Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CME IP Phone Security via LSC

Hello,

I have the problem with a CME. The Phone doesn't initiate a TLS Session with the CAPF Server.

.Jan 26 10:13:19: TFTP: Looking for CTLSEP00235E1A3C00.tlv

.Jan 26 10:13:19: TFTP: Opened flash:/CTLFile.tlv, fd 7, size 3632 for process 325

.Jan 26 10:13:19: TFTP: Finished flash:/CTLFile.tlv, time 00:00:00 for process 325

.Jan 26 10:13:19: TFTP: Looking for SEP00235E1A3C00.cnf.xml.sgn

.Jan 26 10:13:19: TFTP: Opened flash:/its/SEP00235E1A3C00.cnf.xml.sgn, fd 7, size 1675 for process 325

.Jan 26 10:13:19: TFTP: Finished flash:/its/SEP00235E1A3C00.cnf.xml.sgn, time 00:00:00 for process 325

.Jan 26 10:13:28: TFTP: Looking for SCCP42.8-4-2S.loads

.Jan 26 10:13:34: TFTP: Opened flash:phone/7942-7962/cnu42.8-4-1-23.sbn, fd 7, size 485066 for process 325

.Jan 26 10:13:35: TFTP: Finished flash:phone/7942-7962/cnu42.8-4-1-23.sbn, time 00:00:01 for process 325

.Jan 26 10:13:39: TFTP: Looking for apps42.8-4-1-23.sbn

.Jan 26 10:13:39: TFTP: Opened flash:phone/7942-7962/apps42.8-4-1-23.sbn, fd 7, size 2918613 for process 325

.Jan 26 10:13:45: TFTP: Finished flash:phone/7942-7962/apps42.8-4-1-23.sbn, time 00:00:06 for process 325

.Jan 26 10:14:01: TFTP: Looking for dsp42.8-4-1-23.sbn

.Jan 26 10:14:01: TFTP: Opened flash:phone/7942-7962/dsp42.8-4-1-23.sbn, fd 7, size 335003 for process 325

.Jan 26 10:14:01: TFTP: Finished flash:phone/7942-7962/dsp42.8-4-1-23.sbn, time 00:00:00 for process 325

.Jan 26 10:14:04: TFTP: Looking for cvm42sccp.8-4-1-23.sbn

.Jan 26 10:14:04: TFTP: Opened flash:phone/7942-7962/cvm42sccp.8-4-1-23.sbn, fd 7, size 2659498 for process 325

.Jan 26 10:14:09: TFTP: Finished flash:phone/7942-7962/cvm42sccp.8-4-1-23.sbn, time 00:00:05 for process 325

.Jan 26 10:14:54: TFTP: Looking for CTLSEP00235E1A3C00.tlv

.Jan 26 10:14:54: TFTP: Opened flash:/CTLFile.tlv, fd 7, size 3632 for process 325

.Jan 26 10:14:54: TFTP: Finished flash:/CTLFile.tlv, time 00:00:00 for process 325

.Jan 26 10:14:54: TFTP: Looking for SEP00235E1A3C00.cnf.xml.sgn

.Jan 26 10:14:54: TFTP: Opened flash:/its/SEP00235E1A3C00.cnf.xml.sgn, fd 7, size 1675 for process 325

.Jan 26 10:14:54: TFTP: Finished flash:/its/SEP00235E1A3C00.cnf.xml.sgn, time 00:00:00 for process 325

.Jan 26 10:14:57: TFTP: Looking for German_Germany/mk-sccp.jar.sgn

.Jan 26 10:14:57: TFTP: Looking for Germany/g3-tones.xml.sgn

.Jan 26 10:14:57: New Skinny socket accepted [2] (5 active)

.Jan 26 10:14:57: sin_family 2, sin_port 37830, in_addr 10.0.134.70

.Jan 26 10:14:57: add_skinny_secure_socket: pid =325, new_sock=0, ip address = 10.0.134.70

.Jan 26 10:14:57: skinny_secure_handshake: pid =325, sock=0, args->pid=325, ip address = 10.0.134.70

.Jan 26 10:14:57: CRYPTO_PKI: unlocked trustpoint mytrustpoint1, refcount is 0

.Jan 26 10:14:57: Start TLS Handshake 0 10.0.134.70 37830

.Jan 26 10:14:57: TLS Handshake retcode OPSSLReadWouldBlockErr

.Jan 26 10:14:58: TLS Handshake retcode OPSSLReadWouldBlockErr

.Jan 26 10:14:59: TLS Handshake retcode OPSSLReadWouldBlockErr

.Jan 26 10:15:00: TLS Handshake retcode OPSSLReadWouldBlockErr

.Jan 26 10:15:01: CRYPTO_PKI: Added x509 peer certificate - (1157) bytes

.Jan 26 10:15:01: CRYPTO_PKI: validation path has 1 certs

.Jan 26 10:15:01: CRYPTO_PKI: Unable to locate cert record by issuername

.Jan 26 10:15:01: CRYPTO_PKI: No trust point for cert issuer, looking up cert chain

.Jan 26 10:15:01: TLS Handshake error -6992

.Jan 26 10:15:01: TLS context configuration FAILED for 0 10.0.134.70 37830

Can everybody help me?

Thanks Peter

  • Other Collaboration Voice and Video Subjects
8 REPLIES
Silver

Re: CME IP Phone Security via LSC

The ephone needs configuration of "device-security-mode" to be other than "none".

Cisco Unified CallManager Express Security Best Practices:

http://www.cisco.com/en/US/docs/voice_ip_comm/cucme/srnd/design/guide/security.html

New Member

Re: CME IP Phone Security via LSC

Hi Peter

I am with same problem. did you resolve this problem?

Thanks

Peterson

Re: CME IP Phone Security via LSC

Try adding this under your ephone:

cert-oper upgrade

-nick

New Member

CME IP Phone Security via LSC

Hi Nicholas

I have the same issue, and tried what you suggested - no success 

Any other ideas?

New Member

CME IP Phone Security via LSC

Hi PeterRoyMueller,

have you been able to solve the problem?! I am stuck with the same issue

Kind Regards

Florian

CME IP Phone Security via LSC

Hello,

DId anybody resolve this trouble?

CME IP Phone Security via LSC

Whats the CME version, do attach the show tech.

BR,

Kevin

CME IP Phone Security via LSC

I used other versions of cme, such us 4.1, 7.1, 8.6 on 2800 series routers with phones 7940, 7941, 7945 with different firmware 8-3-3, 8-3-5, 9-2-3, 9-3-1

sent "show tech"  to your e-mail

1584
Views
0
Helpful
8
Replies
This widget could not be displayed.