Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
371
Views
10
Helpful
3
Replies

srsv branch is unreachable

Go to solution
Gregory Brunn
Spotlight
Spotlight

‎09-14-2015 02:46 PM - edited ‎03-19-2019 10:05 AM

Hello,

Currently I have a new 10.x SRSV deployment that will not allow me to add a new branch from the CUC central server. When I create the branch I get the error message branch is unreachable. From the troubleshooting document I see this could be an issue with the PAT port. However I am using 443 the default port. Also when I pulled a PCAP I see that TLSv1.2 Alert handshake failure.  

Pings of course between the two servers are completing successfully. 

My first questions is I have a slight version mismatch between my SRSV branch router and the CUC central server. I am currently patching it now to be identical. Is this the source of my problems? 

There is nothing in the 10.x documentation I see about certs but I went ahead and took the Tomcat certs and added them as trust on each server and still getting the unreachable message. Is a cert exchange needed?

 

Can anyone shed any more light on this or point me to the correct documentation.

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Manish Gogna
Cisco Employee
Cisco Employee

‎09-14-2015 09:21 PM

Hi Gregory,

The following general procedure applies to this issue:

For  the server in Central location;
set network domain

Restart server
utils system restart

Repeat procedure for SRSV location.
Set network domain
utils system restart

Regenerate all the certificates on Central and SRSV site:

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/10x/os_administration/guide/
10xcucosagx/10xcucosag060.html

Upload tomcat certificates to tomcat-trust store between Central Publisher and SRSV
location.

Execute below command from CLI of Central and SRSV servers to allow SelfSignedCertificates
communication:

run cuc dbquery unitydirdb EXECUTE PROCEDURE
csp_ConfigurationModify(pFullName='System.SRSV.AcceptSrsvSelfSignedCertificates',
pValue='1');

 

Manish

- Do rate helpful posts -

View solution in original post

3 Replies 3

Go to solution
Manish Gogna
Cisco Employee
Cisco Employee

‎09-14-2015 09:21 PM

Hi Gregory,

The following general procedure applies to this issue:

For  the server in Central location;
set network domain

Restart server
utils system restart

Repeat procedure for SRSV location.
Set network domain
utils system restart

Regenerate all the certificates on Central and SRSV site:

http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/10x/os_administration/guide/
10xcucosagx/10xcucosag060.html

Upload tomcat certificates to tomcat-trust store between Central Publisher and SRSV
location.

Execute below command from CLI of Central and SRSV servers to allow SelfSignedCertificates
communication:

run cuc dbquery unitydirdb EXECUTE PROCEDURE
csp_ConfigurationModify(pFullName='System.SRSV.AcceptSrsvSelfSignedCertificates',
pValue='1');

 

Manish

- Do rate helpful posts -

Go to solution
Gregory Brunn
Spotlight
Spotlight
In response to Manish Gogna

‎09-15-2015 06:21 AM

Manish,

Thank you for this reply I will try this.

Can you let me know if once I accept self signed cert I can toggle the value back no problem.

I am currently testing in lab with a non production CUC.  I wanted to do some basic test before I send this out in the field.

 The SRSV module will be going out to a site where we will have a CA signed cert on the CUC server.

I want to avoid a rebuild.

 

0 Helpful

Go to solution
Gregory Brunn
Spotlight
Spotlight
In response to Gregory Brunn

‎09-15-2015 07:33 AM

Found this in the reference guide now. Maybe I missed that part of the documentation.

Also looks like the document has one of the sql commands wrong.

run cuc dbquery unitydirdb EXECUTE PROCEDURE csp_ConfigurationModify(pFullName='System.SRSV.IgnoreSrsvCertificateErrors', pValue='1')
 

not

run cuc dbquery unitydirdb EXECUTE PROCEDURE csp_ConfigurationModify(pFullName='System.SRSV.System.SRSV.IgnoreSrsvCertificateErrors', pValue='1')

 

Thanks as always Manish

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents