<div><div dir="auto">Hello Brian</div><div dir="auto"><br></div><div dir="auto">Thanks for your Feedback. All the phones are authenticated and have a LCS installed. There is also a CTL on every Phone. </div><div dir="auto"><br></div><div dir="auto">Would it help to delete the LCS certificates and change the phone security profile to non secure? I was also thinking about to set the cluster back to non secure (from Mixed Mode now). However I am shure if that helps. </div><div dir="auto"><br></div><div dir="auto">Thanks and regards</div><div dir="auto">Reto </div><br><div class="gmail_quote"><div>Brian Meade <<a href="mailto:bmeade90@vt.edu">bmeade90@vt.edu</a>> schrieb am Di. 9. Jan. 2018 um 17:52:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>Do the phones still have CTLs on them?<div><br></div><div>Phones that support Securty By Default will be okay as they can get trust new certificates using the ITL/TVS. For the old 7940/60s and things like IP Communicator that don't support CTL, you're probably stuck bulk deleting CTLs. UnifiedFX may be able to help here.</div><div><br></div><div>You can try adding new certs to the CTL and use the old tokens but I'm not sure the CTL client will be okay with the expired certificates. Usually the phones won't check certificate validity dates.</div><div><br></div><div>I'd first try running the CTL Client and import all the CallManager.pem certificates and see if it lets you update the CTL. If so, you should be able to convert to tokenless fine.</div></div><div class="gmail_extra"><br><div class="gmail_quote"></div></div><div class="gmail_extra"><div class="gmail_quote">On Tue, Jan 9, 2018 at 11:24 AM, Reto Gassmann <span><<a href="mailto:voip@mrga.ch" target="_blank">voip@mrga.ch</a>></span> wrote:<br></div></div><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto">Hello Group</div><div dir="auto"><br></div><div dir="auto">We run a CUCM cluster 10.5 in Mixed Mode. The IP Phones (mainly 7960 and 7961) are authenticated with LCS. A long time ago the cluster was set to Mixed Mode with two Hardware tokens. The tokens (Certificates on the tokens) expired last September.</div><div dir="auto">Now we want to change to tokenless CTL. I found a Cisco Document (118893) that describes the steps needed to make that change. However there are some notes about Problems with TVS and Security by Default with 7960.</div><div dir="auto"><br></div><div dir="auto">Can anyone help / Any ideas???</div><div dir="auto"><br></div><div dir="auto">Thank you</div><span class="m_2316894356365063081HOEnZb"><font color="#888888"><div dir="auto">Reto</div>
</font></span><br></blockquote></div></div><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" rel="noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
<br></blockquote></div><br></div>
</blockquote></div></div>