03-13-2011 04:56 AM - edited 03-16-2019 03:56 AM
HI Team,
Appreciate if you could guide me with the procedure how to delete CTL files from Cisco IP Phone models 7975/7945/7965 series.
regards
Ratheesh
03-13-2011 05:32 AM
Hello,
go to "Settings" pres * * # and the phone unlock's.
Go to "Security Configuration" (here you can delete via erase)
or
you go to "Trust List" - mark "CTL File" and press here "erase".
Kind regards,
Marcel Ammann
Please rate helpful post's....
03-13-2011 01:21 PM
Great answer 5 stars for that. Also there's no bulk way to remove CTL files from phones either which is a common question. The only bulk methods would involve searching the web for someone who has written a script that will instruct the phone to press buttons such as settings > security, etc to erase the CTL file.
10-28-2011 06:54 AM
Has anyone had any luck with finding a script that will allow you to remove CTL/ITL files from a batch of IP phones?
10-28-2011 07:43 AM
Hi Lamar,
I suggest you have a look at PhoneView from (http://www.unifiedfx.com), it's a very advanced endpoint management application that is designed to elimiate site visits as almost any action can be performed remotely on one, many or all phones in a single action.
I suggest you watch this video as it shows how to bulk delete the ITL file from multiple phones remotely:
Thanks
Stephen
01-08-2015 10:16 AM
This may be old but here's a simple way to do this, you can choose your scripting language to enclose this:
curl -i --user user:password -0 --data-urlencode XML="<CiscoIPPhoneExecute><ExecuteItem Priority='0' URL='Key:Soft4'/><ExecuteItem Priority='0' URL='Key:Softkey2'/></CiscoIPPhoneExecute>" 1.1.1.1/CGI/Execute
Where 1.1.1.1 is the phone's ip and user is the associated user to the phone and password is the actual password for that user (escape any special characters with \)
This should allow you to remotely control the phone via curl which is available in windows and linux. You can then use a threaded or forked framework to manipulate multiple phones.
Example using Expect/TCL(TCL has threads disabled so Expect can fork), this is for the 7960's you have to unlock the 7970's so the commands will change:
#!/usr/bin/expect
# UNLOCK is a command to unlock the settings, use it since it has to be sent in a single POST string.
# ERASE is a command to Erase the settings for the same reason above.
set commandList {Init:Services Key:Settings Key:KeyPad4 Key:KeyPad5 Key:KeyPad2 ERASE}
set phoneIPList {1.1.1.1}
set user "PHONEUSER"
set pass "PHONEPASSWORD"
foreach phoneIP [split $phoneIPList] {
set pid [fork]
exit -onexit {
exec kill [pid]
}
switch $pid {
-1 {
puts "Fork attempt #$i failed."
}
0 {
foreach command [split $commandList] {
spawn ssh $::tcl_platform(user)@127.0.0.1
expect word:
send "yoursshpassword\r"
expect \$
if {$command == "UNLOCK"} {
send "curl -i --user $user\:$pass -0 --data-urlencode XML=\"<CiscoIPPhoneExecute><ExecuteItem Priority='0' URL='Key:KeyPadStar'/><ExecuteItem Priority='0' URL='Key:KeyPadStar'/><ExecuteItem Priority='0' URL='Key:KeyPadPound'/></CiscoIPPhoneExecute>\" $phoneIP\/CGI/Execute\r"
}
if {$command == "ERASE"} {
send "curl -i --user $user\:$pass -0 --data-urlencode XML=\"<CiscoIPPhoneExecute><ExecuteItem Priority='0' URL='Key:Soft4'/><ExecuteItem Priority='0' URL='Key:Soft2'/></CiscoIPPhoneExecute>\" $phoneIP\/CGI/Execute\r"
} else {
send "curl -i --user $user\:$pass -0 --data-urlencode XML=\"<CiscoIPPhoneExecute><ExecuteItem Priority='0' URL='$command'/></CiscoIPPhoneExecute>\" $phoneIP\/CGI/Execute\r"
}
expect \$
puts $expect_out(buffer)
send exit\r
}
exit
}
default {
}
}
}
10-28-2011 08:09 AM
Looks very good...Thank You. Process in video looks very simple...just wish I had the commands that were issued to the phone to perform the CTL/ITL deletion using a simple scripting method such as pearl, vb, or xml.
10-28-2011 08:27 AM
In term's of the sequence, we typically use:
7906 & 7911:
Key:Applications|Cmd:Pause|Key:KeyPad3|Cmd:Pause|Key:KeyPad4|
Cmd:Pause|Key:KeyPad5|Cmd:Pause|Key:KeyPad2|Cmd:Pause|
Key:KeyPadStar|Key:KeyPadStar|Key:KeyPadPound|Cmd:Pause:5000|
Key:Soft4|Cmd:Pause|Key:Soft2|Cmd:Screenshot|Key:Applications
794x, 796x & 797x:
Init:Services|Key:Settings|Cmd:Pause|Key:KeyPad4|Cmd:Pause|
Key:KeyPad5|Cmd:Pause|Key:KeyPad2|Cmd:Pause|Key:KeyPadStar|
Key:KeyPadStar|Key:KeyPadPound|Cmd:Pause:5000|Key:Soft4|
Cmd:Pause|Key:Soft2|Cmd:Screenshot|Key:Settings
Note: These sequences include a **# to unlock the phone, if the macro fails for any reason, you may end-up with an unlocked phone you need to re-send the sequence too, that then locks the phone the next time arround. So either you may need to send these sequencies multiple times, or you send a separate unlock sequence (possibly multiple times) to make sure all the phones are unlocked, and then the ITL delete sequence after that.
As for the pearl, vb, xml etc. I've only heard of people creating their own scripts so-far, however one key point to watch with ITL files, we have found a number of people get in the situation that their Authentiation URL doesn't work (dependant on the TVS service as the URL is now HTTPS in UCM 8.x) and they can't change the config on their phones (ITL files doesn't trust TFTP server cert), so they can't send kepresses to the phones web server to delete the ITL file that causes a catch-22 situation.
Does your phone authentication HTTP POST instrucations to the phone, if so you are fine, if not then you can't use the phones web server anymore. If you are in that catch-22 then PhoneView is currently the only way to get out of the catch-22 as it doesn't use the phones web server to control the phone, but that is only availble in the beta of version 2, this can be requested by emailing beta@unifiedfx.com
Thanks
Stephen
03-14-2011 12:48 AM
Hi Marcel,
Thanks a lot for the info. But unfortunately its not working for me . When it comes to trust list I can see the list but no way to mark those.
Can I ask you one more question, If the phone is secured with CTL file, will that block the firmware upgrades on the phones.
thanks
Ratheesh
03-14-2011 01:49 AM
Hello,
did you unlock the phone?
Normaly the CTL doesn't block from updating the phone firmware - but sometimes there is an upgrade failure "Authentication Failed" in the display:
https://supportforums.cisco.com/message/3288477#3288477
Kind regards,
Marcel
03-14-2011 01:55 AM
Hello Marcel,
Yes I unlocked the phone. I think it could be ctl file issue only and I am not getting Auth Fail message also. When I tries to upgrade a new phone ( with no CTL ) it works.
regards
Ratheesh
03-14-2011 02:06 AM
Hello Ratheesh,
can you upload the latest phone logs?
Regards,
Marcel
03-14-2011 02:16 AM
03-14-2011 02:39 AM
Hello,
is this the only phone that has this issue?
What happen's if you make a complete factory reset:
Power off the phone.
Hold down the # key.
While holding #, connect an AC adaptor to the phone.
Continue to hold # until the line buttons blink amber.
Release the # key.
Enter 123456789*0#
Kind regards,
Marcel
03-14-2011 02:55 AM
No Marcel,
Tried resetting to factory default. Still the same.
Its happening for all the phones which got CTL file installed.
regards
Ratheesh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide