48-32
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter48 Configuring the Cisco Phone Proxy
Troubleshooting the Phone Proxy
Check the Security settings on the IP phone by selecting the Settings button > Security
Configuration. Settings for web access, Security mode, MIC, LSC, CTL file, trust list, and CAPF
appear. Under Security mode, make sure the IP phone is set to Encrypted.
Check the IP phone to determine which certificates are installed on the phone by selecting the
Settings button > Security Configuration > Trust List. In the trustlist, verify the following:
Make sure that there is an entry for each entity that the IP phone will need to contact. If there
is a primary and backup Cisco UCM, the trustlist should contain entries for each Cisco UCM.
If the IP phone needs an LSC, the record entry should contain a CAPF entry.
Make sure that the IP addresses listed for each entry are the mapped IP addresses of the entities
that the IP phone can reach.
Open a web browser and access the IP phone console logs at the URL http://IP_phone_IP
address. The device information appears in the page. In the Device Logs section in the left pane,
click Console Logs.
IP Phone Registration Failure
The following errors can make IP phones unable to register with the phone proxy:
TFTP Auth Error Displays on IP Phone Console, page48-32
Configuration File Parsing Error, page48-33
Configuration File Parsing Error: Unable to Get DNS Response, page48-33
Non-configuration File Parsing Error, page48-34
Cisco UCM Does Not Respond to TFTP Request for Configuration File, page48-34
IP Phone Does Not Respond After the Security Appliance Sends TFTP Data, page48-35
IP Phone Requesting Unsigned File Error, page48-36
IP Phone Unable to Download CTL File, page48-36
IP Phone Registration Failure from Signaling Connections, page48-37
SSL Handshake Failure, page 48-39
Certificate Validation Errors, page48-40

TFTP Auth Error Displays on IP Phone Console

Problem The IP phone displays the following Status message:
TFTP Auth Error
Solution This Status message can indicate a problem with the IP phone CTL file.
To correct problems with the IP phone CTL file, perform the following:
Step1 From the IP phone, select the Setting button > Security Configuration > Trust List. Verify that each
entity in the network—Primary Cisco UCM, Secondary Cisco UCM, TFTP server—has its own entry in
the trustlist and that each entity IP address is reachable by the IP phone.