Great answer 5 stars for that.  Also there's no bulk way to remove CTL files from phones either which is a common question.  The only bulk methods would involve searching the web for someone who has written a script that will instruct the phone to press buttons such as settings > security, etc to erase the CTL file.

Has anyone had any luck with finding a script that will allow you to remove CTL/ITL files from a batch of IP phones?

Hi Lamar,

I suggest you have a look at PhoneView from (http://www.unifiedfx.com), it's a very advanced endpoint management application that is designed to elimiate site visits as almost any action can be performed remotely on one, many or all phones in a single action.

I suggest you watch this video as it shows how to bulk delete the ITL file from multiple phones remotely:

Thanks

Stephen

This may be old but here's a simple way to do this, you can choose your scripting language to enclose this:

curl -i --user user:password -0 --data-urlencode XML="<CiscoIPPhoneExecute><ExecuteItem Priority='0' URL='Key:Soft4'/><ExecuteItem Priority='0' URL='Key:Softkey2'/></CiscoIPPhoneExecute>" 1.1.1.1/CGI/Execute

Where 1.1.1.1 is the phone's ip and user is the associated user to the phone and password is the actual password for that user (escape any special characters with \)

This should allow you to remotely control the phone via curl which is available in windows and linux.  You can then use a threaded or forked framework to manipulate multiple phones.

Example using Expect/TCL(TCL has threads disabled so Expect can fork), this is for the 7960's you have to unlock the 7970's so the commands will change:

#!/usr/bin/expect
# UNLOCK is a command to unlock the settings, use it since it has to be sent in a single POST string.
# ERASE is a command to Erase the settings for the same reason above.
set commandList {Init:Services Key:Settings Key:KeyPad4 Key:KeyPad5 Key:KeyPad2 ERASE}
set phoneIPList {1.1.1.1}
set user "PHONEUSER"
set pass "PHONEPASSWORD"
foreach phoneIP [split $phoneIPList] {
        set pid [fork]
        exit -onexit {
                exec kill [pid]
        }
        switch $pid {
                -1 {
                        puts "Fork attempt #$i failed."
                }
                0 {
                        foreach command [split $commandList] {
                                spawn ssh $::tcl_platform(user)@127.0.0.1
                                expect word:
                                send "yoursshpassword\r"
                                expect \$
                                if {$command == "UNLOCK"} {
                                        send "curl -i --user $user\:$pass -0 --data-urlencode XML=\"<CiscoIPPhoneExecute><ExecuteItem Priority='0' URL='Key:KeyPadStar'/><ExecuteItem Priority='0' URL='Key:KeyPadStar'/><ExecuteItem Priority='0' URL='Key:KeyPadPound'/></CiscoIPPhoneExecute>\" $phoneIP\/CGI/Execute\r"
                                }
                                if {$command == "ERASE"} {
                                        send "curl -i --user $user\:$pass -0 --data-urlencode XML=\"<CiscoIPPhoneExecute><ExecuteItem Priority='0' URL='Key:Soft4'/><ExecuteItem Priority='0' URL='Key:Soft2'/></CiscoIPPhoneExecute>\" $phoneIP\/CGI/Execute\r"
                                } else {
                                        send "curl -i --user $user\:$pass -0 --data-urlencode XML=\"<CiscoIPPhoneExecute><ExecuteItem Priority='0' URL='$command'/></CiscoIPPhoneExecute>\" $phoneIP\/CGI/Execute\r"
                                }
                                expect \$
                                puts $expect_out(buffer)
                                send exit\r
                        }
                        exit
                }
                default {
                }
        }
}

Looks very good...Thank You.  Process in video looks very simple...just wish I had the commands that were issued to the phone to perform the CTL/ITL deletion using a simple scripting method such as pearl, vb, or xml. 

In term's of the sequence, we typically use:

7906 & 7911:

Key:Applications|Cmd:Pause|Key:KeyPad3|Cmd:Pause|Key:KeyPad4|
Cmd:Pause|Key:KeyPad5|Cmd:Pause|Key:KeyPad2|Cmd:Pause|
Key:KeyPadStar|Key:KeyPadStar|Key:KeyPadPound|Cmd:Pause:5000|
Key:Soft4|Cmd:Pause|Key:Soft2|Cmd:Screenshot|Key:Applications

794x, 796x & 797x:

Init:Services|Key:Settings|Cmd:Pause|Key:KeyPad4|Cmd:Pause|
Key:KeyPad5|Cmd:Pause|Key:KeyPad2|Cmd:Pause|Key:KeyPadStar|
Key:KeyPadStar|Key:KeyPadPound|Cmd:Pause:5000|Key:Soft4|
Cmd:Pause|Key:Soft2|Cmd:Screenshot|Key:Settings

Note: These sequences include a **# to unlock the phone, if the macro fails for any reason, you may end-up with an unlocked phone you need to re-send the sequence too, that then locks the phone the next time arround. So either you may need to send these sequencies multiple times, or you send a separate unlock sequence (possibly multiple times) to make sure all the phones are unlocked, and then the ITL delete sequence after that.

As for the pearl, vb, xml etc. I've only heard of people creating their own scripts so-far, however one key point to watch with ITL files, we have found a number of people get in the situation that their Authentiation URL doesn't work (dependant on the TVS service as the URL is now HTTPS in UCM 8.x) and they can't change the config on their phones (ITL files doesn't trust TFTP server cert), so they can't send kepresses to the phones web server to delete the ITL file that causes a catch-22 situation.

Does your phone authentication HTTP POST instrucations to the phone, if so you are fine, if not then you can't use the phones web server anymore. If you are in that catch-22 then PhoneView is currently the only way to get out of the catch-22 as it doesn't use the phones web server to control the phone, but that is only availble in the beta of version 2, this can be requested by emailing beta@unifiedfx.com

Thanks

Stephen

Hi Marcel,

Thanks a lot for the info. But unfortunately its not working for me . When it comes to trust list I can see the list but no way to mark those.

Can I ask you one more question, If the phone is secured with CTL file, will that block the firmware upgrades on the phones.

thanks

Ratheesh

Hello,

did you unlock the phone?

Normaly the CTL doesn't block from updating the phone firmware - but sometimes there is an upgrade failure "Authentication Failed" in the display:

https://supportforums.cisco.com/message/3288477#3288477

Kind regards,

Marcel

Hello Marcel,

Yes I unlocked the phone. I think it could be ctl file issue only and I am not getting Auth Fail message also. When I tries to upgrade a new phone ( with no CTL ) it works.

regards

Ratheesh

Hello Ratheesh,

can you upload the latest phone logs?

Regards,

Marcel

Hello Marcel,

Thanks a lot. Please find the attached debugs

thanks

Ratheesh

Hello,

is this the only phone that has this issue?

What happen's if you make a complete factory reset:

Power off the phone.

Hold down the # key.

While holding #, connect an AC adaptor to the phone.

Continue to hold # until the line buttons blink amber.

Release the # key.

Enter 123456789*0#

Kind regards,

Marcel

No Marcel,

Tried resetting to factory default. Still the same.

Its happening for all the phones which got CTL file installed.

regards

Ratheesh