Solved: CUCM 14 (SU2) not loading pages after login

salvage210 · ‎11-17-2022

Hello,

I am upgrading from 14(SU1) to (SU2).

The environment is an isolated, classified single cluster of 3 nodes in a lab. I cannot allow Cisco TAC to remote into the system.

I have successfully installed (SU2) on all 3 nodes. I have switched to (SU2) on the Publisher and Secondary Subscriber. When I log in to any of the admin areas on these nodes (Call Manager Admin, OS Admin, Serviceability) the page times out or presents an HTTP 500 or 404 error:

Example: No webpage found for the web address: https://XX.XXX.XXX.XXX/cmplatform/ http error 404

or: This site cant' be reached. XX.XXX.XXX.XXX took too long to respond. err_connection_timed_out

or: HTTP Status 500~ Exception: IllegalStateException Cannot create a session after the response has been committed Note: The full stack trace of the root case is available in the server logs.

I'm using Chrome v103.0.5060.53 (Official build). I have cleared the browser cache and shut the browser numerous times.

I've restarted Tomcat. I've restarted the node. None of these have had any effect. Any ideas?

pma1995 · ‎03-27-2023

We had a similar issue after upgrading to CUCM 14SU2 and TAC helped solve the issue.

Ensure that you configure the Trusted List of Hosts in HTTP Referer/Host Header

Reference: https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/install/14_SU2/cucm_b_install-guide-cucm-imp-14su2/cucm_b_install-guide-cucm-imp-14_chapter_011.html

Since you can't log into the GUI, log into the CLI and run the command below where x.x.x.x is your NAT IP.

run sql update processconfig set paramvalue='X.X.X.X' where paramname='TrustedServers'

View solution in original post

Roger Kallberg · ‎11-18-2022

In your previous post where you mentioned this you wrote this.

“The separate problem with the GUI after upgrading is related to NAT'ing in my lab environment and does not impact the Call Manager.”

Have you tried to connect to the system from a host that is on the same network as your servers? Ie bypass any NAT that you have.

salvage210 · ‎11-21-2022

Yes, I've successfully accessed the system GUI's in a network environment that doesn't use the NAT'ing.

I think the Call Manager is trying to resolve a DNS. Some sort of setting that went back to a default after upgrading. When the browser gives up, it indicates a 27.xxx.xxx.xxx address, which does not jive with my NAT environment.

This isn't critical because we don't NAT in the production environment but it is curious and I'd like to resolve it if possible.

Roger Kallberg · ‎11-21-2022

If it does work when you access it locally it’s not very likely to be an issue in CM, but in your NAT setup. That’s anyway where I would start looking.

salvage210 · ‎11-21-2022

That seems unlikely. The NAT environment worked perfectly using 11.5 and then when I upgraded to 14 (SU1). It stopped when I upgraded to (SU2). In fact, the Pub and Sub1 were on (SU2) and stopped working with NAT and Sub2 was still on (SU1) and was still accessible until I finally flipped it to (SU2).

Roger Kallberg · ‎11-21-2022

As it works when you do not pass it by your NAT setup, but not when you do pass traffic through it, there is definitely something in this that has an effect.

Nithin Eluvathingal · ‎11-23-2022

Are you Able to open the remaining page or is this just one URL which is not working. Have you checked your firewall ?

Nithin Eluvathingal · ‎11-19-2022

I have a 14 SU2 running on my lab, and I can access the web page on Crome,mozila,edge etc.. What about other pages like administration ? does that work for you ?

Check if services are started. Access the page from local PC from your Lab network

salvage210 · ‎11-21-2022

Hi Nithin,

Please see my response to Roger, above.

RachelGomez161999 · ‎11-23-2022

Solution

Enter the utils dbreplication runtimestate command in order to check for any dbreplication issues in the CUCM cluster.
Restart the Tomcat Service with the utils service restart Cisco Tomcat command.
Check for any Tomcat certificate (tomcat-trust) serial number mismatches on the nodes.
Choose Cisco OS Administration > Security > Certificate Management > tomcat.pem and check whether the Tomcat certificate is expired. If expired, regenerate the Tomcat certificate and restart the Tomcat service.
If you use a CA signed certificate, get the Tomcat CSR re-signed by the CA, re-upload it back, and restart the Cisco Tomcat service with the utils service restart Cisco Tomcat command.
If you use a self-signed certificate on the affected server, regenerate the Tomcat certificate with the set cert regen tomcat command from the CLI or from OS Admin and then restart the Cisco Tomcat service with the utils service restart Cisco Tomcat command.
These known defects are documented in Cisco bug IDs CSCui29232 and CSCud67438.

Regards,

Rachel Gomez

pma1995 · ‎03-27-2023

We had a similar issue after upgrading to CUCM 14SU2 and TAC helped solve the issue.

Ensure that you configure the Trusted List of Hosts in HTTP Referer/Host Header

Reference: https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/install/14_SU2/cucm_b_install-guide-cucm-imp-14su2/cucm_b_install-guide-cucm-imp-14_chapter_011.html

Since you can't log into the GUI, log into the CLI and run the command below where x.x.x.x is your NAT IP.

run sql update processconfig set paramvalue='X.X.X.X' where paramname='TrustedServers'

salvage210 · ‎03-28-2023

Hi pma1995,

Thanks for the great tip. When I ran the command, I received the following: "An illegal floating point number has been found in the statement"

Roger Kallberg · ‎03-28-2023

It’s much easier to validate your command if you post it verbatim as you entered it.

pma1995 · ‎04-25-2023

Note that you may need to run this command from the console in vCenter if it doesn't work via Putty.

pma1995 · ‎04-25-2023