02-25-2019 05:41 PM
Migration from cucm 8.6 to 11.5 is in progress.
We are testing switching from old to new servers with TFTP change for phone migration.
During the test, the phone has existing ITL information.
We are going to integrate ITL through bulk certificate management.
The SFTP connection was good on the old server.
However, the new server will not be able to connect with the following message.
"Unable to access SFTP server or SFTP server too slow to respond. Please make sure the login credentials are correct."
What is the cause of this?
Please confirm.
02-25-2019 09:22 PM
02-26-2019 10:05 AM
If you just need to exchange the certs for ITL purpose and not other purposes, i.e. EMCC, then much easier method is to simply export the CallManager certs and upload to the other cluster into Phone-SAST-Trust store, this requires no resets, no service restarts, etc. Cert consolidation process will restart all of your phones.
07-08-2020 09:35 AM
Hi Chris,
I've only used the cert consolidation method. From https://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/213407-migrate-phones-between-secure-clusters.html:
Method 2.
Manually import the certificates. Complete these steps on the destination cluster.
Step 1. Navigate to Cisco Unified OS Administration page > Security > Certificate Management.
Step 2. Select CallManager.pem certificate and download it.
Step 3. Select ITLrecovery.pem certificate and download it
Step 4. Upload the CallManager certificate to the source cluster publisher as a CallManger-trust and Phone-SAST-trust certificate.
Step 5. Upload the ITLrecovery Certificate to the source cluster as Phone-SAST-Trust
Step 6. Restart TVS in all nodes from the source cluster.
Then the certificates replicate to the other nodes in the cluster.
Steps 3, 5, 6 will apply to scenarios of migrating phone from 8.x to 12.x
Note: The CallManager certificate needs to be downloaded from all nodes running the TFTP service on the destination cluster.
Do steps 3, 5 & 6 literally only apply to 8.x to 12.x migrations, and otherwise skipped?
thanks,
will
07-12-2020 05:12 PM
I had an opportunity to test this, and I skipped steps 3, 5 and 6, and it worked just fine.
09-15-2020 12:49 PM
I'm having similar problems with CUCM 12.5.1.12900-115... but not just Bulk certificates, a similar error is also appearing under DRF but there it sometimes works and sometimes doesn't. Other clients are able to connect to the same SFTP server both via FTP and SFTP. Wondering if this is related to CSCvb34121
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide