<div dir="ltr">Reset TFTP after and reset the phones again if you want to be extra safe.<div><br></div><div>Every time I've done this, it worked in the single step of just switching the parameter and having it reset all the phones.</div><div><br></div><div>Definitely can't be too safe with these though.</div><div><br></div><div>I'd also say pre-prepare by enabling web access/settings access on all the phones and making sure Auth URLs are good just in case you need to use UnifiedFX to delete ITLs if something goes wrong.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Feb 28, 2018 at 3:46 PM, Lelio Fulgenzi <span dir="ltr"><<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-US" link="blue" vlink="purple">
<div class="m_-1569218747151296432WordSection1">
<p class="MsoNormal">Thanks Anthony.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">By setting the parameter, the phones reset automatically. Are you saying that I have to reset the TFTP server before setting the parameter?<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Our previous scenario, which was pretty much just an upgrade using new hardware required this. We couldn’t get it to work without it. Feedback from the list way back way confirmed this requirement. We were installing new servers and restoring
from DRS in the backup and that was enough to modify the certificates enough.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Our current scenario will be not only upgrading, but moving from IP address defined server to hostname defined servers and public certificates, so, I’m guessing we totally need this.<u></u><u></u></p><span class="">
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif">---<u></u><u></u></span></p>
<p class="MsoNormal"><b><span style="font-family:"Arial",sans-serif">Lelio Fulgenzi, B.A.</span></b><span style="font-family:"Arial",sans-serif"> | Senior Analyst<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif;color:#333333">Computing and Communications Services</span><span style="font-family:"Arial",sans-serif"> | University of Guelph<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif">Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"><a href="tel:(519)%20824-4120" value="+15198244120" target="_blank">519-824-4120 Ext. 56354</a> |
<a href="mailto:lelio@uoguelph.ca" target="_blank"><span style="color:#0563c1">lelio@uoguelph.ca</span></a><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"><u></u> <u></u></span></p>
</span><p class="MsoNormal"><a href="http://www.uoguelph.ca/ccs" target="_blank"><span style="font-family:"Arial",sans-serif">www.uoguelph.ca/ccs</span></a><span style="font-family:"Arial",sans-serif;color:#1f497d"> | @UofGCCS on Instagram, Twitter and Facebook<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"><u></u> <u></u></span></p>
<p class="MsoNormal"><img border="0" width="187" height="100" style="width:1.9479in;height:1.0416in" id="m_-1569218747151296432Picture_x0020_1" src="cid:image001.png@01D3B0AB.3DA44BB0" alt="University of Guelph Cornerstone with Improve Life tagline"><u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><b>From:</b> Anthony Holloway [mailto:<a href="mailto:avholloway%2Bcisco-voip@gmail.com" target="_blank">avholloway+cisco-voip@<wbr>gmail.com</a>]
<br>
<b>Sent:</b> Wednesday, February 28, 2018 12:16 PM<br>
<b>To:</b> Lelio Fulgenzi <<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a>><br>
<b>Cc:</b> voyp list, cisco-voip (<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>) <<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>><br>
<b>Subject:</b> Re: [cisco-voip] Prepare Cluster for Rollback to pre 8.0 Parameter - still valid for moving to different hardware?<u></u><u></u></p><div><div class="h5">
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal">Your first step is incorrect. You need to restart TFTP and TVS first, then reset phones.<u></u><u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Now, the scenario you described, you wouldn't even need this, would you? Because your servers and more importantly, certificates, are staying the same, you're just upgrading the application. Unless of course you were planning on regenerating
certs before moving phones over, but you didn't say that, and you might as well just wait until the phones are moved, then regenerating certs is actually easy, and doesn't require special considerations like cert combo and rollback. You just regen one server
at a time, resetting the phones so they learn about the new server identity, while still trusting one or more servers in the cluster. <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">But, yes, this is the main go to method for me when migrating phones from one cluster to another (not hardware). Keep in mind, that if the old cluster is staying around, and phones need to move between them, then sharing/combining certs
would be the answer.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">I think I said everything correct... Brian Meade seems to be the Chief Security Office around these parts, so let's see what he says.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<div>
<p class="MsoNormal">On Wed, Feb 28, 2018 at 10:58 AM Lelio Fulgenzi <<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a>> wrote:<u></u><u></u></p>
</div>
<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<p class="MsoNormal"><br>
In the past, we used this parameter to prepare phones to be homed to a different set of hardware.<br>
<br>
For example:<br>
<br>
<br>
* Set parameter to true, reset phones.<br>
* In an offline network, restore from DRS and upgrade servers<br>
* During a maintenance window, turn off version A servers and turn on version B servers<br>
* Wait for TFTP timeout/reset for phones to begin talking with new TFTP server<br>
* Once all phones are registered, set parameter to false, reset phones<br>
<br>
Just wondering if this is still the way to get phones registered to different cluster hardware.<br>
<br>
Lelio<br>
<br>
<br>
---<br>
Lelio Fulgenzi, B.A. | Senior Analyst<br>
Computing and Communications Services | University of Guelph<br>
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1<br>
<a href="tel:(519)%20824-4120" target="_blank">519-824-4120 Ext. 56354</a> | <a href="mailto:lelio@uoguelph.ca" target="_blank">
lelio@uoguelph.ca</a><mailto:<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio<wbr>@uoguelph.ca</a>><br>
<br>
<a href="http://www.uoguelph.ca/ccs" target="_blank">www.uoguelph.ca/ccs</a><<a href="http://www.uoguelph.ca/ccs" target="_blank">http://<wbr>www.uoguelph.ca/ccs</a>> | @UofGCCS on Instagram, Twitter and Facebook<br>
<br>
[University of Guelph Cornerstone with Improve Life tagline]<br>
<br>
______________________________<wbr>_________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/<wbr>mailman/listinfo/cisco-voip</a><u></u><u></u></p>
</blockquote>
</div>
</div></div></div>
</div>
<br>______________________________<wbr>_________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" rel="noreferrer" target="_blank">https://puck.nether.net/<wbr>mailman/listinfo/cisco-voip</a><br>
<br></blockquote></div><br></div>