Well, it would appear that even after cert regeneration that the RLS server is still not working, same error message as before.
Probably time for someone with a little more knowledge of the guts of this thing to come in Josh Patten Brazos County Network Engineer 979.361.4676 From: [email protected] [mailto:[email protected]] On Behalf Of Josh M. Patten Sent: Saturday, May 14, 2011 5:03 PM To: Discussion list for users of sipXecs software Subject: Re: [sipx-users] 4.4 sipXrls dead I'll try that path... making backup right now... Josh Patten Brazos County Network Engineer 979.361.4676 From: [email protected] [mailto:[email protected]] On Behalf Of Tony Graziano Sent: Saturday, May 14, 2011 4:54 PM To: Discussion list for users of sipXecs software Subject: Re: [sipx-users] 4.4 sipXrls dead To issue the primary, the steps are the same. 1. generate the keys, then: 2. install the certs but remember if you install a new certificate, same everything, "You can re-run sipxecs-setup as many times as you wish on any server. However, if you run it on the master server, note that a new CA certificate will be generated and hence you will need to run it on all the other servers of the cluster." so perhaps shutting down services and running sipxecs-setup on each server, then start services... On Sat, May 14, 2011 at 5:49 PM, Josh M. Patten <[email protected]<mailto:[email protected]>> wrote: Also, wouldn't http://wiki.sipfoundry.org/display/sipXecs/SSL+Keys+and+Keystores be a better fit for what I need? Josh Patten Brazos County Network Engineer 979.361.4676<tel:979.361.4676> From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Josh M. Patten Sent: Saturday, May 14, 2011 4:48 PM To: Discussion list for users of sipXecs software Subject: Re: [sipx-users] 4.4 sipXrls dead Does this work for redundant proxies as well or should I just completely redo those as well? Josh Patten Brazos County Network Engineer 979.361.4676<tel:979.361.4676> From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Matthew Kitchin (public/usenet) Sent: Saturday, May 14, 2011 4:47 PM To: Discussion list for users of sipXecs software Subject: Re: [sipx-users] 4.4 sipXrls dead I have to do mine by hand, because the GUI won't work with Microsoft Active Directory Certificate Authority certs. As I was learning, I messed them up a lot and redid them several times. On one of my 4.2.1 -> 4.4 upgrades, something didn't go right apparently. You couldn;t change a VM PIN from a handset. I now redo them right after a 4.4 upgrade as a precaution. My steps are below. A few of them are specific to my environment obviously. mkdir $HOME/sslkeys cd $HOME/sslkeys /usr/bin/ssl-cert/gen-ssl-keys.sh --csr Country Name (2 letter code) [] : US State or Province Name (full name) [] : Tennessee Locality Name (eg, city) [] : Nashville Organization Name (eg, company) [] : DSI Organization Unit Name (eg, section) [VoIP Services] : http://nshpwis7/certsrv/ cat pbx.tx207.sipx.voip.csr Submit, and download as DER openssl x509 -in pbx.tx207.sipx.voip.cer -inform DER -out pbx.tx207.sipx.voip.crt -outform PEM mkdir /etc/sipxpbx/ssl/old cp -r /etc/sipxpbx/ssl/* /etc/sipxpbx/ssl/old/ cp pbx.tx207.sipx.voip.crt /etc/sipxpbx/ssl/ssl-web.crt cp pbx.tx207.sipx.voip.key /etc/sipxpbx/ssl/ssl-web.key cp pbx.tx207.sipx.voip.crt /etc/sipxpbx/ssl/ssl.crt cp pbx.tx207.sipx.voip.key /etc/sipxpbx/ssl/ssl.key rm /etc/sipxpbx/ssl/ssl.keystore rm /etc/sipxpbx/ssl/ssl-web.keystore cp nshpwis7.dsi-corp.netCA.crt /etc/sipxpbx/ssl/authorities /usr/bin/ssl-cert/ca_rehash On 5/14/2011 4:40 PM, Josh M. Patten wrote: I don't care, so long as it works. BTW I have verified this is an SSL problem because I cut resource-lists.xml down to just one list and now sipxrls.log is filled with those SSL errors. Have you had to redo your SSL stuff before? Josh Patten Brazos County Network Engineer 979.361.4676<tel:979.361.4676> From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Matthew Kitchin (public/usenet) Sent: Saturday, May 14, 2011 4:38 PM To: [email protected]<mailto:[email protected]> Subject: Re: [sipx-users] 4.4 sipXrls dead On 5/14/2011 4:13 PM, Josh M. Patten wrote: Also seeing: "2011-05-14T21:09:03.135356Z":7:KERNEL:ERR:it.ippbx.co.brazos.tx.us:SipServerBroker-7:42107940:sipxrls:"OsSSLServerSocket SSL_accept SSL handshake error:\n SSL error: 1 'error:00000001:lib(0):func(0):reason(1)'" "2011-05-14T21:09:03.135398Z":8:KERNEL:ERR:it.ippbx.co.brazos.tx.us:SipServerBroker-7:42107940:sipxrls:"OsSSLServerSocket SSL_accept SSL handshake error:\n SSL error: 336027900 'error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol'" Anyone here savvy on recreating SSL certs? Do you want new ones, or try and fix/recover the old ones? Josh Patten Brazos County Network Engineer 979.361.4676<tel:979.361.4676> From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Josh M. Patten Sent: Saturday, May 14, 2011 4:05 PM To: Discussion list for users of sipXecs software Subject: Re: [sipx-users] 4.4 sipXrls dead Yeah full backup. I somehow don't think that will help, and I'll explain why: Whenever Hoa was writing the fix for http://track.sipfoundry.org/browse/XX-8474 the time values that were used to "space out" requests were shortened slightly but not drastically in order to help changes finish sooner. Well, I think Dale W shortened it down too much for the final code and now if you have a huge RLS list (like I do) it will fill up the buffers before it can finish processing them and crash. Could someone with a little insight into the code look into this and let me know? Josh Patten Brazos County Network Engineer 979.361.4676<tel:979.361.4676> From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Tony Graziano Sent: Saturday, May 14, 2011 3:58 PM To: Discussion list for users of sipXecs software Subject: Re: [sipx-users] 4.4 sipXrls dead I normally perform reboots between upgrades. I find it helps. java "is" a four letter word you know... You hopefully got a full backup first in the case? On May 14, 2011 4:47 PM, "Josh M. Patten" <[email protected]<mailto:[email protected]>> wrote: > No, I'll do that. It appears that it maxes out and then core dumps, as I have > a fresh core dump in /var/log/sipxpbx right after this message in sipxrls.log > (this is the last message that's sent. After that it's radio silence.): > > "2011-05-14T20:43:20.797258Z":272:KERNEL:NOTICE:it.ippbx.co.brazos.tx.us:SipSubscribeClient-28:40D8A940:sipxrls:"OsMsgQShared::doSendCore > message queue 'ResourceListTask-29' is over half full - count = 99, max = > 100" > > Josh Patten > Brazos County Network Engineer > 979.361.4676<tel:979.361.4676> > > From: > [email protected]<mailto:[email protected]> > > [mailto:[email protected]<mailto:[email protected]>] > On Behalf Of Tony Graziano > Sent: Saturday, May 14, 2011 3:45 PM > To: Discussion list for users of sipXecs software > Subject: Re: [sipx-users] 4.4 sipXrls dead > > > have you tried an actual reboot? > On May 14, 2011 4:33 PM, "Josh M. Patten" > <[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>>> > wrote: >> Hmm it seems that more is unwell. All my services are now showing as >> "undefined" on my main server (redundant proxies are OK). I'm not quite sure >> where to begin my troubleshooting quest on this one. Anyone care point me in >> the right direction? >> >> Josh Patten >> Brazos County Network Engineer >> 979.361.4676<tel:979.361.4676> >> >> From: >> [email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>> >> >> [mailto:[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>>] >> On Behalf Of Josh M. Patten >> Sent: Saturday, May 14, 2011 3:27 PM >> To: >> [email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>> >> Subject: [sipx-users] 4.4 sipXrls dead >> >> After upgrading sipX from 4.2.1 to 4.4 this afternoon sipXrls will not >> respond to any requests and all that is in sipxrls.log when logging is set >> to info is: >> "2011-05-14T20:22:24.917670Z":3:RLS:INFO:it.ippbx.co.brazos.tx.us:pid-20269:07A69B40:sipxrls:"SIP_RLS_LOG_CONSOLE >> : DISABLE" >> "2011-05-14T20:22:24.917784Z":4:SIPDB:INFO:it.ippbx.co.brazos.tx.us:pid-20269:07A69B40:sipxrls:"initMutex.initialize >> returns dbInitializationMutex::AlreadyInitialized" >> >> I've tried restarting the RLS service a couple times to see if that would >> resolve it, as well as resending profiles to all servers with no luck. Is >> there something I've not done properly? >> >> Thanks >> >> Josh Patten >> Brazos County Network Engineer >> 979.361.4676<tel:979.361.4676> >> _______________________________________________ sipx-users mailing list [email protected]<mailto:[email protected]> List Archive: http://list.sipfoundry.org/archive/sipx-users/ _______________________________________________ sipx-users mailing list [email protected]<mailto:[email protected]> List Archive: http://list.sipfoundry.org/archive/sipx-users/ _______________________________________________ sipx-users mailing list [email protected]<mailto:[email protected]> List Archive: http://list.sipfoundry.org/archive/sipx-users/ -- ====================== Tony Graziano, Manager Telephone: 434.984.8430 sip: [email protected]<mailto:[email protected]> Fax: 434.326.5325 Email: [email protected]<mailto:[email protected]> LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 sip: [email protected]<mailto:[email protected]> Helpdesk Contract Customers: http://support.myitdepartment.net Blog: http://blog.myitdepartment.net Linked-In Profile: http://www.linkedin.com/pub/tony-graziano/14/4a6/7a4
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
