06-11-2014 09:37 AM - edited 03-16-2019 11:05 PM
We are migrating one of our customers CUCM from 8.6 to 10.5 using PCD. Since customer wants move this to new UCS server and move to DC we have to change the hostname and IP address of the servers as well. We finished the migration over the weekend, since we did a network migration with PCD I didn't do the last step of shutting down the current 8.6 PUB and SUB servers so it did not pause for Bulk certificate changes. This coming weekend we are cutting them over to new CUCM and I'm little confused on the Bulk Certificate process, here is what I'm planning to do let me know if this is going to cause any issues
1. Migrate the Bulk Certificate Process using this procedure and change the TFTP Ip address on the DHCP and reset the phones from current CUCM and hoping it will register to the new CUCM. Is this the correct way to do it or am I missing something here please let me know.
For information on performing a CTL update, see the “Security basics” section in Cisco Unified Communications Manager Security Guide: http://www.cisco.com/en/US/products/sw/voicesw/ps556/prod_maintenance_guides_list.html
Bulk certificate management must be done manually on both source nodes and destination nodes. Both source nodes and destination nodes must be up and running at this point. Phones are registered with the source nodes.
Follow the steps in the sections below to manage certificates on destination and source nodes.
Procedure
06-11-2014 11:03 AM
Make sure to do the export from both clusters and then you only run the consolidate from one cluster. After that, you import to both clusters.
06-11-2014 11:05 AM
Brian,
Thanks for your quick response. Just to clarify I have to do this at the time of cut over before I restart the phones to register to new CUCM 10.x correct?
Thanks for your help again.
06-11-2014 11:55 AM
Yea, you need to have this done before you change the TFTP cluster over to the new server or else the phones will just stay registered to the old cluster.
06-11-2014 12:40 PM
Thanks again for your quick response.
09-11-2015 12:07 PM
Hi,
Were you able to successfully complete certificate consolidation on both clusters?
Did you run into any issues?
Thanks,
Sami
09-11-2015 02:51 PM
We still had issues old phone models no problems but all other models we had some issues we ended up changing the CM servers back to old IP to fix the issue.
09-12-2015 03:28 AM
Thanks, you followed the procedure from security guide and still had issues with ITL?
Did you have TAC troubleshoot on this?
could you please specify the phone models you ran issues with authentication of new cluster.
I am going to have new SIP phones on the 10.5 cluster and SCCP phones from old cluster.
Will perform bulk certificate anytime this weekend. Do let me know, your experience.
Thanks
Sami
09-27-2015 09:47 PM
We were able to successfully migrate phones (7911/41/61/42/62) from 8.0.3 to 10.5.2, with no issues.
We exported the bulk certs from both clusters, consolidated and then imported in 8.0 cluster.
Change DHCP option 150 and then reset all the phones.
Thanks,
Sami
03-31-2016 05:18 AM
Hi Smiulla,
when I press the Consolidation button in the old cluster I got the error message "Sftp operation failure".
I have found that there was a but w/ similar issue : CSCua20054
somebody know what it is the root cause for this? thanks.
Regards,
03-31-2016 07:46 AM
This may just be SFTP server issues. What do the logs show on your SFTP server?
03-31-2016 08:21 AM
03-31-2016 11:11 AM
It looks like the log file didn't attach.
03-31-2016 03:24 PM
03-31-2016 03:27 PM
Not a lot of detail in the log about while files are being accessed. You may want to check your directory and file permissions so the SFTP users has Read/Write privileges.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide