Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new blog
1685
Views
0
Helpful
5
Comments

Jabber Phone Services not working after Upgrade CUCM and IM&P 11.0.x to 12.0.x

stuart.pannell
Level 1
Level 1
‎08-03-2020 02:55 AM

Hi All,

I have an issue since the upgrade where it looks like I am not getting Phone Services, IM&P is working.

I have done some firewall monitoring and can see requests to port 6972 for TFTP, I have tried to connect to this port to see my jabber-config.xml file and it will not display it, connecting on port 6970 however loads some xml.

Has there been any changes in client/server for Jabber?

We are using Jabber client Version 12.9.0.53429 Build 303429 

CUCM version 12.0.1.22900-11

0 Helpful
5 Comments
Adam Pawlowski
VIP Alumni
VIP Alumni
‎08-04-2020 08:24 AM
‎08-04-2020 08:24 AM

CUCM added 6972 for TFTP over HTTPS some time back, it does have to be let through your firewall and IIRC will use the Tomcat cert/chain which must be valid for it to accept it. I don't remember which version this appeared in, maybe 9 or 10 .

0 Helpful
stuart.pannell
Level 1
Level 1
‎08-06-2020 03:39 AM
‎08-06-2020 03:39 AM

TAC have found a known defect that I think we are hitting: -

 

Thank you for contacting Cisco TAC. From the case notes I was able to see that you are failing to login to Jabber/ control CSF device after upgrade to 12.0.x I was also able to spot that you have found out that we are unable to open the CNF.XML File for the CSF device on port 6972 , however this is successful on port 6970. This behavior indeed matches a defect , which I will share with you in this email: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvo47564 Please run the commands suggested in the above defect to verify whether CUCM is listening on ports 6971/ 6972:

 

 

0 Helpful
Adam Pawlowski
VIP Alumni
VIP Alumni
‎08-06-2020 10:07 AM
‎08-06-2020 10:07 AM
Ah interesting. Yes you do want to make sure your certificates are in line. Do not put an EC cert or EC CA certs in the VPN trust store either.
0 Helpful
engmouafy
Level 1
Level 1
‎08-11-2020 02:55 PM
‎08-11-2020 02:55 PM

Hi Stuart,

 

you have to open the port 6972 between Jabber subnet(data subnet) and TFTPs, also EXP-C and TFTPs in case you have MRA. I had the same issue before and was fixed by open this port, I don't know why Cisco classified this as a bug though it is mentioned in their documents,

 

MRA:

6972.PNG

 

Not MRA:

Capture.PNG

References respectively:

https://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X12-5/Cisco-Expressway-IP-Port-Usage-for-Firewall-Traversal-Deployment-Guide-X12-5.pdf

 

https://www.cisco.com/c/en/us/support/docs/unified-communications/jabber/212833-configure-jabber-group-configuration-fil.html

 

BR,

 

 

 

0 Helpful
stuart.pannell
Level 1
Level 1
‎08-12-2020 01:36 AM
‎08-12-2020 01:36 AM

@engmouafy 

Hi Engmouafy,

Thank you for your suggestion

"you have to open the port 6972 between Jabber subnet(data subnet) and TFTPs, also EXP-C and TFTPs in case you have MRA. I had the same issue before and was fixed by open this port, I don't know why Cisco classified this as a bug though it is mentioned in their documents,"

However we are not getting blocked at the firewall and as you can see from my second post TAC have highlighted a defect of which we have confirmed and fixed. The fix required TAC coming onto our cluster and making changes to a conf file within the Redhat o/s which then allowed connections to port 6972.

Cheers

 

P.S. I cannot mark my post as a fix

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Popular Articles
Customers Also Viewed These Support Documents