<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<base href="x-msg://840/">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">
Hi Adam,
<div><br>
</div>
<div>As you stated (very nicely :), everyone that upgrades to (or between) UCM 8 & 9 versions needs to understand SBD. Unfortunately even if you do everything right you can still get hit by a SBD/ITL problems, there are several different ways to get caught
out even if you go 100% by the book.</div>
<div>In our experience the best way to handle almost any SBD issue is deleting the ITL File, there are some steps to prevent issues, but they are never 100% fool-proof, the best thing to do is be prepared to 'easily' manage/delete those pesky ITL files ;)</div>
<div><br>
</div>
<div>If you haven't already found this, the best information on Security by Default is by Jason Burns:</div>
<div><br>
</div>
<div><a href="https://supportforums.cisco.com/docs/DOC-17679">https://supportforums.cisco.com/docs/DOC-17679</a></div>
<div><br>
</div>
<div>I completely appreciate your point of view that the last thing you should "have" to do is delete the ITL file, if you read Jason's document this will give you the best understanding and chance to eliminate (or minimise) this likely hood. However I always
recommend that you have a Plan-B, Unified FX has devised an approach (a way to configure your cluster) that will ensure that you will never need to physically go to a phone to delete an ITL files even in the worst and most rare SDB Issues. Believe me the issue
you have at the moment is nothing compared to some of the SBD problems we have had to solve, at least your phones are still registered ;)</div>
<div><br>
</div>
<div>Thanks</div>
<div><br>
</div>
<div>Stephen Welsh, CCIE #12345</div>
<div>CTO</div>
<div>Unified FX</div>
<div><a href="http://www.unifiedfx.com">http://www.unifiedfx.com</a></div>
<div><br>
<div>
<div>On 5 Nov 2012, at 15:37, Adam Pawlowski <<a href="mailto:ajp26@buffalo.edu">ajp26@buffalo.edu</a>></div>
<div> wrote:</div>
<br class="Apple-interchange-newline">
<blockquote type="cite">
<div lang="EN-US" link="blue" vlink="purple" style="font-family: Helvetica; font-size: medium; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; ">
<div class="WordSection1" style="page: WordSection1; ">
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="2" color="#1f497d" face="Calibri"><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">Stephen,<o:p></o:p></span></font></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="2" color="#1f497d" face="Calibri"><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "> </span></font></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="2" color="#1f497d" face="Calibri"><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "> Removing the ITL file from the phone does seem to allow it to grab a new one, since it doesn’t need to verify it. When
the phone is booting up, it lists, from a file on its flash, that it has no TVS servers, until it has read the configuration file and established the CM nodes from that device pool. TVS is running on all hosts in the cluster, including the TFTP, which it seems
to want to fall back to, to verify its configuration and ITL initially. For whatever reason it insists on using the TFTP, yet, it wants to connect via IPv6 which just can’t work and doesn’t. It’s placed me into a situation where I want to turn off V6 but,
have to do so in the phone’s config, and can’t change the phone’s config until I turn off V6 (or erase the ITL).<o:p></o:p></span></font></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="2" color="#1f497d" face="Calibri"><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "> </span></font></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="2" color="#1f497d" face="Calibri"><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "> I will inspect the ITL on the phone again to see what’s going on – the nodes should all be listed but the ITLs hash
has changed. I’d love to understand just what is going on with this. As we were talking earlier about here, the license documentation for the 8 upgrades should have come with a singing telegram or at least a stack of bright red paper drawing our attention
to this feature. There’s a lot that’s new in the UCM and it seems easy to get underwater on the everything that comes up, but this just seems too easy to run afoul of bugs or problems which can hose over your cluster. If we have to erase, we have to erase,
but, I don’t want to get into the habit of planning to or having to erase security certificates if there’s a way to correct the issue.<o:p></o:p></span></font></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="2" color="#1f497d" face="Calibri"><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "> </span></font></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="2" color="#1f497d" face="Calibri"><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">Thanks much though for your time and reply<o:p></o:p></span></font></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="2" color="#1f497d" face="Calibri"><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "> </span></font></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="2" color="#1f497d" face="Calibri"><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); ">Adam<o:p></o:p></span></font></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="2" color="#1f497d" face="Calibri"><span style="font-size: 11pt; font-family: Calibri, sans-serif; color: rgb(31, 73, 125); "> </span></font></div>
<div style="border-style: none none none solid; border-left-width: 1.5pt; border-left-color: blue; padding: 0in 0in 0in 4pt; ">
<div>
<div style="border-style: solid none none; border-top-width: 1pt; border-top-color: rgb(181, 196, 223); padding: 3pt 0in 0in; ">
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<b><font size="2" face="Tahoma"><span style="font-size: 10pt; font-family: Tahoma, sans-serif; font-weight: bold; ">From:</span></font></b><font size="2" face="Tahoma"><span style="font-size: 10pt; font-family: Tahoma, sans-serif; "><span class="Apple-converted-space"> </span>Stephen
Welsh [mailto:stephen.welsh@<a href="http://unifiedfx.com">unifiedfx.com</a>]<span class="Apple-converted-space"> </span><br>
<b><span style="font-weight: bold; ">Sent:</span></b><span class="Apple-converted-space"> </span>Monday, November 05, 2012 9:09 AM<br>
<b><span style="font-weight: bold; ">To:</span></b><span class="Apple-converted-space"> </span>Pawlowski, Adam<br>
<b><span style="font-weight: bold; ">Cc:</span></b><span class="Apple-converted-space"> </span><a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>
<b><span style="font-weight: bold; ">Subject:</span></b><span class="Apple-converted-space"> </span>Re: [cisco-voip] 9.3.1 , TVS, and IPv6<o:p></o:p></span></font></div>
</div>
</div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="3" face="Times New Roman"><span style="font-size: 12pt; "> </span></font></div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="3" face="Times New Roman"><span style="font-size: 12pt; ">Hi Adam,<o:p></o:p></span></font></div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="3" face="Times New Roman"><span style="font-size: 12pt; "> </span></font></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="3" face="Times New Roman"><span style="font-size: 12pt; ">Are you sure the ipv6 thing is not a red herring?<o:p></o:p></span></font></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="3" face="Times New Roman"><span style="font-size: 12pt; "> </span></font></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="3" face="Times New Roman"><span style="font-size: 12pt; ">Have you tried removing the ITL File from the phone and/or restarting the TVS service?<o:p></o:p></span></font></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="3" face="Times New Roman"><span style="font-size: 12pt; "> </span></font></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="3" face="Times New Roman"><span style="font-size: 12pt; ">If you are not aware the choice of TVS service (node IP Address) is based on the Call Manager Group configured on the phone, you could try adding all nodes to the phones CM Group to see if
that helps the phone to contact a TVS service it has a matching ITL entry for.<o:p></o:p></span></font></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="3" face="Times New Roman"><span style="font-size: 12pt; "> </span></font></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="3" face="Times New Roman"><span style="font-size: 12pt; ">If you are still stuck I'm happy to host a WebEx session to share my SDB & ITL experiences, I'm the original author of PhoneView (<a href="http://www.unifiedfx.com" style="color: purple; text-decoration: underline; ">http://www.unifiedfx.com</a>),
it's been used to help a LOT of people with SBD related issues, never-mind countless UCM installations and upgrades.<o:p></o:p></span></font></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="3" face="Times New Roman"><span style="font-size: 12pt; "> </span></font></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="3" face="Times New Roman"><span style="font-size: 12pt; ">In-case you do need to delete/manage your ITL Files, or even just get a proper view/handle on the phone firmware version of your estate you should give PhoneView a try:<o:p></o:p></span></font></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="3" face="Times New Roman"><span style="font-size: 12pt; "> </span></font></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="3" face="Times New Roman"><span style="font-size: 12pt; "><a href="http://www.unifiedfx.com/phoneview/trial" style="color: purple; text-decoration: underline; ">http://www.unifiedfx.com/phoneview/trial</a><o:p></o:p></span></font></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="3" face="Times New Roman"><span style="font-size: 12pt; "> </span></font></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="3" face="Times New Roman"><span style="font-size: 12pt; ">Thanks<o:p></o:p></span></font></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="3" face="Times New Roman"><span style="font-size: 12pt; "> </span></font></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="3" face="Times New Roman"><span style="font-size: 12pt; ">Stephen<o:p></o:p></span></font></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="3" face="Times New Roman"><span style="font-size: 12pt; "> </span></font></div>
<div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="3" face="Times New Roman"><span style="font-size: 12pt; ">On 5 Nov 2012, at 13:51, "Pawlowski, Adam" <<a href="mailto:ajp26@buffalo.edu" style="color: purple; text-decoration: underline; ">ajp26@buffalo.edu</a>><o:p></o:p></span></font></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="3" face="Times New Roman"><span style="font-size: 12pt; "> wrote:<o:p></o:p></span></font></div>
</div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="3" face="Times New Roman"><span style="font-size: 12pt; "><br>
<br>
<o:p></o:p></span></font></div>
<div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="2" face="Calibri"><span style="font-size: 11pt; font-family: Calibri, sans-serif; ">Morning list,<o:p></o:p></span></font></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="2" face="Calibri"><span style="font-size: 11pt; font-family: Calibri, sans-serif; "> <o:p></o:p></span></font></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="2" face="Calibri"><span style="font-size: 11pt; font-family: Calibri, sans-serif; "> From what I can read, TVS has been a thrill ride for those of us lucky enough to run afoul of SBD. I’m hoping we haven’t run into such a situation here but
I have a question. We just pushed 9.3.1 out to devices from 9.1.1SR1, with peer firmware sharing enabled. This went miserably and left a lot of devices stranded at 9.1.1 or at an “Upgrading” screen. Working with TAC on that but so far nothing. We began receiving
reports from end users that their directories were missing, they can’t change ringers, etc. Last time this happened we had phones that had picked up a bum ITL from a partial rollout, and we had to erase them by hand.<o:p></o:p></span></font></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="2" face="Calibri"><span style="font-size: 11pt; font-family: Calibri, sans-serif; "> <o:p></o:p></span></font></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="2" face="Calibri"><span style="font-size: 11pt; font-family: Calibri, sans-serif; "> This time that shouldn’t have been the case – it was just a firmware upgrade. However, it looks like some of the phones that have gone to 9.3.1 have decided
that they want to use IPv6 when talking to the TFTP to verify their initial configurations, when they have no TVS server list built on the device. In looking at the phone console logs, you can see that the device is in “IP mode 1” and tries to connect to TFTP,
say “192.168.0.1 :: “ which is obviously not a V6 address. We’re not running V6 so it has no address bound. No traffic leaves the phone, but, the phone says it timed out (EAGAIN) connecting to the TFTP and won’t verify the ITL/CFG/etc.<o:p></o:p></span></font></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="2" face="Calibri"><span style="font-size: 11pt; font-family: Calibri, sans-serif; "> <o:p></o:p></span></font></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="2" face="Calibri"><span style="font-size: 11pt; font-family: Calibri, sans-serif; "> What I’m looking at it is setting V6 to off at the cluster, but, I don’t see any way to repair this on affected devices (could be a large amount) other than
erasing the ITL, or deploying IPv6. Given the leg work that could go into identifying and taking care of these devices, it’s arguable as to which one would be harder at this point.<o:p></o:p></span></font></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="2" face="Calibri"><span style="font-size: 11pt; font-family: Calibri, sans-serif; "> <o:p></o:p></span></font></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="2" face="Calibri"><span style="font-size: 11pt; font-family: Calibri, sans-serif; "> Any comment on this with this firmware? Anyone else run into this miserable trouble?<o:p></o:p></span></font></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="2" face="Calibri"><span style="font-size: 11pt; font-family: Calibri, sans-serif; "> <o:p></o:p></span></font></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="2" face="Calibri"><span style="font-size: 11pt; font-family: Calibri, sans-serif; ">Adam Pawlowski<o:p></o:p></span></font></div>
</div>
<div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="2" face="Calibri"><span style="font-size: 11pt; font-family: Calibri, sans-serif; ">SUNYAB Network and Classroom Services<o:p></o:p></span></font></div>
</div>
<div style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="4" face="Helvetica"><span style="font-size: 13.5pt; font-family: Helvetica, sans-serif; ">_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net" style="color: purple; text-decoration: underline; "><font color="purple"><span style="color: purple; ">cisco-voip@puck.nether.net</span></font></a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" style="color: purple; text-decoration: underline; "><font color="purple"><span style="color: purple; ">https://puck.nether.net/mailman/listinfo/cisco-voip</span></font></a><o:p></o:p></span></font></div>
</div>
</div>
<p class="MsoNormal" style="margin: 0in 0in 0.0001pt; font-size: 12pt; font-family: 'Times New Roman', serif; ">
<font size="3" face="Times New Roman"><span style="font-size: 12pt; "></span></font></p>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</body>
</html>