Solved: Understand or Read live CUCM traces

Syed · ‎04-19-2016

Dear All,

I would like to collect live CUCM traces while phones or other end points try to register with it, and also help me understand/read the collected traces, because I sometimes find it very difficult when phones do not get registered.

Thank you in advance...

Deepak Mehta · ‎04-30-2016

That means device is unable to get CTL file from the CUCM and is working on non secure mode. So you shouldn't be worried about this as long as you dont need secure comm.

It could be either CIPC device is not supporting for secure support automatic generation and exchange of Locally-Significant Certificates (LSC) using the Certificate Authority Proxy Function (CAPF) .Also CAPF certificates for CTL files might not be installed .

View solution in original post

pkinane · ‎05-03-2016

Below is what I saw in the logs. I wanted the ouput from the SQL querry to confirm you were not in mixed mode. You can ignore the message; however, if you were in mixed mode, this would have been a problem even if you weren't using encryption, and even if you didn't have an LSC on the phone.

##### May 02 19:16:43.099 || updateCTL
Mon May 02 19:16:43.099 :   DET : ( 9292) cip_sec_NativeSecurity - updateCTL()
Mon May 02 19:16:43.099 :   DET : ( 9292) entering SECUpdateCTL()

##### 19:17:02.268 || Failed TFTP download of file <CTLSEP34E6D7768BFB.tlv>, error <9> No Response
Mon May 02 19:17:02.268 : ERROR : ( 2748) tftpDownload : Failed TFTP download of file <CTLSEP34E6D7768BFB.tlv>, error <9> No Response
Mon May 02 19:17:02.268 :    EE : ( 2748) tftpDownload : return:0 with status=7
Mon May 02 19:17:02.268 :    EE : ( 2748) downloadFile : return:0 with status=7
Mon May 02 19:17:02.268 :    EE : ( 2748) tftpRead : return: 7

##### 19:17:02.268 || finished CTL update
Mon May 02 19:17:02.268 :   DET : ( 2748) finished CTL update
Mon May 02 19:17:02.268 :   DET : ( 2748) setting CTLstatus=0

##### 19:17:02.268 || ** had NO CTL and CTL processing FAILED** ctl-err 13 (socket error) || failed, no CTL
Mon May 02 19:17:02.268 :   DET : ( 2748) ** had NO CTL and CTL processing FAILED** ctl-err 13 (socket error)
Mon May 02 19:17:02.268 :   DET : ( 2748) exiting SECUpdateCTL() - failed, no CTL, rc=<2>

With this ouput we can tell you are not in mixed mode (0 means not in mixed mode, which means no CTL)

admin:run sql select paramname,paramvalue from processconfig where paramname='ClusterSecurityMode'
paramname paramvalue
=================== ==========
ClusterSecurityMode 0

View solution in original post

Venkatesh Perumal · ‎04-19-2016

RTMT-->Tools-->Trace and Log Cental-->Real time Trace(select the server/service for the trace you want)

refer SRND section "Real-Time Monitoring Tool" for more about the RTMT in detail, also refer below doc for the troubleshooting approach and logs collection on phone registration issues.

https://supportforums.cisco.com/blog/12088286/troubleshooting-ip-phone-registration-cucm

Syed · ‎04-19-2016

Thank you Venperum & Deepak

I really appreciate your quick help & support.

I shall try the above steps and get back to for doubts.

Deepak Mehta · ‎04-19-2016

welcome and don't forget to rate helpful posts and once you test mark thread as answered so others can be benefitted.thanks

Syed · ‎04-29-2016

Hi,

I have registered a CIPC with CUCM, but what I see in phone's status messages is "CTL update failed". what does this message mean?

Thank you

Syed · ‎04-30-2016

Any help on this?

Deepak Mehta · ‎04-30-2016

That means device is unable to get CTL file from the CUCM and is working on non secure mode. So you shouldn't be worried about this as long as you dont need secure comm.

It could be either CIPC device is not supporting for secure support automatic generation and exchange of Locally-Significant Certificates (LSC) using the Certificate Authority Proxy Function (CAPF) .Also CAPF certificates for CTL files might not be installed .

Syed · ‎04-30-2016

Thank you Bro!!

Will get in touch for any queries.

pkinane · ‎05-01-2016

The CTL file is going to be a signed file. Either signed by the SAST (USB Tokens) or the callmanager.pem certificate. When the file is presented to the phone the signer of the file will need to be verified. The phone will look to see if the same signer is present in the CTL file the phone already uses. If the phone doesn't find anything in the CTL file the phone will then check the ITL file. If the phone doesn't find anything in the ITL file the phone will reach out to the TVS servers and see if they can verify the signer. If the TVS servers reply telling the phone to trust the signer, the phone will download and use the new CTL file. Otherwise the phone won't download the new CTL file and you will see the error "CTL update failed".

My concern here would be that you might have an ITL issue as well. Try changing something on the phone (i.e. webaccess, span to pc port, device pool), save the change, reboot the phone. Once the phone is registered again, see if the phone actually implemented the change.

https://www.google.com/search?q=%22CTL+update+failed%22&ie=utf-8&oe=utf-8

https://supportforums.cisco.com/document/73611/ip-phone-security-and-ctl-certificate-trust-list#Verification_and_Repair_Checklist

Syed · ‎05-01-2016

thank you Pkinane for more detailed explaination.

Webaccess is already enabled on this device

Span to pc port: I do not find this option for CIPC

Device Pool: Changed

Please find the attached image for latest error message

pkinane · ‎05-02-2016

The console logs will give more detail if you can download and attach them here.

Try disabling webaccess and see if you can still got to the web page.

Syed · ‎05-02-2016

Try disabling webaccess and see if you can still got to the web page?

No, I am not getting web page after I disable this option

The console logs will give more detail if you can download and attach them here?

I do not have span to pc port option and I do not find console logs for CIPC

pkinane · ‎05-02-2016

Use this procedure to collect these files:

Enable detailed logging (right-click > Preferences > User tab, and check Enable Logging).

Attempt to reproduce the problem. If you are unable to reproduce the problem, the logs will not have detailed information.

Create the report by choosing Start > All Programs > Cisco IP Communicator > Create CIPC Problem Report.

Follow the instructions you see to describe the problem. Make sure to include this information:

A description of the problem.
An explanation of what you were doing at the time the problem occurred.
Which audio device was in use at the time.
Any other details that might have affected the situation.

Before you click Finish, note the name of the file that has been created on your desktop.

pkinane · ‎05-02-2016

I started my CIPC in my lab and had the same issue as you.

I was able to correct the issue by updating my CTL file.

Syed · ‎05-02-2016

How did you do that, can you also help me with this?