Erick,<br><br>Did you also migrate to new hardware and use the backup and restore (DRS) process during the upgrade? <br><br>If so, you might be running into the following condition / defect. Give this a read and check it out.<br>
<br><a href="https://supportforums.cisco.com/docs/DOC-17679#Backup_And_Restore">https://supportforums.cisco.com/docs/DOC-17679#Backup_And_Restore</a><br><br><a href="http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtn50405">http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtn50405</a><br>
<br>If you're sure that none of the phones have ITL files installed then it is safe to regenerate the CallManager.pem certificate and restart TVS, TFTP, and CallManager (in that order) to resolve this problem if you can confirm you're running into it.<br>
<br>-Jason<br><br><div class="gmail_quote">On Thu, Jan 5, 2012 at 10:26 AM, Erick B. <span dir="ltr"><<a href="mailto:erickbee@gmail.com">erickbee@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi,<br>
<br>
Question on regenerating TVS certificate, client upgraded from 6.x to<br>
8.5.1.14048-1 and ever since the corp directory is not working on<br>
phones that use secure URLs (7911, 7975, etc). I set it to a<br>
non-secure URL and restarted TVS service like in a cisco article I<br>
found and the corporate directory still saids host not found when they<br>
try to use it. Same problem for services url.<br>
<br>
The phones have no ITL file installed on them and no trust list right<br>
now either. I set up a IP communicator and the corp directory worked<br>
on that, it was using the non-secure URL even though I had secure<br>
directories URL configured.<br>
<br>
<br>
I found another cisco document on this with another step that states<br>
to do a 'show itl' on the server and if the verification fails to<br>
regenerate the TVS certificate. The 'show itl' shows verification<br>
failed, and I've read over the Security By Default document on the<br>
support site and I think I am safe by just regenerating the TVS<br>
certificate and resetting the phones but I wanted to ask here as I<br>
haven't dealt with this yet really and my past run ins with security<br>
and certificates on the phones were not all that pleasant. I do have a<br>
TAC case on this also but the person doesn't seem to know what to do<br>
with this ITL not verifying issue and currently wants me to downgrade<br>
from 9.2 firmware to 8.5.4 to fix the corp directory issue.<br>
<br>
Any other things I can try? I'm going to try to find a better TAC<br>
resource in meantime.<br>
<br>
Erick<br>
_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
</blockquote></div><br>