Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2446
Views
50
Helpful
13
Replies

An unknown error occurred log4J 11.5.1.17900-52

Go to solution
chkraemer
Level 1
Level 1

‎12-24-2021 01:44 AM

Hello, 
I try to update the Log4J Hotfix: ciscocm.V11.5_log4j_CVE-2021-44228_C0156-3.k4.cop.sha512 
CUCM Version 11.5.1.17900-52

Error: An unknown error occurred while accessing the upgrade file.
Also in the Log is just said, that there is an unkown error. 


I just found old articles, but tried the hints they give, but it does not help.

I think this is an older Problem, but I could not find anything that helped.
- OS to Permissions mode,
- Set an NTP Server,
- Patch Ciscocm.enable-sha512sum-2021-signing-key-v1.0.cop.sgn (not for this Version, should be included)

Any Ideas?
Thanks
Kraemer

 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Nithin Eluvathingal
VIP
VIP
In response to chkraemer

‎12-25-2021 06:46 PM

Which SFTP application are you using ?As a workaround  Try a different SFTP application to install the COP.

 

This COP file should ONLY be installed via the CLI. It should not be installed via the GUI or PCD. It should be installed on all nodes in the cluster



Response Signature


View solution in original post

Go to solution
chkraemer
Level 1
Level 1

‎12-28-2021 04:24 AM

The sha512 was a Point, but my main Problem was the SFTP Server which got a new Setup with a New Certificate.
As Workaround I took another SFTP Server and it worked.
Thanks for all the good hints.

View solution in original post

0 Helpful
13 Replies 13

Go to solution
Kevin Li
Level 4
Level 4

‎12-24-2021 03:43 AM - edited ‎12-24-2021 03:44 AM

You probably need the sha512 patch on your 11.5 UCM in order to support the newer sha512 signed cop files.

The file you need to load to support sha512 signed cop files is named "ciscocm.enable-sha512sum-2021-signing-key-v1.0.cop.sgn" and can be found here: https://software.cisco.com/download/home/286306100/type/282204704/release/COP-Files

Go to solution
chkraemer
Level 1
Level 1
In response to Kevin Li

‎12-24-2021 04:51 AM

Thanks Kevin, 

 

but by installing this sha512 Cop File, I got the same Error-Message. Doesn't work. Like I told in the opening post.
hoped there is another Cop File fixing this too  

Best wishes

Chrisitan
 

0 Helpful

Go to solution
Roger Kallberg
VIP
VIP

‎12-24-2021 04:03 AM - edited ‎12-27-2021 04:40 AM

What is your exact version of CM?

Have you satisfied this prerequisite for the log4j COP file?

CAUTION: This COP file is signed with a new signing key. If the affected version does not contain this new signing key natively, it will be necessary to install the ciscocm.enable-sha512sum-2021-signing- key-v1.0.cop.sgn COP file first if it has not been installed previously. If the new signing key is not present on the system, a “not supported” error will be displayed when trying to install the log4j COP. See the enable COP readme for specifics on versions that contain the 2021 signing key natively.



Response Signature


Go to solution
chkraemer
Level 1
Level 1
In response to Roger Kallberg

‎12-24-2021 04:53 AM

Thank you Roger,

It's the 11.5.1.7900-52

The enable Sha512 doesn't Work either.
Someone any idea, why this happens?

 

Best wishes
Christian

0 Helpful

Go to solution
Roger Kallberg
VIP
VIP
In response to chkraemer

‎12-24-2021 05:38 AM - edited ‎12-27-2021 04:39 AM

Are you sure on that version? I think that you might have left out a digit.

The read me for the log4j fix for the security vulnerability states this as the version requirement.
CUCM: All versions from 11.5.1.17900- to 11.5.1.23162-1 (including SU7, SU8, SU9, SU10, and all ES’s)

For the signing file update the read me says that you need it up to version 11.5.1.22144-1. So you’ll need to have this installed before you can install any COP that is signed with these keys.



Response Signature


0 Helpful

Go to solution
chkraemer
Level 1
Level 1
In response to Roger Kallberg

‎12-24-2021 06:30 AM

system version: 11.5.1.17900-52
You are Write, and that's what I thought. The Signing must be included, so I must have another Problem. 
0 Helpful

Go to solution
Roger Kallberg
VIP
VIP
In response to chkraemer

‎12-24-2021 06:55 AM - edited ‎12-25-2021 11:50 PM

What do you mean by this “The Signing must be included, so I must have another Problem.”?

What I pointed out is that you’ll need to have the COP file for adding signing keys installed before you can install the log4j security vulnerability fix COP file. Do you have the COP file for adding the 2021 signing keys installed? Can you please share the output from “show version active” from CLI?



Response Signature


0 Helpful

Go to solution
Nithin Eluvathingal
VIP
VIP
In response to chkraemer

‎12-25-2021 06:46 PM

Which SFTP application are you using ?As a workaround  Try a different SFTP application to install the COP.

 

This COP file should ONLY be installed via the CLI. It should not be installed via the GUI or PCD. It should be installed on all nodes in the cluster



Response Signature


Go to solution
chkraemer
Level 1
Level 1

‎12-26-2021 11:50 PM

Hello, 

thank our for your answers, they are all very helpful for my understanding. 
I figured out, that I have a generell problem with Cop-files. Tried just a phone-update File with SHA512 and one with K3.cop.sgn, with an FTP and SFTP Serve. every time  I got the same error.
Next step I check out the Certificates and Services. 
Thanks a lot

0 Helpful

Go to solution
Roger Kallberg
VIP
VIP
In response to chkraemer

‎12-27-2021 01:30 AM

Can you please share the output from “show version active” from CLI?



Response Signature


0 Helpful

Go to solution
chkraemer
Level 1
Level 1
In response to Roger Kallberg

‎12-27-2021 02:09 AM

admin:show version active
Active Master Version: 11.5.1.17900-52
Active Version Installed Software Options:
cmterm-8821-sip.11-0-5SR2-2.k3.cop
cmterm-s52000tc6_3_4.k3.cop
cmterm-88xx-sip.12-5-1SR2-2.k3.cop
cmterm-devicepack11.5.1.21131-1.cop
cmterm-dx80.10-2-5-212.k3.cop
cmterm-8821-sip.11-0-6-7.k3.cop
cm-locale-combined_network-11.0.1.1000-1.cop
cmterm-88xx-sip.12-7-1-0101-415.k3.cop
cmterm-8821-sip.11-0-5SR1-4.k3.cop
cmterm-8821-sip.11-0-3SR4-3.k3.cop
po-locale-de_DE-k3-11.0.1.1000-1.cop
cmterm-88xx-sip.12-0-1SR1-1.k3.cop
cmterm-88xx-sip.12-1-1SR1-4.k3.cop
cmterm-8821-sip.11-0-5-17.k3.cop
ciscocm.free_common_space_v1.5.cop
cmterm-devicepack11.0.1.22052-1.cop
cmterm-8821-sip.11-0-4SR2-15.k3.cop
cmterm-s52010tc7_3_5.k3.cop
cmterm-synergy-ce9_4_1_no_defaults.cop
cmterm-devicepack11.0.1.25097-1.cop
cmterm-8821-sip.11-0-4ES6-3.k3.cop
cmterm-7942_7962-sip.9-4-2SR3-1.k3.cop
ciscocm.version3-keys.cop
cmterm-s52000tc7_3_5.k3.cop
cmterm-8821-sip.11-0-5SR3-2.k3.cop
cmterm-8821-sip.11-0-4SR1-13.k3.cop
cmterm-8821-sip.11-0-3SR6-15.k3.cop
cmterm-8821-sip.11-0-3SR1-1.k3.cop
cm-locale-de_DE-11.5.1.7000-1.cop
cmterm-dx80.10-2-5-215.k3.cop
cmterm-7942_7962-sccp.9-4-2SR3-1.k3.cop
po-locale-combined_network-k3-11.0.1.1000-1.cop
cmterm-8821-sip.11-0-4-14.k3.cop
admin:

Go to solution
Roger Kallberg
VIP
VIP
In response to chkraemer

‎12-27-2021 02:46 AM

AFAICT you have not installed the ciscocm.enable-sha512sum-2021-signing-key-v1.0.cop.sgn file that is a prerequisite for the log4j vulnerability fix COP file. Please install this and try again.



Response Signature


Go to solution
chkraemer
Level 1
Level 1

‎12-28-2021 04:24 AM

The sha512 was a Point, but my main Problem was the SFTP Server which got a new Setup with a New Certificate.
As Workaround I took another SFTP Server and it worked.
Thanks for all the good hints.

0 Helpful
Customers Also Viewed These Support Documents