Cant access serviceability from one CUCM server to the next

Tommer Catlin · ‎10-06-2009

If I log into my pub and serviceability, I try to access my other subs. I keep getting an error when trying to access the other servers from the drop down list. Although, everything is replicating throughout the cluster, I can log into another CUCM and only use serviceability for that one server also.

Im going to do a reset tonight on the cluster. the logs are clean and clear on RTMT on all servers. It's very odd. I thought maybe a security password would be wrong, but there are no errors anywhere on any server in the cluster.

virverma · ‎10-06-2009

could you paste a screenshot of error you are getting?

Tommer Catlin · ‎10-06-2009

Status: Connection to the server cannot be established(Unknown Error)

I see a few others in the forum have had this problem.

I did check to see if the application ID and the OS id were the same, etc, everything looks good there.

Kevin Long · ‎04-06-2010

Hey Tommer, long time no talk to man. I am having the same issue with CUCM 7.1.3, did you ever figure this out?

Have an open TAC case but you know how it goes, hook a brother up.

Tommer Catlin · ‎04-07-2010

Its some kind of TomCat bug. Did you change the name of servers after the upgrade or anything? Or IP addressses? I moved onto another job and did not get a resolution to the problem before I left. I suspect it has to do with the certs built into CUCM. You can try to reset the cert in the OS GUI. There are steps listed in the forums here on how to do that.

TAC wanted all these wireshark traces between the cucm servers and I couldnt get back to the datacenter to stream this steam out. Yeah, I could have done a capture from CUCM I guess.... but hindsite I guess.....

alexis.katsavras · ‎12-09-2013

This is the top hit in goolge when I was having this issue so though i would add the following solution.

I had this issues with CUCM9.1

In the Pub go to:

1. OS Administrator > Security > Certificate Managment

2. Download the cert: ipsec-trust

In the sub your having the issue

1. OS Administrator > Security > Certificate Managment

2. Delete the cert: ipsec-trust

2. Upload the ipsec-trust cert you downloaded from the Pub.

On both the Pub and Sub restart tomcat from the cli

Hopre that helps

Thanks

Alexis

http://www.netpacket.co.uk/
http://www.blog.netpacket.co.uk/

http://www.netpacket.co.uk/ http://www.blog.netpacket.co.uk/

Aman Soi · ‎12-09-2013

Hi,

there is a bug associated to this issue

Unified Serviceability Tools can not connect to other nodes

CSCud67438

Description

Symptom:
Cisco Unified Serviceability pages Tools -> Service Activation or Control Center Feature or Network Services can not connect to other nodes in the cluster.

When another node is selected the Status indicates

Connection to the Server cannot be established (Unknown Error)

Conditions:
CCMService Tomcat logs indicates the following error message when attempting to connect to other nodes in the cluster,

{http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLException: Certificate not verified.

Workaround:
We have the following workarounds
- Accessing SUB serviceability pages directly
- Restarting tomcat on PUB ( once ) after the upgrade

For SNMP configuration where same Community string needs to be added or modified on all nodes, again using a Subscriber node instead of the Publisher also seems to work in this case.

regds,

aman

alexis.katsavras · ‎12-09-2013

good find!.. i never check the tomcat logs ..

alexis

http://www.netpacket.co.uk/ http://www.blog.netpacket.co.uk/

Daniel Williams · ‎12-27-2013

Works like a champ! Thanks!

managemyuc · ‎09-29-2014

5 stars for the post. Have been able to resolve issues couple of times with this procedure.

Thanks,
Sami

Muzzamil Hussain · ‎10-13-2014

We faced this issue in our test environment and we regenerated " ipsec.pem" certificate in SUB only

then all started fine