Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5378
Views
5
Helpful
6
Replies

Jabber for windows softphone doesn't register after security changes on CUCM

Support Albakom
Level 3
Level 3

‎04-26-2017 02:38 AM - edited ‎03-17-2019 10:09 AM

Hi,

I changed the security mode to mixed mode on our CUCM to enable secure RTP to a meeting server.

Therefore I'm also generated a CSR for the CallManager certificate, signed it by a CA, uploaded this signed certificate and the CA root to the CUCM.

I restarted the CUCM.

Since this time my CSFdevice on a windows PC will not register. I can use a deskphone with the jabber client, but not the softphone mode.

I saved the CA root certificate on my windows PC with certmgr.msc in trusted root store. - Nothing changed at jabber.

I reinstalled jabber and accepted all certificates. Softphone doesn't register. The error message is CJ:109:3

The tooltip on the bottom left icon for softphone say:

"The trustworthy certificate list is not snychronized with the TFTP server. Please contact your system administrator." (translated from german - hope is comprehensible)

What to do? All other functions on jabber works fine. Jaber version is newest 11.8.3

3 people had this problem
Labels:
0 Helpful
6 Replies 6

HARIS_HUSSAIN
VIP Alumni
VIP Alumni

‎04-26-2017 02:43 AM

Try Deleting the Jabber Cache files and login again

C:\Users\<user name>\AppData\Roaming\Cisco\Unified Communications

0 Helpful

Support Albakom
Level 3
Level 3
In response to HARIS_HUSSAIN

‎04-26-2017 02:59 AM

Already done. Nothing changed.

0 Helpful

Alex Andruszkiw
Level 1
Level 1

‎04-28-2017 09:31 PM

Hi, in the last few days I renewed all the certificates with an AD CA on UCM 10.5.2.15900-8, callmanager, CAPF, tomcat and am experiencing the same error message above with Jabber. 

Since the certificate renewals, Jabber 11.8.3 and previous versions will not work in soft-phone mode, but I have no issues with controlling phones.  When I select "Use my computer to make calls", it will hang indefinitely.  If I restart jabber and hover over the phone icon on the bottom left, I get a pop-up message "The certificate trust list is not synchronized with the TFTP server.  Contact your system administrator". Error notification: CJ:109:3 unable to connect.

UCM is in mixed mode. I have looked at this document UCM Certificate Regeneration/Renewal Process: http://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/200199-CUCM-Certificate-Regeneration-Renewal-Pr.html and tried the CLI command "utils ctl update CTLFile", restarted ucm which made no difference.

Preview file
104 KB
0 Helpful

Mohammed al Baqari
Level 11
Level 11
In response to Alex Andruszkiw

‎04-29-2017 11:26 AM

Hi,

Most likely your CTL file wasn't updated with the newly renewed certificates. From CUCM CLI issue the command 'show ctl'.

In the output look for the last modified date (1st or 2nd line) and see if this was before or after your certificate renewal dates.

If the date is before, then its confirmed that your CTL file hasn't been updated after your certificate renewal.

If it is after, look for CAPF.pem and CallMAnager.pem certificates in 'show ctl' output, note their serial numbers and compare it with the serial numbers of the actual certificates uploaded in CUCM (navigate to certificate management in OS Admin). Most likely it will be different.

Now to fix the problem, use CTLClient to connect to your CUCM environment, use update CTL option to update your CTL file, then restart Cisco CallManager and Cisco TFTP services.

Alex Andruszkiw
Level 1
Level 1
In response to Mohammed al Baqari

‎05-01-2017 03:30 PM

Hi Mohammed,

Thanks for the reply. I am using a tokenless CTL, so the CTLClient didn't work.

I tried updating the certificates again for callmanager, capf and Tomcat.  Verified certificate serial numbers with cli command "show ctl".  Also ran the "utils ctl update CTLFile" and checked the show ctl output again.  Date changed to the time when running the command and noticed the signature changed. 

This time instead of rebooting the VM, I restarted the callmanager then the tftp service. Jabber still did not work.  I then tried signing out and resetting Jabber, then it started working.   Repeated resetting Jabber on a few other desktops that were having this issue and it started working again. 

The new CTL signature matches on all of the Cisco hard-phones.

At this point I'm not sure if it was a mistake that I made with updating the certificates using the CA or rebooting the entire callmanager VM instead of just restarting the two services.

Thanks for your help,

Alex

0 Helpful

Mohammed al Baqari
Level 11
Level 11
In response to Alex Andruszkiw

‎05-01-2017 06:21 PM

Hi Alex,

Great that the problem is fixed.  I didn't know that you are tokenless. The concept is same and the difference that you update the ctl file using the command line instead of the client as you mentioned.

There was no problem with your certificate update. You was missing ctl file update.  the error message you got was for that reason and probably you saw the modified date was old.

Please remember to rate useful posts

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents