<div>Yeah, I'd taken a read of this and also took a look at the bug in bug toolkit. It's a very similar issue but not the same. Seems almost like TVS isn't working quite right on the certs. Starting a TAC Call now.</div>
<div> </div>
<div>Nathan<br><br></div>
<div class="gmail_quote">On Wed, Aug 17, 2011 at 11:08 PM, Jason Aarons (AM) <span dir="ltr"><<a href="mailto:jason.aarons@dimensiondata.com">jason.aarons@dimensiondata.com</a>></span> wrote:<br>
<blockquote style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex" class="gmail_quote">
<div lang="EN-US" vlink="purple" link="blue">
<div>
<p class="MsoNormal"><span style="COLOR: #1f497d; FONT-SIZE: 11pt">In summary sounds like this thread from couple weeks ago? Or is it a different issue?<u></u><u></u></span></p>
<p class="MsoNormal"><span style="COLOR: #1f497d; FONT-SIZE: 11pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="COLOR: #1f497d; FONT-SIZE: 11pt"><a href="http://www.gossamer-threads.com/lists/cisco/voip/151203?search_string=itl;#151203" target="_blank">http://www.gossamer-threads.com/lists/cisco/voip/151203?search_string=itl;#151203</a><u></u><u></u></span></p>
<p class="MsoNormal"><span style="COLOR: #1f497d; FONT-SIZE: 11pt"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="COLOR: #660066; FONT-SIZE: 10pt">CSCtr27100 TVS inaccurately reports New </span><b><span style="BACKGROUND: #ffff80; COLOR: black; FONT-SIZE: 10pt">ITL</span></b><span style="COLOR: #660066; FONT-SIZE: 10pt"> File has been generated</span><span style="COLOR: #1f497d; FONT-SIZE: 11pt"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="COLOR: #1f497d; FONT-SIZE: 11pt"><u></u> <u></u></span></p>
<div>
<p class="MsoNormal"><span style="COLOR: #1f497d; FONT-SIZE: 11pt">Jason Aarons<u></u><u></u></span></p>
<p class="MsoNormal"><span style="COLOR: #1f497d; FONT-SIZE: 11pt">Consultant<u></u><u></u></span></p>
<p class="MsoNormal"><span style="COLOR: #1f497d; FONT-SIZE: 11pt">Dimension Data<u></u><u></u></span></p>
<p class="MsoNormal"><span style="COLOR: #1f497d; FONT-SIZE: 11pt"><a href="tel:904-338-3245" target="_blank" value="+19043383245">904-338-3245</a> mobile</span><span style="COLOR: #1f497d; FONT-SIZE: 11pt"><u></u><u></u></span></p>
</div>
<p class="MsoNormal"><span style="COLOR: #1f497d; FONT-SIZE: 11pt"><u></u> <u></u></span></p>
<div>
<div style="BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<p class="MsoNormal"><b><span style="FONT-SIZE: 10pt">From:</span></b><span style="FONT-SIZE: 10pt"> <a href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">cisco-voip-bounces@puck.nether.net</a> [mailto:<a href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">cisco-voip-bounces@puck.nether.net</a>] <b>On Behalf Of </b>Nathan Reeves<br>
<b>Sent:</b> Wednesday, August 17, 2011 10:47 AM<br><b>To:</b> <a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br><b>Subject:</b> [cisco-voip] Issues with certificate security following upgrade to 8.6<u></u><u></u></span></p>
</div></div>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">
<div>
<div></div>
<div class="h5"><br><br>Upgraded our cluster from 8.0.3 to 8.6.1 last weekend. Upgrade<br>completed successfully (took a while but given it was a major jump I<br>expected that). Everything appeared to be working fine but come<br>
Monday I started getting calls from users who couldn't use the<br>corporate directory on their phones. When they attempted to access<br>it, a 'host not found' error occurred. Ended up tracing this back to<br>the phones being unable to access https based links due to a tvs /<br>
certain issue.<br><br>At this point, the manual deletion of the phones security tlv file<br>fixes the issue. I think i've got about 100 phones affected, so the<br>process isn't too bad to get done, just going to be time consuming.<br>
<br>What I want to try and work out is what I've done wrong in the upgrade<br>process which has caused this issue. Basic overview of the steps<br>taken is as follows:<br>- upgraded pub to 8.6.1. Booted back into 8.0.3 following upgrade.<br>
- upgraded sub to 8.6.1. For some reason, even though I marked not<br>to boot to the upgraded partition, it booted into 8.6.1.<br>- booted pub into 8.6.1.<br>- waited for phones to settle down. Eg from switchback to sub and<br>
firmware upgrades etc.<br>- updated servers to use dns (previously dns was not set).<br>- checked that db replication was successful (saw some issues which a<br>reboot and updating reverse dns entries appeared to fix.)<br>
- 48 hours later installed new tomcat certs which had been signed by<br>our windows domain CA.<br><br>In troubleshooting the cert issue on the phones, I can see it heads to<br>the tvs to do a cert verify when it tries to access ssl links and<br>
secured tftp. On the phones I can see it send a request to the tvs<br>and it lists a certificate serial which I'm assuming it is trying to<br>verify. The request then fails and the phone fails to load the<br>cnf.XML etc. If I check the two servers, both have a certificate<br>
which matches the serial listed on the phone when it is requesting the<br>tvs to check the cert.<br><br>I saw the previus issue with 8.5.1 and the tftp tlv file failing to be<br>written but it's a different issue to that. In looking at the tvs<br>
logs, I do see a file failed to be written but with an error -2. The<br>file was ctlfile.tlv.<br><br>Have I caused this issue with the update of the dns settings on the<br>servers and a possible regeneration of the certifates at this point.<br>
Was there a process I should have followed.<br><br>I'm considering contacting tac in the morning to see if theres<br>anything obvious I've done wrong and if there's a way to resolve the<br>issue without touching phones manually, but if it's obvious to someone<br>
here what I've screwed up it would be great to hear it.<br><br>Thanks<br><br>Nathan<br></div></div>_______________________________________________<br>cisco-voip mailing list<br><a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a> <br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a> <br><br><br><span style="COLOR: white">itevomcid</span> <u></u><u></u>
<p></p></p></div></div></blockquote></div><br>