×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Missing TLV file when using Cisco IP communicator from the internet

Unanswered Question
Jun 12th, 2012
User Badges:

When I attempt to use Cisco IP Communicator straight from the Internet, I get a failure when

attempting to register. I am doing NAT at our Cisco Router (IOS Firewall). After looking at  a packet

trace using wireshark, I see this call being made and failing.
http://x.x.x.x:6970/CTLSEPAC81129D66FB.tlv


Keep in mind that IP Communicator works fine internally. We are using CUCM v7.1.3. What is the TLV

file? Why wouldn't it be in the same location as for internal users? How do I fix this issue?


Any assistance would be greatly appreciated.

Thank you,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.3 (3 ratings)
Loading.
testeven Tue, 06/12/2012 - 17:58
User Badges:
  • Cisco Employee,

Hi Jacob,


Seems like you have security enabled on the CUCM. The TLV is a security CTLFile.tlv file. Even though your device is non-secured, it will still need to have a valid certificate from CUCM when it's configured in mixed-mode.  Since it is not registering it's probably because the download of this file is failing or timing out, it's possible that the server is not routable via HTTP.


Regards,


Tere.


If you find this post helpful, please rate!

jacob6000 Wed, 06/13/2012 - 14:27
User Badges:

Thank you for the response. As noted above, the file transfer is failing. I verified that the request for the TLV file is making it to the CUCM server and the server is saying the file does not exist. What do I need to create/configure? It just seems odd that the same machine using IP Communicator works fine when on VPN (internal network).

Joseph Martini Wed, 06/13/2012 - 17:21
User Badges:
  • Cisco Employee,

If the file doesn't exist when trying to manually download the CTLSEP.tlv file you may not have security enabled on your CUCM cluster.  In that case you've mentioned that you do see TFTP over HTTP requrest (port 6970) reaching CUCM from the phone when it's on the Internet.  The next thing to check would be the SCCP (port 2000/TCP) traffic from CIPC to CUCM.  Is it making it to the call manager through the IOS NAT device as well as back from CUCM?  The SCCP version CIPC is using might not be understood by the NAT device since there has to be fix up at the SCCP level not just TCP/IP for the phone to work remotely.  If the SCCP traffic does not travel through the IOS NAT device when it's internal I bet that is the cause of the problem.

jacob6000 Wed, 06/13/2012 - 19:01
User Badges:

Thanks Joe. Interesting info. I don't believe we have security enabled on our single CUCM server since I don't see any Security Profiles configured. I also don't see the CICP software asking for anything on port 2000yet  but he is looking for several files during the hunt. They all appear to be missing. I have attached a screenshot from a wireshark capture so you can see what is being requested by the CIPC client. Once again, it seems odd that it works through VPN but not externally. I would assume it is the same configuration files so what is different???

Actions

This Discussion