Guest

Preview Tool

Cisco Bug: CSCul66341 - ICSA service needs restart after ipsec cert is regenerated

Last Modified

Mar 09, 2018

Products (4)

  • Cisco Unified Communications Manager IM & Presence Service
  • Cisco Unified Communications Manager IM and Presence Service Version 9.0
  • Cisco Unified Communications Manager IM and Presence Service Version 9.1
  • Cisco Unified Presence Version 8.6

Known Affected Releases

8.6(4) 9.0(1) 9.1(1)

Description (partial)

Symptom:
After ipsec cert is regenerated on PUB node, the new cert is not necessarily propagated to SUB node. This can lead to inconsistencies in ipsec-trust certs on PUB and SUB, which further leads to other failures (e.g. backup fails on SUB). Restarting ICSA service, first on PUB, and then on SUB, syns newly generated certs, and avoids potential failures. 

At the moment, the document Managing Security Certificates in Cisco Unified Operating System, doesn't mention this in chapter Regenerating a Certificate. So strictly following the doc instructions can lead to potential failures.

Conditions:
Configuration with CUP PUB and one or more SUBs.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.