Cisco Systems and the ASA Services Module Manual De Usuario

Check the Security settings on the IP phone by selecting the Settings button > Security 
Configuration. Settings for web access, Security mode, MIC, LSC, CTL file, trust list, and CAPF 
appear. Under Security mode, make sure the IP phone is set to Encrypted.

Check the IP phone to determine which certificates are installed on the phone by selecting the 
Settings button > Security Configuration > Trust List. In the trustlist, verify the following:

Make sure that there is an entry for each entity that the IP phone will need to contact. If there 
is a primary and backup Cisco UCM, the trustlist should contain entries for each Cisco UCM. 

If the IP phone needs an LSC, the record entry should contain a CAPF entry. 

Make sure that the IP addresses listed for each entry are the mapped IP addresses of the entities 
that the IP phone can reach.

Open a web browser and access the IP phone console logs at the URL

 http://IP_phone_IP 

. The device information appears in the page. In the Device Logs section in the left pane, 

click Console Logs. 

The following errors can make IP phones unable to register with the phone proxy:

The IP phone displays the following Status message: 

TFTP Auth Error

This Status message can indicate a problem with the IP phone CTL file. 

To correct problems with the IP phone CTL file, perform the following:

From the IP phone, select the Setting button > Security Configuration > Trust List. Verify that each 
entity in the network—Primary Cisco UCM, Secondary Cisco UCM, TFTP server—has its own entry in 
the trustlist and that each entity IP address is reachable by the IP phone.