08-21-2014 05:17 AM - edited 03-16-2019 11:50 PM
Hi,
In my Lab I am setting up: 2x CUCM and 2 IMP servers (all 10.5 version)
The new IMP versions are part of the cluster, so each IMP server is a subscriber in CUCM (publisher)
I want to activate the services on the IMP server from the CUCM (Cisco Unified Serviceability: Tools/Service activation)
From the CUCM publisher I can activate the CUCM sub and the FIRST(!) IMP
When I use the drop down (Select Server) and select the second IMP server I get the error: "Connection to the Server cannot be established (Certificate Exception) "
Since this was a lab, I reinstalled everything from scratch, but the same result I can't connect from my CUCM pub to the second IMP
When I execute the comand "show network cluster" everything seems OK. Normally this error is with expired tomcat certificate, but this is a fresh install. the certificates are valid for 5 years!
Any idea?
Thanks
JH
Solved! Go to Solution.
08-21-2014 07:28 AM
Hi JH,
It sounds like you may be hitting this 10.5 bug;
Cheers!
Rob
08-21-2014 07:28 AM
Hi JH,
It sounds like you may be hitting this 10.5 bug;
Cheers!
Rob
08-21-2014 07:42 AM
Hi Rob,
Thank you, this seems to be the case.
But it is even weirder, after I posted this discussion, I configured on CUCM (Presence Redundancy Group) and added the second server. Then I had lunch and after I came back I can access the second IMP from the CUCM publisher. After reading the bug, it seems that there is an issue with sync of the databases. Especially this from the bug "But the output of utils dbreplication status shows the replicates are not in sync in various certificate related tables and replicationdynamic table" seems to be the issue.
In this case it finally worked, and the databases were synchronized.
Thanks again!
Jan
01-29-2015 03:32 AM
I have this issue with CUCM 10.5.2 which looks like its not effected by this bug, 1 Pub + 4 Subs. Its not letting me add IM+P servers to the cluster either, im assuming it due to this issue (servers have been added to CUCM) but during the install fails to get passed the network connectivity validation.
I can ping the IMP server from CUCM.
03-18-2015 11:16 AM
Hi Richard
I'm running into the same issue - Network Connectivity seems to loop but everything is okay (ip in server list, ping okay, DNS okay).
How did you solve this?
Cheers
Martin
04-17-2015 12:15 AM
This bug is now internal-only on Bug Search and I can't see any fix for this.
Can anyone assist with troubleshooting steps for this? We have 2CUCM/2IMP servers. From either IMP server we cannot view the CUCM PUB from Serviceability.
04-17-2015 12:51 AM
Resolved this!
I noted one the CUCM Publisher that there were 2 ipsec-trust certificates for the same node.... with different cases...
By this I mean:
cucmpub.mydomain.local
CUCMPUB.mydomain.local
I checked on the IM and P nodes, and these only had one of the certificates. On our CUCM SUB, this had both certificates, and was not having any problems.
I downloaded the ipsec-trust certificate from the PUB and uploaded this to both IM and P nodes, restarting Cisco Tomcat (not needed on the Publisher). This resolved the issue.
11-26-2015 08:34 AM
i just had this on a fresh build of 11.
The CUCM had no IMP related certs in it, and the IMP had no CUCM related certs.
I took the tomcat and ipsec certs from each, uploaded to the other and it worked. No tomcat restart necessary for me.
11-26-2015 11:43 AM
Absolutely correct carlnewton, this issue only happens when the tomcat certificates are missing on one server or both. In an ideal situation, subscriber server should have its own tomcat certificate along with the publisher certificate and vice versa. If the tomcat certificate are missing for the other server and if you connect to that sercer, the certificate exception will always appear.
Regards
Deepak
06-10-2016 08:38 AM
Hi Deepak,
Thanks for the confirmation. My post was more to highlight that I experienced this bug in version 11.0 (Even though its a 10.5 bug ID) for anyone who might stumble upon this thread running 11.0
10-19-2023 01:20 PM
tks my friend, this procedure solved my problem
04-17-2015 01:21 AM
Resolved!
In my case I noted that there had been a hostname case-sensitivity change, and the new ipsec-trust certificates had been propagated to the CUCM SUB, but not the IMP nodes.
I downloaded the new ipsec-trust certificate from the PUB and uploaded this to both IMP nodes, restarting the Cisco Tomcat services of the affected servers.
This resolved the issue.
07-30-2018 01:47 AM
Hi Rob,
I have same problem with CUCM 11.5 and there are not IMP&M servers installed.
Could you help me, please?
best regards,
Alfredo.
06-09-2016 02:07 PM
Yep, reimporting the tomcat cert (pem) from the server that you cannot connect to did the trick.
11-14-2017 08:27 AM
Hi, I'm having this issue as well.
When I attempt to upload the missing Tomcat cert (PEM), the upload is denied with a red "X" stating "Self-signed certificate."
What am I doing wrong here?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide