<html><head></head><body bgcolor="#FFFFFF"><div>one week or two ago we have a similar problem, our tomcat certificates look wrong in the database ( run sql select * from certificate(s)) and when u download it from the cucm server os admin page - certificate management. when u connect to the cucm on https all look good. on the phone u see that it connects to the tvs and get a error back with i think code 0 and says its not authenticated.</div>
<div>so i've generate knew ones on all servers in the cluster. this fixed it for me.</div><div>the certificates grow from version 6 throug 6.1,7.1 now on 8.5, maybe something was wrong with any upgrade we have done.<br>
<br>--<div>Florian Kroessbacher</div></div><div><br>Am 02.02.2012 um 20:57 schrieb "Jason Aarons (AM)" <<a href="mailto:jason.aarons@dimensiondata.com">jason.aarons@dimensiondata.com</a>>:<br><br></div><div>
</div><blockquote type="cite"><div><meta http-equiv="Content-Type" content="text/html; charset=us-ascii"><meta name="Generator" content="Microsoft Word 14 (filtered medium)"><base href="x-msg://169/"><style><!--
/* Font Definitions */
@font-face
        {font-family:Helvetica;
        panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
        {font-family:Wingdings;
        panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
        {font-family:Wingdings;
        panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
span.apple-style-span
        {mso-style-name:apple-style-span;}
span.apple-converted-space
        {mso-style-name:apple-converted-space;}
span.EmailStyle19
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-size:10.0pt;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style><div class="WordSection1"><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Start with checking the <a href="http://phoneip">http://phoneip</a> and the log files there, does the phone have any ITL errors or missing TFTP Server 1 entries? Is CDP running on port on switch, dot1x, port-security?</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Dejavue from current project with SCCP 7965s 9.2SR2S and CallManager 8.5.1SU1.</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Most were network issues.  Reminder that starting with 7x the Corporate Directory is under Phone Services, are you using DNS or IP in that entry?</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span></p><div><div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in"><p class="MsoNormal">
<b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> <a href="mailto:cisco-voip-bounces@puck.nether.net">cisco-voip-bounces@puck.nether.net</a> [mailto:<a href="mailto:cisco-voip-bounces@puck.nether.net">cisco-voip-bounces@puck.nether.net</a>] <b>On Behalf Of </b>Wes Sisk<br>
<b>Sent:</b> Thursday, February 02, 2012 2:52 PM<br><b>To:</b> Gregory Wenzel<br><b>Cc:</b> <a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br><b>Subject:</b> Re: [cisco-voip] Corporate Directory - host not found - Reach out to the Puck</span></p>
</div></div><p class="MsoNormal"> </p><p class="MsoNormal"><br><br>What version of CUCM?</p><div><p class="MsoNormal"> </p></div><div><p class="MsoNormal">Starting in 8.x all URL's are https.  This requires ITL on phone in sync with ITL on server. Phone contacts TVS on server to verify certificate trust.  </p>
</div><div><p class="MsoNormal"> </p></div><div><p class="MsoNormal">Is the phone attempting to access the HTTPS port? (packet capture)</p></div><div><p class="MsoNormal">Does the web server respond with syn-ack? (packet capture)</p>
</div><div><p class="MsoNormal">is SSL negotiation successful? ( packet capture and TVS logs)</p></div><div><p class="MsoNormal"> </p></div><div><p class="MsoNormal"> </p></div><div><p class="MsoNormal">/wes</p></div><div>
<p class="MsoNormal"> </p><div><div><p class="MsoNormal">On Feb 2, 2012, at 2:05 PM, Gregory Wenzel wrote:</p></div><p class="MsoNormal"><br><br><span class="apple-style-span"><span style="font-size:13.5pt;font-family:"Helvetica","sans-serif""></span></span></p>
<div><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""></span></p>
</div><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Weird stuff on my home lab. My 7945, 7970 and 7961G-GE phones all show Corporate Directory as host not found … and I have WEB enabled for the phones, but cannot web into them<span class="apple-converted-space"> </span><a href="http://ip%3ephone.addr/">http://ip>phone.addr/</a></span></p>
</div><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span></p></div><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Unity Connection is not running and Due to cpu and avail memory I can only run 1xCUCM/1xUCCX Premium/1xWin2003Svr/1xWinXp workstation for CAD and ip communicator testing.</span></p>
</div><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span></p></div><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Not using DNS and there is no domain Config on cucm.</span></p>
</div><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">No LDAP integration</span></p></div><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">I reset/restarted tomcat in Serviceability</span></p>
</div><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">I reset/restarted TVS in Serviceability</span></p></div><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Have device pool, dialplan and other essentials set up on cucm so my UCCX lab can function.</span></p>
</div><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">Even rebooted the publisher</span></p></div><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">In OS admin is regenerated the TVR certs</span></p>
</div><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">In command line I ran “Show itl” and TVS certs are registered and in sync</span></p></div><div><p class="MsoNormal">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">The URL for Directory services is in the enterprise services section</span></p></div><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">I have no firewall between the router that’s the dhcp server and the phones</span></p>
</div><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">I do have a win2003 server acting as my smtp, dns, domain server but cucm is not using dns</span></p></div>
<div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">The phones work, they have a local</span></p></div><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">2811 is the Dhcp server</span></p>
</div><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">The phones communicate, the scripts I am writing do work with the phones.</span></p></div><div><p class="MsoNormal">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">I removed the secure URLs from the enterprise services section as suggested from some of the blogs on CCO Communities.</span></p></div>
<div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">My 7945, 7970 and 7961G-GE phones all show Corporate Directory as host not found</span></p></div><div><p class="MsoNormal">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">I do have routing turned on in my 2811 vgw. The phones see my publisher as the primary tftp server</span></p></div><div><p class="MsoNormal">
<span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">I have looked over and over through all the blogs and searched Cisco and I think I covered just about everything.</span></p></div><div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span></p></div><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">This is NFR branded software:</span></p>
</div><div><p class="MsoNormal">System version: 8.6.2.20000-2<br>VMware Installation: 1 vCPU Intel(R) Xeon(R) CPU E3113 @ 3.00GHz, disk 1: 80Gbytes, 4096Mbytes RAM<span style="font-size:11.0pt;font-family:"Calibri","sans-serif""></span></p>
</div><div><p class="MsoNormal"> <span style="font-size:11.0pt;font-family:"Calibri","sans-serif""></span></p></div><div><p class="MsoNormal"><span style="color:black">7945 firmware - SCCP45.9-2-1S</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""></span></p>
</div><div><p class="MsoNormal"><span style="color:black">7970 firmware - SCCP70.9-2-1S</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""></span></p></div><div><p class="MsoNormal">
<span style="color:black">7961G-GE – firmware - SCCP41.9-2-1S</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""></span></p></div><div><p class="MsoNormal"><span style="color:black"> </span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""></span></p>
</div><div><p class="MsoNormal"><span style="font-size:11.0pt;color:black">I am upgrading to 9-2-3 on all three phones see if that helps.</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""></span></p>
</div><div><p class="MsoNormal"> <span style="font-size:11.0pt;font-family:"Calibri","sans-serif""></span></p></div><div><p class="MsoNormal">What else am I missing?<span style="font-size:11.0pt;font-family:"Calibri","sans-serif""></span></p>
</div><div><p class="MsoNormal"> <span style="font-size:11.0pt;font-family:"Calibri","sans-serif""></span></p></div><div><p class="MsoNormal">Somewhat embarrassing but I wanted to reach out to the puck see what comes back/<span style="font-size:11.0pt;font-family:"Calibri","sans-serif""></span></p>
</div><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""></span></p>
</div><div><p class="MsoNormal"><span style="font-size:11.0pt;color:black">Next will be to capture packets on the end of the phone..</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""></span></p>
</div><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""></span></p>
</div><div><p class="MsoNormal"> <span style="font-size:11.0pt;font-family:"Calibri","sans-serif""></span></p></div><div><p class="MsoNormal">TIA<span class="apple-converted-space"> </span><span style="font-family:Wingdings">J</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""></span></p>
</div><div><p class="MsoNormal"> <span style="font-size:11.0pt;font-family:"Calibri","sans-serif""></span></p></div><div><p class="MsoNormal">Greg<span style="font-size:11.0pt;font-family:"Calibri","sans-serif""></span></p>
</div><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span></p></div><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span></p>
</div><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> </span></p></div><p class="MsoNormal"><span style="font-size:13.5pt;font-family:"Helvetica","sans-serif""><br>
This message w/attachments (message) is solely for the use of the intended recipient(s) and may contain information that is privileged, confidential or proprietary. If you are not an intended recipient, please notify the sender, and then please delete and destroy all copies and attachments, and be advised that any review or dissemination of, or the taking of any action in reliance on, the information contained in or attached to this message is prohibited. Unless specifically indicated, this message is not an offer to sell or a solicitation of any products.   ­­  _______________________________________________<br>
cisco-voip mailing list<br><a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br><a href="https://puck.nether.net/mailman/listinfo/cisco-voip">https://puck.nether.net/mailman/listinfo/cisco-voip</a></span></p>
</div></div><p class="MsoNormal"> </p></div><p class="MsoNormal"><br><br><span style="color:white">itevomcid</span> </p></div></div></blockquote><blockquote type="cite"><div><span>_______________________________________________</span><br>
<span>cisco-voip mailing list</span><br><span><a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a></span><br><span><a href="https://puck.nether.net/mailman/listinfo/cisco-voip">https://puck.nether.net/mailman/listinfo/cisco-voip</a></span><br>
</div></blockquote></body></html>