12-08-2016 12:31 PM - edited 03-17-2019 08:54 AM
Call manager is version 6.1.15. It's been backing up just fine, without incident for over a year. I checked the credentials and they are fine. i checked that the call manager can ping the backup server (utils network ping x.x.x.x). Ping comes back fine. Even put up a temporary box on the same subnet (eliminating routing issues) and nothing.
Every time I get the message "unable to access sftp server or sftp server too slow to respond" but it comes back in an instant, as if it never even tried to hit the sftp server.
If I check the logs in the sftp server, it never got a hit from the call manager.
I regenerated the ipsec.pem file, and recreated a ipsec-trust file, restarted the DRS services and ...
still the same error.
it's as if the firewall on the call manager is stopping the backup from running?
Any help would be very appreciated.
12-08-2016 06:56 PM
Hi Brandon,
If you have regenerated IpSec , restarted DRF services and also tried a backup server in the same subnet then it could be an issue with drfcomponent.xml file, not sure if even TAC would support a 6.x system unless you are planning for an upgrade.
Manish
12-09-2016 10:36 AM
So many thanks for helping with this. One thing I have not been able to do yet is bounce the whole system. So maybe I should try that.
Even still, I am not familiar with that xlm file.
A -- where is it and how do I get to it?
B -- How do i edit it? Or do I? Do I just delete the backup devices and let them regenerate a new file?
I'll google it and see.
TIA
BK
P.S. -- Nope. TIA won't touch it.
12-11-2016 01:55 PM
So I restarted the CCM and Unity boxes. Nothing goes. I deleted the schedules and back up devices, rebooted the CCM and Unity box (again) and tried to add the backup device. Still nothing. Just the same message about the SFTP not accessible or taking too long to respond.
12-11-2016 07:33 PM
Did you try, restarting the SFTP server / Service?
12-12-2016 06:22 AM
I have bounced the backup SFTP server several times, tried other SFTP servers (on the same box and on other boxes, with ips in same subnet ...etc).. I am not sure any of that matters, though, because none of them are logging that the even got an attempted login from the call manager.
I can't seem to find anywhere on the call manager to restart the sftp service, but I will keep looking.
Thanks for the tip.
12-12-2016 06:24 AM
Could this be related to daylight savings?
B
12-13-2016 06:24 AM
Found the issue to be in Openssh-server. It disables an authentication key as unsecure/outdated. I downgraded openssh and things started working.
i am VERY unclear as to why the failed authentications from the call manager were not logged. If I change the password on the Call Manager to some bogus password, then the authentication got logged, which lead me to believe it was an Auth Credential issue. Shure 'nuff.
B
12-12-2016 10:30 PM
May be your box has some find of firewall which is blocking?
Try capturing packets using wireshark..
check if you see request from CUCM..
That way we can be sure its not CUCM or network inbetween..
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: