cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

855
Views
0
Helpful
4
Replies

"No HTTPS response" for CUCM after upgrading TMS to 15.3.0

Just upgraded our TMS from 14.6 to 15.3 and since then all my CUCMs show up on the TMS with a status of "no HTTPS response".

I looked at: https://supportforums.cisco.com/discussion/11809721/no-https-response-when-adding-cucm-tms

and: http://www.cisco.com/c/en/us/support/docs/conferencing/telepresence-management-server/118387-technote-tms-00.html

and the TMS 15.3 administration guide

but none help.

And from the TMS server, using a browser I can access to the CUCM using HTTPS.

Has anything changed on this new version ?

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions

After analyzing the network

After analyzing the network logs on the TMS, we found out the issue.
It was a two-fold problem.


1- The change of TLS support in the new version. Windows does not support TLS 1.1 and TLS 1.2 by default and have to be activated by updating registery key as mentioned in pointed in Cisco's TMS documentation https://technet.microsoft.com/en-us/library/dn786418.aspx


2- But that was not enough. After taking wireshark captures on the TMS, we also found out that in the TLS handshake the TMS was not advertising SHA512 capabilities and the CUCM was requiring them. SHA512 was not enabled for TLS1.2 on windows server: https://social.technet.microsoft.com/Forums/office/en-US/857c6804-8ce1-4f09-b657-00554055da16/tls-12-and-sha512?forum=winserversecurity
After applying the patch the issue was fixed

View solution in original post

4 REPLIES 4
Highlighted

Also found out that none of

Also found out that none of the endpoints pointing to the TMS with https://... URL couldn't retreive the phonebook. We had to change all URLs as http://...

Seems like a problem related with the TLS change in version 15.3

Not sure what must be done to get the TMS to connect back to the CUCM in HTTPS, though...

VIP Advisor

It's likely that TLS 1.0 has

It's likely that TLS 1.0 has been disabled on the IIS server.  A quick and easy way to check/change that is with the IISCrypto tool.

Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.

Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.

Thanks but that was not

Thanks but that was not enough as I mentioned in my reply to my own discussion. The other issue was that SHA512 is not enabled for TLS1.2 by default on windows server.

After analyzing the network

After analyzing the network logs on the TMS, we found out the issue.
It was a two-fold problem.


1- The change of TLS support in the new version. Windows does not support TLS 1.1 and TLS 1.2 by default and have to be activated by updating registery key as mentioned in pointed in Cisco's TMS documentation https://technet.microsoft.com/en-us/library/dn786418.aspx


2- But that was not enough. After taking wireshark captures on the TMS, we also found out that in the TLS handshake the TMS was not advertising SHA512 capabilities and the CUCM was requiring them. SHA512 was not enabled for TLS1.2 on windows server: https://social.technet.microsoft.com/Forums/office/en-US/857c6804-8ce1-4f09-b657-00554055da16/tls-12-and-sha512?forum=winserversecurity
After applying the patch the issue was fixed

View solution in original post

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here