cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1939
Views
0
Helpful
4
Replies

CTL Update failed

Andre Castro
Level 1
Level 1

Hi guys,

 

Recently we had to configure dns servers for our mixed-mode cucm cluster. After that, all phones fell back to non-secure status, thus preventing encrypted calls from happening.

 

Even though we know the certificates are self signed, we were avoiding including the domain name because it would require the certificates to be updated and we were afraid that would prevent the phones from registering back.

 

However we ended up understanding without the domain name the secure mode would not work... and finally configured the domain name, restarting the cluster, updated the ctl file, restarted cucm/tftp/capf services.

 

Result: the phones would not accept the new CTL and ITL files. Still they registered. To make the new CTL to be installed we need to manually erase the old one.

 

Is this expected?

Shouldn't the phones just download the new CTL file from the servers they already trust?

We wonder if this will be required every time we need to update the cucm certificates... 

 

Cheers

 

Andre

4 Replies 4

you can try unifiedFX  PhoneView software  to remove the old CTL files from phones whiteout Manually erasing on each phone. 

 

https://www.unifiedfx.com/products/unifiedfx-phoneview



Response Signature


Hi Nithin

Thank you for your advice, however it is not an option for us at this moment...

The point here is to understand what is going on and make sure next time we don't run into this issue

Regards

 

Andre

How many phones are affected?

Around 3000