<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 12 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="2050" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>There is a service parameter that allows you to revert back to an older version.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><p class=MsoNormal><b><span style='font-size:8.0pt;font-family:"Verdana","sans-serif";color:gray'>Regards,<o:p></o:p></span></b></p><p class=MsoNormal><b><span style='font-size:8.0pt;font-family:"Verdana","sans-serif";color:gray'>Ahmed Elnagar </span></b><span style='font-size:8.0pt;font-family:"Verdana","sans-serif";color:gray'>|<b> Unified Communication Team Leader </b>| <b>CCIE #24697, Voice<o:p></o:p></b></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><img width=209 height=42 id="Picture_x0020_1" src="cid:image001.jpg@01CC5C07.C64FB260" alt="Description: Description: MS Green"></span><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p></o:p></span></p></div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> cisco-voip-bounces@puck.nether.net [mailto:cisco-voip-bounces@puck.nether.net] <b>On Behalf Of </b>Casper, Steven<br><b>Sent:</b> Monday, August 15, 2011 5:09 PM<br><b>To:</b> 'Jason Burns'; Wes Sisk<br><b>Cc:</b> cisco-voip@puck.nether.net<br><b>Subject:</b> Re: [cisco-voip] Security By Default and ITL (was Phones Not Getting Auth, Idle, Services URLS, etc)<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>First of all this is an excellent thread with a lot of valuable details. I have started to review upgrading from 7.1.5 to 8.5 or 8.6. Far as I can tell all the Security by Default configuration should be automatically done by the upgrade process and once complete the TFTP servers should be reset and the phones reset again to ensure the phones retrieve the ITL file. Seem simple enough but the thought that something could go wrong and it could be necessary to have users delete the ITL config from 12,000 phones is one that could keep me up at night though.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>How has it been going out there with Security by Default and upgrades to 8.x….. any gotcha’s or caveats? I am leaning towards the latest version of 8.5 over 8.6 since 8.6 does not seem to have many new features I need but is one release preferred over the other based on the upgrade process? I am running a multi-node cluster on </span><span style='color:#1F497D'>7.1.5.11900-6 in the </span><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>non-secure mode</span><o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='color:#1F497D'>Steve</span><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> cisco-voip-bounces@puck.nether.net [mailto:cisco-voip-bounces@puck.nether.net] <b>On Behalf Of </b>Jason Burns<br><b>Sent:</b> Saturday, August 13, 2011 8:11 AM<br><b>To:</b> Wes Sisk<br><b>Cc:</b> cisco-voip@puck.nether.net<br><b>Subject:</b> Re: [cisco-voip] Security By Default and ITL (was Phones Not Getting Auth, Idle, Services URLS, etc)<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I wanted to follow up on this thread. The "show itl" command was a key piece of the troubleshooting process that let us track this down. After this incident though I wanted to take some time to explain how ITL and Security By Default worked, and also document the common troubleshooting steps I used.<o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Hopefully this document will help you out in the future!<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><a href="https://supportforums.cisco.com/docs/DOC-17679">https://supportforums.cisco.com/docs/DOC-17679</a><o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Support Forums mangles pictures in the thumbnail view, but you should be able to click on each diagram to full size it and get a better understanding of what goes on in the background.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal style='margin-bottom:12.0pt'>-Jason Burns<o:p></o:p></p><div><p class=MsoNormal>On Thu, Jun 30, 2011 at 5:31 PM, Wes Sisk <<a href="mailto:wsisk@cisco.com">wsisk@cisco.com</a>> wrote:<o:p></o:p></p><div><p class=MsoNormal>Summary for the innocent bystanders:<br><br>* Phone previously registered to 7.1.5 cluster with no CTL. Phone got ITL file from new cluster successfully.<br>* Phone console logs show:<br>2155: ERR 12:08:23.841097 SECD: EROR:verifyFile: sgn verify file failed</usr/ram/SEP00260BD749E9.cnf.xml>, errclass 8, errcode 19 (signer not in CTL)<br>2156: ERR 12:08:23.841825 SECD: EROR:verifyFile: verify FAILED,</usr/ram/SEP00260BD749E9.cnf.xml><br>2157: NOT 12:08:23.844821 SECD: sendRespToClient: Sent the response to the TVS client, len : 2056<br>2158: NOT 12:08:23.860569 tftpClient: authorize file = 13, isEncr = 0<br><br>* phones show ITL downloading successfully. suspect problem with ITL file. Get TVS logs.<br><br>* This is where things got sketchy. CLI command 'show ITL' shows the TFTP entry for the publisher with a serial number. We checked all certificates in ccmadmin under system->security->certificates. No serial numbers match the current ITL file. We tried regenerating CallManager.pem as that should be the cert TFTP uses. After regenerating, restarting TVS, and restarting TFTP the cli command 'show itl' still shows incorrect serial number for TFTP certificate. This means ITL file is not being updated properly.<br><br>* Checked TVS logs. Many red herrings there but one substantial error:<br>11:45:18.827 | debug ERROR:writeFile () - Unable to open file /usr/local/cm/tftp/ITLFile.tlv for writing (errno - 13)<br>11:45:18.827 | debug In function : tvsGetPublicKeyFromX509<br>11:45:19.100 |ITLFileRegenerated - New ITL File has been generated. <br><br>TVS could not write new ITL file.<br><br>Checked filesystem permissions on Matthew's box:<br>[root@server ~]# ls -la /usr/local/cm/tftp/ITLFile.tlv<br>-rw-r--r-- 1 ctftp ccmbase 3664 May 25 13:18 /usr/local/cm/tftp/ITLFile.tlv<br><br>On lab box:<br>[root@CUCM85Pub sdi]# ls -la /usr/local/cm/tftp/ITLFile.tlv<br>-rw-r--r-- 1 certbase ccmbase 4930 Jun 30 15:38 /usr/local/cm/tftp/ITLFile.tlv<br><br>Permissions issue. On Matthew's box:<br>[root@server ~]# ps -eaf | grep -iE "TFTP|TVS"<br>certbase 31007 17132 0 15:35 ? 00:00:00 /usr/local/cm/bin/tvs<br>ctftp 31574 17132 0 15:36 ? 00:00:02 /usr/local/cm/bin/ctftp<br><br>Looks like ctftp service most likely wrote or created ITL file on May 25. The owner of ITLFile.tlv should be certbase not ctftp. We did:<br>1. chown certbase ITLFile.tlv - this set the correct owner<br>2. restarted TVS service - TVS regenerated ITL file and successfully wrote it to the file system<br>3. restart TFTP service so it could pickup the new ITL file from the file system.<br><br>After this phones successfully registered. So far there is at least one new bug out of this:<br>CSCtr27100 TVS inaccurately reports New ITL File has been generated<br><br>In CUCM 8.6 ctftp does indeed generate the ITL file. In 8.5.1.11900-21 (aka 8.5.1su1) that Matthew is running ITL file should be generated by TVS.<br><br>Regards,<br><span style='color:#888888'>Wes</span><o:p></o:p></p><div><div><p class=MsoNormal><br><br>On 6/30/2011 4:17 PM, Matthew Loraditch wrote: <o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>Well I just finished what amounted to 5 hours on the phone and 6 hours for Cisco. Most of that with Wes and apparently Ryan Ratliff and Jason Burns stopped by for a while as well!</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>Anyway we got it fixed. Wes said he is going to do a write up but the gist was the ITL cert was written by the wrong service and thus not matching up and they had to go in with root and do something so that right service could properly create it.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>Major Kudos to Wes and if we are ever within 50 miles or less of each other drinks are in order!</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:11.0pt;color:black'>Matthew Loraditch, CCVP, CCNA, CCDA</span></b><span style='font-size:11.0pt;color:black'><br>1965 Greenspring Drive</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:black'>Timonium, MD 21093 <br></span><a href="mailto:support@heliontechnologies.com" target="_blank"><span style='font-size:11.0pt;color:black'>support@heliontechnologies.com</span></a><span style='font-size:11.0pt;color:black'><br>(p) </span><a href="tel:%28410%29%20252-8830" target="_blank"><span style='font-size:11.0pt'>(410) 252-8830</span></a><span style='font-size:11.0pt;color:black'><br>(F) </span><a href="tel:%28443%29%20541-1593" target="_blank"><span style='font-size:11.0pt'>(443) 541-1593</span></a><span style='font-size:11.0pt;color:black'><br><br>Visit us at </span><a href="http://www.heliontechnologies.com/" target="_blank"><span style='font-size:11.0pt;color:black'>www.heliontechnologies.com</span></a><span style='font-size:11.0pt;color:black'> <br>Support Issue? Email </span><a href="mailto:support@heliontechnologies.com" target="_blank"><span style='font-size:11.0pt;color:black'>support@heliontechnologies.com</span></a><span style='font-size:11.0pt;color:black'> for fast assistance!</span><o:p></o:p></p></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p><div><div style='border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0in 0in 0in;border-color:-moz-use-text-color -moz-use-text-color'><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:10.0pt'>From:</span></b><span style='font-size:10.0pt'> </span><a href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank"><span style='font-size:10.0pt'>cisco-voip-bounces@puck.nether.net</span></a><span style='font-size:10.0pt'> [</span><a href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank"><span style='font-size:10.0pt'>mailto:cisco-voip-bounces@puck.nether.net</span></a><span style='font-size:10.0pt'>] <b>On Behalf Of </b>Matthew Loraditch<br><b>Sent:</b> Thursday, June 30, 2011 11:24 AM<br><b>To:</b> Lelio Fulgenzi<br><b>Cc:</b> </span><a href="mailto:cisco-voip@puck.nether.net" target="_blank"><span style='font-size:10.0pt'>cisco-voip@puck.nether.net</span></a><span style='font-size:10.0pt'><br><b>Subject:</b> Re: [cisco-voip] Phones Not Getting Auth, Idle, Services URLS, etc</span><o:p></o:p></p></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>Wes is helping out and watching my case so far we have just verified normal settings, regenerated the tomcat certs to no avail and then totally factory defaulted the phone (the 123456789*0#) and now the phone comes up unprovisioned and won’t connect at all!</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>Engineers seem pretty stumped</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:11.0pt;color:black'>Matthew Loraditch, CCVP, CCNA, CCDA</span></b><span style='font-size:11.0pt;color:black'><br>1965 Greenspring Drive</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:black'>Timonium, MD 21093 <br></span><a href="mailto:support@heliontechnologies.com" target="_blank"><span style='font-size:11.0pt;color:black'>support@heliontechnologies.com</span></a><span style='font-size:11.0pt;color:black'><br>(p) </span><a href="tel:%28410%29%20252-8830" target="_blank"><span style='font-size:11.0pt'>(410) 252-8830</span></a><span style='font-size:11.0pt;color:black'><br>(F) </span><a href="tel:%28443%29%20541-1593" target="_blank"><span style='font-size:11.0pt'>(443) 541-1593</span></a><span style='font-size:11.0pt;color:black'><br><br>Visit us at </span><a href="http://www.heliontechnologies.com/" target="_blank"><span style='font-size:11.0pt;color:black'>www.heliontechnologies.com</span></a><span style='font-size:11.0pt;color:black'> <br>Support Issue? Email </span><a href="mailto:support@heliontechnologies.com" target="_blank"><span style='font-size:11.0pt;color:black'>support@heliontechnologies.com</span></a><span style='font-size:11.0pt;color:black'> for fast assistance!</span><o:p></o:p></p></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p><div><div style='border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0in 0in 0in;border-color:-moz-use-text-color -moz-use-text-color'><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:10.0pt'>From:</span></b><span style='font-size:10.0pt'> Lelio Fulgenzi [</span><a href="mailto:lelio@uoguelph.ca" target="_blank"><span style='font-size:10.0pt'>mailto:lelio@uoguelph.ca</span></a><span style='font-size:10.0pt'>] <br><b>Sent:</b> Thursday, June 30, 2011 11:21 AM<br><b>To:</b> Matthew Loraditch<br><b>Cc:</b> Matthew Loraditch; </span><a href="mailto:cisco-voip@puck.nether.net" target="_blank"><span style='font-size:10.0pt'>cisco-voip@puck.nether.net</span></a><span style='font-size:10.0pt'><br><b>Subject:</b> Re: [cisco-voip] Phones Not Getting Auth, Idle, Services URLS, etc</span><o:p></o:p></p></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Let us know how that goes...<br><br>Sent from my iPhone<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;margin-bottom:12.0pt'><br>On Jun 30, 2011, at 9:09 AM, Matthew Loraditch <<a href="mailto:MLoraditch@heliontechnologies.com" target="_blank">MLoraditch@heliontechnologies.com</a>> wrote:<o:p></o:p></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>Well I have done what Lelio suggested, I have rebooted the cluster. I noticed from the phone logs and in security settings that the certs they are getting say the hostname so I changed the CCMs from IP back to hostname. Still no dice…</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>Time to open a TAC case!</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:11.0pt;color:black'>Matthew Loraditch, CCVP, CCNA, CCDA</span></b><span style='font-size:11.0pt;color:black'><br>1965 Greenspring Drive</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:black'>Timonium, MD 21093 <br></span><a href="mailto:support@heliontechnologies.com" target="_blank"><span style='font-size:11.0pt;color:black'>support@heliontechnologies.com</span></a><span style='font-size:11.0pt;color:black'><br>(p) </span><a href="tel:%28410%29%20252-8830" target="_blank"><span style='font-size:11.0pt'>(410) 252-8830</span></a><span style='font-size:11.0pt;color:black'><br>(F) </span><a href="tel:%28443%29%20541-1593" target="_blank"><span style='font-size:11.0pt'>(443) 541-1593</span></a><span style='font-size:11.0pt;color:black'><br><br>Visit us at </span><a href="http://www.heliontechnologies.com/" target="_blank"><span style='font-size:11.0pt;color:black'>www.heliontechnologies.com</span></a><span style='font-size:11.0pt;color:black'> <br>Support Issue? Email </span><a href="mailto:support@heliontechnologies.com" target="_blank"><span style='font-size:11.0pt;color:black'>support@heliontechnologies.com</span></a><span style='font-size:11.0pt;color:black'> for fast assistance!</span><o:p></o:p></p></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p><div><div style='border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0in 0in 0in;border-color:-moz-use-text-color -moz-use-text-color'><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:10.0pt'>From:</span></b><span style='font-size:10.0pt'> </span><a href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank"><span style='font-size:10.0pt'>cisco-voip-bounces@puck.nether.net</span></a><span style='font-size:10.0pt'> [</span><a href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank"><span style='font-size:10.0pt'>mailto:cisco-voip-bounces@puck.nether.net</span></a><span style='font-size:10.0pt'>] <b>On Behalf Of </b>Matthew Loraditch<br><b>Sent:</b> Wednesday, June 29, 2011 9:57 PM<br><b>To:</b> Lelio Fulgenzi<br><b>Cc:</b> </span><a href="mailto:cisco-voip@puck.nether.net" target="_blank"><span style='font-size:10.0pt'>cisco-voip@puck.nether.net</span></a><span style='font-size:10.0pt'><br><b>Subject:</b> Re: [cisco-voip] Phones Not Getting Auth, Idle, Services URLS, etc</span><o:p></o:p></p></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>Will give it a whirl in the am</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:11.0pt;color:black'>Matthew Loraditch, CCVP, CCNA, CCDA</span></b><span style='font-size:11.0pt;color:black'><br>1965 Greenspring Drive</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:black'>Timonium, MD 21093 <br></span><a href="mailto:support@heliontechnologies.com" target="_blank"><span style='font-size:11.0pt;color:black'>support@heliontechnologies.com</span></a><span style='font-size:11.0pt;color:black'><br>(p) </span><a href="tel:%28410%29%20252-8830" target="_blank"><span style='font-size:11.0pt'>(410) 252-8830</span></a><span style='font-size:11.0pt;color:black'><br>(F) </span><a href="tel:%28443%29%20541-1593" target="_blank"><span style='font-size:11.0pt'>(443) 541-1593</span></a><span style='font-size:11.0pt;color:black'><br><br>Visit us at </span><a href="http://www.heliontechnologies.com/" target="_blank"><span style='font-size:11.0pt;color:black'>www.heliontechnologies.com</span></a><span style='font-size:11.0pt;color:black'> <br>Support Issue? Email </span><a href="mailto:support@heliontechnologies.com" target="_blank"><span style='font-size:11.0pt;color:black'>support@heliontechnologies.com</span></a><span style='font-size:11.0pt;color:black'> for fast assistance!</span><o:p></o:p></p></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p><div><div style='border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0in 0in 0in;border-color:-moz-use-text-color -moz-use-text-color'><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:10.0pt'>From:</span></b><span style='font-size:10.0pt'> Lelio Fulgenzi [</span><a href="mailto:lelio@uoguelph.ca" target="_blank"><span style='font-size:10.0pt'>mailto:lelio@uoguelph.ca</span></a><span style='font-size:10.0pt'>] <br><b>Sent:</b> Wednesday, June 29, 2011 9:43 PM<br><b>To:</b> Matthew Loraditch<br><b>Cc:</b> </span><a href="mailto:wsisk@cisco.com" target="_blank"><span style='font-size:10.0pt'>wsisk@cisco.com</span></a><span style='font-size:10.0pt'>; </span><a href="mailto:cisco-voip@puck.nether.net" target="_blank"><span style='font-size:10.0pt'>cisco-voip@puck.nether.net</span></a><span style='font-size:10.0pt'><br><b>Subject:</b> Re: [cisco-voip] Phones Not Getting Auth, Idle, Services URLS, etc</span><o:p></o:p></p></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Try the service parameter I mentioned. <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>If you do a search on the archives, Wes posted a link to the doc bug. <br><br>Sent from my iPhone<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;margin-bottom:12.0pt'><br>On Jun 29, 2011, at 9:31 PM, Matthew Loraditch <<a href="mailto:MLoraditch@heliontechnologies.com" target="_blank">MLoraditch@heliontechnologies.com</a>> wrote:<o:p></o:p></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>7942s and 7945s so far, in re someone else’s email have restarted tftp etc already.</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:11.0pt;color:black'>Matthew Loraditch, CCVP, CCNA, CCDA</span></b><span style='font-size:11.0pt;color:black'><br>1965 Greenspring Drive</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:black'>Timonium, MD 21093 <br></span><a href="mailto:support@heliontechnologies.com" target="_blank"><span style='font-size:11.0pt;color:black'>support@heliontechnologies.com</span></a><span style='font-size:11.0pt;color:black'><br>(p) </span><a href="tel:%28410%29%20252-8830" target="_blank"><span style='font-size:11.0pt'>(410) 252-8830</span></a><span style='font-size:11.0pt;color:black'><br>(F) </span><a href="tel:%28443%29%20541-1593" target="_blank"><span style='font-size:11.0pt'>(443) 541-1593</span></a><span style='font-size:11.0pt;color:black'><br><br>Visit us at </span><a href="http://www.heliontechnologies.com/" target="_blank"><span style='font-size:11.0pt;color:black'>www.heliontechnologies.com</span></a><span style='font-size:11.0pt;color:black'> <br>Support Issue? Email </span><a href="mailto:support@heliontechnologies.com" target="_blank"><span style='font-size:11.0pt;color:black'>support@heliontechnologies.com</span></a><span style='font-size:11.0pt;color:black'> for fast assistance!</span><o:p></o:p></p></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'> </span><o:p></o:p></p><div><div style='border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0in 0in 0in;border-color:-moz-use-text-color -moz-use-text-color'><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span style='font-size:10.0pt'>From:</span></b><span style='font-size:10.0pt'> Lelio Fulgenzi </span><a href="mailto:[mailto:lelio@uoguelph.ca]" target="_blank"><span style='font-size:10.0pt'>[mailto:lelio@uoguelph.ca]</span></a><span style='font-size:10.0pt'> <br><b>Sent:</b> Wednesday, June 29, 2011 7:50 PM<br><b>To:</b> Matthew Loraditch<br><b>Cc:</b> </span><a href="mailto:wsisk@cisco.com" target="_blank"><span style='font-size:10.0pt'>wsisk@cisco.com</span></a><span style='font-size:10.0pt'>; </span><a href="mailto:cisco-voip@puck.nether.net" target="_blank"><span style='font-size:10.0pt'>cisco-voip@puck.nether.net</span></a><span style='font-size:10.0pt'><br><b>Subject:</b> Re: [cisco-voip] Phones Not Getting Auth, Idle, Services URLS, etc</span><o:p></o:p></p></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Are these 7941/61? I had a problem where I had to change the service provisioning service parameter to external to make this work. <br><br>Sent from my iPhone<o:p></o:p></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;margin-bottom:12.0pt'><br>On Jun 29, 2011, at 6:23 PM, Matthew Loraditch <<a href="mailto:MLoraditch@heliontechnologies.com" target="_blank">MLoraditch@heliontechnologies.com</a>> wrote:<o:p></o:p></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:black'>Googled and found that and it’s not working….<br><br><br><br><br><br><br>Matthew Loraditch, CCVP, CCNA, CCDA<br>1965 Greenspring Drive<br><br>Timonium, MD 21093<br><br></span><a href="mailto:support@heliontechnologies.com" target="_blank">support@heliontechnologies.com</a><span style='color:black'><br>(p) </span><a href="tel:%28410%29%20252-8830" target="_blank">(410) 252-8830</a><span style='color:black'><br>(F) </span><a href="tel:%28443%29%20541-1593" target="_blank">(443) 541-1593</a><span style='color:black'><br><br>Visit us at </span><a href="http://www.heliontechnologies.com" target="_blank">www.heliontechnologies.com</a><span style='color:black'><br><br>Support Issue? Email </span><a href="mailto:support@heliontechnologies.com" target="_blank">support@heliontechnologies.com</a><span style='color:black'><br>for fast assistance!<br><br><br><br><br><br><br><br><br>From: Wes Sisk<br></span><a href="mailto:[mailto:wsisk@cisco.com]" target="_blank">[mailto:wsisk@cisco.com]</a><span style='color:black'> <br>Sent: Wednesday, June 29, 2011 5:24 PM<br>To: Matthew Loraditch<br>Cc: </span><a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><span style='color:black'><br>Subject: Re: [cisco-voip] Phones Not Getting Auth, Idle, Services URLS, etc<br><br><br><br><br><br>These lines pretty much say it all. verification of the downloaded file failed. Delete the CTL/ITL from the phone and try again.<br></span><a href="https://supportforums.cisco.com/docs/DOC-15799#Manual_ITL_Delete" target="_blank">https://supportforums.cisco.com/docs/DOC-15799#Manual_ITL_Delete</a><span style='color:black'><br><br>Regards,<br>Wes<br><br>On 6/29/2011 5:03 PM, Matthew Loraditch wrote: <br><br>1715: ERR 16:59:35.170584 SECD: EROR:verifyFile: sgn verify file failed </usr/ram/SEP00260BD749E9.cnf.xml>, errclass 8, errcode 19 (signer<br>not in CTL)<br><br>1716: ERR 16:59:35.171327 SECD: EROR:verifyFile: verify FAILED, </usr/ram/SEP00260BD749E9.cnf.xml><br><br>Sent from my Android phone using TouchDown (</span><a href="http://www.nitrodesk.com" target="_blank">www.nitrodesk.com</a><span style='color:black'>)</span> <o:p></o:p></p></div></blockquote><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>_______________________________________________<br>cisco-voip mailing list<br><a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br><a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><o:p></o:p></p></div></blockquote></div></div></blockquote></div></div></blockquote></div><pre><o:p> </o:p></pre><pre>_______________________________________________<o:p></o:p></pre><pre>cisco-voip mailing list<o:p></o:p></pre><pre><a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><o:p></o:p></pre><pre><a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><o:p></o:p></pre></div></div></div><p class=MsoNormal style='margin-bottom:12.0pt'><br>_______________________________________________<br>cisco-voip mailing list<br><a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br><a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><o:p></o:p></p></div><p class=MsoNormal><o:p> </o:p></p></div><p class=MsoNormal><span style='font-family:"Courier New"'>************************************<br>This email may contain privileged and/or confidential information that is intended solely for the use of the addressee. If you are not the intended recipient or entity, you are strictly prohibited from disclosing, copying, distributing or using any of the information contained in the transmission. If you received this communication in error, please contact the sender immediately and destroy the material in its entirety, whether electronic or hard copy. This communication may contain nonpublic personal information about consumers subject to the restrictions of the Gramm-Leach-Bliley Act and the Sarbanes-Oxley Act. You may not directly or indirectly reuse or disclose such information for any purpose other than to provide the services for which you are receiving the information.<br>There are risks associated with the use of electronic transmission. The sender of this information does not control the method of transmittal or service providers and assumes no duty or obligation for the security, receipt, or third party interception of this transmission.<br>************************************</span><o:p></o:p></p></div></body></html>