CSCve30350 - SELinux is preventing CTIManager from access to PKI folder
We have a customer that experienced CTI Connection error on Cisco Jabber in the middle of the day. Jabber client had to log out and then login again in order to restore the CTI connection to the primary CTI node.
- On the primary CUCM CTI provider node, CTI Manager service did not stop, the service was up and running.
- Around the same time, the primary CUCM CTI provider node experienced high CPU (~87%) with cmoninit process (40%).
- There are no CTIManager logs from the primary node at the same time. However, there are CTIManager logs on the second and the third nodes.
After looking at the logs, I have noticed the log below:
We are getting a large number of errors all the time on all three CTI providers nodes, and CPU spikes sometimes.
- I have found this bug (CSCve30350), but the problem is that we are not using LDAP SSL Authentication.
- I am wondering if these errors are impacting overall CUCM performance, which caused high CPU utilization and CTI disconnections.
- I would like to know if configuring SELinux to permissive mode will solve the problem (utils os secure permissive), and if so, it may impact production environment?
Guided workflow allows for automated troubleshooting cases (non-RMA) and RMA creation process for Service Requests (SR) opened for Cisco products.
Less troubleshooting - the IRE (Intelligent RMA Experience) Prediction Engine does ...
1. Asset Recovery EMEAR - Scope2. Cisco Returns Portal – Quick Overview3. Update your RMA – Options and Walkthrough4. POWR Tool and How to Return - Quick guide and Scenarios5. Returned but not closed - Frequent Scenarios6. I cannot return my faulty part. ...
Full analysis if the problem
The root cause behind this problem is the delay in sync between CUCM and CCX.
CCX and CUCM has an automated sync mechanism which might vary from 5 - 10 minutes based on various parameters.
Also there is an option to sync...