×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Communications Manager 10.5 multi-server Multi-SAN Certificate - high sev bug CSCup28852

Unanswered Question
Jun 12th, 2014
User Badges:

Bug ID: CSCup28852

 

Recent installation of CUCM 10.5 and using the multi-server multi-SAN certificate causes the Callmanager process to send group phone resets every 7 to 10 minutes. The phone symptoms will show ITL updates during this time causing a restart. The phone doesn't do a full reset, only a restart with the ITL update.

 

I wanted to call some attention to this because this new certificate feature is highlighted as a big change for CUCM certificate management.

The certificate was a full X509v3 with ipsec, client auth, server auth, non-repudiation, and a few other bullet items. The process to install is easy and functional but underneath the system is unhappy.

 

Thanks! Happy hunting!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jose.albino Mon, 07/14/2014 - 09:07
User Badges:

Hi,

I was considering changing the certificate to Multi-SAN but i guess i was fortunate enough to check this before.

I guess i will wait for the next release for this.

 

Regards,

José Albino

Jason Aarons Thu, 10/09/2014 - 10:56
User Badges:
  • Bronze, 100 points or more

So after you uploaded the multi-server certificate you stop the service once it replicated to all nodes, say 3-4 minutes?

 

So anytime a cluster is rebooted you have to manually go stop Cisco Certificate Change Notification on every node in the cluster, else the phones will restart every 7 min with ITL update.  No fixed version yet.  This would worry me.

Joshua Warcop Thu, 10/09/2014 - 11:08
User Badges:

It is fixed however the two versions are not available for download at this time. With 10.6 coming very soon very likely CUCM 10.6 will be the next patch cycle and not 10.5SU1.

Fixed in-
10.5(1.11010.1)
10.5(1.11900.2)
joshua.gertig Wed, 11/05/2014 - 19:55
User Badges:

I should have added we're on ver 10.5.1.11901-1 (supposedly fixed per below)

Dennis Heim Wed, 12/17/2014 - 08:55
User Badges:

We are on 10.5.1.11900-13 and are getting reports of rebooting phones. Were you still seeing it on 11900?

Joshua Warcop Wed, 12/17/2014 - 10:45
User Badges:

I went back to single server certificates until having another opportunity to try it with 10.5.2 (aka 10.6). So since that time I haven't installed another multi-SAN.

Actions

This Discussion