Re: [cisco-voip] MRA Onboarding via activation code... phone trust list?

[Jonathan Charles]

I will note that I am seeing EXTREMELY long registration and
re-registration times for the MRA phones... like 10 minutes+

It appears to cycle between downloading TFTP and VPN Not Configured and
then eventually registers...

No errors, just takes forever.


Jonathan

On Wed, Nov 17, 2021 at 5:00 PM Jonathan Charles  wrote:

> I asked TAC for it and they just sent me the CAPF doco...
>
> However, I found:
>
> https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/expressway/config_guide/X12-7/exwy_b_mra-deployment/exwy_m_provisioning-mra-devices.html
>
> [image: image.png]
>
> But it seems to suggest only your internal CA needs to be in there...
>
>
> Jonathan
>
> On Wed, Nov 17, 2021 at 4:49 PM Brian V  wrote:
>
>> @Jonathan Charles   one very interesting thing you
>> mentioned
>> " *Phone-Edge-Trust uploads the certs to the Cisco Cloud, so when the
>> phone gets the activation code it downloads those certs into its trust
>> store.*"
>> Would you happen to know where that is documented, and if so share
>> the link ?  I was not aware of that.
>> So you did NOT need to bring the phone back inside the network to have it
>> learn about the new Root CA Trust Cert / Chain ?
>> thats cool !
>>
>> On Wed, Nov 17, 2021 at 8:45 AM Jonathan Charles 
>> wrote:
>>
>>> OK, TAC never responded to me, but I found the solution I did a
>>> packet capture from the phone and saw it come back with an invalid CA for
>>> the Let's Encrypt certs... I uploaded the cert chain for Let's Encrypt to
>>> Phone-Edge-Trust on the CCM Publisher and the phone registered.
>>>
>>> Phone-Edge-Trust uploads the certs to the Cisco Cloud, so when the phone
>>> gets the activation code it downloads those certs into its trust store.
>>>
>>> This cert store is designed for people using their own internal certs,
>>> but my phone was a CP-8845-K9=V03 I got in 2017 and probably predates the
>>> Lets Encrypt CA so, if you see TLS error or Invalid CA in the PCAP, it
>>> is worth a shot to upload the E's external cert chain to the Pub.
>>>
>>>
>>> Jonathan
>>>
>>> On Thu, Nov 11, 2021 at 4:57 PM Jonathan Charles 
>>> wrote:
>>>
 Yes, they will, the Expressway E was designed around an ACME cert and
 Let's Encrypt is super free.

 Anyway, I think the issue is between the Expressway and CUCM at this
 point... escalating to TAc...


 Jonathan

 On Thu, Nov 11, 2021 at 4:49 PM Brian V  wrote:

> WIll the phones trust a LetsEncrypt cert ?
> Jabber works because the OS (Windows/MAC/iOS/Droid) gets updated root
> CA certs on a regular basis
> The trusted certs in the phone have to be placed there in the software
> by Cisco.
> This might be a situation where newer code on a phone is required if
> the trusted Root CA (or chain) for Lets Encrypt is missing on the phone.
>
> On Thu, Nov 11, 2021 at 11:27 AM Matthew Huff  wrote:
>
>> I wouldn’t put a lot of weight in the status on the phone with the
>> TLS error, I’ve seen that with working phones. Do you have the phone MRA
>> domain set? We have a separate device pool for MRA devices so it can set
>> the time from external ntp sources. If the time on the phone is off,
>> the crypto can fail as well.
>>
>>
>>
>> *Matthew Huff* | Director of Technical Operations | OTA Management
>> LLC
>>
>>
>>
>> *Office: 914-460-4039*
>>
>> *mh...@ox.com  | **www.ox.com *
>>
>>
>> *...*
>>
>>
>>
>> *From:* Jonathan Charles 
>> *Sent:* Thursday, November 11, 2021 11:50 AM
>> *To:* Matthew Huff 
>> *Cc:* Brian Meade ; cisco-voip voyp list <
>> cisco-voip@puck.nether.net>
>> *Subject:* Re: [cisco-voip] MRA Onboarding via activation code...
>> phone trust list?
>>
>>
>>
>> It is running 12.8... it has been locally reg'd before...
>>
>>
>>
>> On Thu, Nov 11, 2021 at 10:44 AM Matthew Huff  wrote:
>>
>> In the lab, have you tried setting up the phone without MRA and get
>> the firmware uploaded first? Depending on how old the firmware is, you 
>> may
>> have issues with onboarding. Our 8861 wouldn’t onboard until at least 
>> 12.5.
>>
>>
>>
>> *Matthew Huff* | Director of Technical Operations | OTA Management
>> LLC
>>
>>
>>
>> *Office: 914-460-4039*
>>
>> *mh...@ox.com  | **www.ox.com *
>>
>>
>> *...*
>>
>>
>>
>> *From:* cisco-voip  *On Behalf
>> Of *Jonathan Charles
>> *Sent:* Thursday, November 11, 2021 11:10 AM
>> *To:* Brian Meade 
>> *Cc:* cisco-voip voyp list 
>> *Subject:* Re: [cis

Re: [cisco-voip] MRA phones tuck at registering after internet blip

[Jonathan Charles]

I am running into a similar issue... did you find a solution?

On Tue, Oct 26, 2021 at 7:50 AM Matthew Huff  wrote:

> We are just starting to roll out our Cisco 8800 series phones via MRA, and
> have run into a small problem. As is common with residential ISPs when they
> do a firmware update, network maintenance, etc overnight the phones get
> disconnected and even when the internet comes back, the phones are still at
> “Registering…” on the phones. If the user notices this and powers cycles
> the phone it comes right back, but it can cause them to miss calls if they
> don’t notice it.
>
>
>
> Is there any tunables to address this?
>
>
>
> *Matthew Huff* | Director of Technical Operations | OTA Management LLC
>
>
>
> *Office: 914-460-4039*
>
> *mh...@ox.com  | **www.ox.com *
>
>
> *...*
>
>
> ___
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] MRA phones tuck at registering after internet blip

[Matthew Huff]

You  can change the Timer Register Expires in the SIP profile to make it a bit 
longer, but the max you can do is 1 hour. I also changed the Timer Subscribe 
Delta (seconds), for 5 to 15. Both changes helped (the profile has to be 
applied and phone reset). But we have a number of people that routinely loose 
internet for 2-3 hours overnight on a weekly basis. Cisco TAC’s only suggestion 
is for them to switch ISPs, but since this is in a rural area, it wasn’t an 
option.

Matthew Huff | Director of Technical Operations | OTA Management LLC

Office: 914-460-4039
mh...@ox.com | www.ox.com
...

From: Jonathan Charles 
Sent: Thursday, November 18, 2021 12:34 PM
To: Matthew Huff 
Cc: cisco-voip@puck.nether.net
Subject: Re: [cisco-voip] MRA phones tuck at registering after internet blip

I am running into a similar issue... did you find a solution?

On Tue, Oct 26, 2021 at 7:50 AM Matthew Huff 
mailto:mh...@ox.com>> wrote:
We are just starting to roll out our Cisco 8800 series phones via MRA, and have 
run into a small problem. As is common with residential ISPs when they do a 
firmware update, network maintenance, etc overnight the phones get disconnected 
and even when the internet comes back, the phones are still at “Registering…” 
on the phones. If the user notices this and powers cycles the phone it comes 
right back, but it can cause them to miss calls if they don’t notice it.

Is there any tunables to address this?

Matthew Huff | Director of Technical Operations | OTA Management LLC

Office: 914-460-4039
mh...@ox.com | www.ox.com
...

___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

[cisco-voip] UCCX 12.5 Real Time Reporting Tool

[Johnson, Tim]

Is anyone using UCCX 12.5 SU1 ES01, and able to use the Real Time Reporting 
Tool (not RTMT)? I find it to be handy in troubleshooting on rare occasions, 
but as soon as I upgraded to 12.5 from 12.0 back in August, it stopped working 
for me on multiple clients. It launches, but whenever you attempt to open any 
of the reports it just hangs with a Windows spinning wheel. Once or twice, I've 
been able to load one report after I launch the tool but it will stop working 
if I try to look at a different report.

I opened a TAC case a little while ago but the engineer took me down all sorts 
of rabbit holes. I had completely reinstalled Java and it ended up loading but 
then stopped working again within a day after. I didn't have the time or 
patience then to continue with TAC.

Tim Johnson
Voice & Video Engineer
Central Michigan University
Call me: +19897744406
Video Call me: johns...@cmich.edu
Fax me: +19897795900
Meet me: http://cmich.webex.com/meet/johns10t

___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] UCCX 12.5 Real Time Reporting Tool

[Bill Talley]

I was stuck on using JRE 1.7 because of the historical reliance by Cisco on 
that specific version.  After installing JRE 1.8, adding the security exception 
in Java, and restoring security prompts in Java, I was able to reconnect to CCX 
12.5 using the RTR utility you’re asking about.  The specific JRE version I’ve 
been using is 1.8.0_291.



> On Nov 18, 2021, at 12:58 PM, Johnson, Tim  wrote:
> 
> Is anyone using UCCX 12.5 SU1 ES01, and able to use the Real Time Reporting 
> Tool (not RTMT)? I find it to be handy in troubleshooting on rare occasions, 
> but as soon as I upgraded to 12.5 from 12.0 back in August, it stopped 
> working for me on multiple clients. It launches, but whenever you attempt to 
> open any of the reports it just hangs with a Windows spinning wheel. Once or 
> twice, I’ve been able to load one report after I launch the tool but it will 
> stop working if I try to look at a different report.
>  
> I opened a TAC case a little while ago but the engineer took me down all 
> sorts of rabbit holes. I had completely reinstalled Java and it ended up 
> loading but then stopped working again within a day after. I didn’t have the 
> time or patience then to continue with TAC.
>  
> Tim Johnson
> Voice & Video Engineer
> Central Michigan University
> Call me: +19897744406 
> Video Call me: johns...@cmich.edu 
> Fax me: +19897795900
> Meet me: http://cmich.webex.com/meet/johns10t 
> 
>  
> ___
> cisco-voip mailing list
> cisco-voip@puck.nether.net 
> https://puck.nether.net/mailman/listinfo/cisco-voip 
> 
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip