We are in the middle of upgrading from 4.1 to 6 and do not have the SAST token is there a way around this - if we removes the CTL security from the servers then reboot, will we manually have to log out or re-register all the phones ? Anyone had to do this before ?
If you have lost both tokens (you needed at least two to generate the CTL), you will need to manually erase the CTL from every phone. This is done within Settings > Security. View the CTL and unlock the config. It will give you an option to erase it. The phone will restart and attempt to download it again. Make sure that it can't. If you generated an LSC you will need to delete that from each phone as well.
Thanks for your reply. We have circa 4000 devices on site is this possible to remove the file using scripting, as the last thing i want to do is have to go to each of them and manually erase. Will the phone remained logged on as the user after the restart, as again, i dont really want to log everyone out then they all have to log back in. Much thanks for your reply.
To my knowledge there is no way to remove this from the phone remotely. If there was it would be a huge security problem. If you could just tell the phone to erase the CTL and then download a new one, it would be relatively simple to make it download a fake CTL and become a TLS proxy for that phone. The security guide states that LSC enrollment is supposed to happen over a trusted network only. Depending on your environment, "trusted network" is one of those magic terms (e.g. government/military).
As for extension mobility: I believe an EM login will persist across restarts. I would test one or two phones to confirm though.
Sounds like it is time to buy new walking shoes. :)
IntroductionCUCM Routing RulesDial String implementation PolicyCUCM Routing LogicSIP URI Call Routing Analysis+++ Case Study: 1 ++++++ Case Study: 2 +++Conclusion
Over the last few months, I have had the privilege of working on SI...
Are you getting this error “Installer User Interface Mode Not Supported. The installer cannot run in this UI mode. To specify the interface mode, use the -i command-line option, followed by the UI mode identifier. The value UI mode identifiers...