HOST NOT FOUND - CUCM 9.1

Unanswered Question
Jul 9th, 2013
User Badges:

Hi Guys,


I have an issue for one of my customers.


I have been carrying out an upgrade for this customer. The upgrade was done from CUCM 6.1.5 to CUCM 9.1 with a change in hardware from MCS to UCS.


Further to the backup and restore from MCS to UCS, I did change the IP address, hostname, security password, added dns and domain entries. And then upgraded to CUCM 9.1


Now I have CUCM 9.1 connected to the production network, changed TFTP IP address on a 7945 IP phone and 7975 IP Phone and got them registered to the new CUCM 9.1


All seems good on the IP Phones. Got them registered, internal calls are successfully, PSTN calls cannot be made, etc.


My issue now is whenever I use Corporate Directory / Personal Directory, the phone displays HOST NOT FOUND.


I have already tried the following

  • Changed the IP address to reflect the new IP address in Enterprise Parameters.
  • Changed the IP address to reflect the new IP address in all Phone Services.
  • Deleted the ITL file on the phone manually.
  • Regenerated a new TVS certificate in OS Administration.
  • Downloaded the config file for the test phone and confirmed the TVS reflects the correct IP address.
  • Restarted Tomcat service.
  • Restarted TVS certificate service
  • Did Apply Config and Restarted IP Phone and CUCM after each changes.



Please suggest if I am missing out something.


Any help would be appreciated.


With Kind Regards,

Fahim Sha.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Carlo Poggiarelli Tue, 07/09/2013 - 00:51
User Badges:
  • Green, 3000 points or more

Hi Fahim.

Did you try to remove Sercure Directory Url?

Also restart Cisco Trust Verification Service under Network Services.


HTH


Regards



Carlo




Please rate all helpful posts

"The more you help the more you learn"

Fahim Sha Tue, 07/09/2013 - 01:09
User Badges:

Hi Carlo,


Secure Directory Url was not there initially. I added it only today morning. The issue was there with and without Secure Directory Url.


I have restarted Cisco Trust Verification Service. Still the same issue persists.


With Kind Regards,

Fahim Sha

Carlo Poggiarelli Tue, 07/09/2013 - 01:37
User Badges:
  • Green, 3000 points or more

Hi Fahim.


What does the phone show on url directory value?

When you try to navigate the directory url from your pc, do you receive an xml parse error page?



Let me know


Regards


Carlo



Please rate all helpful posts

"The more you help the more you learn"

Fahim Sha Tue, 07/09/2013 - 01:53
User Badges:

Hi Carlo,


please find below screenshot when I navigate to the directory url from my pc.



I did not understand the first question in your response above ( What does the phone show on url directory value?

) Could you please let me know on this?


With Kind regards

Fahim Sha

Carlo Poggiarelli Tue, 07/09/2013 - 02:17
User Badges:
  • Green, 3000 points or more

Hi Fahim.

I meant.. when you navigate the configuration menu on the IP Phone... on Device Configuration you should see URL Directories value..



Regards



Carlo


Please rate all helpful posts

"The more you help the more you learn"

Fahim Sha Tue, 07/09/2013 - 03:11
User Badges:

Hi Carlo,


Yes. I can see the same link. Please find the screenshot below.




With Kind Regards,

Fahim Sha.

Carlo Poggiarelli Tue, 07/09/2013 - 03:20
User Badges:
  • Green, 3000 points or more

Hi Fahim.

As you can see, your IP Phone is still looking for HTTPS url, please verify in your enterprise parameter that you have an url like http://10.104.99.50:8080/ccmcip/xmldirectory.jsp and not HTTPS.


Double check that you removed the secure url in the Enterprise Parameters.


HTH


Carlo



Please rate all helpful posts

"The more you help the more you learn"

Jonathan Schulenberg Tue, 07/09/2013 - 04:06
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 IP Telephony

Blindly disabling Secure by Default behaviors, such as HTTPS on the Service URLs isn't solving the real problem, just avoiding it. In most cases if HTTPS truely isn't working it's a symptom of a larger problem such as the ITL being broken and you'll have other issues down the road (e.g. phones not accepting TFTP config file updates).


In this case that screenshot made the problem easier to spot: you've got the wrong port in the URL. Tomcat HTTP is 8080 but HTTPS is 8443. If it still doesn't work after fixing the port you may also need to use the FQDN instead of IP address. If memory serves the IP address is not a SAM of the certificate presented by Tomcat which would then fail TVS verification.


URL Authentication (HTTP)    http://:8080/ccmcip/authenticate.jsp

URL Authentication (HTTPS)    https://:8443/ccmcip/authenticate.jsp

URL Directories (HTTP)    http://:8080/ccmcip/xmldirectory.jsp

URL Directories (HTTPS)    https://:8443/ccmcip/xmldirectory.jsp

URL Information (HTTP)    http://:8080/ccmcip/GetTelecasterHelpText.jsp

URL Information (HTTPS)    https://:8443/ccmcip/GetTelecasterHelpText.jsp

URL Services (HTTP)    http://:8080/ccmcip/getservicesmenu.jsp

URL Services (HTTPS)    https://:8443/ccmcip/getservicesmenu.jsp



Please remember to rate helpful responses and identify helpful or correct answers.

Fahim Sha Mon, 07/15/2013 - 13:35
User Badges:

Hi Jonathan,


I had changed the port number to 8443.


I still have the earlier issue when all my subscribers are shut down. Whenever the phone gets registered to CUCM publisher, I get HOST NOT FOUND response for Corporate Directory and Personal Directory.


Changing the ports to 8443 for https did not make any change.


I will try changing IP address to hostname and then give a try tomorrow.


Meanwhile, could anyone give a hint on how to check if ITL is broken??


With Kind Regards,

Fahim Sha.

marco fina Wed, 12/10/2014 - 03:38
User Badges:
Hi Fahim, I have similar trouble with CUCM 9.1 in cluster. I have a TAC opened but i'd like to know how you got Corporate Directory working. In our environment we have CUCM clustering with Publisher plus 4 Subs. Enterprise Parameters left to their default (with Publisher's FQDN, https and http field filled). Anyway i had to force the ip phone to perform Corporate Directory requests , by means of Publisher's IP address and HTTP protocol, but after selecting Corporate Directory label on ip phone's display i can see "host not found" message. I have troubleshooted this behaviour configuring a port span on switch to see the requests from the ip phone, and this is the result: When i select Corporate Directory, the ip phone creates a tcp SYN on 8443 and sends it toward Subscriber it registers to, instead of Publisher (and this is strange). I have this issue across all cisco ip phone models so i suppose this is somethig misconfigured on CUCM side. i appreciate if you can help me regards marco
Fahim Sha Wed, 12/10/2014 - 11:22
User Badges:

Hi Marco,

 

Could you please let me know of your CUCM setup? Was this an upgrade from earlier version to CUCM 9.1? If this was an upgrade, was there any change in IP address / hostname for the Publisher or Subscribers?

 

In my case, I had changed the Publisher's hostname and IP address. During the Corporate Directory Search, IP Phones were looking for the Hostname and IP address of the old CUCM. The new hostname and IP Address was not updated in the CUCM certificates.

 

Resolution in my case, was by regenerating CUCM certificates which had the old IP address / hostname in OS Administration --> Security --> Certificate Management.

 

Please let me know if your scenario matches the same or not.

 

With Kind Regards,

Fahim Sha.

marco fina Wed, 12/10/2014 - 12:19
User Badges:

Hi Fahim,

Thanks for your reply. Our cluster is a fresh installation, direct to 9.1.

I find very interesting your scenario because i think it's similar as ours.

I want to give a brief description about DNS changes and certificates in our

live production environment.

1. after completing cluster installation i had to change hostnames for all nodes in the cluster, for example i changed publisher hostname from Publisher to Example.domain.com. For this i followed cisco documents.

2. we uploaded third party certificates for CAPF. Anyway we are going to delete\regenerate CAPF and CAPF-trust because our customer decided to use Cisco self-signed certificates.

All the CM Groups  are configured with 2 Subscriber without Publisher , and then applied to device pool. Enterprise Parameters use Publisher's FQDN.

This evening i got Corporate Directory working but only by means of HTTP requests (not HTTPS). Anyway to have this working i had to perform configurations on ip phone (i forced ip phone to use External Data Location Information) and then changed the default configuration on Phone Services Corporate Directory. But i really don't like the overall configuration.

Finally i set up a test lab environment but only with Publisher with all services UP and all Phone Services work with HTTPS.

If you find match with my trouble, Could you explain what kind of checks i need to perform about DNS reliance and certificates?

kind regards

marco

 

Fahim Sha Tue, 07/09/2013 - 04:19
User Badges:

Hi Carlo,


I have got this resolved.


I still have both Secure Directory Url and Directory Url in Enterprise Parameters.


I browsed on the phone into Settings --> Device Configuration --> HTTP Configuration and I can see the url starting with https://


From nowhere it started working, and I recollected that the changes made were, I installed 2 subscribers and added them to CUCM Group. And it is working fine. I couls also browse all the 250 users currently synced from AD.


Just to confirm, I removed the subscribers from the CUCM group again--> Apply config and Reset.


On browsing to Corporate Directory, HOST NOT FOUND issue is back again.


I added the Subscribers back in the CUCM Group and Corporate Directory is working fine again..


Hope this helps some one...


With Kind Regards,

Fahim Sha

Joel Benicio Co... Thu, 03/19/2015 - 05:38
User Badges:

Thank 4 that...

 

"

Hi Fahim.

Did you try to remove Sercure Directory Url?

Also restart Cisco Trust Verification Service under Network Services....."

 

It´s work in CUCM 10.5.

Actions

This Discussion