cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4347
Views
0
Helpful
11
Replies

Communications Manager 10.5 multi-server Multi-SAN Certificate - high sev bug CSCup28852

Joshua Warcop
Level 5
Level 5

Bug ID: CSCup28852

 

Recent installation of CUCM 10.5 and using the multi-server multi-SAN certificate causes the Callmanager process to send group phone resets every 7 to 10 minutes. The phone symptoms will show ITL updates during this time causing a restart. The phone doesn't do a full reset, only a restart with the ITL update.

 

I wanted to call some attention to this because this new certificate feature is highlighted as a big change for CUCM certificate management.

The certificate was a full X509v3 with ipsec, client auth, server auth, non-repudiation, and a few other bullet items. The process to install is easy and functional but underneath the system is unhappy.

 

Thanks! Happy hunting!

11 Replies 11

jose.albino
Level 1
Level 1

Hi,

I was considering changing the certificate to Multi-SAN but i guess i was fortunate enough to check this before.

I guess i will wait for the next release for this.

 

Regards,

José Albino

Any thoughts on when 10.6 will come out?

Possibly before the end of the year.

Is there a way to get this fix as an engineering special?

FYI--I requested special file access to the releases containing this fix and got them with no problem from TAC.

Jason Aarons
Level 6
Level 6

So after you uploaded the multi-server certificate you stop the service once it replicated to all nodes, say 3-4 minutes?

 

So anytime a cluster is rebooted you have to manually go stop Cisco Certificate Change Notification on every node in the cluster, else the phones will restart every 7 min with ITL update.  No fixed version yet.  This would worry me.

It is fixed however the two versions are not available for download at this time. With 10.6 coming very soon very likely CUCM 10.6 will be the next patch cycle and not 10.5SU1.

Fixed in-
10.5(1.11010.1)
10.5(1.11900.2)

Hey Jason,

We're seeing it about every 9 minutes. Any updates?

I should have added we're on ver 10.5.1.11901-1 (supposedly fixed per below)

We are on 10.5.1.11900-13 and are getting reports of rebooting phones. Were you still seeing it on 11900?

I went back to single server certificates until having another opportunity to try it with 10.5.2 (aka 10.6). So since that time I haven't installed another multi-SAN.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: