Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5490
Views
10
Helpful
5
Replies

DRF Local service stops on subscriber

kasper123
Level 4
Level 4

‎01-21-2014 02:13 AM - last edited on ‎03-25-2019 08:27 PM by Community Manager

We have a cluster of two CUCM 9.1 and have noticed that the service Cisco DRF Local on the subscriber fails by it self.

If we start the service manualy then we are able to backup the subscriber but some time after that the service would fail. When this happens our scheduled backup does not work. There is no problem with the backup of the Publisher.

Not sure if important but the cluster was upgraded from CUCM 7.1.5 using jump upgrade procedure.

Does anyone have an idea what could cause this or how to troubleshoot?

Regards.

Labels:
0 Helpful
5 Replies 5

Aman Soi
VIP Alumni
VIP Alumni

‎01-21-2014 02:30 AM

Hi,

we faced the similar problem in which DRF Local services were getting stopped on its own and opened a tac case with cisco.

we also migrated from 7.1.5 to 9.1

DB Replication was fine on 9.1

the problem was due to serial numbers of ipsec certificates not matching on Pub and SUB.

certificates were re-generated.

I suggest opening a tac case.

regds,

aman

kasper123
Level 4
Level 4
In response to Aman Soi

‎01-21-2014 01:35 PM

Hi Aman,

So if I regenerate IPSEC certificates will that affect other operations of the cluster like MGCP gatway or IP Phones?

From what I read here if there is a mismatch of serial numbers of ipsec.pem certificates I should download the cert from the affected Subscriber and upload it to the Publisher. Should I recreate the ipsec certificate on the publisher as well?

Regards.

0 Helpful

Aman Soi
VIP Alumni
VIP Alumni
In response to kasper123

‎01-21-2014 08:29 PM

Hi,

First cross-check the serial numbers of ipsec-trust  in all servers in a cluster.

follow the procedure

a.  take a backup of the ipsec.pem certificate on the Publisher

b  Take a backup of the ipsec-trust certificate that has the CUCM Publisher name, from both Publisher and Subscribers in a cluster.

c.  Regenerate the ipsec.trust certificate on the Publisher

Hope this helps.

regds,

aman

kasper123
Level 4
Level 4
In response to kasper123

‎01-22-2014 09:03 AM

Hi Aman,

I checked the serial numbers from ipsec.pem and they seem to match.

The serial from IPSec.pem on the Publisher matches the serials from IPSec-trust on both the Publisher and the Subscriber.

Are there some other certificates I should check?

How can I access logs to see if some error is presented when the service crashes?

Thank you!

Regards.

0 Helpful

Manish Gogna
Cisco Employee
Cisco Employee
In response to kasper123

‎01-22-2014 09:16 AM

If the service is failing repeatedly on the subscriber, first please check for any core dumps using the following command on subscriber cli

utils core active list

If no core dumps are found then we need to collect DRF traces from the subscriber to look for any known bugs.

HTH

Manish

0 Helpful
Customers Also Viewed These Support Documents