09-14-2015 02:46 PM - edited 03-19-2019 10:05 AM
Hello,
Currently I have a new 10.x SRSV deployment that will not allow me to add a new branch from the CUC central server. When I create the branch I get the error message branch is unreachable. From the troubleshooting document I see this could be an issue with the PAT port. However I am using 443 the default port. Also when I pulled a PCAP I see that TLSv1.2 Alert handshake failure.
Pings of course between the two servers are completing successfully.
My first questions is I have a slight version mismatch between my SRSV branch router and the CUC central server. I am currently patching it now to be identical. Is this the source of my problems?
There is nothing in the 10.x documentation I see about certs but I went ahead and took the Tomcat certs and added them as trust on each server and still getting the unreachable message. Is a cert exchange needed?
Can anyone shed any more light on this or point me to the correct documentation.
Solved! Go to Solution.
09-14-2015 09:21 PM
Hi Gregory,
The following general procedure applies to this issue:
For the server in Central location;
set network domain
Restart server
utils system restart
Repeat procedure for SRSV location.
Set network domain
utils system restart
Regenerate all the certificates on Central and SRSV site:
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/10x/os_administration/guide/
10xcucosagx/10xcucosag060.html
Upload tomcat certificates to tomcat-trust store between Central Publisher and SRSV
location.
Execute below command from CLI of Central and SRSV servers to allow SelfSignedCertificates
communication:
run cuc dbquery unitydirdb EXECUTE PROCEDURE
csp_ConfigurationModify(pFullName='System.SRSV.AcceptSrsvSelfSignedCertificates',
pValue='1');
Manish
- Do rate helpful posts -
09-14-2015 09:21 PM
Hi Gregory,
The following general procedure applies to this issue:
For the server in Central location;
set network domain
Restart server
utils system restart
Repeat procedure for SRSV location.
Set network domain
utils system restart
Regenerate all the certificates on Central and SRSV site:
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/10x/os_administration/guide/
10xcucosagx/10xcucosag060.html
Upload tomcat certificates to tomcat-trust store between Central Publisher and SRSV
location.
Execute below command from CLI of Central and SRSV servers to allow SelfSignedCertificates
communication:
run cuc dbquery unitydirdb EXECUTE PROCEDURE
csp_ConfigurationModify(pFullName='System.SRSV.AcceptSrsvSelfSignedCertificates',
pValue='1');
Manish
- Do rate helpful posts -
09-15-2015 06:21 AM
Manish,
Thank you for this reply I will try this.
Can you let me know if once I accept self signed cert I can toggle the value back no problem.
I am currently testing in lab with a non production CUC. I wanted to do some basic test before I send this out in the field.
The SRSV module will be going out to a site where we will have a CA signed cert on the CUC server.
I want to avoid a rebuild.
09-15-2015 07:33 AM
Found this in the reference guide now. Maybe I missed that part of the documentation.
Also looks like the document has one of the sql commands wrong.
run cuc dbquery unitydirdb EXECUTE PROCEDURE csp_ConfigurationModify(pFullName='System.SRSV.IgnoreSrsvCertificateErrors', pValue='1')
not
run cuc dbquery unitydirdb EXECUTE PROCEDURE csp_ConfigurationModify(pFullName='System.SRSV.System.SRSV.IgnoreSrsvCertificateErrors', pValue='1')
Thanks as always Manish
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: