cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
937
Views
30
Helpful
7
Replies

switching the phone manually between cme and cucm?

baselzind
Level 6
Level 6

im doing a migration from cme 8 to cucm 12 , the customer doesn't use dhcp for phones so when i wanted to move a phone from cme to cucm i changed the tftp server to the cucm 12 and it registered on it , the problem when i wanted to register the phone back on cme , i changed the tftp server back to cme but it didn't register back to cme it stayed on cucm? isnt changing the tftp enough to change the telephony system?

 

 

1 Accepted Solution

Accepted Solutions

When a phone registers to a CUCM server it downloads a digital signature in the form of an Initial Trust List (ITL). Once a phone has this ITL, it will not talk to any other call agent including CME.

To move a phone off of a CUCM server and get it to register to CME you will need to remove the ITL. Depending on the model, this process is different.

For a 7911 (I assume this is the same phone you had the question about firmware), go to the Settings on the phone, access the Security menu, locate the ITL, type **# on the keypad to unlock the setting, and use the softkeys to delete the ITL. After deleting the ITL, the phone should reboot and the ITL will be gone.

If, indeed, this is the same phone as the firmware question, if you do a factory reset that will wipe out both the firmware and the ITL. But you don't want to do a factory reset if you don't have to. Try deleting the ITL first.

 

Maren

View solution in original post

7 Replies 7

George Sotiropoulos
Cisco Employee
Cisco Employee

Hello,

Can you try to Reset first the Security Service Settings?

Please Rate Posts (by clicking on Star) and/or Mark Solutions as Accepted, when applies

When a phone registers to a CUCM server it downloads a digital signature in the form of an Initial Trust List (ITL). Once a phone has this ITL, it will not talk to any other call agent including CME.

To move a phone off of a CUCM server and get it to register to CME you will need to remove the ITL. Depending on the model, this process is different.

For a 7911 (I assume this is the same phone you had the question about firmware), go to the Settings on the phone, access the Security menu, locate the ITL, type **# on the keypad to unlock the setting, and use the softkeys to delete the ITL. After deleting the ITL, the phone should reboot and the ITL will be gone.

If, indeed, this is the same phone as the firmware question, if you do a factory reset that will wipe out both the firmware and the ITL. But you don't want to do a factory reset if you don't have to. Try deleting the ITL first.

 

Maren

so for example if i have a cucm upgrade project and a site with many phones , if the new cucm ip is different from the old cucm ip the phones wont register to the new cucm even through dhcp? it doesnt make sense to go through all the phones and delete ITL one by one?

If you are migrating a large number of phones from one CUCM cluster to another cluster (not just a changed IP on a server in a cluster), then yes the ITLs have to be removed. This can be done manually, there are 3rd-party tools (such as UnifiedFX's tool: MigrationFX), and if you are doing the entire cluster there is an enterprise parameter you can change that will delete the ITLs cluster-wide.

CME does not use ITLs, which is why you could go from CME to CUCM with no trouble. But going back to CME means that the ITL must be removed.

The ITL is a good thing, even though it is a pain when moving a phone off of a CUCM server. The ITL is effectively a digital signature. Once the ITL is downloaded into a phone, the phone will only talk to servers in that cluster, which means that a rogue/badguy CUCM server can't tell your phone to do bad things. The topic in CUCM is known as "Security by Default".

Maren

i also tried a 7941 switching it back from cucm 12 to cme i factory reset it , it is stuck on upgrading and keep restarting i cant even set the ip back to the cucm 12 while it is upgrading and restarting

The 7941 phones are pretty old and you are probably running into the two-stage firmware upgrade issue. There was a change in the certificates Cisco uses to verify firmware. The certificate in question is in the factory-non-writable portion of the flash on the phone, which is what is active after you do a factory resets. The old certificates in these really old  phones (like yours) won't verify the firmware provided by CUCM servers in CUCM v8 and later.


From: Cisco Unified IP Phone Release Notes for Firmware Release 8.5(2)SR1 (SCCP and SIP)

Firmware Upgrade Issues for SCCP

Note For all SCCP firmware upgrades from firmware release versions earlier than 8.3(3) to version 8.5(2)SR1 or greater, you must first upgrade your firmware to version 8.5(2). Once you have upgraded to version 8.5(2), you can upgrade your IP Phone to version 8.5(2)SR1 or later.


That doc has information on how to upgrade the firmware directly through CUCM, but since you already have CME in place it will be easier to do the upgrade to 8.5.(2) (or 8.5.3 or 8.5.4 depending on what you can get your hands on) in CME and then have the phone talk to CUCM for the more current version that CUCM uses. The CUCM version of firmware will also communicate successfully to CME, so once you get this fixed I encourage you to avoid doing factory resets of your older phones.

Maren

fortunately i was able to go back from cucm to cme by simply deleting the ITL then the phone uploaded the older firmware successfully