Yesterday (December 17, 2014) Cisco has released a much-anticipated X8.5 update to their VCS/Expressway appliances. In addition to some cool new features (support for SSO to CUCM over MRA, CDR logging/reporting, media statistics, etc.), the update adds support for Early Media over MRA, which squishes two bugs that may affect your Jabber environment: CSCul52293 (“Edge calls are missing or have incorrect tones and announcements”) and CSCua72781 (“VCS does not forward early media on 183 or 180 with SDP”). Refer to the posted release notes for more information about this update.
Month: December 2014
CUCM 10.5: L2 Updates May Get Stuck When Optional Email Notification Is Selected
So I encountered another issue today: I was updating an existing 10.5 CUCM cluster with a new patch (10.5.2.10000-5) and the process would get stuck after a few minutes of the upgrade initiation. The last line that I would see in the console and the installation log file is:
upgrade_manager.sh|Upgrade (L2) Starting|
What should follow next? Correct: an [optional] email from “ucs-installer@cisco.com” with a subject line “Upgrade (L2) CallManager 10.5.2.10000-5 Started — <node name>” should follow. It never did. Turns out, our SMTP Relay was not permitting relay from the CallManager’s IP address, so the installation could not proceed. Workaround: either opt-out of the notification email or fix your SMTP relay!
Hope this helps someone.
CUCM 10.5.1: CSR SAN and Certificate SAN Mismatch
I’ve been lucky to hit another bug today. Brand-new deployment of CUCM/CUC/CUPS version 10.5.1 and I’m unable to upload a freshly-generated SAN certificate from Starfield. I would get the following error: “CSR SAN and Certificate SAN does not match”.
Originally, I thought the issue is a result of the CA inserting a www-prefixed name as one of the SANs in the cert (e.g. www.common_name.domain.com). So I have manually added the www-prefixed name in the CSR and re-keyed the cert. No luck. After multiple retries, I gave up and opened a TAC case. I’m glad I did, because apparently I hit another bug. The reason why CUCM can’t match the certificates’ SANs against CSR is because the hostnames are all in UPPER case, while the cert is issued for hostnames names in lower case.
The bug affects systems running version 10.5.1.10000-7 and is fixed in newer releases of CUCM, but I was given a link to download an ES (Engineering Special) version that is almost guaranteed to work.
Hope this helps someone who has been beating his/her head against the wall trying to figure this one out.