Solved: Is Provisioning

Tan Han Ming · ‎06-13-2017

Currently, my customers have a Cisco TMS (Version 14.4.0) managing endpoints with software version TC7.3.3. Recently, they have purchased additional endpoints with software version TC7.3.6 but unable to communicate with the existing Cisco TMS. The error message given was "Could not connect to system, the connection could not be made due to: No HTTPS response".

Could anyone able to provide any advise on this issue?

Thanks in advance.

Shea Sivell · ‎06-13-2017

Cisco TelePresence Endpoints running TC7.3.6 only support TLS version 1.1 and 1.2 due to security concerns with TLS version 1.0.

This will affect communication with servers that only support TLS version 1.0.

If TMS is running on a Windows server that only has TLS version 1.0 enabled by default (i.e. Windows Server 2008 R2) it may cause connection problems when the endpoints upgraded to TC7.3.6.

Make sure TLS 1.2 or 1.1 is enabled on the server before upgrading to TC7.3.6. Older browsers may not be able to reach the endpoints web interface on HTTPS if the browser only supports TLS 1.0.

*You can enable TLS 1.1 and 1.2 by manually adding the TLS 1.1 and 1.2 Registry Keys in the registry and restarting the Windows Server.

Also see support discussion below:

https://supportforums.cisco.com/discussion/13032036/tms-reporting-no-https-response

View solution in original post

Shea Sivell · ‎06-13-2017

Cisco TelePresence Endpoints running TC7.3.6 only support TLS version 1.1 and 1.2 due to security concerns with TLS version 1.0.

This will affect communication with servers that only support TLS version 1.0.

If TMS is running on a Windows server that only has TLS version 1.0 enabled by default (i.e. Windows Server 2008 R2) it may cause connection problems when the endpoints upgraded to TC7.3.6.

Make sure TLS 1.2 or 1.1 is enabled on the server before upgrading to TC7.3.6. Older browsers may not be able to reach the endpoints web interface on HTTPS if the browser only supports TLS 1.0.

*You can enable TLS 1.1 and 1.2 by manually adding the TLS 1.1 and 1.2 Registry Keys in the registry and restarting the Windows Server.

Also see support discussion below:

https://supportforums.cisco.com/discussion/13032036/tms-reporting-no-https-response

Tan Han Ming · ‎07-06-2017

Hi Shea Sivell,

I have added in TLS version 1.1 and 1.2 in the windows registry but still unable to connect to the new endpoints using TC7.3.6.

I am able to connect to the new endpoints with HTTP enabled on endpoints and secure-only device communication disabled on TMS. When I disabled HTTP on the endpoints and enabled secure-only device communication enabled on the TMS, the same error message will appeared.

Based on my customers requirement, I need to disable HTTP. Is there any settings I need to configure on both the endpoints and TMS to resolve this issue?

Thanks.

Patrick Sparkman · ‎07-06-2017

Is Provisioning ExternalManager Protocol set to HTTPS on the endpoints?

Is port 443 open on the any network firewalls between the endpoint and TMS, as well as in the Windows firewall?

Using a web browser, can you connect to the endpoint from the TMS server using HTTPS?

Tan Han Ming · ‎07-06-2017

Yes, the Provisioning ExternalManager Protocol is set to HTTPS and port 443 is open on the firewall between enpoints and TMS. I have also disabled windows firewall for testing purpose.

From the TMS server, I am able to connect to the endpoint using HTTPS on a web browser.

Cisco TMS unable to manage new endpoints