Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
982
Views
0
Helpful
4
Replies

CUCM 8.5.1 rejects the SSL 8443 port after SU2 upgrade

Go to solution
rogelioalvez
Level 1
Level 1

‎09-21-2011 04:02 PM - edited ‎03-16-2019 07:07 AM

Hi everybody:

I upgraded my (formerly working) VMware ESXi-based CUCM to SU2 (8.5.1.12900-7 package) on both the Publisher and the Subscriber.

After this upgrade, the Publisher answers with a TCP RST to my connection attempt when the first web page redirects me to the SSL 8443 port. As far as I understand, this is the typical TCP answer from a machine that is not running a service on the requested tcp port.

¿Has anyone ran into this problem? I would reinstall the entire Publisher from the scratch, but the installation and the upgrade process will take 4 hours...

I would appreciate any hints to debug. It seems to be that the SSL engine is not running on my Publisher, but I do not know how to verify if a related process is running or not.

Regards, Rogelio

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Joseph Martini
Cisco Employee
Cisco Employee

‎09-22-2011 04:24 AM

You can try and run "utils diagnose test Cisco Tomcat" (I think that's the correct syntax, you might want to double check).  Can yo connect from a subscriber to the publisher, go to serviceability on the subscriber and try and view the services on the publisher.  If you get a certificate error you likely have a certificate problem for the web service (tomcat).  From the command line you can regenerate it using "set cert regen Cisco Tomcat" (again I might be off a little with the syntax).  Then restart tomcat "utils service restart Cisco Tomcat" to see if that helps.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
michael-luo
Level 1
Level 1

‎09-21-2011 08:08 PM

It sounds like the Tomcat certificate was corrupted.  You may try to get the Tomcat logs from CLI.  Open a TAC case if you don't know how to do that.

Michael

0 Helpful

Go to solution
rogelioalvez
Level 1
Level 1
In response to michael-luo

‎09-22-2011 04:38 AM

Thank you Michael!. I will read a little and manage to get the logs before trying with TAC. Best regards, Rogelio

0 Helpful

Go to solution
Joseph Martini
Cisco Employee
Cisco Employee

‎09-22-2011 04:24 AM

You can try and run "utils diagnose test Cisco Tomcat" (I think that's the correct syntax, you might want to double check).  Can yo connect from a subscriber to the publisher, go to serviceability on the subscriber and try and view the services on the publisher.  If you get a certificate error you likely have a certificate problem for the web service (tomcat).  From the command line you can regenerate it using "set cert regen Cisco Tomcat" (again I might be off a little with the syntax).  Then restart tomcat "utils service restart Cisco Tomcat" to see if that helps.

0 Helpful

Go to solution
rogelioalvez
Level 1
Level 1

‎09-22-2011 04:45 AM

Hi Joe:

Actually, yesterday I tried to restart Tomcat ("utils service restart Cisco Tomcat"), and the process was endlessly trying to restart, so I figured out that the problem was in this process. I did not know how to regenerate the certificate, though. I will give it a shot and let you know.

¿Why should it have failed this way if nothing happened with the Subscriber? In fact, I do not remember any error message upon doing the update. Same update DVD, same virtual machine parameters... I can not understand it.

I will let you know soon!

regards, Rogelio

0 Helpful
Customers Also Viewed These Support Documents