04-19-2016 11:09 AM - edited 03-17-2019 06:38 AM
Dear All,
I would like to collect live CUCM traces while phones or other end points try to register with it, and also help me understand/read the collected traces, because I sometimes find it very difficult when phones do not get registered.
Thank you in advance...
Solved! Go to Solution.
04-30-2016 07:44 AM
That means
It could be either CIPC device is not supporting for secure support automatic generation and exchange of Locally-Significant Certificates (LSC) using the Certificate Authority Proxy Function (CAPF) .
05-03-2016 08:59 AM
Below is what I saw in the logs. I wanted the ouput from the SQL querry to confirm you were not in mixed mode. You can ignore the message; however, if you were in mixed mode, this would have been a problem even if you weren't using encryption, and even if you didn't have an LSC on the phone.
##### May 02 19:16:43.099 || updateCTL
Mon May 02 19:16:43.099 : DET : ( 9292) cip_sec_NativeSecurity - updateCTL()
Mon May 02 19:16:43.099 : DET : ( 9292) entering SECUpdateCTL()
##### 19:17:02.268 || Failed TFTP download of file <CTLSEP34E6D7768BFB.tlv>, error <9> No Response
Mon May 02 19:17:02.268 : ERROR : ( 2748) tftpDownload : Failed TFTP download of file <CTLSEP34E6D7768BFB.tlv>, error <9> No Response
Mon May 02 19:17:02.268 : EE : ( 2748) tftpDownload : return:0 with status=7
Mon May 02 19:17:02.268 : EE : ( 2748) downloadFile : return:0 with status=7
Mon May 02 19:17:02.268 : EE : ( 2748) tftpRead : return: 7
##### 19:17:02.268 || finished CTL update
Mon May 02 19:17:02.268 : DET : ( 2748) finished CTL update
Mon May 02 19:17:02.268 : DET : ( 2748) setting CTLstatus=0
##### 19:17:02.268 || ** had NO CTL and CTL processing FAILED** ctl-err 13 (socket error) || failed, no CTL
Mon May 02 19:17:02.268 : DET : ( 2748) ** had NO CTL and CTL processing FAILED** ctl-err 13 (socket error)
Mon May 02 19:17:02.268 : DET : ( 2748) exiting SECUpdateCTL() - failed, no CTL, rc=<2>
With this ouput we can tell you are not in mixed mode (0 means not in mixed mode, which means no CTL)
admin:run sql select paramname,paramvalue from processconfig where paramname='ClusterSecurityMode'
paramname paramvalue
=================== ==========
ClusterSecurityMode 0
04-19-2016 11:22 AM
RTMT-->Tools-->Trace and Log Cental-->Real time Trace(select the server/service for the trace you want)
refer SRND section "Real-Time Monitoring Tool" for more about the RTMT in detail, also refer below doc for the troubleshooting approach and logs collection on phone registration issues.
https://supportforums.cisco.com/blog/12088286/troubleshooting-ip-phone-registration-cucm
04-19-2016 12:53 PM
Thank you Venperum & Deepak
I really appreciate your quick help & support.
I shall try the above steps and get back to for doubts.
04-19-2016 01:04 PM
welcome and don't forget to rate helpful posts and once you test mark thread as answered so others can be benefitted.thanks
04-29-2016 01:01 PM
Hi,
I have registered a CIPC with CUCM, but what I see in phone's status messages is "CTL update failed". what does this message mean?
Thank you
04-30-2016 06:56 AM
Any help on this?
04-30-2016 07:44 AM
That means
It could be either CIPC device is not supporting for secure support automatic generation and exchange of Locally-Significant Certificates (LSC) using the Certificate Authority Proxy Function (CAPF) .
04-30-2016 11:01 AM
Thank you Bro!!
Will get in touch for any queries.
05-01-2016 09:28 PM
The CTL file is going to be a signed file. Either signed by the SAST (USB Tokens) or the callmanager.pem certificate. When the file is presented to the phone the signer of the file will need to be verified. The phone will look to see if the same signer is present in the CTL file the phone already uses. If the phone doesn't find anything in the CTL file the phone will then check the ITL file. If the phone doesn't find anything in the ITL file the phone will reach out to the TVS servers and see if they can verify the signer. If the TVS servers reply telling the phone to trust the signer, the phone will download and use the new CTL file. Otherwise the phone won't download the new CTL file and you will see the error "CTL update failed".
My concern here would be that you might have an ITL issue as well. Try changing something on the phone (i.e. webaccess, span to pc port, device pool), save the change, reboot the phone. Once the phone is registered again, see if the phone actually implemented the change.
https://www.google.com/search?q=%22CTL+update+failed%22&ie=utf-8&oe=utf-8
05-01-2016 11:34 PM
05-02-2016 04:35 AM
The console logs will give more detail if you can download and attach them here.
Try disabling webaccess and see if you can still got to the web page.
05-02-2016 05:32 AM
Try disabling webaccess and see if you can still got to the web page?
No, I am not getting web page after I disable this option
The console logs will give more detail if you can download and attach them here?
I do not have span to pc port option and I do not find console logs for CIPC
05-02-2016 12:37 PM
Use this procedure to collect these files:
05-02-2016 12:37 PM
05-02-2016 11:57 PM
How did you do that, can you also help me with this?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide