Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
379
Views
7
Helpful
6
Replies

CUCM 12.5 Subscriber re-build

Go to solution
Hermozol
Level 1
Level 1

‎01-25-2024 05:33 AM

Hello.

I have cluster with Pub and one Sub. Sub is completely damaged after power failure, Recovery by fsck do not resolved problem. I'm gonna re-build Sub from scratch with same DNS name. Should I first remove it from Pub and add as new with same DNS name or just install? I'm not sure if Pub has old Sub SSH key and use it during nodes connection.

Regards

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Elliot Dierksen
VIP
VIP

‎01-25-2024 05:38 AM

You don't need to remove and re-add the subscriber from the publisher as long as you will be rebuilding using the same name and IP address. If the old subscriber had a CA signed certificate for Tomcat, you will need to generate a new CSR and get that re-issued. Don't forget to upload any required tomcat-trust certificates for the relevant CA's.

View solution in original post

6 Replies 6

Go to solution
Elliot Dierksen
VIP
VIP

‎01-25-2024 05:38 AM

You don't need to remove and re-add the subscriber from the publisher as long as you will be rebuilding using the same name and IP address. If the old subscriber had a CA signed certificate for Tomcat, you will need to generate a new CSR and get that re-issued. Don't forget to upload any required tomcat-trust certificates for the relevant CA's.

Go to solution
Roger Kallberg
VIP
VIP
In response to Elliot Dierksen

‎01-25-2024 07:38 AM - edited ‎01-25-2024 07:39 AM

@Elliot Dierksen If the OP is planning to do a DRS restore there should be no need to create any new CSR. Also if the OP uses a multi SAN certificate for Tomcat there should be no need to create anything new in regards to certificates.

@Hermozol I would recommend you to look into doing a DRS restore if you are not heading in that direction already. With that you'll get back to the as where before state with as little hassle as possible.



Response Signature


Go to solution
Elliot Dierksen
VIP
VIP
In response to Roger Kallberg

‎01-25-2024 08:57 AM

If the server is using a multi SAN certificate, you will either have to do a DRS restore or redo the CSR for the MSAN certificate. It will not automatically propagate to the added subscriber. Unfortunately I have first hand experience with that...

Go to solution
Roger Kallberg
VIP
VIP
In response to Elliot Dierksen

‎01-25-2024 01:01 PM - edited ‎01-25-2024 11:24 PM

That why I advocate to go down the DRS route as that is the best way to restore the subscriber with all the files and options.



Response Signature


0 Helpful

Go to solution
Hermozol
Level 1
Level 1
In response to Elliot Dierksen

‎01-25-2024 11:07 PM

Thank you for your confirmation. This is what I expected because I don't think there is a private key propagation mechanism.

0 Helpful

Go to solution
Nithin Eluvathingal
VIP
VIP

‎01-25-2024 06:38 AM

As @Elliot Dierksen  commented, You can skip deleting the Sub from CUCM publisher if you are using the same IP and hostname. Just proceed with the Sub installation.



Response Signature


Customers Also Viewed These Support Documents