IP Phone ITL Files

Zachary Ballard · ‎02-25-2020

Hey guys.

Over the weekend I regenerated some certificates(Callmanager, CAPF,TVS & IPsec). I come in yesterday to users missing their ringtones. So we go back to settings>user preferences>rings>Option they want. And the Ring List shows Unavailable. So after some research, I found that I should try restarting the TFTP service and then reboot the phones. I tried that and still no luck.

One thing I did notice, I setup a new phone from scratch yesterday and it is able to access ringtones & background images. Digging further I notice that this new phone has a different ITL file than my phone and other users who are unable to get their ringtones/images back.

Shouldn't these phones all pull in the same ITL file? If so, what do I need to do to achieve this?

Thanks!

Roger Kallberg · ‎02-25-2020

Did you regenerate callmanager and TVS certificates at the same time on all nodes in the cluster without restarting all the phones in-between each node? If you did the phones have lost their trust of the system and will not download any new configuration or ringtones and wallpapers. Then you have to remove the ITL from the phones so that they will download the new and trust the system again.

Roger Kallberg · ‎02-25-2020

Have a look at this document for additional information.

https://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/200199-CUCM-Certificate-Regeneration-Renewal-Pr.html

Zachary Ballard · ‎02-25-2020

Hi Roger,

Thank you for your response. I followed the accepted solution from this article step by step: https://community.cisco.com/t5/ip-telephony-and-phones/regeneration-of-expired-all-certicates-on-communications-manager/td-p/2928284

That author made it very clear to not regenerate those certificates at the same time. Im 99% sure that I didn't.

What is my best option to remove the "old" ITL from my phones.

Thanks!

Roger Kallberg · ‎02-25-2020

Check this post for various options for removal of ITL from a phone.

https://community.cisco.com/t5/ip-telephony-and-phones/deleting-ctl-file-from-cisco-ip-phones/td-p/1581592

Roger Kallberg · ‎02-25-2020

@Zachary Ballard wrote:
Hi Roger,

Thank you for your response. I followed the accepted solution from this article step by step: https://community.cisco.com/t5/ip-telephony-and-phones/regeneration-of-expired-all-certicates-on-communications-manager/td-p/2928284

That author made it very clear to not regenerate those certificates at the same time. Im 99% sure that I didn't.

What is my best option to remove the "old" ITL from my phones.

Thanks!

That is an excellent guide, but it doesn’t have the step of restart of phones for them to download new certificates in between a few of the steps. Also it doesn’t mention that it is good practice to wait a few days, or even better weeks, in between regeneration of CallManager and TVS certificates to catch any outliers that might be off line at the time of renewal.

Zachary Ballard · ‎02-27-2020

Hi Roger,

Sorry I wasn't able to respond yesterday.

I had mentioned in the beginning that I had one phone that didn't have the same ITL file as the rest. I factory reset that phone and then it did indeed pull in the ITL that the other have. I even went into the CLI of my Publisher and ran the admin: Show ITL to verify.

Now that my ITL files match. I'm having issues pulling down background images and ringtones.

I'm wondering why the phone that initially pulled down a different ITL was able to reach these backgrounds and ringtones, but then when it pulled down the ITL like the rest, it is unable to.

I have looked and other threads have recommended restarting the TFTP service, that also didn't help. The phones can reach the TFTP server because when I do a factory reset, they reach out and pull down there configuration. This one is really racking my brain haha.

Any other thoughts?

Zachary Ballard · ‎02-27-2020

I found something that might be worth noting.

I pulled the logs from my phone when its trying to request the background image.

In the logs, a TVS certificate request is sent, it is listing the serial number as one value. And when I go onto the certificate management and look at the TVS cert. The serial numbers do not match.

Roger Kallberg · ‎02-27-2020

Not related to you finding of TVS files and serial number in these, that one I never really looked at in that much details so can't give you an answer on this. It might be needed for you to open a SR with TAC to investigate on this.

For the wallpaper issue can you check if there are any .sgn file(s) in the directories for the wallpapers? If there are delete these and restart the TFTP service. After this check if the phones can access the wallpapers. Also look in the List.xml files in the directories to see that they list the png files that is in each of the directories. If you have custom wallpapers it's good to know that the List.xml file will need to be modified after each upgrade of CM as that will overwrite the files with defaults.

Zachary Ballard · ‎03-02-2020

Roger,

I am PLEASED to inform you that I have FINALLY fixed this issue!

After pouring through the documents you sent and others on the web, I found that the Ringlist.xml file and the List.xml file, were both being signed by the Call Manager. After checking the logs on my phone, I noticed that it would pull down these files when requested but the signature could not be verified. I'm assuming the issue was due to the certificates I regenerated last weekend.

Anywho, I went in and deleted all of the ringtone.raw.sgn files along with the Ringlist.xml.sgn & the List.xml.sgn file that contained the custom backgrounds for the phones. After deleting these files and restarting the TFTP service on the publisher, everything started working again.

Shew, what a relief!!!!!!!