Cisco Bug: CSCul66341 - ICSA service needs restart after ipsec cert is regenerated
Mar 09, 2018
- Cisco Unified Communications Manager IM & Presence Service
- Cisco Unified Communications Manager IM and Presence Service Version 9.0
- Cisco Unified Communications Manager IM and Presence Service Version 9.1
- Cisco Unified Presence Version 8.6
Known Affected Releases
8.6(4) 9.0(1) 9.1(1)
Symptom: After ipsec cert is regenerated on PUB node, the new cert is not necessarily propagated to SUB node. This can lead to inconsistencies in ipsec-trust certs on PUB and SUB, which further leads to other failures (e.g. backup fails on SUB). Restarting ICSA service, first on PUB, and then on SUB, syns newly generated certs, and avoids potential failures. At the moment, the document Managing Security Certificates in Cisco Unified Operating System, doesn't mention this in chapter Regenerating a Certificate. So strictly following the doc instructions can lead to potential failures. Conditions: Configuration with CUP PUB and one or more SUBs.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases