I am working on a problem with 10.5 cluster in Mixed mode using the old type: USB token + CTL client. After an upgrade last year certain types of phones can't be switched to Secure profile. All 79XX phones are staying unregistered, while 8821 phones go Rejected. All other types (mostly 88XX) are working just fine. Both problematic types are running latest firmware. Deleting ITL+CTL doesn't help, even factory reset on 7941 didn't help.
I made a packet capture towards the 7941 phone and this is what I see:
The phone is trying to register with the Subscriber where all certificates are valid, but I noticed that CAPF and TVS certs are expired long ago on the Publisher, long before the upgrade to 10.5. After that upgrade the problem with 79XX started. Strange thing is that other types even those that i switched yesterday are fine.
I have several questions here:
1. Is the expired TVS certificate causing the problem?
2. Is it safe to regenerate it and should I do something with the CTL client or just from OS Administration? - I read a lot of articles here and I believe that regenerating only TVS on only one server is safe and I can't lock my phones, but would like to verify.
3. If I regenerate TVS after restarting TVS and TFTP services clusterwide, should I restart all phones or just the ones that don't want to accept the Security profile?
4. What should I do with the expired CAPF certificate? It is expired since 2014 and I didn't have any problems until now.
Any help would be greatly appreciated!
Solved! Go to Solution.