Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
18210
Views
45
Helpful
13
Replies

CUCM 9.1 Backup issue (Local Agent is not responding)

Go to solution
nikger1980
Level 1
Level 1

‎10-17-2013 12:45 PM - edited ‎03-16-2019 07:57 PM

Hello to the community !

I upgraded to 9.1(2) today and tried to backup the system.

Notice : i am running in demo licenses for 60 days, i am waiting for the licensing team to issue me the lic file for the ELM.

When i am trying to add a new backup device, the following message appears :

"Status:                              Local Agent is not responding. This may be due to Master or Local Agent being down."

I' ve checked the following document :

http://www.cisco.com/en/US/partner/products/sw/voicesw/ps556/products_tech_note09186a0080b1b10f.shtml

but i didn't find the "ipsec-trust.pem" file.

Also, i restarted the DRF Local/Master service of the publisher and the Local from the subscriber.

Is it an issue of the missing license or something else ?

I said to drop a discussion here before opening a TAC case.

Thanks a lot,

Nick

6 people had this problem
Labels:
Preview file
78 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
islam.kamal
Level 10
Level 10
In response to nikger1980

‎10-17-2013 02:25 PM

Hi

To use it , please follow my steps :-

1-Log in to the Cisco Unified Communications Manager OS Administration page. Choose Security > Certificate Management. The Certificate List window displays.

2-Use the Find controls in order to filter the certificate list. Choose the ipsec.pem file, and click Regenerate.

3-After the successful regeneration of the ipsec.pem file, download the ipsec.pem file to your computer.

4-Upload the downloaded ipsec.pem file with the title "ipsec-trust".

After that you will get it

Thank you

please rate all useful infromation

View solution in original post

13 Replies 13

Go to solution
chrysostomos1980
Level 5
Level 5

‎10-17-2013 01:22 PM

Try this one as per the link you had post and you should be fine

Try with the search button and you will find the file

Solution

First, verify if the Certificate Serial Number in the keystore of Publisher is present in the Truststore of all Subscribers. Complete these steps:

Log on to CUCM OS Administration page of Publisher server of the cluster setup. Choose Security > Certificate Management. The Certificate List window displays.

You can use the Find controls in order to filter the certificate.

Click on the ipsec.pem file and check the serial number of the certificate.

Log on to CUCM OS Administration page of each node of the cluster. Choose Security > Certificate Management. The Certificate List window displays.

You can use the Find controls in order to filter the certificate.

Click on ipsec-trust.pem file with the file name of hostname of the publisher and check the serial number of the certificate.

Certificate Serial Number should be same on all the nodes of the cluster. If Serial Number of any node is mismatched, complete these steps.

Log on to CUCM OS Admin page of affected node.

Choose Security > Certificate Management. The Certificate List window displays.

You can use the Find controls in order to filter the certificate.

Click on ipsec.pem file and download that certificate.

Find the existing ipsec-trust with the filename of the hostname of the publisher,click on the file name and Delete.

Upload the downloaded ipsec.pem file with the caption ipsec-trust.

Restart the DRF Master Agent(MA)/DRF Local Agent (LA).

Please rate all useful posts 

Regards
Chrysostomos

""The Most Successful People Are Those Who Are Good At Plan B""

Please rate all useful posts Regards Chrysostomos ""The Most Successful People Are Those Who Are Good At Plan B""

Go to solution
nikger1980
Level 1
Level 1
In response to chrysostomos1980

‎10-17-2013 01:29 PM

Hello Χρυσόστομε

I searched and i didn't find it.

See the attached image for all of my certs on my PUB.

Preview file
241 KB
0 Helpful

Go to solution
islam.kamal
Level 10
Level 10
In response to nikger1980

‎10-17-2013 02:04 PM

Hi

i see on the attched file on the line of the output search , your requested file  ipsec.pem , please click on it and do the following:-


Log on to CUCM OS Administration page of Publisher server of the cluster setup. Choose Security > Certificate Management. The Certificate List window displays.

You can use the Find controls in order to filter the certificate.

Click on the ipsec.pem file and check the serial number of the certificate.

Log on to CUCM OS Administration page of each node of the cluster. Choose Security > Certificate Management. The Certificate List window displays.

You can use the Find controls in order to filter the certificate.

Click on ipsec-trust.pem file with the file name of hostname of the publisher and check the serial number of the certificate.

Certificate Serial Number should be same on all the nodes of the cluster. If Serial Number of any node is mismatched, complete these steps.

Log on to CUCM OS Admin page of affected node.

Choose Security > Certificate Management. The Certificate List window displays.

You can use the Find controls in order to filter the certificate.

Click on ipsec.pem file and download that certificate.

Find the existing ipsec-trust with the filename of the hostname of the publisher,click on the file name and Delete.

Upload the downloaded ipsec.pem file with the caption ipsec-trust.

Restart the DRF Master Agent(MA)/DRF Local Agent (LA).

Thank you

please rate all useful information

Go to solution
nikger1980
Level 1
Level 1
In response to islam.kamal

‎10-17-2013 02:08 PM

Hello Kamal.

i cannot find the ipsec-trust.pem file, the only i can see is the ipsec.pem.

0 Helpful

Go to solution
islam.kamal
Level 10
Level 10
In response to nikger1980

‎10-17-2013 02:25 PM

Hi

To use it , please follow my steps :-

1-Log in to the Cisco Unified Communications Manager OS Administration page. Choose Security > Certificate Management. The Certificate List window displays.

2-Use the Find controls in order to filter the certificate list. Choose the ipsec.pem file, and click Regenerate.

3-After the successful regeneration of the ipsec.pem file, download the ipsec.pem file to your computer.

4-Upload the downloaded ipsec.pem file with the title "ipsec-trust".

After that you will get it

Thank you

please rate all useful infromation

Go to solution
nikger1980
Level 1
Level 1
In response to islam.kamal

‎10-17-2013 11:22 PM

Got it Kamal,

thanks a lot for your answer.

I will do it to the Publisher AND the Subscriber server , right ?

I will try it and i will return to rate if it is correct !

0 Helpful

Go to solution
manish suthar
Level 1
Level 1
In response to nikger1980

‎06-10-2016 11:21 PM

Thanks Kamal,

you have done a great Job...

it got work for me... now I m able to take my PUB & SUB backup

Keep up doing good work...

0 Helpful

Go to solution
Anthony Vinod
Level 1
Level 1
In response to manish suthar

‎05-15-2017 09:11 PM

Hello Guys, I am also facing similar issue

I am going to proceed the above mentioned troubleshooting steps

Could someone confirm if this requires downtime? will there be even a minor affect to user because of this steps? because my affected location is a critical one

awaiting for reply, thanks in advance

0 Helpful

Go to solution
fedor.solovev
Spotlight
Spotlight
In response to islam.kamal

‎02-11-2018 01:53 AM

Hello, everyone.

For my case with CUCM 9.1 cluster with Pub and Sub after ipsec certs were regenerated,

it was necessary to load both of them at PUB and SUB ipsec trust list.
Without CUCM_Pub self-signed ipsec certificate uploaded to the ipsec-trust list of CUCM_Pub itself,

DRF Local service didn't start.

0 Helpful

Go to solution
dilan.lakmal86
Level 1
Level 1
In response to islam.kamal

‎05-06-2018 05:00 PM

Thanks Kamal. I followed your procedure and then Backup the started. I additionally restarted the DRF Master and Local services.

0 Helpful

Go to solution
jnawabvoicom1
Level 1
Level 1

‎12-14-2014 05:31 PM

Hello all, 

I have regenerated the ipsec.pem file on the publisher and all of the subscribers. I downloaded the regenerated ipsec.pem file and save it to my local computer. Next I uploaded this file as a Certificate Name: ipsec-trust with root certificate name being inputted as ipsec.pem on the publisher and each of the subscribers. I have checked all of the servers ipsec-trust.pem file and the serial number matches the publisher. 

Have I done something incorrectly? I am still experiencing this problem even after following the procedures. Is it necessary to download to the ipsec.pem file from each subscriber and upload it to that particular subscriber as ipsec-trust? Or is it fine to use the ipsec.pem file from the publisher? 

 

Kind Regards!

0 Helpful

Go to solution
Velu Sanjeevirayan
Level 1
Level 1
In response to jnawabvoicom1

‎06-11-2015 06:28 AM

Hi,

 

You can download the ipsec-trust.pem file from the Publisher and uploaded into the affected subscriber server then restart the DRF Master&Local services from PUblisher and DRF local services from all the subscriber nodes in the cluster.

 

I faced the same issue in 8.6 and tried the steps and it was working fine and i can able to take backup.

 

Regards,

Velu S

 

0 Helpful

Go to solution
iboboewfs
Level 1
Level 1

‎06-21-2017 06:28 AM

Thanks.

I follow the above steps on the same case and it works for me.

but I think you might want to try to restard the DRF Master&Local services from PUblisher and DRF local services from all the subscriber nodes in the cluster before try the certificate regeneration process.

0 Helpful
Customers Also Viewed These Support Documents