01-21-2014 02:13 AM - last edited on 03-25-2019 08:27 PM by ciscomoderator
We have a cluster of two CUCM 9.1 and have noticed that the service Cisco DRF Local on the subscriber fails by it self.
If we start the service manualy then we are able to backup the subscriber but some time after that the service would fail. When this happens our scheduled backup does not work. There is no problem with the backup of the Publisher.
Not sure if important but the cluster was upgraded from CUCM 7.1.5 using jump upgrade procedure.
Does anyone have an idea what could cause this or how to troubleshoot?
Regards.
01-21-2014 02:30 AM
Hi,
we faced the similar problem in which DRF Local services were getting stopped on its own and opened a tac case with cisco.
we also migrated from 7.1.5 to 9.1
DB Replication was fine on 9.1
the problem was due to serial numbers of ipsec certificates not matching on Pub and SUB.
certificates were re-generated.
I suggest opening a tac case.
regds,
aman
01-21-2014 01:35 PM
Hi Aman,
So if I regenerate IPSEC certificates will that affect other operations of the cluster like MGCP gatway or IP Phones?
From what I read here if there is a mismatch of serial numbers of ipsec.pem certificates I should download the cert from the affected Subscriber and upload it to the Publisher. Should I recreate the ipsec certificate on the publisher as well?
Regards.
01-21-2014 08:29 PM
Hi,
First cross-check the serial numbers of ipsec-trust in all servers in a cluster.
follow the procedure
a. take a backup of the ipsec.pem certificate on the Publisher
b Take a backup of the ipsec-trust certificate that has the CUCM Publisher name, from both Publisher and Subscribers in a cluster.
c. Regenerate the ipsec.trust certificate on the Publisher
Hope this helps.
regds,
aman
01-22-2014 09:03 AM
Hi Aman,
I checked the serial numbers from ipsec.pem and they seem to match.
The serial from IPSec.pem on the Publisher matches the serials from IPSec-trust on both the Publisher and the Subscriber.
Are there some other certificates I should check?
How can I access logs to see if some error is presented when the service crashes?
Thank you!
Regards.
01-22-2014 09:16 AM
If the service is failing repeatedly on the subscriber, first please check for any core dumps using the following command on subscriber cli
utils core active list
If no core dumps are found then we need to collect DRF traces from the subscriber to look for any known bugs.
HTH
Manish
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide