cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
4510
Views
5
Helpful
8
Replies
actualabhishek
Beginner

Serviceability page not loading from Publisher

Hi,

When I am trying to load service activation page from Publisher, it’s not loading after selecting Publisher from drop down. Sub is working perfectly fine.

I am getting error "Connection to the server cannot be established(Unknown Error)"

CUCM Version is 10.5.

any suggestion....

8 REPLIES 8
Deepak Rawat
Cisco Employee

Most probably your tomcat certificate is expired or else it is not available for the required server on Publisher CM. Look for the tomcat and tomcat-trust certificate with the FQDN of your CM server and check the expiry date. If the date is not expired, then make sure tomcat-trust certificate of CM subscribers is available on Publisher and vice versa. If not, then download it from the server where it exists and upload it to the one wherein it is missing as tomcat-trust. In an ideal situation, Publisher CM will have its own tomcat and tomcat-trust along with tomcat-trust for other subscribers. Similarly, Subscriber CM will have its own tomcat and tomcat-trust along with tomcat-trust for other subscribers and publisher. Do not forget to restart Cisco Tomcat service after doing this.

Regards

Deepak

Hello Deepak,

Thank you for the quick response!

I have already checked the certificate and all are valid until 2020.tomcat and tomcat-trust is available on both pub and sub. Both pub and sub having its own tomcat, tomcat-trust and tomcat-trust of other server.

any suggestions...

regards,

Abhi

Hi Actualasbhishek,

As per Deepak's recommendation, did you try a restart of the TomCat service at all?

Regards,

Tariq

unfortunately it is still same....

Were you able to resolve? I have the same issue with 11.5 for a couple of nodes. The posted workaround for the numerous bug IDs filed also does not work as for whatever reason I cannot log into the serviceability page from the local node. I attempted cert regeneration, etc. I also attempted a hostname change which not only regenerates all certs but goes through a series of ssh scripts which restarts the specific services neccessary in the correct order. Whenever I regenerate a cert I see it is propagated correctly to all nodes as well.

 

All workarounds for "Connection to the Server cannot be established(Unknown Error)" do not yield in positive results.

Aadhil Salim
Beginner

Workaround
Log in to each CUCM node separately in order to access Serviceability and Activate/Deactivate services.
Solution
Enter the utils dbreplication runtimestate command in order to check for any dbreplication issues in the CUCM cluster.
Restart the Tomcat Service with the utils service restart Cisco Tomcat command.
Check for any Tomcat certificate (tomcat-trust) serial number mismatches on the nodes.
Choose Cisco OS Administration > Security > Certificate Management > tomcat.pem and check whether the Tomcat certificate is expired. If expired, regenerate the Tomcat certificate and restart the Tomcat service.
If you use a CA signed certificate, get the Tomcat CSR re-signed by the CA, re-upload it back, and restart the Cisco Tomcat service with the utils service restart Cisco Tomcat command.
If you use a self-signed certificate on the affected server, regenerate the Tomcat certificate with the set cert regen tomcat command from the CLI or from OS Admin and then restart the Cisco Tomcat service with the utils service restart Cisco Tomcat command.
These known defects are documented in Cisco bug IDs CSCui29232 and CSCud67438.

I have done these things per CSCud67438. Also worth mentioning is DBreplication is a 2 for all nodes and show network clsuter shows no issues.

 

Interestingly enough i am running 11.5su2 which does not seem to be one of the versions affected by these published bugs.

 

Also I cannot log into web admin or serviceability from either affected subscriber node directly. All other subs that 'work' and the publisher I can, so the work around does not work in this case. The node does not say failed login on the affected subs the page just refreshes back to the login screen without a message (very odd)

I rebooted the cluster since posting with no positive effect. Interestingly enough I upgraded the cluster to 11.5SU3a and the issue resolved itself. I could not seem to find an exact match for a bug but there seemed to be some Tomcat and Cert bugs that were resolved so maybe just the minor changes to the Tomcat service fixed my issue. 

Create
Recognize Your Peers
Content for Community-Ad