Migration from cucm 8.6 to 11.5 is in progress.
We are testing switching from old to new servers with TFTP change for phone migration.
During the test, the phone has existing ITL information.
We are going to integrate ITL through bulk certificate management.
The SFTP connection was good on the old server.
However, the new server will not be able to connect with the following message.
"Unable to access SFTP server or SFTP server too slow to respond. Please make sure the login credentials are correct."
What is the cause of this?
If you just need to exchange the certs for ITL purpose and not other purposes, i.e. EMCC, then much easier method is to simply export the CallManager certs and upload to the other cluster into Phone-SAST-Trust store, this requires no resets, no service restarts, etc. Cert consolidation process will restart all of your phones.
I've only used the cert consolidation method. From https://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/213407-migrate-phones-between-secure-clusters.html:
Manually import the certificates. Complete these steps on the destination cluster.
Step 1. Navigate to Cisco Unified OS Administration page > Security > Certificate Management.
Step 2. Select CallManager.pem certificate and download it.
Step 3. Select ITLrecovery.pem certificate and download it
Step 4. Upload the CallManager certificate to the source cluster publisher as a CallManger-trust and Phone-SAST-trust certificate.
Step 5. Upload the ITLrecovery Certificate to the source cluster as Phone-SAST-Trust
Step 6. Restart TVS in all nodes from the source cluster.
Then the certificates replicate to the other nodes in the cluster.
Steps 3, 5, 6 will apply to scenarios of migrating phone from 8.x to 12.x
Note: The CallManager certificate needs to be downloaded from all nodes running the TFTP service on the destination cluster.
Do steps 3, 5 & 6 literally only apply to 8.x to 12.x migrations, and otherwise skipped?
I'm having similar problems with CUCM 188.8.131.5200-115... but not just Bulk certificates, a similar error is also appearing under DRF but there it sometimes works and sometimes doesn't. Other clients are able to connect to the same SFTP server both via FTP and SFTP. Wondering if this is related to CSCvb34121