- This Week in Scams: $16.6 Billion Lost, Deepfakes Rise, and Google Email Scams Emerge | McAfee Blog
- Proof-of-concept bypass shows weakness in Linux security tools, claims Israeli vendor
- SAP NetWeaver customers urged to deploy patch for critical zero-day vulnerability
- Lenovo targets AI workloads with massive storage update
- Girls Power Tech Inspires the Next Generation of Tech Leaders
CUCM Mixed Mode With Tokenless CTLs
CUCM Mixed Mode With Tokenless CTLs
move phones registered to the old cluster to instead register to the new cluster.
Download the CallManager.pem from new cluster pub and upload that cert as phone-trust to the old cluster. This will enable the old cluster TVS to have TVS-aware phones trust the new cluster.
When the phone is told (say, via change in DHCP option 150 value) to register to the new cluster, it will fail to authenticate the new cluster’s CTL file due to a different file signer.
So, the phone will then connect with its already-trusted TVS server in the old cluster. At this point, since the new cluster pub cert was added as phone-trust in the old cluster, TVS will instruct the phone to trust the cert.
Then, based on TVS’s go-ahead, the phone will now load and install the new cluster CTL file.
At this stage, the phone will trust only the entries in the new cluster CTL file – and also any certs that the new cluster’s TVS can trust.
Also, it seems like this procedure would also work with the token-based CTL client, as long as TVS is present and all the moving endpoints support TVS.
http://www.cisco.com/c/en/us/support/docs/unified-communications/unified-communications-manager-callmanager/118893-technote-cucm-00.html
thanks for this quick note. Just a question – after you uploaded new cluster’s callmanager.pem as a Phone-SAST-trust certificate, did you restart the TVS service? Were you required to restart the phones in the old cluster after this, or did you only need a reboot when you moved them across?