Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
2514
Views
5
Helpful
9
Comments

IP Phone cannot download required file from TFTP | Analog1.raw] error - Access denied

Mohit Grover
Level 1
Level 1

‎11-06-2014 08:27 AM - edited ‎03-12-2019 10:12 AM

 
Symptom:
IP Phone cannot download required file from TFTP
 
For example: Ringlist.xml | Analog1.raw | Analog2.raw etc...
 
 
Conditions can be:
  • After the M1 migration with UCMAP, permission for TFTP file has changed
  • Upgraded CUCM Version (Major Upgrade)

 

Workaround:
Has to change the permission manually from the root account
!! Contact Cisco TAC to enable root account to troubleshoot this issue
 
:: Truncated Error Message ::
 
file[/usr/local/cm/tftp/Ringlist.xml] error - Access denied
00003420.000 |16:28:23.962 |AppInfo  |CReqContext::validateAccess()[0xf51c4788~270~172.18.14.109~1223] file[/usr/local/cm/tftp/Analog1.raw] error - Access denied
00003424.000 |16:28:44.097 |AppInfo  |CReqContext::validateAccess()[0xf51c5168~271~172.18.14.109~1224] file[/usr/local/cm/tftp/Analog2.raw] error - Access denied
00003426.000 |16:28:54.523 |AppInfo  |CReqContext::validateAccess()[0xf51c5b48~272~172.18.14.109~1225] file[/usr/local/cm/tftp/AreYouThereF.raw] error - Access denied
 
 
How to identify this issue
  • Either collect TFTP Logs from CCM via RTMT or hit file tail command to check this behavior in real time
!! you can refer these 2 URLs to understand the meaning of file tail command:
 
  1. file tail reference guide 1
  2. file tail reference guide 2

 

FYI:
 
!! Collected TFTP traces using CLI in real time
 
 
!! truncated TFTP logs output below
    Line 759: 00000525.000 |11:45:38.203 |AppInfo  |CReqContext::validateAccess()[0xf51249e8~11~172.18.14.109~1046] file[/usr/local/cm/tftp/Ringlist.xml] error - Access denied
Line 759: 00000525.000 |11:45:38.203 |AppInfo  |CReqContext::validateAccess()[0xf51249e8~11~172.18.14.109~1046] file[/usr/local/cm/tftp/Ringlist.xml] error - Access denied
Line 1597: 00001138.000 |12:05:21.920 |AppInfo  |CReqContext::validateAccess()[0xf512f1c8~28~172.18.14.109~1101] file[/usr/local/cm/tftp/Ringlist.xml] error - Access denied
Line 1597: 00001138.000 |12:05:21.920 |AppInfo  |CReqContext::validateAccess()[0xf512f1c8~28~172.18.14.109~1101] file[/usr/local/cm/tftp/Ringlist.xml] error - Access denied
Line 1604: 00001145.000 |12:07:13.027 |AppInfo  |CReqContext::validateAccess()[0xf512fba8~29~172.18.14.34~1295] file[/usr/local/cm/tftp/Ringlist.xml] error - Access denied
Line 1604: 00001145.000 |12:07:13.027 |AppInfo  |CReqContext::validateAccess()[0xf512fba8~29~172.18.14.34~1295] file[/usr/local/cm/tftp/Ringlist.xml] error - Access denied
Line 1655: 00001184.000 |12:09:20.191 |AppInfo  |CReqContext::validateAccess()[0xf513a388~46~172.18.14.35~1505] file[/usr/local/cm/tftp/Ring6.raw] error - Access denied
Line 1655: 00001184.000 |12:09:20.191 |AppInfo  |CReqContext::validateAccess()[0xf513a388~46~172.18.14.35~1505] file[/usr/local/cm/tftp/Ring6.raw] error - Access denied
Line 1676: 00001201.000 |12:10:20.006 |AppInfo  |CReqContext::validateAccess()[0xf5142dc8~60~172.18.14.35~1511] file[/usr/local/cm/tftp/Ring6.raw] error - Access denied
Line 1676: 00001201.000 |12:10:20.006 |AppInfo  |CReqContext::validateAccess()[0xf5142dc8~60~172.18.14.35~1511] file[/usr/local/cm/tftp/Ring6.raw] error - Access denied
Line 1718: 00001240.000 |12:17:21.004 |AppInfo  |CReqContext::validateAccess()[0xf5145f28~65~172.18.14.35~1520] file[/usr/local/cm/tftp/Ring6.raw] error - Access denied
Line 1718: 00001240.000 |12:17:21.004 |AppInfo  |CReqContext::validateAccess()[0xf5145f28~65~172.18.14.35~1520] file[/usr/local/cm/tftp/Ring6.raw] error - Access denied
Line 2180: 00001690.000 |13:54:40.749 |AppInfo  |CReqContext::validateAccess()[0xf516e108~130~172.18.14.35~1037] file[/usr/local/cm/tftp/Ring6.raw] error - Access denied
Line 2180: 00001690.000 |13:54:40.749 |AppInfo  |CReqContext::validateAccess()[0xf516e108~130~172.18.14.35~1037] file[/usr/local/cm/tftp/Ring6.raw] error - Access denied
 
 
  • It's a defect/Software Bug & here is the Bug ID: CSCui42799
 
 
 
  • Description
 
After the M1 migration with UCMAP, permission for TFTP file has changed at which some files are
Assigned to the incorrect owner and an incorrect group, as shown below:
 
(NON-Working)
Ringlist.xml in your system :
-rwxrwx---. 1 adminsftp download      2657 Apr  2  2008 Ringlist.xml
 
(Working)
Ringlist.xml in our lab :
-rwxrwx--- 1 ctftp    ccmbase            2657 Apr  2  2008 Ringlist.xml
 
  • Permissions are the same, but the owner and the access group are different.
 
  • Accessing the root and modifying the owner has fixed the issue.
 
Hit the following command to correct the ownership | changed the permissions:
 
!! enabled Root Account & then assigned the correct permission to the end files
!! where xxx represents the given permission
 
Chmod xxx /usr/local/cm/tftp/Ringlist.xml
 
Chmod xxx /usr/local/cm/tftp/DistinctiveRingList.xml 
 
Chmod xxx /usr/local/cm/tftp/*.raw
 
 
You may contact me on mogrover@cisco.com for further information on this or contact Cisco TAC
 
Comments
Aman Soi
VIP Alumni
VIP Alumni
‎11-07-2014 05:49 AM

Hi Mohit,

 

thanks for sharing[+5].

In the last , u have mentioned about changing permissions but we need to change the owner since that gets changed.

regds,

aman

Clifford McGlamry
Spotlight
Spotlight
‎12-11-2014 04:19 PM

Does this also affect other files on the TFTP server directories?  Things like phone backgrounds?  

Could this problem be fixed by downloading the file, and then re uploading it (overwriting what's there)?

Mohit Grover
Level 1
Level 1
‎12-11-2014 05:55 PM

Does this also affect other files on the TFTP server directories?  Things like phone backgrounds?  

A: I don't think so & if it does now you know what to do :)


Could this problem be fixed by downloading the file, and then re uploading it (overwriting what's there)?

A: can't simulate this issue again in my lab, anyway feel free to try it out.

Mohit Grover
Level 1
Level 1
‎12-11-2014 05:56 PM

Hi Aman,

 

either you change the owner or the permissions, both methods should work (recommendation is to change the owner since that gets changed)

 

HTH

Clifford McGlamry
Spotlight
Spotlight
‎12-11-2014 05:58 PM

We have actually confirmed that it DOES.

 

Be nice if Cisco would just put out a COP that would reset all the permissions and owners in the TFTP directories recursively.  As is, we're wading through the queue with Cisco TAC (this is a production system, and while we could hack it for access, I don't like doing that on production systems).

Mohit Grover
Level 1
Level 1
‎12-11-2014 06:12 PM

without root access, you can't change the permissions, you have to have TAC on the phone to check the behavior (TFTP Traces) & take appropriate action.

 

if needed TAC can generate root account & troubleshoot it accordingly.

 

Mohit Grover
Level 1
Level 1
‎12-11-2014 06:24 PM

?? Be nice if Cisco would just put out a COP that would reset all the permissions and owners in the TFTP directories recursively ?

 

Did I mention you go ahead & change the permission right away in your production network, it's a sure thing that I was talking about lab environment & as I have mentioned in my previous comment, only TAC has the privilege to generate root account & make appropriate changes to get the system working.

Clifford McGlamry
Spotlight
Spotlight
‎12-11-2014 06:27 PM

No, you didn't say anything like that, and I didn't mean to imply that you did if it came across that way.  I'm simply observing and commenting.  We do have a case open and are awaiting a call back from TAC on this now.

 

Thanks for your help.

Mohit Grover
Level 1
Level 1
‎12-11-2014 07:13 PM

 

no worries, email me the SR number, I will check the case.

>

mogrover@cisco.com

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents