Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1926
Views
5
Helpful
5
Replies

CUCM Bulk Certificate Export Error(ITL Migration)

heaventerran1
Level 1
Level 1

‎02-25-2019 05:41 PM

Migration from cucm 8.6 to 11.5 is in progress.

We are testing switching from old to new servers with TFTP change for phone migration.
During the test, the phone has existing ITL information.

 

We are going to integrate ITL through bulk certificate management.

The SFTP connection was good on the old server.
However, the new server will not be able to connect with the following message.

"Unable to access SFTP server or SFTP server too slow to respond. Please make sure the login credentials are correct."

 

What is the cause of this?

 

Please confirm.

 

1 person had this problem
Labels:
0 Helpful
5 Replies 5

Mohammed al Baqari
Level 11
Level 11

‎02-25-2019 09:22 PM

Do you see any error logs on SFTP when cucm is trying to connect? Try to
delete the SFTP from CUCM and readd it.
0 Helpful

Chris Deren
Hall of Fame
Hall of Fame

‎02-26-2019 10:05 AM

If you just need to exchange the certs for ITL purpose and not other purposes, i.e. EMCC, then much easier method is to simply export the CallManager certs and upload to the other cluster into Phone-SAST-Trust store, this requires no resets, no service restarts, etc. Cert consolidation process will restart all of your phones.

will-alvord
Level 1
Level 1
In response to Chris Deren

‎07-08-2020 09:35 AM

Hi Chris,

I've only used the cert consolidation method. From https://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/213407-migrate-phones-between-secure-clusters.html:

 

Method 2.

Manually import the certificates. Complete these steps on the destination cluster.

Step 1. Navigate to Cisco Unified OS Administration page > Security > Certificate Management.

Step 2. Select CallManager.pem certificate and download it.

Step 3. Select ITLrecovery.pem certificate and download it

Step 4. Upload the CallManager certificate to the source cluster publisher as a CallManger-trust and Phone-SAST-trust certificate.

Step 5. Upload the ITLrecovery Certificate to the source cluster as Phone-SAST-Trust

Step 6. Restart TVS in all nodes from the source cluster.

Then the certificates replicate to the other nodes in the cluster.

Steps 3, 5, 6 will apply to scenarios of migrating phone from 8.x to 12.x

Note: The CallManager certificate needs to be downloaded from all nodes running the TFTP service on the destination cluster.

 

Do steps 3, 5 & 6 literally only apply to 8.x to 12.x migrations, and otherwise skipped?

 

thanks,

will

0 Helpful

will-alvord
Level 1
Level 1
In response to will-alvord

‎07-12-2020 05:12 PM

I had an opportunity to test this, and I skipped steps 3, 5 and 6, and it worked just fine.

0 Helpful

Aaron Smith
Level 4
Level 4

‎09-15-2020 12:49 PM

I'm having similar problems with CUCM 12.5.1.12900-115... but not just Bulk certificates, a similar error is also appearing under DRF but there it sometimes works and sometimes doesn't.  Other clients are able to connect to the same SFTP server both via FTP and SFTP.  Wondering if this is related to CSCvb34121

0 Helpful
Customers Also Viewed These Support Documents