Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1869
Views
0
Helpful
4
Replies

"No HTTPS response" for CUCM after upgrading TMS to 15.3.0

Go to solution
Matthieu LIENART
Level 1
Level 1

‎09-09-2016 02:35 AM - edited ‎03-18-2019 06:21 AM

Just upgraded our TMS from 14.6 to 15.3 and since then all my CUCMs show up on the TMS with a status of "no HTTPS response".

I looked at: https://supportforums.cisco.com/discussion/11809721/no-https-response-when-adding-cucm-tms

and: http://www.cisco.com/c/en/us/support/docs/conferencing/telepresence-management-server/118387-technote-tms-00.html

and the TMS 15.3 administration guide

but none help.

And from the TMS server, using a browser I can access to the CUCM using HTTPS.

Has anything changed on this new version ?

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Matthieu LIENART
Level 1
Level 1

‎09-14-2016 07:35 PM

After analyzing the network logs on the TMS, we found out the issue.
It was a two-fold problem.


1- The change of TLS support in the new version. Windows does not support TLS 1.1 and TLS 1.2 by default and have to be activated by updating registery key as mentioned in pointed in Cisco's TMS documentation https://technet.microsoft.com/en-us/library/dn786418.aspx


2- But that was not enough. After taking wireshark captures on the TMS, we also found out that in the TLS handshake the TMS was not advertising SHA512 capabilities and the CUCM was requiring them. SHA512 was not enabled for TLS1.2 on windows server: https://social.technet.microsoft.com/Forums/office/en-US/857c6804-8ce1-4f09-b657-00554055da16/tls-12-and-sha512?forum=winserversecurity
After applying the patch the issue was fixed

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Matthieu LIENART
Level 1
Level 1

‎09-11-2016 08:11 PM

Also found out that none of the endpoints pointing to the TMS with https://... URL couldn't retreive the phonebook. We had to change all URLs as http://...

Seems like a problem related with the TLS change in version 15.3

Not sure what must be done to get the TMS to connect back to the CUCM in HTTPS, though...

0 Helpful

Go to solution
Wayne DeNardi
VIP Alumni
VIP Alumni
In response to Matthieu LIENART

‎09-11-2016 08:30 PM

It's likely that TLS 1.0 has been disabled on the IIS server.  A quick and easy way to check/change that is with the IISCrypto tool.

Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.

Wayne

Please remember to mark helpful responses and to set your question as answered if appropriate.

0 Helpful

Go to solution
Matthieu LIENART
Level 1
Level 1
In response to Wayne DeNardi

‎09-14-2016 07:37 PM

Thanks but that was not enough as I mentioned in my reply to my own discussion. The other issue was that SHA512 is not enabled for TLS1.2 by default on windows server.

0 Helpful

Go to solution
Matthieu LIENART
Level 1
Level 1

‎09-14-2016 07:35 PM

After analyzing the network logs on the TMS, we found out the issue.
It was a two-fold problem.


1- The change of TLS support in the new version. Windows does not support TLS 1.1 and TLS 1.2 by default and have to be activated by updating registery key as mentioned in pointed in Cisco's TMS documentation https://technet.microsoft.com/en-us/library/dn786418.aspx


2- But that was not enough. After taking wireshark captures on the TMS, we also found out that in the TLS handshake the TMS was not advertising SHA512 capabilities and the CUCM was requiring them. SHA512 was not enabled for TLS1.2 on windows server: https://social.technet.microsoft.com/Forums/office/en-US/857c6804-8ce1-4f09-b657-00554055da16/tls-12-and-sha512?forum=winserversecurity
After applying the patch the issue was fixed

0 Helpful
Customers Also Viewed These Support Documents