06-30-2016 12:21 AM - edited 03-17-2019 07:24 AM
Hi,
I'm working on a cluster of CUCM7.1 and using CISCO IP Communicator 7.0.1
Recently a CUCM sub was and still down, since then all the CISCO IP Comunicators can't register showing the error message: "Registration Rejected: security Error", I've checked the CMG in the device pool config, I found out that this down server isn't on the list.
The action that I have tried so far:
- Resetting the CIPC
- Reinstall the CIPC
- On the PC, going to start -> Run -> certmgr.msc-> Personal -> Certificates, but I didn't find any certificate
- Deleting the CIPC then add it again
Knowing that:
-Physical Ip phones on site register correctly
- I could ping the TFTP servers on the user's PC
- I get in the status messages: "TFTP timeout SEP..." message on the user's PC
- When I connected to the client's LAN using VPN tunnel I managed to register the same CIPC correctly
Can you, guys, help me?
Any tip to solve this issue will be so much appreciated, guys.
Thanks in advance, guys.
06-30-2016 12:47 AM
Check the Directory numbers that are still in the database. Once you delete the DN that was associated with the phone, then reset the phone, it should Auto Register once again. You can find the DNs listed that are configured in the system under Call Routing > Directory Numbers.
06-30-2016 01:08 AM
Hi Jawad,
thank you for your feedback.
There is no auto-reg, all the IP phones are added manually.
06-30-2016 12:50 AM
Amine,
Can you share some more information.
How many servers are there in the cluster?
To which of the CIPC should register?
Since there were some issues with the cluster, then it might be related with replication between the servers? To confirm can try to configure CMG in the way CIPC should try to register to Publisher instead Subscriber servers?
For the CIPC that fails to register, can you collect the output of the following SQL on Pub and on Sub that it tries to register to?
run sql select * from device where name='SEPnameofCIPC'
Leszek
06-30-2016 04:28 AM
Hi Leszek,
Thanks for your feedback.
To answer your questions
- there are 7 nodes in the cluster: 1 PUB, 2 TFTP, 4 SUB
The CIPC should register with SUB04
The publisher doesn't have the Call Manager service enabled.
I have typed the command, which is a very interesting command by the way, thank you so much for that, i have compared the value on each server, and it's the same.
Now I have a new piece of information, when I used a VPN tunnel to the client's LAN, I managed to register correctly.
But on the client's PC, even though I could ping the TFTP servers and the physical Ip phones register correctly, I had the on the CIPC status messages "TFTP timeout SEP... "
Any tips how to solve this issue?
06-30-2016 04:39 AM
Can you try to use Wireshark on customer PC to collect pcap from when the phone tries to register? This should tell from which server Phone is downloading config an to which it's trying to register.
It might be useful to see what's the configuration file on the TFTP for this phone. You can download XML file directly from TFTP bu using any TFTP client or Windows command
> tftp <IP_of_TFTP> GET SEP<MAC>.cnf.xml
I've seen those errors as you see when phone tries to register to CCM server that is not a part of call-manager group for this phone. Thsi would usually happen when the phone has incorrect configuration file (like old configuration file or it cannot get it).
From those 2 things I request pcap would be desired one.
Leszek
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide