether.net</a><span class=apple-converted-space> </span>[mailto:cisco-voip-bounces@puck.nether.net] On Behalf Of Antonio Soares<span class=apple-converted-space> </span><br>Sent: Thursday, May 05, 2011 7:38 AM<br>To: 'Wes Sisk'; 'Ed Leatherman'<br>Cc: 'Cisco VOIP'<br>Subject: Re: [cisco-voip] CTL/Security Token question<br><br>I have a customer that failed the Security Token Password 3 times and now the token is locked.<br>Anyone knows how to solve this problem ?<br>Do I need to replace the token via RMA ?<br><br><br>Thanks.<br>Regards,<br><br>Antonio Soares, CCIE #18473 (R&S/SP)<br><a href="mailto:amsoares@netcabo.pt">amsoares@netcabo.pt</a><span class=apple-converted-space> </span><br><a href="http://www.ccie18473.net/" target="_blank">http://www.ccie18473.net</a><span class=apple-converted-space> </span><br><br><br><br>-----Original Message-----<br>From:<span class=apple-converted-space> </span><a href="mailto:cisco-voip-bounces@puck.nether.net">cisco-voip-bounces@puck.nether.net</a><span class=apple-converted-space> </span><br>[mailto:cisco-voip-bounces@puck.nether.net] On Behalf Of Wes Sisk<br>Sent: segunda-feira, 4 de Abril de 2011 16:45<br>To: Ed Leatherman<br>Cc: Cisco VOIP<br>Subject: Re: [cisco-voip] CTL/Security Token question<br><br>We do this in our labs. Just be careful to keep track of password changes. Using the tokens requires a password. Guess the wrong password too many times and they do self destruct. This would effectively lock you out of all clusters that use that key.<br><br>Regards,<br>Wes<br><br>On 4/4/2011 10:27 AM, Ed Leatherman wrote:<br>> Hello,<br>><br>> I'm doing some studying on control/media encryption for call manager,<span class=apple-converted-space> </span><br>> and was wondering if someone could answer a (hopefully simple)<span class=apple-converted-space> </span><br>> question about signing CTL's. Does the act of signing a CTL actually<span class=apple-converted-space> </span><br>> affect the security token(s) in any way? Can I buy a set of security<span class=apple-converted-space> </span><br>> tokens, use them to configure everything on lab CM, and then re-use<span class=apple-converted-space> </span><br>> the same tokens in production?<br>><br>> The documentation seems to infer this (along with a best practice of<span class=apple-converted-space> </span><br>> building in test first), but it doesn't come right out and say you can<span class=apple-converted-space> </span><br>> reuse the same tokens. Would be kind of goofy if it locked them to a<span class=apple-converted-space> </span><br>> particular cluster some how and I don't think that's the case. I was<span class=apple-converted-space> </span><br>> hoping for a bit of confirmation though.<br>><br>> Thanks!<br>><br>_______________________________________________<br>cisco-voip mailing list<br><a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><span class=apple-converted-space> </span><br><a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><span class=apple-converted-space> </span><br><br>_______________________________________________<br>cisco-voip mailing list<br><a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><span class=apple-converted-space> </span><br><a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><span class=apple-converted-space> </span><br><br><br><o:p></o:p></p><div><div><p class=MsoNormal> <o:p></o:p></p></div></div><div class=MsoNormal align=center style='text-align:center'><hr size=1 width="100%" align=center></div><div><div><p class=MsoNormal> <o:p></o:p></p></div></div><p><strong><span style='font-size:10.0pt;color:gray'>Disclaimer: This e-mail communication and any attachments may contain confidential and privileged information and is for use by the designated addressee(s) named above only. If you are not the intended addressee, you are hereby notified that you have received this communication in error and that any use or reproduction of this email or its contents is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by replying to this message and deleting it from your computer. Thank you.</span></strong><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:10.0pt;color:gray'>_______________________________________________<br>cisco-voip mailing list<br><a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br><a href="https://puck.nether.net/mailman/listinfo/cisco-voip">https://puck.nether.net/mailman/listinfo/cisco-voip</a></span><o:p></o:p></p></div></div><div><p class=MsoNormal> <o:p></o:p></p></div></div><p class=MsoNormal><span style='font-size:13.5pt;font-family:"Lucida Grande","serif"'>_______________________________________________<br>cisco-voip mailing list<br><a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br><a href="https://puck.nether.net/mailman/listinfo/cisco-voip">https://puck.nether.net/mailman/listinfo/cisco-voip</a><o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p></div></div></div></body></html>