12-09-2010 07:46 PM - edited 03-16-2019 02:21 AM
New cm 8 install and I'm having issues with the 7945 phones not being able to download files (ringlist, phone config file, etc) from TFTP. I think it is related to ITL and the security by default. My CM is setup with system>server set as IP address. My voice vlan dhcp scopes are setup with IP addresses for the option 150 values. When I look at the phone, under the security section and ITL section I see the TFTP server is referred there as the FQDN. I think my prob is the dhcp scope is IP and its not matching the ITL value. I've tried deleting the ITL from the phone and restarting the TVS service but still no luck. Has anyone dealt with this or understand what is going on? Justin
12-11-2010 02:11 PM
== Edit: The problem has resurfaced and I am still working with TAC on this issue. ==
12-12-2010 07:44 AM
Hi Justin,
Thanks for posting back with your solution here
+5 for helping others with this solution.
Cheers!
Rob
01-12-2011 04:48 PM
The case has been finally resolved.
The problem was with the OU for the call manager exceeding 64 characters.
when we did a "show ITL" on the SSH session tocall manager it showed a wierd OU which had more than 64 characters. We were not expecting such an issue would cause a problem with TVS which is a newly added feature security feature on call manager 8..
Now we have a defect filed for this problem.
The call manager would accept an OU having more than 64 characters but in this case TVS would never work properly.
Till the time certificate for TVS is not generated properly the initial trust list would just be like a corrupt file causing random issues with config download.
Thanks to Justin for discussing this issue.
If we have issues like this its reccomended we take a an output for "show itl" and "show ctl"
Also make sure that we are able to download SEP
the initial troubleshooting would also include regenerating TVS certificate on the call manager.
07-23-2011 03:02 AM
This is my understanding from various resources on the ITL files in CUCM v8.x:
-----------------------------------------------------------------------------------------------------------------
In versions prior to 8.x, there was no concept of ITL files for the non-secure clusters. So these fileds (CTL, ITL and TVS) were blank in non 8.x versions. When you upgrade to 8.x, it forces all the ip phones to have ITL files downloaded and phones dont trust any file not signed by these ITL keys then onwards.
So when you try to downgrade from version 8.x to 4.x (say), the phones wont accept the new config XML files and hence they would fail to register because of the ITL file.
But thats not all:
---------------------------
Its seems that above information is NOT all correct and complete. We have upgraded from 4.x-->7.1.3-->8.5.1. Now for all the ip phones, xml/http related services dont work like EM and Corp Directory. Configuration changes does not apply to phones and log shows "CTL update failed" error messages. All the above problem vanishes if we manually delete ITL files from the phones.
Could someone please help me in understanding this behaviour?
saif
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide