CM6.3.15 reset system 4

[wpetilli]

Need to upload our sub/rootCA's onto CM to connect SIP trunks to ASM. I read this requires a reset system 4 after it's installed. What is the impact on a duplex CM when doing this?

 

[kyle555]

I believe the certs are sync'd across both, but either way, it's 1 single application instance. Reset 4 means it's going down. Duplex doesn't help that.

 

[wpetilli]

Will it be long enough for the ESS to kick in? I'd rather it not

 

[kyle555]

From experience, a System Platform based 6.3 duplex with >20K phones can reset 4 in <1 minute. That's the minimum time any G450s would need before trying ESS. If you have G650s, because they're a little more sensitive, I suspect they might try sooner.

Also, reset system 4 just for the fun of it vs making CM load a new certificate into the bowels of its programming for SIP signaling groups might be different.

I'd lab it out to be completely sure, but without any other changes, I know you can reset 4 in <1 minute reliably and not have G450s start looking to ESS.

 

[wpetilli]

Yea, these are virtual CM's so hopefully they move even faster. I did this on another cluster last year, but it was during a migration so there were a bunch of other things being done to not worry about any failovers. One thing related was on my ASM I used the host name resolution table to put in the main CM and ESS IP's. ASM has always shown these entity links as 'partially up' with the ESS getting the 5xx because it was inactive. I hadn't realized until now that those root/subca certs weren't installed on the ESS. I just did that, proved off that a reset 4 was needed and after I did it the 'partially up' in CM changed to UP with the 5xx (inactive ESS) still there. Since it was an ESS I couldn't tell how long the reset took. Seemed quick because my traceSM that was running cleared past the 'fatal cert' error from that server. Probably around the time you mentioned <1.