I have this pretty weird situation here. I tried to install a subscriber for my Publisher from another network but failed always with the error " Is the security password correct or the Publisher is offline?" something like that. But i tried installing a subscriber in the same physical server, it works. so this eliminates the possibility of security password wrong.
Also i check the firewall logs. I saw traffic going into the publisher from the installing subscriber. I can see from the logs that the subscriber is successfully connected to publisher via ssh but still cannot install.
Here are how my network setup.
Publisher -------- Core Switch 1 ------- Firewall ------- Core Switch 2 -------- Subscriber
Building A Metro Wan Building B
Network A Network B
I am using MetroE something like a leased line.
All traffic have been allowed from the firewall.
incoming and also outgoing. I check the policies where it was configured as any any.
Let me put it a more details into the drawing.
How much BW between sites??
I'd recommend you to install it locally, then move the server if you keep facing the issue, if the servers fail to establish the replication, then it's most definitely something in your network.
erm... around 10 to 20 mbps per site.
So that means i can install the subscriber locally in the same physical server and then image out the subscriber to the other physical server?
You could, but moving virtual machine (without SAN) is very, very time consuming. Can you get the detailed install logs? Do you have the new sub defined in configuration with matching hostname before you start the sub install? Is NTP port reachable from sub to pub? Can you monitor the firewall for activity to see what's being blocked?
As said by Chris,please do check for NTP reachability.
If NTP is unsyncronised in Pub, SUB won't get install.
there is also a bug associated to it.Please refer the link.
can u run the command utils os secure status and check whether it is permissive ?
If not, can make it permissive and then, try.
Still struggling. I am still wondering what went wrong. Most probably will re create the sub again and reinstall.
From the firewall logs the NTP is reachable. It can reach the NTP servers. From the logs i see there are no other traffic being block or deny.
Also in the firewall logs the sub actually successfully connects to the publisher SSH.
So i am still puzzled with this.
adding ip address server as subscriber into publisher before you install subscribers, login into web-gui cucm publisher choose Menu > add server as subscribers.
and then makesure the DNS service for the CUCM, if DNS service not activated you must change the cucm hostname with the ip address.
Hmmm... I have already add the IP for the subscriber in the GUI setting.
For the DNS there are no DNS for all the system in this setup.
so you mean is now i need to add DNS settings for my servers?
if there no DNS for all system, make sure the name server as publisher in the CUCM web-gui is IP Address
from the screenshoot the publisher hostname is MSIPA482, the subscriber trying to connect the publisher with the hostname by DNS, you need to change the hostname publisher in the IP Address
In the Pub CUCM web-gui all servers are IP Address.
But I did not set DNS in the system. How does it find the DNS server?
Can you please post the output of a show network cluster from CUCM PUB.
read this link, i hope this help
i am quite lost for the moment. Haha. From all those troubleshoot we have made have shown that the sub actually successfully connected to the database, means the security password is correct.
Also the NTP can be sync. So now i really not sure what is the main cause of it now.
Thanks for helping. Call the TAC have them troubleshoot found out some ports are block.
Check on the firewall logs still can't find who is blocking.
At the end client says that they have UTM. Check UTM and found out that the port 22 is classified as SSH exploitation error.
Then proceed in trusting the IP address. Now my subscriber installed successfully.
Thank you everyone that helped me for this. Also sorry for the late update.