cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8535
Views
15
Helpful
12
Replies

Phones don't install LSC after mixed mode configuration

alfonso.cornejo
Level 3
Level 3

Hi Guys,

I have configured my CUCM Cluster in mixed mode using two USB tokens according to the guide:

https://supportforums.cisco.com/document/73611/ip-phone-security-and-ctl-certificate-trust-list

My cluster is in 11.0.1.22900-14 version and it changed the mode to mixed as expected, the issue that I have is with the installation of the LSC (Step 6 Install LSCs on Phones). I have the CAPF configuration in my test phone like this (I changed the "Operation Completes By" date):

But when I try to update the LSC from the Phone using the authenticaton string it doesn't work, the phone doesn't install anything. I captured this logs from the Phone but I can't figure out what can be causing this:

5323 NOT Aug 20 11:45:46.807438 kernel: [ 844.388010] Set LCD backlight 1
5324 NOT Aug 20 11:45:46.854816 JAVA-System P5-traceManager MQThread|cip.sec.CertificateProperty:? - CertificateProperty.setCertificate() authMode=CAPF_AUTH_MODE_STR authorizationString=12345 theReason=CAPF_REASON_MANUAL
5325 NOT Aug 20 11:45:46.856072 SECUREAPP-RCAPF_START_MODE: Start CAPF - mode:[2]([STR_AUTH]), reason:[0]([MANUAL]) with auth-str
5326 NOT Aug 20 11:45:46.856320 SECUREAPP-CAPF_CLNT_INIT:CAPF clnt initialized
5327 NOT Aug 20 11:45:46.856436 SECUREAPP-CAPFClnt: SetDelayTimer - set with value <0>
5328 ERR Aug 20 11:45:46.856662 SECUREAPP-Sec create BIO - invalid parameter.
5329 ERR Aug 20 11:45:46.856851 SECUREAPP-SEC_CAPF_BIO_F: CAPF create bio failed
5330 ERR Aug 20 11:45:46.856954 SECUREAPP-SEC_CAPF_OP_F: CAPF operation failed, ret -7
5331 CRT Aug 20 11:45:46.968844 JAVA-System P5-traceManager MQThread|cip.sec.CertificateProperty$1:? - LSC: Connection failed

I'm working with 7841 and 7861 Phones.

I already verified that the certificates are installed in the entire cluster and also I have restarted all nodes but I still have the issue.

Any suggestions?

Thanks in advanced,

1 Accepted Solution

Accepted Solutions

pkinane
Cisco Employee
Cisco Employee

Alfonso,

I believe I found your TAC case. It seems the issue of installing the LSC was a DNS lookup failure. Is this correct?

If I am reading the case correctly you changed the entry under system > server from hostname to IP and the LSC installed. 

Please correct me if I am wrong so we know if the issue is resolved or not.

R/s,

Patrick

View solution in original post

12 Replies 12

HARIS_HUSSAIN
VIP Alumni
VIP Alumni

Hi alfonso.cornejo,

Please  try different Authentication Method say MIC.

Also make sure the Operation Completes by Date is some date in Future.

After the Phone reset what status you see in the line 

Certificate Operation Status :-

Is it working for all other phone or affecting only particular model or particular device.?

Hi,

It is not working with any device, at this moment I only have 7841 and 7861 models.

Regards

What is displayed in Certificate Operation Status :

after you try to install the certificate ?

Hi,

It says "Operation Pending"

Regards,

For One Phone , Delete both CTL and ITL Files and reset the phone so that it downloads new CTL and ITL Files. After reset try to push LSC.

Secondly make sure you certificates are not expired.

If still not working take a packet capture by enabling  SPAN To PC Port !!

Thanks

Haris

Please rate and mark correct as applicable <<

 

Hi Haris,

At the end, the issue of installing the LSC was a DNS lookup failure, after I changed the hostname of the publisher to an ip address everything worked.

Thanks for all your comments.

Regards,

Glad , you are able to resolve the issue.

THanks

haris

Hi Haris,

I did it but there is the same result.

Regards,

pkinane
Cisco Employee
Cisco Employee

Alfonso,

I believe I found your TAC case. It seems the issue of installing the LSC was a DNS lookup failure. Is this correct?

If I am reading the case correctly you changed the entry under system > server from hostname to IP and the LSC installed. 

Please correct me if I am wrong so we know if the issue is resolved or not.

R/s,

Patrick

Thanks, You saved my day!


@pkinane wrote:

Alfonso,

 

I believe I found your TAC case. It seems the issue of installing the LSC was a DNS lookup failure. Is this correct?

 

If I am reading the case correctly you changed the entry under system > server from hostname to IP and the LSC installed. 

 

Please correct me if I am wrong so we know if the issue is resolved or not.

 

R/s,

 

Patrick


 

alfonso.cornejo
Level 3
Level 3

Hi Guys,

The issue of installing the LSC was a DNS lookup failure, after I changed the hostname of the publisher to an ip address everything worked.

Thanks for all your comments.

Regards,