tokenless CTL is a new feature introduced on Cisco Unified Communications Manager from 10.0, it allows for the encryption of phone signalling and media without the need for the USB eToken as was previously mandated.
- have access to CLI
- ensure the Database replication is working properly and there is full connectivity between the nodes
on the CLI of the CUCM CLI enter the command to check if a CTL is present
Length of CTL file: 0
CTL File not found. Please run CTLClient plugin or run the CLI – utils ctl.. to generate the CTL file.
Error parsing the CTL File.
on the phone check if CTL is installed, settings > Security > Enterprise Security > CTL – Not installed, ITL Installed
you can check the cluster security mode is set to 0 under CUCM Admin Page > System > Enterprise Parameters
place the cluster into mixed-mode
admin:utils ctl set-cluster mixed-mode
This operation will set the cluster to Mixed mode. Do you want to continue? (y/n):y
Moving Cluster to Mixed Mode
Cluster set to Mixed Mode
Please Restart the TFTP and Cisco CallManager services on all nodes in the cluster
that run these services
here again you can verify that the mode has now been set to 1 – Mixed Mode
Now you can restart CallManager and TFTP service on CUCM and phones to ensure they receive the correct CTL file
The checksum value of the CTL file:
Length of CTL file: 6362
The CTL File was last modified on Sat Mar 11 13:41:42 BST 2017
Parse CTL File
HeaderLength: 420 (BYTES)
The CTL file was verified successfully.