07-30-2014 07:32 AM - edited 03-16-2019 11:34 PM
Hello everyone
We have a CUCM cluster 6.1.2 and we have lost the tokens we used to create CTL
The problem is that our certificates has expired and there is no way to renew them without the security tokens
Moreover, I have manually regenerated CallManager.pem certificate, and apparently it has resigned all configuration files (correct me if I am wrong) and now some of the phones do not accept these configuration files with this error:
877: xxx 17:30:28.895819 SECD: EROR:verifyFile: sgn verify file failed </usr/ram/SEPB4A4E329D635.cnf.xml>, errclass 8, errcode 19 (signer not in CTL)
and register on the subscriber (dont know why).
Some of the phones are not able to register (rejected) with Security Mode set to Non secure, and I need to configure them with LCS, but looks like if I hard reset the phone, the CTL file on the phone will change and it will not accept the configuration file
Is there any way to disable this functionality and change the cluster mode from mixed to non-secure or somehow "unsign" the configuration files so the phones could take it?
Thank you in advance
Solved! Go to Solution.
08-18-2014 07:09 AM
The config files are generated dynamically each time a phone requests them. They are not saved on the system. After the CTL is deleted from a phone and it doesn't get a new CTL from CUCM, it will start requesting unsigned config files (SEP*.cnf.xml).
10-07-2014 08:03 AM
Hi Brian,
I had the same issue, and had reset the mode back to non-secure, and all worked OK until some phones were factory reset.
Thanks for the CTL delete information.
I have noticed that the phones don't seem to get an ITL.
I am not a fan of ITL infact they have been a pain in the @rse at times, but do you know why an ITL has not been generated / distributed in my security reset cluster.
Thanks
Frank
10-07-2014 08:33 AM
What CUCM version are you on and what model phone? Do you see anything running "show itl" on the nodes?
04-07-2015 07:34 PM
Thanks for the sql query bro! Just helped me fix this situation!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: