Solved: No Cisco CUCM CDR records after enabling FIPS

Aime · ‎12-04-2020

On a CUCM 12.5.1. billing server the CDR records send to Prognosis using SFTP.
After configuring the CUCM system for FIPS, the SFTP is no longer connecting to send the records.
Does the SFTP support RSA SHA2-256?

Aime · ‎12-04-2020

On 11.7 version of Prognosis;

Prognosis is looking for: server_host_key_algorithms string: ssh-rsa
CUCM is looking for: server_host_key_algorithms string: rsa-sha2-256

A Wireshark capture (with a capture filter for port 22) during the failures on Prognosis versions 11.7 and 11.9 show the same data.

Failures seem to be related to the "Key Exchange Init" packets.
# The Monitoring Node sends a "Key Exchange Init" packet.
# The CUCM sends a "Key Exchange Init" reply.
# The CUCM sends a “Disconnect” packet

This has been fixed for versions 11.7, 11.7 patch 4, and 11.9.

If you are experiencing this issue on any other versions, please let Support know.

View solution in original post

Aime · ‎12-04-2020

On 11.7 version of Prognosis;

Prognosis is looking for: server_host_key_algorithms string: ssh-rsa
CUCM is looking for: server_host_key_algorithms string: rsa-sha2-256

A Wireshark capture (with a capture filter for port 22) during the failures on Prognosis versions 11.7 and 11.9 show the same data.

Failures seem to be related to the "Key Exchange Init" packets.
# The Monitoring Node sends a "Key Exchange Init" packet.
# The CUCM sends a "Key Exchange Init" reply.
# The CUCM sends a “Disconnect” packet

This has been fixed for versions 11.7, 11.7 patch 4, and 11.9.

If you are experiencing this issue on any other versions, please let Support know.

No Cisco CUCM CDR records after enabling FIPS

No Cisco CUCM CDR records after enabling FIPS

Re: No Cisco CUCM CDR records after enabling FIPS

Re: No Cisco CUCM CDR records after enabling FIPS

IR Forums