<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><base href="x-msg://840/"><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Arial","sans-serif";
color:black;
font-weight:normal;
font-style:normal;
text-decoration:none none;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'>The article also talks about setting the rollback parameter to true, which will erase the ITL on the phones. Obviously this requires that your phones can still register. <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'><o:p> </o:p></span></p><div><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:black'>Dennis Heim | Sr. UC Engineer</span></b><b><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:black'><o:p></o:p></span></b></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:black'>World Wide Technology | 314.212.1814 | <a href="mailto:dennis.heim@wwt.com">dennis.heim@wwt.com</a></span><b><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:black'><o:p></o:p></span></b></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:black'>“Creating Impact, Ignition & Scalability”<o:p></o:p></span></p></div><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> cisco-voip-bounces@puck.nether.net [mailto:cisco-voip-bounces@puck.nether.net] <b>On Behalf Of </b>Stephen Welsh<br><b>Sent:</b> Monday, November 05, 2012 11:06 AM<br><b>To:</b> Adam Pawlowski<br><b>Cc:</b> <cisco-voip@puck.nether.net><br><b>Subject:</b> Re: [cisco-voip] 9.3.1 , TVS, and IPv6<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Hi Adam, <o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>As you stated (very nicely :), everyone that upgrades to (or between) UCM 8 & 9 versions needs to understand SBD. Unfortunately even if you do everything right you can still get hit by a SBD/ITL problems, there are several different ways to get caught out even if you go 100% by the book.<o:p></o:p></p></div><div><p class=MsoNormal>In our experience the best way to handle almost any SBD issue is deleting the ITL File, there are some steps to prevent issues, but they are never 100% fool-proof, the best thing to do is be prepared to 'easily' manage/delete those pesky ITL files ;)<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>If you haven't already found this, the best information on Security by Default is by Jason Burns:<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><a href="https://supportforums.cisco.com/docs/DOC-17679">https://supportforums.cisco.com/docs/DOC-17679</a><o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>I completely appreciate your point of view that the last thing you should "have" to do is delete the ITL file, if you read Jason's document this will give you the best understanding and chance to eliminate (or minimise) this likely hood. However I always recommend that you have a Plan-B, Unified FX has devised an approach (a way to configure your cluster) that will ensure that you will never need to physically go to a phone to delete an ITL files even in the worst and most rare SDB Issues. Believe me the issue you have at the moment is nothing compared to some of the SBD problems we have had to solve, at least your phones are still registered ;)<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Thanks<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Stephen Welsh, CCIE #12345<o:p></o:p></p></div><div><p class=MsoNormal>CTO<o:p></o:p></p></div><div><p class=MsoNormal>Unified FX<o:p></o:p></p></div><div><p class=MsoNormal><a href="http://www.unifiedfx.com">http://www.unifiedfx.com</a><o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal>On 5 Nov 2012, at 15:37, Adam Pawlowski <<a href="mailto:ajp26@buffalo.edu">ajp26@buffalo.edu</a>><o:p></o:p></p></div><div><p class=MsoNormal> wrote:<o:p></o:p></p></div><p class=MsoNormal><br><br><o:p></o:p></p><div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Stephen,</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> Removing the ITL file from the phone does seem to allow it to grab a new one, since it doesn’t need to verify it. When the phone is booting up, it lists, from a file on its flash, that it has no TVS servers, until it has read the configuration file and established the CM nodes from that device pool. TVS is running on all hosts in the cluster, including the TFTP, which it seems to want to fall back to, to verify its configuration and ITL initially. For whatever reason it insists on using the TFTP, yet, it wants to connect via IPv6 which just can’t work and doesn’t. It’s placed me into a situation where I want to turn off V6 but, have to do so in the phone’s config, and can’t change the phone’s config until I turn off V6 (or erase the ITL).</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> I will inspect the ITL on the phone again to see what’s going on – the nodes should all be listed but the ITLs hash has changed. I’d love to understand just what is going on with this. As we were talking earlier about here, the license documentation for the 8 upgrades should have come with a singing telegram or at least a stack of bright red paper drawing our attention to this feature. There’s a lot that’s new in the UCM and it seems easy to get underwater on the everything that comes up, but this just seems too easy to run afoul of bugs or problems which can hose over your cluster. If we have to erase, we have to erase, but, I don’t want to get into the habit of planning to or having to erase security certificates if there’s a way to correct the issue.</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Thanks much though for your time and reply</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Adam</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'> </span><o:p></o:p></p></div><div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><div><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span class=apple-converted-space><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> </span></span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>Stephen Welsh [mailto:stephen.welsh@<a href="http://unifiedfx.com">unifiedfx.com</a>]<span class=apple-converted-space> </span><br><b>Sent:</b><span class=apple-converted-space> </span>Monday, November 05, 2012 9:09 AM<br><b>To:</b><span class=apple-converted-space> </span>Pawlowski, Adam<br><b>Cc:</b><span class=apple-converted-space> </span><a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br><b>Subject:</b><span class=apple-converted-space> </span>Re: [cisco-voip] 9.3.1 , TVS, and IPv6</span><o:p></o:p></p></div></div></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal>Hi Adam,<o:p></o:p></p></div><div><div><p class=MsoNormal> <o:p></o:p></p></div></div><div><div><p class=MsoNormal>Are you sure the ipv6 thing is not a red herring?<o:p></o:p></p></div></div><div><div><p class=MsoNormal> <o:p></o:p></p></div></div><div><div><p class=MsoNormal>Have you tried removing the ITL File from the phone and/or restarting the TVS service?<o:p></o:p></p></div></div><div><div><p class=MsoNormal> <o:p></o:p></p></div></div><div><div><p class=MsoNormal>If you are not aware the choice of TVS service (node IP Address) is based on the Call Manager Group configured on the phone, you could try adding all nodes to the phones CM Group to see if that helps the phone to contact a TVS service it has a matching ITL entry for.<o:p></o:p></p></div></div><div><div><p class=MsoNormal> <o:p></o:p></p></div></div><div><div><p class=MsoNormal>If you are still stuck I'm happy to host a WebEx session to share my SDB & ITL experiences, I'm the original author of PhoneView (<a href="http://www.unifiedfx.com"><span style='color:purple'>http://www.unifiedfx.com</span></a>), it's been used to help a LOT of people with SBD related issues, never-mind countless UCM installations and upgrades.<o:p></o:p></p></div></div><div><div><p class=MsoNormal> <o:p></o:p></p></div></div><div><div><p class=MsoNormal>In-case you do need to delete/manage your ITL Files, or even just get a proper view/handle on the phone firmware version of your estate you should give PhoneView a try:<o:p></o:p></p></div></div><div><div><p class=MsoNormal> <o:p></o:p></p></div></div><div><div><p class=MsoNormal><a href="http://www.unifiedfx.com/phoneview/trial"><span style='color:purple'>http://www.unifiedfx.com/phoneview/trial</span></a><o:p></o:p></p></div></div><div><div><p class=MsoNormal> <o:p></o:p></p></div></div><div><div><p class=MsoNormal>Thanks<o:p></o:p></p></div></div><div><div><p class=MsoNormal> <o:p></o:p></p></div></div><div><div><p class=MsoNormal>Stephen<o:p></o:p></p></div></div><div><div><p class=MsoNormal> <o:p></o:p></p></div><div><div><div><p class=MsoNormal>On 5 Nov 2012, at 13:51, "Pawlowski, Adam" <<a href="mailto:ajp26@buffalo.edu"><span style='color:purple'>ajp26@buffalo.edu</span></a>><o:p></o:p></p></div></div><div><div><p class=MsoNormal> wrote:<o:p></o:p></p></div></div><div><p class=MsoNormal><br><br><br><o:p></o:p></p></div><div><div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>Morning list,</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> </span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> From what I can read, TVS has been a thrill ride for those of us lucky enough to run afoul of SBD. I’m hoping we haven’t run into such a situation here but I have a question. We just pushed 9.3.1 out to devices from 9.1.1SR1, with peer firmware sharing enabled. This went miserably and left a lot of devices stranded at 9.1.1 or at an “Upgrading” screen. Working with TAC on that but so far nothing. We began receiving reports from end users that their directories were missing, they can’t change ringers, etc. Last time this happened we had phones that had picked up a bum ITL from a partial rollout, and we had to erase them by hand.</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> </span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> This time that shouldn’t have been the case – it was just a firmware upgrade. However, it looks like some of the phones that have gone to 9.3.1 have decided that they want to use IPv6 when talking to the TFTP to verify their initial configurations, when they have no TVS server list built on the device. In looking at the phone console logs, you can see that the device is in “IP mode 1” and tries to connect to TFTP, say “192.168.0.1 :: “ which is obviously not a V6 address. We’re not running V6 so it has no address bound. No traffic leaves the phone, but, the phone says it timed out (EAGAIN) connecting to the TFTP and won’t verify the ITL/CFG/etc.</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> </span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> What I’m looking at it is setting V6 to off at the cluster, but, I don’t see any way to repair this on affected devices (could be a large amount) other than erasing the ITL, or deploying IPv6. Given the leg work that could go into identifying and taking care of these devices, it’s arguable as to which one would be harder at this point.</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> </span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> Any comment on this with this firmware? Anyone else run into this miserable trouble?</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> </span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>Adam Pawlowski</span><o:p></o:p></p></div></div><div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>SUNYAB Network and Classroom Services</span><o:p></o:p></p></div></div><div><p class=MsoNormal><span style='font-size:13.5pt;font-family:"Helvetica","sans-serif"'>_______________________________________________<br>cisco-voip mailing list<br><a href="mailto:cisco-voip@puck.nether.net"><span style='color:purple'>cisco-voip@puck.nether.net</span></a><br><a href="https://puck.nether.net/mailman/listinfo/cisco-voip"><span style='color:purple'>https://puck.nether.net/mailman/listinfo/cisco-voip</span></a></span><o:p></o:p></p></div></div></div></div></div></div></div><p class=MsoNormal><o:p> </o:p></p></div></div></body></html>