it's not strange files my friend... it's new feature that was introduced by
cisco with CUCM version 8.0.
*Security By Default*
long story short. go to phone security menu, unlock configuration, click on
ITL file and delete it. now it should work.
now read-on if you're interested what it actually does.
ITL (Initial Trust List) file, is a file that contains the signatures of
all servers in a cluster (CUCM, CAPF, TFTP).
When new phones first boot up - they will accept any ITL file or on the TVS
(Trust Verification Service) trust-store on CUCM.
but once ITL file is installed, they will not accept a new one, unless it
was signed by one of the TFTP servers that is present in the ITL file.
So if you move your phone from CUCM 8.x cluster to other cluster, you few
different options:
1) as I said, manually remove ITL file from the phone. good for one or few
phones, but not in a production with thousands...
2) in CUCM 8, configure CUCM Enterprise Parameter "Prepare Cluster for
Rollback to pre-8.0." and reset the phones. (this will actually remove ITL
file from phones)
3) If you have mixed-mode clusters, then just make sure one of the hardware
security tokens the CTL Client uses are same as on old cluster. (if
signature is not found in ITL but found in CTL file phone will still accept
the configuration file)
4) Bulk Certificate Export... basically exporting new TFTP/CUCM
certificates .pem files to old TVS server trust store. the phone will
contact it through https to verify validity of new certificates.
Hope this helps,
On Mon, Apr 23, 2012 at 4:21 PM, amin <amin_at_axizo.com> wrote:
> Hi experts,
>
>
>
> I have a phone that previously register to CUCM 8.6, now I remove it to
> work
> with CME7.0, then it keep asking the TFTP for strange files then it
> failback
> to its previous CUCM IP address, here the out put of the debug command
>
>
>
>
>
> Apr 23 14:04:19.309: TFTP: read request from host 177.3.11.108(49959) via
> FastEthernet0/0.11
>
> Apr 23 14:04:19.309: TFTP: Looking for ITLSEP001B2A200F04.tlv
>
> Apr 23 14:04:19.309: TFTP: Sending error 1 No such file
>
> Apr 23 14:04:19.529: TFTP: Server request for port 51909, socket_id
> 0x4B3414FC for process 350
>
> Apr 23 14:04:19.529: TFTP: read request from host 177.3.11.108(51909) via
> FastEthernet0/0.11
>
> Apr 23 14:04:19.529: TFTP: Looking for ITLFile.tlv
>
> Apr 23 14:04:19.529: TFTP: Sending error 1 No such file
>
> Apr 23 14:04:20.005: TFTP: Server request for port 52687, socket_id
> 0x4B3414FC for process 350
>
> Apr 23 14:04:20.009: TFTP: read request from host 177.3.11.108(52687) via
> FastEthernet0/0.11
>
> Apr 23 14:04:20.009: TFTP: Looking for SEP001B2A200F04.cnf.xml.sgn
>
> Apr 23 14:04:20.009: TFTP: Sending error 1 No such file
>
> Apr 23 14:04:20.217: TFTP: Server request for port 53202, socket_id
> 0x4B3414FC for process 350
>
> Apr 23 14:04:20.217: TFTP: read request from host 177.3.11.108(53202) via
> FastEthernet0/0.11
>
> Apr 23 14:04:20.217: TFTP: Looking for SEP001B2A200F04.cnf.xml.sgn
>
> Apr 23 14:04:20.217: TFTP: Sending error 1 No such file
>
> Apr 23 14:04:20.469: TFTP: Server request for port 50774, socket_id
> 0x4B3414FC for process 350
>
> Apr 23 14:04:20.469: TFTP: read request from host 177.3.11.108(50774) via
> FastEthernet0/0.11
>
> Apr 23 14:04:20.469: TFTP: Looking for XMLDefault.cnf.xml.sgn
>
> Apr 23 14:04:20.469: TFTP: Sending error 1 No such file
>
> Apr 23 14:04:20.969: TFTP: Server request for port 52272, socket_id
> 0x4B3414FC for process 350
>
> Apr 23 14:04:20.969: TFTP: read request from host 177.3.11.106(52272) via
> FastEthernet0/0.11
>
> Apr 23 14:04:20.969: TFTP: Looking for CTLSEP001C58F9EA0D.tlv
>
> Apr 23 14:04:20.969: TFTP: Sending error 1 No such file
>
> Apr 23 14:04:21.497: TFTP: Server request for port 51847, socket_id
> 0x4B3414FC for process 350
>
> Apr 23 14:04:21.497: TFTP: read request from host 177.3.11.108(51847) via
> FastEthernet0/0.11
>
> Apr 23 14:04:21.497: TFTP: Looking for XMLDefault.cnf.xml.sgn
>
> Apr 23 14:04:21.497: TFTP: Sending error 1 No such file
>
>
>
> Regards,
>
> Amin
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Mon Apr 23 2012 - 16:45:09 ART
This archive was generated by hypermail 2.2.0 : Tue May 01 2012 - 08:20:46 ART