This document describes the Cisco Unified Communications Manager (CUCM) Certificate related Error message : "Connection to the Server cannot be established(Unable to access Remote Node)" thrown on the serviceability page, when the remote node's tomcat certificate has expired and provides the necessary steps to troubleshoot it.
Unable to access CUCM Subscriber’s service activation page from serviceability page and getting the following error on publisher
"Connection to the Server cannot be established (Unable to access Remote Node)".
Possible scenarios in which "Connection to the Server cannot be established(Unable to access Remote Node)" is thrown when trying to access the Serviceability page of a remote server from a server
1. Tomcat certificate on the remote server has expired
Cisco uses this self-signed (own) certificate in Cisco Unified Communications Manager servers
HTTPS certificate (tomcat_cert)—This self-signed root certificate is generated during the Cisco Unified Communications Manager installation for the HTTPS server.
You must delete and regenerate the certificate in Cisco Unified Communications Manager if you encounter this error in the Cisco Unified Communications Manager server:
Login into Cisco Unified Communications Operating System Administration.
Choose Cisco Unified OS Administration from the Navigation drop-down menu from the right hand side of the Administration page, and click Go.
1.1 Regenerate the tomcat certificates on the affected Subscribers
First Delete the certificate and then do the Regeneration
1.1(a) Delete a Certificate
In order to delete a trusted certificate, complete these steps:
Note: If you delete a certificate, it can affect your system operations.
The Select Certificates or Trust Store for Deletion window appears.
Check the Regenerate Self-Signed Cert check box, and click Next.
Check the appropriate Existing Certificates Types check box for the certificate that you want to regenerate, and click Next.
Check the appropriate Existing Certificate check box, and click Regenerate
1.2 Restart the Cisco Tomcat service on the affected Subscribers
CLI: ( utils service restart Cisco Tomcat)
Note: When the subscriber and the Publisher are in different timezone after fresh install, admin have to regenerate Tomcat certificates on the subscriber side.
Refer this Bug ID: CSCth44399 for more information
Workaround mentioned in the Bug:- 1.If using CA signed certificate, get the Tomcat CSR re-signed by the CA, re-upload it back, and restart Cisco Tomcat service (utils service Cisco Tomcat)
2.If self-signed certificate on the affected server, regenerate tomcat cert (set cert regen tomcat) and then restart Cisco Tomcat service (utils service Cisco Tomcat)
2. Check Database replication status
3. /etc/host of the server from which you are trying to access the remote server is missing
4. User doesn't have the required groups (Super CCM User)
5. Verify that the application user and end user should not have the same name.
6. Network connectivity issue to the remote server.
Collect the "Cisco CCMServices Web Service" Logs when this error is reported
First,set the "Cisco CCMServices Web Service" Logs as detailed.
Go to Cisco Unified Serviceability page
Choose configuration from the trace menu.
Select the Publisher server
Service Group: System Services
Service: Cisco CCMServices Web Service
Set the Debug Trace Level as: Debug
Then use RTMT to Collect those logs
From the ccmservice logs on the Pub :
2011-05-05 02:09:04,515 DEBUG [http-8443-7] function.FunServiceActivation - product type with service name*** for CommonCisco AXL Web ServiceDatabase and Admin Services --snip--
2011-05-05 02:09:04,528 DEBUG [http-8443-7] function.FunServiceActivation - product type with service name*** for CallManagerCisco TAPS ServiceDatabase and Admin Services 2011-05-05 02:09:04,528 DEBUG [http-8443-7] function.FunServiceActivation - service list for common ---23 2011-05-05 02:09:04,530 DEBUG [http-8443-7] function.FunServiceActivation - Created SSLContext 2011-05-05 02:09:04,530 DEBUG [http-8443-7] function.FunServiceActivation - Created SSLContext 2011-05-05 02:09:04,531 DEBUG [http-8443-7] function.FunServiceActivation - Getting socketfactory
2011-05-05 02:09:04,552 ERROR [http-8443-7] function.FunServiceActivation - Exception1 in CreatingTrustManager and setting as DefaultSocketFactory javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Server Certificate not available in Keystore for Authentication at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)