cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Walkthrough Wednesdays
588
Views
5
Helpful
5
Replies
heaventerran1
Beginner

CUCM Bulk Certificate Export Error(ITL Migration)

Migration from cucm 8.6 to 11.5 is in progress.

We are testing switching from old to new servers with TFTP change for phone migration.
During the test, the phone has existing ITL information.

 

We are going to integrate ITL through bulk certificate management.

The SFTP connection was good on the old server.
However, the new server will not be able to connect with the following message.

"Unable to access SFTP server or SFTP server too slow to respond. Please make sure the login credentials are correct."

 

What is the cause of this?

 

Please confirm.

 

5 REPLIES 5
Mohammed al Baqari
VIP Advisor

Do you see any error logs on SFTP when cucm is trying to connect? Try to
delete the SFTP from CUCM and readd it.
Chris Deren
Hall of Fame Master

If you just need to exchange the certs for ITL purpose and not other purposes, i.e. EMCC, then much easier method is to simply export the CallManager certs and upload to the other cluster into Phone-SAST-Trust store, this requires no resets, no service restarts, etc. Cert consolidation process will restart all of your phones.

Hi Chris,

I've only used the cert consolidation method. From https://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/213407-migrate-phones-between-secure-clusters.html:

 

Method 2.

Manually import the certificates. Complete these steps on the destination cluster.

Step 1. Navigate to Cisco Unified OS Administration page > Security > Certificate Management.

Step 2. Select CallManager.pem certificate and download it.

Step 3. Select ITLrecovery.pem certificate and download it

Step 4. Upload the CallManager certificate to the source cluster publisher as a CallManger-trust and Phone-SAST-trust certificate.

Step 5. Upload the ITLrecovery Certificate to the source cluster as Phone-SAST-Trust

Step 6. Restart TVS in all nodes from the source cluster.

Then the certificates replicate to the other nodes in the cluster.

Steps 3, 5, 6 will apply to scenarios of migrating phone from 8.x to 12.x

Note: The CallManager certificate needs to be downloaded from all nodes running the TFTP service on the destination cluster.

 

Do steps 3, 5 & 6 literally only apply to 8.x to 12.x migrations, and otherwise skipped?

 

thanks,

will

I had an opportunity to test this, and I skipped steps 3, 5 and 6, and it worked just fine.

Aaron Smith
Enthusiast

I'm having similar problems with CUCM 12.5.1.12900-115... but not just Bulk certificates, a similar error is also appearing under DRF but there it sometimes works and sometimes doesn't.  Other clients are able to connect to the same SFTP server both via FTP and SFTP.  Wondering if this is related to CSCvb34121

Content for Community-Ad

Spotlight Awards 2021