Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2250
Views
0
Helpful
4
Replies

CME: Cisco 8945 CTL is not installed

Leo Salcie Tejeda
Level 7
Level 7

‎06-14-2013 12:09 PM - edited ‎03-16-2019 05:53 PM

Hi,

I'm running CME Version 15.2(4)M3 with SRTP and TLS. I have deployed a bunch of Cisco 7942 and Cisco 8945 phone. After enable encryption all Cisco 7942 installed the CTL and LSC certificate but Cisco 8945 didn't installed the CTL and LSC certificate.

The Cisco 8945 phone is able to register without encryption so it doesn't look like a TFTP problem.

Cisco 8945 status message:

[18:14:44, 06/14/2013] reset event log
[18:14:45, 06/14/2013] trigger reboot from tMVX_AWBU (system up time : 7094370 ticks, 3 hours 56 minutes 28 seconds)
[00:00:10, 01/01/2010] system boot up (SCCP 9-2-3-5)
[18:15:18, 06/14/2013] SEP203a0783d639 Get ip from DHCP server : 192.168.9.5
[18:15:22, 06/14/2013] Trust List updating
[18:15:22, 06/14/2013] Trust List updated fail
[18:15:22, 06/14/2013] can't download configuration file from 192.168.9.1
[18:15:22, 06/14/2013] XMLDefault.cnf.xml (TFTP)
[18:26:38, 06/14/2013] trigger reset from tMVX_ACCU (system up time : 352288 ticks, 11 minutes 44 seconds)
[18:27:06, 06/14/2013] SEP203a0783d639 Get ip from DHCP server : 192.168.9.5
[18:27:09, 06/14/2013] Trust List updating
[18:27:09, 06/14/2013] Trust List updated fail
[18:27:09, 06/14/2013] can't download configuration file from 192.168.9.1
[18:27:09, 06/14/2013] XMLDefault.cnf.xml (TFTP)
[18:30:31, 06/14/2013] trigger reset from tMVX_ACCU (system up time : 468753 ticks, 15 minutes 37 seconds)
[18:30:59, 06/14/2013] SEP203a0783d639 Get ip from DHCP server : 192.168.9.5
[18:31:02, 06/14/2013] Trust List updating
[18:31:02, 06/14/2013] Trust List updated fail
[18:31:02, 06/14/2013] can't download configuration file from 192.168.9.1
[18:31:02, 06/14/2013] XMLDefault.cnf.xml (TFTP)

Thanks in advance for the help

Please remember to rate useful posts clicking on the stars below.
Favor calificar todos las respuestas útiles dando click en las estrellas de mas abajo.
___________________________________________
LinkedIn Profile: do.linkedin.com/in/leosalcie       

__________________________________________________
Please remember to rate useful posts clicking on the stars below.
LinkedIn Profile: do.linkedin.com/in/leosalcie
Labels:
0 Helpful
4 Replies 4

Leo Salcie Tejeda
Level 7
Level 7

‎06-17-2013 01:48 PM

Any idea?

Please remember to rate useful posts clicking on the stars below.
Favor calificar todos las respuestas útiles dando click en las estrellas de mas abajo.
___________________________________________
LinkedIn Profile: do.linkedin.com/in/leosalcie

__________________________________________________
Please remember to rate useful posts clicking on the stars below.
LinkedIn Profile: do.linkedin.com/in/leosalcie
0 Helpful

Stephen Welsh
Level 4
Level 4

‎06-18-2013 01:26 AM

Have you tried deleting the CTL File on the 8945 to see if it will install a fresh certificate?

The trust list update failed typically means there is an ITL/CTL File installed already, but the source of the 'new' ITL/CTL file is not trusted.

I recommend you have a look at the following document to get some additional background:

Given you are working with CTL files I recommend you read the following book from Akhil Behl:

"Securing Cisco IP Telephony Networks"

http://www.amazon.com/dp/1587142953

Thanks

Stephen Welsh

CTO

http://www.unifiedfx.com

0 Helpful

Leo Salcie Tejeda
Level 7
Level 7
In response to Stephen Welsh

‎06-18-2013 09:52 AM

Hi Stephen,

I tried a hard reset but at the end there's not a CTL or ITL certificate installed in the phone. I don't why the phone is not able to download the CTL files when Cisco 7942 is able.

I have some weeks trying to decide to buy or not buy the book, at least for me is very expensive .

Regards

Please remember to rate useful posts clicking on the stars below.
Favor calificar todos las respuestas útiles dando click en las estrellas de mas abajo.
___________________________________________
LinkedIn Profile: do.linkedin.com/in/leosalcie

__________________________________________________
Please remember to rate useful posts clicking on the stars below.
LinkedIn Profile: do.linkedin.com/in/leosalcie
0 Helpful

Leo Salcie Tejeda
Level 7
Level 7

‎06-19-2013 12:46 PM

Case was solved.

At the end it was need (I don't know why) to regenerate all the certificate and re-create the cndf-files. The file for this phone model never was generate by the CME using the normal way.

conf t

ctl-client

regenerate

Hope this will help somene else .

Regards

Please remember to rate useful posts clicking on the stars below.
Favor calificar todos las respuestas útiles dando click en las estrellas de mas abajo.
___________________________________________
LinkedIn Profile: do.linkedin.com/in/leosalcie

__________________________________________________
Please remember to rate useful posts clicking on the stars below.
LinkedIn Profile: do.linkedin.com/in/leosalcie
0 Helpful
Customers Also Viewed These Support Documents