cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
531
Views
0
Helpful
3
Replies

CAPF....The great mystery

shingetter
Level 1
Level 1

I have have two servers in a cluster:

 

PUB is X.X.24.22

SUB is X.X.24.13

If I go to "services parameters" and select my PUB the CAPF service is not listed in the next drop-down box, but if I go to the SUB it's listed there and it's active. I've verified that X.X.24.22 is my PUB with the "utils service list" command under the cli. Also, if I check the service activation option the CAPF service is only list under 24.22 and not 24.13. How would on go about getting the CAPF services running on the PUB?? 

1 Accepted Solution

Accepted Solutions

Jonathan Schulenberg
Hall of Fame
Hall of Fame

So you have the option to activate & start CAPF on the pub but the service is missing from the Service Parameter page on the pub? Is it missing if you select the pub from the subscriber’s webpage? Either way that’s clearly a bug. TAC case or upgrade.

While on the topic, as of CUCM 14 and current generation 7800/8800 phones you can use OAuth tokens for a secure environment instead. CAPF is relegated to:

  • 802.1x certificates-based authentication
  • TLS for legacy phones, eg 7900
  • TLS for TelePresence and Cisco Room/Desk endpoints

View solution in original post

3 Replies 3

shingetter
Level 1
Level 1

ALSO!!! We did a packet capture on our switch and see devices reaching out to X.X.24.13, but we see out responses back...just a bunch TCP retransmission from the device. 

Jonathan Schulenberg
Hall of Fame
Hall of Fame

So you have the option to activate & start CAPF on the pub but the service is missing from the Service Parameter page on the pub? Is it missing if you select the pub from the subscriber’s webpage? Either way that’s clearly a bug. TAC case or upgrade.

While on the topic, as of CUCM 14 and current generation 7800/8800 phones you can use OAuth tokens for a secure environment instead. CAPF is relegated to:

  • 802.1x certificates-based authentication
  • TLS for legacy phones, eg 7900
  • TLS for TelePresence and Cisco Room/Desk endpoints

Your statement is correct. I've attached some screenshots. 

shingetter_0-1671538810187.pngshingetter_1-1671538835923.pngshingetter_2-1671539003634.png