Solved: Check you TMS Server and make

Firdaush Ginowrie · ‎05-26-2016

Hello,

Version related info:

TMS Version: 14.6.1

Endpoint Version: TC7.3.6

After registering a TC endpoints with TC version 7.3.6 to our TMS, we are having systematically some Warning and error messages :

Warning! Connection status is 'No HTTPS response
#117731 - HTTPS Connection Error #117733 - System Is Not Registered with Unified CM
#117730 - Active Gatekeeper Address Blank

But by downgrading on tC7.2.1, the problem disappear.

Unfortunately, we'll need to keep the TC7.3.6 to handle properly all the functionalities for our MX700/800 Dual CAM.

I need your help to get this issue resolved.

Regards,

Fird

Shea Sivell · ‎05-26-2016

Check your TMS Server and make sure that TLS 1.1 and 1.2 are enabled, as it is required for endpoints running TC7.3.6 and above, and CE8.1.0 and above.

(p.7)

http://www.cisco.com/c/dam/en/us/td/docs/telepresence/endpoint/software/tc7/release_notes/tc-software-release-notes-tc7.pdf

TC7.3.6 - Discontinued support for TLS 1.0

Cisco TelePresence Endpoints running TC7.3.6 only support TLS version 1.1 and 1.2 due to security concerns with TLS version 1.0.

*NOTE* that this may affect communication with servers that only support TLS version 1.0.

If TMS is running on a Windows server that only has TLS version 1.0 enabled by default (i.e. Windows Server 2008 R2) it may cause connection problems when the endpoints upgraded to TC7.3.6.

Make sure TLS 1.2 or 1.1 is enabled on the server before upgrading to TC7.3.6. Older browsers may not be able to reach the endpoints web interface on HTTPS if the browser only supports TLS 1.0.

*You can enable TLS 1.1 and 1.2 by manually adding the TLS 1.1 and 1.2 Registry Keys in the registry and restarting the Windows Server

View solution in original post

Shea Sivell · ‎05-26-2016

There is no impact. The endpoints will simply revert back to using HTTP for connections. See link and info below:

(p.54)

http://www.cisco.com/en/US/docs/telepresence/infrastructure/tms/config_guide/Cisco_TelePresence_Implementing_Secure_Management_Config_Guide.pdf

Turning Secure-Only Mode Off

Turning Secure-Only off will reverse Cisco TMS’s behavior without impact, and systems will have their connection settings automatically reverted to use HTTP methods the next time Enforce Management Settings are applied to the system. Connectivity will not be disrupted while waiting for the Enforce Management Settings update unless HTTPS has been disabled on IIS server of Cisco TMS by disabling or removing the server certificate before all systems have been updated. Systems may continue to use HTTPS for their own web servers as Cisco TMS supports HTTPS or HTTP connectivity to devices even with Secure-Only disabled in Cisco TMS.

View solution in original post

Shea Sivell · ‎05-26-2016

Check your TMS Server and make sure that TLS 1.1 and 1.2 are enabled, as it is required for endpoints running TC7.3.6 and above, and CE8.1.0 and above.

(p.7)

http://www.cisco.com/c/dam/en/us/td/docs/telepresence/endpoint/software/tc7/release_notes/tc-software-release-notes-tc7.pdf

TC7.3.6 - Discontinued support for TLS 1.0

Cisco TelePresence Endpoints running TC7.3.6 only support TLS version 1.1 and 1.2 due to security concerns with TLS version 1.0.

*NOTE* that this may affect communication with servers that only support TLS version 1.0.

If TMS is running on a Windows server that only has TLS version 1.0 enabled by default (i.e. Windows Server 2008 R2) it may cause connection problems when the endpoints upgraded to TC7.3.6.

Make sure TLS 1.2 or 1.1 is enabled on the server before upgrading to TC7.3.6. Older browsers may not be able to reach the endpoints web interface on HTTPS if the browser only supports TLS 1.0.

*You can enable TLS 1.1 and 1.2 by manually adding the TLS 1.1 and 1.2 Registry Keys in the registry and restarting the Windows Server

Firdaush Ginowrie · ‎05-26-2016

Hello Shea,

Our team found another workaround.

On the TMS > Administrative Tools > Network Settings :

Secure-ONly Device Communication = turn it OFF

By turning it OFF, the issue has been resolved.

Is there any impact by turning off this option?

Shea Sivell · ‎05-26-2016

There is no impact. The endpoints will simply revert back to using HTTP for connections. See link and info below:

(p.54)

http://www.cisco.com/en/US/docs/telepresence/infrastructure/tms/config_guide/Cisco_TelePresence_Implementing_Secure_Management_Config_Guide.pdf

Turning Secure-Only Mode Off

Turning Secure-Only off will reverse Cisco TMS’s behavior without impact, and systems will have their connection settings automatically reverted to use HTTP methods the next time Enforce Management Settings are applied to the system. Connectivity will not be disrupted while waiting for the Enforce Management Settings update unless HTTPS has been disabled on IIS server of Cisco TMS by disabling or removing the server certificate before all systems have been updated. Systems may continue to use HTTPS for their own web servers as Cisco TMS supports HTTPS or HTTP connectivity to devices even with Secure-Only disabled in Cisco TMS.

Shashank Mahajan · ‎05-27-2016

This issue has already been addressed in a discussion before.

https://supportforums.cisco.com/discussion/13021751/no-https-response-tc736-and-ce810

Shea Sivell · ‎05-26-2016

.

TMS reporting "No HTTPS response"