Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4701
Views
0
Helpful
11
Replies

Communications Manager 10.5 multi-server Multi-SAN Certificate - high sev bug CSCup28852

Joshua Warcop
Level 5
Level 5

‎06-12-2014 07:07 AM - edited ‎03-16-2019 11:05 PM

Bug ID: CSCup28852

 

Recent installation of CUCM 10.5 and using the multi-server multi-SAN certificate causes the Callmanager process to send group phone resets every 7 to 10 minutes. The phone symptoms will show ITL updates during this time causing a restart. The phone doesn't do a full reset, only a restart with the ITL update.

 

I wanted to call some attention to this because this new certificate feature is highlighted as a big change for CUCM certificate management.

The certificate was a full X509v3 with ipsec, client auth, server auth, non-repudiation, and a few other bullet items. The process to install is easy and functional but underneath the system is unhappy.

 

Thanks! Happy hunting!

1 person had this problem
Labels:
0 Helpful
11 Replies 11

jose.albino
Level 1
Level 1

‎07-14-2014 09:07 AM

Hi,

I was considering changing the certificate to Multi-SAN but i guess i was fortunate enough to check this before.

I guess i will wait for the next release for this.

 

Regards,

José Albino

0 Helpful

jbuchanan
Level 1
Level 1
In response to jose.albino

‎11-26-2014 09:32 PM

Any thoughts on when 10.6 will come out?

0 Helpful

Joshua Warcop
Level 5
Level 5
In response to jbuchanan

‎11-27-2014 07:51 AM

Possibly before the end of the year.

0 Helpful

jbuchanan
Level 1
Level 1
In response to Joshua Warcop

‎11-27-2014 10:20 PM

Is there a way to get this fix as an engineering special?

0 Helpful

jbuchanan
Level 1
Level 1
In response to jbuchanan

‎12-03-2014 01:44 PM

FYI--I requested special file access to the releases containing this fix and got them with no problem from TAC.

0 Helpful

Jason Aarons
Level 6
Level 6

‎10-09-2014 10:56 AM

So after you uploaded the multi-server certificate you stop the service once it replicated to all nodes, say 3-4 minutes?

 

So anytime a cluster is rebooted you have to manually go stop Cisco Certificate Change Notification on every node in the cluster, else the phones will restart every 7 min with ITL update.  No fixed version yet.  This would worry me.

0 Helpful

Joshua Warcop
Level 5
Level 5
In response to Jason Aarons

‎10-09-2014 11:08 AM

It is fixed however the two versions are not available for download at this time. With 10.6 coming very soon very likely CUCM 10.6 will be the next patch cycle and not 10.5SU1.

Fixed in-
10.5(1.11010.1)
10.5(1.11900.2)
0 Helpful

joshua.gertig
Level 1
Level 1
In response to Jason Aarons

‎11-05-2014 06:46 PM

Hey Jason,

We're seeing it about every 9 minutes. Any updates?

0 Helpful

joshua.gertig
Level 1
Level 1
In response to Jason Aarons

‎11-05-2014 07:55 PM

I should have added we're on ver 10.5.1.11901-1 (supposedly fixed per below)

0 Helpful

Dennis Heim
Level 4
Level 4
In response to joshua.gertig

‎12-17-2014 08:55 AM

We are on 10.5.1.11900-13 and are getting reports of rebooting phones. Were you still seeing it on 11900?

0 Helpful

Joshua Warcop
Level 5
Level 5
In response to Dennis Heim

‎12-17-2014 10:45 AM

I went back to single server certificates until having another opportunity to try it with 10.5.2 (aka 10.6). So since that time I haven't installed another multi-SAN.

0 Helpful
Customers Also Viewed These Support Documents