CSCvq81038 - CUCM - IDP metadata import is failing

guillaume joly · ‎10-14-2021

Hello, the symptoms are exactly the same as described in the case, but our cucm version is 12.5.1.13900-152 and should be a fixed version. The import of the Metadata form the IdentityProvider failed on the Publisher failed, The message is Import failed for Pubname. Retry recommended.

In the sso traces with saml traces in debug mode, I can not see the reason why the import failed.

I've tried to check a mismatch between the server/host file, but everything seems fine.

Do you have some idea, which logs I should checks?

Regards,

guillaume joly · ‎10-18-2021

Hello,

A restart of the cluster seems to solve the issue. Restart of the service Cisco Tomcat does not resolve the issue.

So it should not be relative with the hosts/Server configuration mismatch.

I have disable again the SSO and will activate it with the customer in one week.

I will let you know if the issue comes back again at the next activation.

Guillaume

davidpatton · ‎01-28-2025

This is an old thread but if someone stumbles across it I have an update. I am on 14SU3 and ran into this exact issue.

As per the case notes, our hostnames and our server names were out of alignment. I have this on 5 clusters, all 5 fixed as we did a mass SSO enablement.

Via CLI - show network cluster - this will show you what the host names are in the cluster, which will match the certificates, and what's in the DB table (processnode - System>Server). You can see the hostnames by using "show system" to validate.

In the GUI I changed the names in Server table to match the output of show network cluster.

From CLI restart

Publisher first:
utils service restart Cisco Tomcat
utils service restart Cisco DRF Master
utils service restart Cisco DRF Local
utils service restart Cisco HAProxy

Subs/TFTPs: (skip DRF Master, that's only on the Pub)
utils service restart Cisco Tomcat
utils service restart Cisco DRF Local
utils service restart Cisco HAProxy

Retry the SSO config.