cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Jabber Phone Services not working after Upgrade CUCM and IM&P 11.0.x to 12.0.x

706
Views
0
Helpful
5
Comments
Beginner

Hi All,

I have an issue since the upgrade where it looks like I am not getting Phone Services, IM&P is working.

I have done some firewall monitoring and can see requests to port 6972 for TFTP, I have tried to connect to this port to see my jabber-config.xml file and it will not display it, connecting on port 6970 however loads some xml.

Has there been any changes in client/server for Jabber?

We are using Jabber client Version 12.9.0.53429 Build 303429 

CUCM version 12.0.1.22900-11

5 Comments
Collaborator

CUCM added 6972 for TFTP over HTTPS some time back, it does have to be let through your firewall and IIRC will use the Tomcat cert/chain which must be valid for it to accept it. I don't remember which version this appeared in, maybe 9 or 10 .

Beginner

TAC have found a known defect that I think we are hitting: -

 

Thank you for contacting Cisco TAC. From the case notes I was able to see that you are failing to login to Jabber/ control CSF device after upgrade to 12.0.x I was also able to spot that you have found out that we are unable to open the CNF.XML File for the CSF device on port 6972 , however this is successful on port 6970. This behavior indeed matches a defect , which I will share with you in this email: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo47564 Please run the commands suggested in the above defect to verify whether CUCM is listening on ports 6971/ 6972:

 

 

Collaborator
Ah interesting. Yes you do want to make sure your certificates are in line. Do not put an EC cert or EC CA certs in the VPN trust store either.
Beginner

Hi Stuart,

 

you have to open the port 6972 between Jabber subnet(data subnet) and TFTPs, also EXP-C and TFTPs in case you have MRA. I had the same issue before and was fixed by open this port, I don't know why Cisco classified this as a bug though it is mentioned in their documents,

 

MRA:

6972.PNG

 

Not MRA:

Capture.PNG

References respectively:

https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X12-5/Cisco-Expressway-IP-Port-Usage-for-Firewall-Traversal-Deployment-Guide-X12-5.pdf

 

https://www.cisco.com/c/en/us/support/docs/unified-communications/jabber/212833-configure-jabber-group-configuration-fil.html

 

BR,

 

 

 

Beginner

@engmouafy 

Hi Engmouafy,

Thank you for your suggestion

"you have to open the port 6972 between Jabber subnet(data subnet) and TFTPs, also EXP-C and TFTPs in case you have MRA. I had the same issue before and was fixed by open this port, I don't know why Cisco classified this as a bug though it is mentioned in their documents,"

However we are not getting blocked at the firewall and as you can see from my second post TAC have highlighted a defect of which we have confirmed and fixed. The fix required TAC coming onto our cluster and making changes to a conf file within the Redhat o/s which then allowed connections to port 6972.

Cheers

 

P.S. I cannot mark my post as a fix

This widget could not be displayed.