<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">You may want to grab a packet capture and see what these files look like. I did find a similar case where the TFTP server lost connection to the other nodes
causing some TFTPEngine::"stopAsyncIO" error messages and they had to restart the TFTP service on the TFTP server to resolve.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Ed Leatherman [mailto:ealeatherman@gmail.com]
<br>
<b>Sent:</b> Thursday, January 23, 2014 12:37 PM<br>
<b>To:</b> Brian Meade (brmeade)<br>
<b>Cc:</b> Cisco VOIP<br>
<b>Subject:</b> Re: [cisco-voip] CTL question<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Only thing that changed has been publisher node. Subs are unchanged also.<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Interestingly enough, I pulled a brand new 8945 out of box, changed the config on one of the sets that wouldn't register on site, and plugged it in here at my desk, and it loads up just fine. Waiting for them to get back with one of the
ones that wouldn't load up.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Here's the console log from one of the sets:<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">17:29:37, 06/07/2012 : CTLSEP20BBC0DFE737.tlv updating <br>
<br>
17:29:37, 06/07/2012 : CTLSEP20BBC0DFE737.tlv updated successfully <br>
<br>
17:29:37, 06/07/2012 : ITLSEP20BBC0DFE737.tlv updating <br>
<br>
17:29:38, 06/07/2012 : ITLSEP20BBC0DFE737.tlv updated successfully <br>
<br>
17:29:38, 06/07/2012 : CTL and ITL installed <br>
<br>
ERROR: Authenticating configuration file SEP20BBC0DFE737.cnf.xml.sgn <br>
17:29:38, 06/07/2012 : invalid file SEP20BBC0DFE737.cnf.xml.sgn, authenticated fail. Reas<br>
n:14. <br>
<br>
--> dot1x_activate(468) : <o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On Thu, Jan 23, 2014 at 12:32 PM, Brian Meade (brmeade) <<a href="mailto:brmeade@cisco.com" target="_blank">brmeade@cisco.com</a>> wrote:<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Would probably want to look at the console logs on one of those 8945s with the authentication errors.
First verify they are getting the CTL okay. Possible the TFTP address on the phones isn’t pointed to the TFTP server?</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> cisco-voip [mailto:<a href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">cisco-voip-bounces@puck.nether.net</a>]
<b>On Behalf Of </b>Ed Leatherman<br>
<b>Sent:</b> Thursday, January 23, 2014 12:01 PM</span><o:p></o:p></p>
<div>
<p class="MsoNormal"><br>
<b>To:</b> Cisco VOIP<br>
<b>Subject:</b> [cisco-voip] CTL question<o:p></o:p></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Hi folks,<o:p></o:p></p>
<div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">I have a cluster in mixed mode, last weekend we were scheduled to replace the publisher and TFTP server hardware (migrate to VMWare), cm 8.6. No version upgrade just a re-install
onto VMWare.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">We ran out of maintenance window waiting for publisher to restore and db replication, so I left the TFTP server alone for another weekend. Also since pub is not registering phones
or running TFTP, I did not resign the CTL file to avoid any more cluster wide phone reboots. I plan on resigning it after I migrate TFTP this weekend.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Up until now i haven't had any issues with leaving the CTL file alone; however this morning we tried deploying some brand new 8945's and they are coming up with authentication error
on their config files, which I can't figure out why at this point. I can't reproduce the issue on my office phone (also a 8945), it happily downloads the current config files without complaint, even if I delete CTL/ITL. <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Am I barking up the wrong tree here with this? shouldn't the phones just be checking the TFTP server's signature, which didnt change, against the CTL or ITL?<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">I asked the technician to delete the security files on the 8900s in case for some reason they had a CTL or ITL from the factory, said it didnt help. I'm having him bring a couple
phones back to troubleshoot with and verify though.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">We are only doing signed configs right now, not encrypted files or control/media.<br clear="all">
<o:p></o:p></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>
</div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">--
<br>
Ed Leatherman<o:p></o:p></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><br>
<br clear="all">
<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal">-- <br>
Ed Leatherman<o:p></o:p></p>
</div>
</div>
</body>
</html>