Any advice about token replacement on CUCM 9.0?
We need replace the token on new Virtual Server CUCM 220.127.116.1110-1 be after upgrade from 18.104.22.16800-6.
Thanks in Advance
We already see this information on security guide:
For all CTL file updates, you must insert one security token that already exists in the CTL file into the USB port. The client validates the signature of the CTL file through this token. You cannot add new tokens until the Cisco CTL Client validates the signature. If you have two USB ports on the workstation or server, do not insert both security tokens at the same time. security guide cucm "
but our old both Token have been replaced by Cisco RMA.
http://www.cisco.com/en/US/partner/docs/voice_ip_comm/cucm/security/4_2_3/sec423.html - Cisco Unified CallManager Security Guide, Release 4.2(3)
Chapter – Troublshooting
Tip Perform the following procedure during a scheduled maintenance window because you must reboot all servers in the cluster for the changes to take effect.
If you lose the security tokens and you need to update the CTL file, perform the following procedure:
Step 1 On every Cisco Unified CallManager, Cisco TFTP, or alternate TFTP server, browse to directory where the file, CTLFile.tlv, exists.
The following location designates the default directory: C:\program files\cisco\tftppath. To identify where you stored the CTL file, locate the File Location service parameter for the TFTP service in the Service Parameters window of Cisco Unified CallManager Administration.
Step 2 Delete CTLFile.tlv.
Step 4 Obtain at least two new security tokens.
Tip If the clusterwide security mode exists in mixed mode, the Cisco CTL client displays the message, "No CTL File exists on the server but the CallManager Cluster Security Mode is in Mixed Mode. For the system to function, you must create the CTL File and set CallManager Cluster to Mixed Mode. Click OK; then, choose Set CallManager Cluster to Mixed Mode and complete the CTL file configuration.
Step 6 After you create the CTL file on all the servers, delete the CTL file from the phone, as described in "Deleting the CTL File on the Cisco Unified IP Phone" section.
Step 7 Reboot all the servers in the cluster.
That's exactly the produce that needs to be followed (+5), when you lose all the tokens or replace them all meaning you are not going to use a token that was originally used to populate the CTL file.
I personally think the easiest is to send an email out to all users with the process to delete it from the phone through the settings menu. There are also 3rd party tools such as http://www.unifiedfx.com/home which can automate the button presses to all your phones so that you can remotely delete the CTL file.