Bug ID: CSCup28852
Recent installation of CUCM 10.5 and using the multi-server multi-SAN certificate causes the Callmanager process to send group phone resets every 7 to 10 minutes. The phone symptoms will show ITL updates during this time causing a restart. The phone doesn't do a full reset, only a restart with the ITL update.
I wanted to call some attention to this because this new certificate feature is highlighted as a big change for CUCM certificate management.
The certificate was a full X509v3 with ipsec, client auth, server auth, non-repudiation, and a few other bullet items. The process to install is easy and functional but underneath the system is unhappy.
Thanks! Happy hunting!
I was considering changing the certificate to Multi-SAN but i guess i was fortunate enough to check this before.
I guess i will wait for the next release for this.
So after you uploaded the multi-server certificate you stop the service once it replicated to all nodes, say 3-4 minutes?
So anytime a cluster is rebooted you have to manually go stop Cisco Certificate Change Notification on every node in the cluster, else the phones will restart every 7 min with ITL update. No fixed version yet. This would worry me.
It is fixed however the two versions are not available for download at this time. With 10.6 coming very soon very likely CUCM 10.6 will be the next patch cycle and not 10.5SU1.
I went back to single server certificates until having another opportunity to try it with 10.5.2 (aka 10.6). So since that time I haven't installed another multi-SAN.