I've had a tac case open for almost a month and 5 engineers cannot figure out why no phones can authenticate with an ASA that is configured with anyconnect but windows laptops can despite using the same exact credentials. All 5 engineers have gone through the config and have confirmed that the config on the ASA and CUCM are correct.
When running debug crypto ca 255, I get the following in the ASA. Any ideas?
ASA# debug crypto ca 255 ASA# CERT_API: Authenticate session 1, non-blocking cb=0x8be78a0 CERT API thread wakes up! CERT_API: process msg cmd=0, session=1 CERT_API: Async locked for session 1
CRYPTO_PKI: Checking to see if an identical cert is already in the database...
CRYPTO_PKI: looking for cert in handle=ab3d12b0, digest= 2a 4c e4 67 57 70 cc 08 9e 20 41 f6 a7 6c XX XX | *L.gWp... A..l.
CRYPTO_PKI: Cert record not found, returning E_NOT_FOUND CRYPTO_PKI: Cert not found in database.
CRYPTO_PKI: Looking for suitable trustpoints...
CRYPTO_PKI: Storage context locked by thread CERT API
CRYPTO_PKI: Found a suitable authenticated trustpoint anyconnect_Cisco_Manufacturing_CA_trustpoint.
CRYPTO_PKI(make trustedCerts list)CRYPTO_PKI:check_key_usage: ExtendedKeyUsage extension not found. CRYPTO_PKI:check_key_usage:Key Usage check OK
CRYPTO_PKI: Certificate validation: Successful, status: 0. Attempting to retrieve revocation status if necessary
CRYPTO_PKI:Certificate validated. serial number: 5A8B49E400000017XXXX, subject name: cn=CP-9951-SEPa45630XXXXea,ou=VTG,o=Cisco Systems Inc.,serialNumber=PID:CP-9951 SN:FCH1603XXXX.
CRYPTO_PKI: Storage context released by thread CERT API
CRYPTO_PKI: Certificate validated without revocation check CERT_API: calling user callback=0x8be78a0 with status=0 CERT_API: Async unlocked for session 1 CERT_API: process msg cmd=1, session=1 CERT_API: Async locked for session 1 CERT_API: Async unlocked for session 1 CERT API thread sleeps!
SIP traces provide key information in troubleshooting SIP Trunks, SIP
endpoints and other SIP related issues. Even though these traces are in
clear text, these texts can be gibberish unless you understand fully
what they mean. This document attempts to br...
Please find the attached HTML document, download and open it on your PC.
This provides an easy to use form where you simply answer a few
questions and it will render the proper jabber-config.xml file for you
to copy/paste. There is built in logic to verif...
[toc:faq]CUCM Database Replication is an area in which Cisco customers
and partners have asked for more in-depth training in being able to
properly assess a replication problem and potentially resolve an issue
without involving TAC. This document discusse...