Ok.<div><br></div><div>Any idea's on how this happened? I'm very interested in not repeating this experience.</div><div><br></div><div>We added the latest devicepack, the Cius 9-2-3.cop file, and then rebooted all servers in our cluster.</div>
<div><br></div><div>Since the latest devicepack included 9-2-1 for our phones, all our phones updated. At this point, I have no idea how many phones are affected, but I have reports from nearly all of my sites, so it must be a significant number.</div>
<div><br></div><div>No settings where changed on the PUB/SUB's other than the addition of the the two .cop files. I find it very disheartening/disturbing that such a minor *normal* maintenance item is going to cost me the amount of hours it's going to take to fix this. </div>
<div><br></div><div>Other than buying 3rd party software (Thanks Steve!), Cisco needs to put some serious thought in a way to fix this. I'm not the first sad story involving this *Feature*. I know I won't be the last. Touching every single phone in my environment (Because how else can you verify if it's failing or not) is not really a solution. We have sites in other states, and most of our operation is remote support.</div>
<div><br></div><div>Is factory default the only Cisco answer?</div><div><br><br><div class="gmail_quote">On Wed, Jan 4, 2012 at 6:24 PM, Mike King <span dir="ltr"><<a href="mailto:me@mpking.com">me@mpking.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I have one of those sinking feelings in my stomache...........<div><br></div><div><br></div><div>(Clip of the phone web interface)</div>
<div><br></div><div><div>1856: NOT 18:01:32.717962 SECD: tvsReqAuthenticateCertificate: Received the response from TVS proxy, status: 1</div>
<div>1857: ERR 18:01:32.719531 SECD: Authentication failed for the HTTPS conn via TVS</div><div>1858: NOT 18:01:32.720438 SECD: srvr_cert_vfy: ** srvr cert verify FAILED ** <10.1.1.1></div><div>1859: ERR 18:01:32.721527 SECD: EROR:clpState: SSL3 alert write:fatal:handshake failure:<10.1.1.1></div>
<div>1860: ERR 18:01:32.722625 SECD: EROR:clpSetupSsl: ** SSL handshake failed, <10.1.1.1> c:9 s:11</div><div>1861: ERR 18:01:32.723402 SECD: EROR:clpSetupSsl: SSL/TLS handshake failed, <10.1.1.1> c:9 s:11</div>
<div>1862: ERR 18:01:32.724086 SECD: EROR:clpSetupSsl: SSL/TLS setup failed, <10.1.1.1> c:9 s:11</div><div>1863: ERR 18:01:32.724720 SECD: EROR:clpSndStatus: SSL CLNT ERR, srvr<10.1.1.1></div><div>1864: ERR 18:01:32.725353 SECD: EROR:secErr_errStr: *** bad err table ***</div>
<div>1865: ERR 18:01:32.726020 SECD: EROR:secErr_errStr: ** SEC-ERR: code:3(N/A) subcode:9(UNKNOWN_CERT)</div><div>1866: ERR 18:01:32.726704 SECD: EROR:clpSndStatus: ** SEC-ERR: desc <HTTPS cert failed auth via TVS></div>
<div>1867: ERR 18:01:32.727436 SECD: EROR:clpWriteToClntSock: write() err, clnt closed ?!, errno 32, <10.1.1.1> c:9 s:11</div><div>1868: ERR 18:01:32.728124 SECD: EROR:clpSndStatus: failed to send SSL/TLS conn status, <10.1.1.1> c:9 s:11</div>
<div>1869: NOT 18:01:32.730813 SECD: clpDelClnt: closing conn to <10.201.27.5>, c:14, s:-1</div><div>1870: NOT 18:01:32.731684 SECD: clpDelClnt: Closing the local socket now</div><div><br></div><div>1871: NOT 18:01:32.740853 SECD: clpDelClnt: closing conn to <10.1.1.1>, c:9, s:11</div>
<div>1872: NOT 18:01:32.742630 SECD: clpDelClnt: Closing the local socket now</div><div><br></div></div><div class="HOEnZb"><div class="h5"><div><br></div><div><br></div><div><br><br><div class="gmail_quote">On Wed, Jan 4, 2012 at 6:17 PM, Mike King <span dir="ltr"><<a href="mailto:me@mpking.com" target="_blank">me@mpking.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p>I've seen mention of TVs failure on the logs. What impact would that be?</p><div><div>
<div class="gmail_quote">On Jan 4, 2012 6:08 PM, "Dennis Heim" <<a href="mailto:Dennis.Heim@cdw.com" target="_blank">Dennis.Heim@cdw.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-US" link="blue" vlink="purple">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">I know I have seen that where there were issues with SBD/TVS certificate issues in the past.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d">Dennis Heim<br>
Senior Engineer (Unified Communications)<br>
CDW Advanced Technology Services<br>
10610 9<sup>th</sup> Place<br>
Bellevue, WA 98004<br>
<br>
</span><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d"><a href="tel:425.310.5299" value="+14253105299" target="_blank">425.310.5299</a> Single Number Reach (WA)</span><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d"><a href="tel:317.569.4255" value="+13175694255" target="_blank">317.569.4255</a> Single Number Reach (IN)</span><span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#1f497d"><br>
<a href="tel:317.569.4201" value="+13175694201" target="_blank">317.569.4201</a> Fax</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">
<br>
<a href="mailto:dennis.heim@cdw.com" target="_blank"><span style="font-size:10.0pt;color:blue">dennis.heim@cdw.com</span></a></span><u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:blue"><br>
</span></u><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><a href="http://www.cdw.com/content/solutions/unified-communications/" target="_blank"><span style="color:blue">cdw.com/content/solutions/unified-communications/</span></a><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> <a href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">cisco-voip-bounces@puck.nether.net</a> [mailto:<a href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">cisco-voip-bounces@puck.nether.net</a>]
<b>On Behalf Of </b>Mike King<br>
<b>Sent:</b> Wednesday, January 04, 2012 3:04 PM<br>
<b>To:</b> Cisco VoIPoE List<br>
<b>Subject:</b> [cisco-voip] 79xx and Firmware 9-2-1<u></u><u></u></span></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">I'm having a weird problem with our 7900's (7941/7945 7961/7965)<u></u><u></u></p>
<div>
<p class="MsoNormal">The Corporate Directory won't work on some of the phones. (We've eliminated everything but the phone's themselves, I actually have two phones, on the same subnet, one exhibits behavior, one doesn't)<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">It says "requesting...." then eventually says Host does not respond.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">We finally decided to try downgrading the phone back to 9.1.1 SR1s. <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">The phones that don't display the corporate directory, they also don't downgrade.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">I've Reset/Restarted from CM<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">I've done the **#** from the keypad<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">I've unplugged the phone, and plugged it back in.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">I've unplugged the phone, waited 5 minutes, and plugged it back in. Doesn't downgrade.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">I tried a factory reset, (# key, then 123456789*0#) and the phone will then download the correct version. (I guess it has to at this point)<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">(And the corporate directory started working again.)<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Idea's besides visiting every phone?<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
</div>
</blockquote></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>