tftp not in ctl

Unanswered Question
Nov 29th, 2007
User Badges:

Trying to register my phone to a CUCM 5.x server. It was used on CUCM 4.x. When I changed the TFTP address and click save, it says " tftp not in ctl" and can not save the change. Does anybody know this?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
allan.thomas Fri, 11/30/2007 - 14:06
User Badges:
  • Blue, 1500 points or more

It appears that you enabled Security on your CUCM Cluster? Were you running CAPF on version 4.x prior to the upgrade?

If you performed certificate operations before the upgrade to Cisco Unified CallManager 5.1 and CAPF ran on a subscriber server, you must copy the CAPF data to the 4.0 publisher database server before you upgrade the cluster to Cisco Unified CallManager 5.1.

Cisco advise a caution that the CAPF data on the Cisco Unified CallManager 4.0 subscriber server does not migrate to the Cisco Unified CallManager 5.1 database, and a loss of data occurs if you do not copy the data to the 5.1 database. If a loss of data occurs, the locally significant certificates that you issued with CAPF utility 1.0(1) remain in the phones, but CAPF 5.1 must reissue the certificates, which are no longer valid.

The CTL or Certificate Trust List (CTL) will exist on the IP Phone, and consequently if you change the TFTP address, this will undoubtedly not match the address in the certificate.

How is the phone configured within CCM, is the phone configured for non-secure profile? is their a CAPF operation pending? Removing the certificate maybe your only option.

Please review the following document regarding CUCM 5.1 Security for further information on this subject:-

Hope this helps


allan.thomas Fri, 11/30/2007 - 15:09
User Badges:
  • Blue, 1500 points or more

Incidentally, it just occured to me that if this is a different cluster and you have simply taken the IP Phone from one cluster that was using CAPF to another that does not, then it is possible to erase the CTL certificate from the Phone.

On the 7940/7960 unlock the phone and go into the security settings and erase the CTL.

Hope this helps



This Discussion