cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
361
Views
0
Helpful
11
Replies
Beginner

CUE Voicemail SMTP Issues

Hello,

 

In the past couple of weeks, we've had several customers start having issues with voicemail notifications generated from the CUE module. I've tried multiple providers (google,yahoo, outlook.com) and I get similar errors for all of them. The debug is 

 

2327 01/03 14:31:06.216 VMSS mnot 0 DEBUG: getProvider() returning javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.smtp.SMTPTransport,Sun Microsystems, Inc]
DEBUG SMTP: useEhlo true, useAuth true
DEBUG SMTP: trying to connect to host "smtp.gmail.com", port 465, isSSL false
Send failed, UID=0
2327 01/03 14:31:06.225 VMSS mnot 0 EmailSender: Error sending emailjavax.mail.MessagingException: Could not connect to SMTP host: smtp.gmail.com, port: 465;
  nested exception is:
        javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I've generated a new SSL cert on the CUE module, I can ping the hostname from the CUE module, there's no ACL blocking, but I get the same thing. Is anyone else having a similar issue or have any suggestions?

 

Thanks! 

11 REPLIES 11
VIP Advisor

Re: CUE Voicemail SMTP Issues

Make sure that you delete the old certificate chain and have the new one
installed. You need to have the full certificate chain installed including
root ca and intermediate ca
Beginner

Re: CUE Voicemail SMTP Issues

Thanks for the response. How do I remove the old cert in the CUE?
Beginner

Re: CUE Voicemail SMTP Issues

Anybody else on this? I'm having the exact same problem. Would love to know how to solve this...

 

 

Beginner

Re: CUE Voicemail SMTP Issues

I have not got a solution to this yet.
Cisco Employee

Re: CUE Voicemail SMTP Issues

Yup. This is an ongoing issue with CUE and SMTP integration. There is a solution to this wherein the certificates will need to be manually updated through the CUE bash. Procedure can only be done by TAC.
The solution is only for CUE on SRE module deployments. For virtual CUE, you will need to wait for 9.X release.

Nipun Singh Raghav
"We cannot solve our problems with the same thinking we used when we created them"
Cisco Employee

Re: CUE Voicemail SMTP Issues

You cannot do that. There is no way for a customer to do that on CUE. It can only be done by TAC. Open up a TAC case.

Nipun Singh Raghav
"We cannot solve our problems with the same thinking we used when we created them"
Beginner

Re: CUE Voicemail SMTP Issues

My device is EOL, and I'm told that means I can't even open up a TAC if I wanted to. So what should I do? Am I totally screwed?

Cisco Employee

Re: CUE Voicemail SMTP Issues

What device is it ?

Nipun Singh Raghav
"We cannot solve our problems with the same thinking we used when we created them"
Beginner

Re: CUE Voicemail SMTP Issues

UC520

Cisco Employee

Re: CUE Voicemail SMTP Issues

ahh .. yeah that's EoLDS. No more TAC support. You can still use SMTP but without authentication. The issue is related to a SSL handshake failure when the SMTP server presents it's certificate to the CUE. Since CUE does not have the cert, it drops the connection.
Just use Port 25 without any security and you should be good taken the fact that any of the SMTP providers support non-auth based integration. If they don't, then you will be have to migrate to either a SRE or vCUE.

Nipun Singh Raghav
"We cannot solve our problems with the same thinking we used when we created them"
Highlighted
Hall of Fame Master

Re: CUE Voicemail SMTP Issues

I want to add on this issue. It's a major flaw that there is no way to add root certificates for SMTP without shell access, especially for the devices which cannot be placed under support.

In the past I was able to upload valid these by hacking to shell access, for that I had patched an installation image, corrected the checksum, booted, mounted the disk and uploaded to cacert storage. With the SRE hardware (secure bootstrap) that is not possible anymore, but one could try removing the disk, mounting on a linux system and update cacert from there.

The only valid workaround remains to setup a local SMTP server that then relays as needed.

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards