cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
227
Views
0
Helpful
0
Replies

Cisco Phone registration fail in CME - Requesting signed config files

ggomes63
Level 1
Level 1

Greetings everyone,

Strange one I got here.
I have a CME gateway (Cisco 3850 15.2(4)M2) connected to my CUCM cluster through a SIP trunk. Withing my CME I have the telephony-service configured:

telephony-service
ssh userid xxxxxx password xxxxxxxxx
max-ephones 250
max-dn 250
ip source-address xxxxxxxxxxxxxxxx port 2000
service phone sshAccess 1
service phone webAccess 1
service directed-pickup gpickup
service dnis dir-lookup
timeouts interdigit 3
cnf-file location flash:
cnf-file perphone
user-locale PT load CME-locale-pt_PT-Portuguese-8.8.2.5.tar
network-locale PT
load 7911 SCCP11.9-2-1S
load 7942 SCCP42.9-2-1S
load 7962 term62.default.loads
load 6921 SCCP69xx.9-4-1-3SR3
load 6901 SCCP6901.9-2-1-a
time-zone 21
time-format 24
date-format dd-mm-yy
max-conferences 12 gain -6
web admin system name xxxx secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
web admin customer name xxxxxxxxxxxxx password xxxxxxxxxxxxxxx
web customize load CustomGUI.xml
dn-webedit
time-webedit
transfer-system full-consult
transfer-pattern .T
directory last-name-first
fac custom pickup local 79

I had all different models registred and working until now. I noticed that several phones, different models, lost the register and stopped being able to register again.

Since they were working and nothing was touched, I tried already:
1. Delete a recreate the configuration files;
2. Disable telephony-service, reload, and re-enable;

I have the cnf-files up to date, I have the alias created, I have phones registered.

I decided to check tftp events, and I have non ending loops of requests for files that doesnt exist:

190633: Jan 17 16:23:19.268: TFTP: Server request for port 59365, socket_id 0x1C44CBE4 for process 272
190634: Jan 17 16:23:19.268: TFTP: read request from host xx.xxx.xx.95(59365) via GigabitEthernet0/0
190635: Jan 17 16:23:19.268: TFTP: Looking for ITLSEPD867D9XXXXXX.tlv
190636: Jan 17 16:23:19.268: TFTP: Sending error 1 No such file
190637: Jan 17 16:23:19.308: TFTP: Server request for port 59367, socket_id 0x10C37290 for process 272
190638: Jan 17 16:23:19.308: TFTP: read request from host xx.xxx.xx.95(59367) via GigabitEthernet0/0
190639: Jan 17 16:23:19.308: TFTP: Looking for ITLFile.tlv
190640: Jan 17 16:23:19.308: TFTP: Sending error 1 No such file
190641: Jan 17 16:23:19.348: TFTP: Server request for port 59369, socket_id 0x1C44CBE4 for process 272
190642: Jan 17 16:23:19.348: TFTP: read request from host xx.xxx.xx.95(59369) via GigabitEthernet0/0
190643: Jan 17 16:23:19.348: TFTP: Looking for SEPD867D9XXXXXX.cnf.xml.sgn
190644: Jan 17 16:23:19.348: TFTP: Sending error 1 No such file
190645: Jan 17 16:23:19.384: TFTP: Server request for port 59371, socket_id 0x10C37290 for process 272
190646: Jan 17 16:23:19.384: TFTP: read request from host xx.xxx.xx.95(59371) via GigabitEthernet0/0
190647: Jan 17 16:23:19.384: TFTP: Looking for XMLDefault.cnf.xml.sgn
190648: Jan 17 16:23:19.384: TFTP: Sending error 1 No such file
190649: Jan 17 16:23:19.420: TFTP: Server request for port 59373, socket_id 0x1C44CBE4 for process 272
190650: Jan 17 16:23:19.420: TFTP: read request from host xx.xxx.xx.95(59373) via GigabitEthernet0/0
190651: Jan 17 16:23:19.420: TFTP: Looking for XMLDefault.cnf.xml.sgn
190652: Jan 17 16:23:19.420: TFTP: Sending error 1 No such file
190653: Jan 17 16:23:19.888: TFTP: Server request for port 62221, socket_id 0x10C37290 for process 272
190654: Jan 17 16:23:19.888: TFTP: read request from host xx.xxx.xx.48(62221) via GigabitEthernet0/0
190655: Jan 17 16:23:19.888: TFTP: Looking for CTLSEPD867DYYYYYY.tlv
190656: Jan 17 16:23:19.888: TFTP: Sending error 1 No such file

CME-R3925-VGW#sh flash | i SEPD867D9XXXXXX.cnf.xml
474 1683 Jan 17 2024 15:18:08 +00:00 its/vrf1/SEPD867D9XXXXXX.cnf.xml

The thing is that the configuration files, do exist (not the itl, just the cnf.xml), but not signed.
I have more CME gateway and the tftp requests are similar with exception for the config file. There, they request the not signed one, everything as expected.

So my question:

Why all of sudden did so many phones went into this process requesting signed configuration files in a non-secure deployment of CME? How can I fix it? Phones have IP connectivity but I cant factory reset them all. Going one by one is a hard to accept solution.

Best regards.

0 Replies 0