Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Communications Manager 10.5 multi-server Multi-SAN Certificate - high sev bug CSCup28852

Bug ID: CSCup28852

 

Recent installation of CUCM 10.5 and using the multi-server multi-SAN certificate causes the Callmanager process to send group phone resets every 7 to 10 minutes. The phone symptoms will show ITL updates during this time causing a restart. The phone doesn't do a full reset, only a restart with the ITL update.

 

I wanted to call some attention to this because this new certificate feature is highlighted as a big change for CUCM certificate management.

The certificate was a full X509v3 with ipsec, client auth, server auth, non-repudiation, and a few other bullet items. The process to install is easy and functional but underneath the system is unhappy.

 

Thanks! Happy hunting!

11 REPLIES
New Member

Hi,I was considering changing

Hi,

I was considering changing the certificate to Multi-SAN but i guess i was fortunate enough to check this before.

I guess i will wait for the next release for this.

 

Regards,

José Albino

New Member

Any thoughts on when 10.6

Any thoughts on when 10.6 will come out?

New Member

Possibly before the end of

Possibly before the end of the year.

New Member

Is there a way to get this

Is there a way to get this fix as an engineering special?

New Member

FYI--I requested special file

FYI--I requested special file access to the releases containing this fix and got them with no problem from TAC.

So after you uploaded the

So after you uploaded the multi-server certificate you stop the service once it replicated to all nodes, say 3-4 minutes?

 

So anytime a cluster is rebooted you have to manually go stop Cisco Certificate Change Notification on every node in the cluster, else the phones will restart every 7 min with ITL update.  No fixed version yet.  This would worry me.

New Member

It is fixed however the two

It is fixed however the two versions are not available for download at this time. With 10.6 coming very soon very likely CUCM 10.6 will be the next patch cycle and not 10.5SU1.

Fixed in-
10.5(1.11010.1)
10.5(1.11900.2)
New Member

Hey Jason,We're seeing it

Hey Jason,

We're seeing it about every 9 minutes. Any updates?

New Member

I should have added we're on

I should have added we're on ver 10.5.1.11901-1 (supposedly fixed per below)

New Member

We are on 10.5.1.11900-13 and

We are on 10.5.1.11900-13 and are getting reports of rebooting phones. Were you still seeing it on 11900?

New Member

I went back to single server

I went back to single server certificates until having another opportunity to try it with 10.5.2 (aka 10.6). So since that time I haven't installed another multi-SAN.

2646
Views
0
Helpful
11
Replies
CreatePlease to create content