Guest

Preview Tool

Cisco Bug: CSCvt54453 - CUCM - SELinux Prevent CTIManager from Accessing ca-bundle.crt

Last Modified

Sep 08, 2020

Products (1)

  • Cisco Unified Communications Manager (CallManager)

Known Affected Releases

12.5(1.11900.146)

Description (partial)

Symptom:
CTIManager is being prevented access to a file which causes the 'messages' file to be flooded with errors like this:

user 3 setroubleshoot: SELinux is preventing /usr/local/cm/bin/CTIManager from read access on the lnk_file /etc/pki/tls/certs/ca-bundle.crt. For complete SELinux messages run: sealert -l 3dc5aafe-12e8-469b-ad02-31dab2a420a

This occurs when TLS is enabled for LDAP authentication and can lead to high CPU on the node in question.  This does not seem to impact the authentication process, it just causes higher than expected resource utilization.

Conditions:
CUCM 12.5.1SU1
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.