CTL Update failed

Andre Castro · ‎08-13-2020

Hi guys,

Recently we had to configure dns servers for our mixed-mode cucm cluster. After that, all phones fell back to non-secure status, thus preventing encrypted calls from happening.

Even though we know the certificates are self signed, we were avoiding including the domain name because it would require the certificates to be updated and we were afraid that would prevent the phones from registering back.

However we ended up understanding without the domain name the secure mode would not work... and finally configured the domain name, restarting the cluster, updated the ctl file, restarted cucm/tftp/capf services.

Result: the phones would not accept the new CTL and ITL files. Still they registered. To make the new CTL to be installed we need to manually erase the old one.

Is this expected?

Shouldn't the phones just download the new CTL file from the servers they already trust?

We wonder if this will be required every time we need to update the cucm certificates...

Cheers

Andre

Nithin Eluvathingal · ‎08-13-2020

you can try unifiedFX PhoneView software to remove the old CTL files from phones whiteout Manually erasing on each phone.

https://www.unifiedfx.com/products/unifiedfx-phoneview

Andre Castro · ‎09-03-2020

Hi Nithin

Thank you for your advice, however it is not an option for us at this moment...

The point here is to understand what is going on and make sure next time we don't run into this issue

Regards

Andre

mradell · ‎09-04-2020

How many phones are affected?

Andre Castro · ‎09-07-2020

Around 3000