Thanks, I have already had a look at both those links. :)
But I don't see anywhere in the document, if you could regenerate the certificate on the Publisher without it having any impact on the phones. In my situation there's no phones connected to the Publisher. Phones are only connected to subscribers.
I found a document on the salesconnect site, which is pointing towards, that I could regenerate the phones without any trouble.
When I'm reading the PDF (page 77-85), then I'm thinking that I can regenerate the IPsec and ccm certificate on the publisher without impact, because the publisher is not running the ccm servervice, and don't have any phones connected to it. IPsec would require me to restart the DRF services, but this has no impact.
Regenerating the TVS certificate would give me problems. I think that would prompt all the phone into restarting. But again not sure.
Regenerating the CAPF should be possible, if the CAPF service it not activated. Could you then just stop it on the servers?
IPSEC and can be done at any time with no impact to users. Like you said, restart the DR components, take a backup, and you're set.
callmanager and TVS should be done a good deal of time apart. I actually like to wait a few weeks on the off-chance that any straggler devices can come back online. Any devices that had been previously registered and taken offline will require the ITL file to be deleted once both callmanager and TVS have been regenerated.
In my experience, even if there aren't any phones registered to the pub, all phones in the environment will restart. You'll want to restart the callmanager and TFTP services (callmanager cert is used to sign files), as well as the TVS service so that it has an updated list of the installed certs.
If you're not using CAPF, that can be done at any time.
I forgot to mention that CTI Manager will also need to be restarted as it also uses the callmanager cert. I also will bounce all phones in a cluster after I'm done with cert work by going to Enterprise Parameters and using the reset button. You can verify that phones have gotten the updated certs using the methods found on teh Security by Default page. If this process goes sideways, you can call TAC and they may be able to run their tools to help get the phones back, but remember to take backups and make sure you have all of your ITL recovery keys backed up separately (some bugs have kept these from being backed up).
SIP traces provide key information in troubleshooting SIP Trunks, SIP
endpoints and other SIP related issues. Even though these traces are in
clear text, these texts can be gibberish unless you understand fully
what they mean. This document attempts to br...
Please find the attached HTML document, download and open it on your PC.
This provides an easy to use form where you simply answer a few
questions and it will render the proper jabber-config.xml file for you
to copy/paste. There is built in logic to verif...
CUCM Database Replication is an area in which Cisco customers and
partners have asked for more in-depth training in being able to properly
assess a replication problem and potentially resolve an issue without
involving TAC. This document discusses the bas...