Cisco Support
English
Feedback Help
Cisco Support Community
Register
cancel
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
barker_man
barker_man
Community Member
‎10-23-2009 03:22 AM
‎10-23-2009 03:22 AM

Lost SAST USB Token - how to recover

We are in the middle of upgrading from 4.1 to 6 and do not have the SAST token is there a way around this - if we removes the CTL security from the servers then reboot, will we manually have to log out or re-register all the phones ? Anyone had to do this before ?

0 Helpful
Reply
3 REPLIES
Jonathan Schulenberg
VIP Super Bronze Jonathan Schulenberg VIP Super Bronze
VIP Super Bronze
‎10-24-2009 02:23 PM
‎10-24-2009 02:23 PM

Re: Lost SAST USB Token - how to recover

If you have lost both tokens (you needed at least two to generate the CTL), you will need to manually erase the CTL from every phone. This is done within Settings > Security. View the CTL and unlock the config. It will give you an option to erase it. The phone will restart and attempt to download it again. Make sure that it can't. If you generated an LSC you will need to delete that from each phone as well.

Reply
barker_man
barker_man
Community Member
‎10-25-2009 09:09 AM
‎10-25-2009 09:09 AM

Re: Lost SAST USB Token - how to recover

Thanks for your reply. We have circa 4000 devices on site is this possible to remove the file using scripting, as the last thing i want to do is have to go to each of them and manually erase. Will the phone remained logged on as the user after the restart, as again, i dont really want to log everyone out then they all have to log back in. Much thanks for your reply.

0 Helpful
Reply
Jonathan Schulenberg
VIP Super Bronze Jonathan Schulenberg VIP Super Bronze
VIP Super Bronze
‎10-28-2009 07:23 PM
‎10-28-2009 07:23 PM

Re: Lost SAST USB Token - how to recover

To my knowledge there is no way to remove this from the phone remotely. If there was it would be a huge security problem. If you could just tell the phone to erase the CTL and then download a new one, it would be relatively simple to make it download a fake CTL and become a TLS proxy for that phone. The security guide states that LSC enrollment is supposed to happen over a trusted network only. Depending on your environment, "trusted network" is one of those magic terms (e.g. government/military).

As for extension mobility: I believe an EM login will persist across restarts. I would test one or two phones to confirm though.

Sounds like it is time to buy new walking shoes. :)

Reply
Latest Documents
Demystifying SIP URI Dialling: CUCM routing logic
Created by Ayodeji Okanlawon on 04-10-2018 05:03 AM
0
45
0
45
 IntroductionCUCM Routing RulesDial String implementation PolicyCUCM Routing LogicSIP URI Call Routing Analysis+++ Case Study: 1 ++++++ Case Study: 2 +++Conclusion Introduction  Over the last few months, I have had the privilege of working on SI... view more
Unable to create VIF interface on ISR G3 / ISR 4K
Created by kishahuj on 03-15-2018 04:29 PM
0
5
0
5
  ISRG3 we need Appx license which includes data and application features to configure VIF interface
RTMT Plugin Installation Error on Windows Machine
Created by Muk AD on 03-09-2018 12:28 PM
0
0
0
0
Hi All, Are you getting this error “Installer User Interface Mode Not Supported. The installer cannot run in this UI mode. To specify the interface mode, use the -i command-line option, followed by the UI mode identifier. The value UI mode identifiers... view more
All Documents
300
Views
9
Helpful
3
Replies
CreatePlease to create content
Discussion
Blog
Document
Video
Popular Blogs
SIP TRUNKS and RUN on ALL ACTIVE CM NODES
Created by Ayodeji Okanlawon on 02-07-2014 05:54 AM
26
254
26
254
CUBE SIP Media and Signalling Binding to an Interface
Created by Ayodeji Okanlawon on 04-04-2013 06:48 AM
69
135
69
135
Understanding Expressway SIP messaging
Created by Ayodeji Okanlawon on 10-07-2014 07:00 AM
1
81
1
81
All Blogs