/mcpStep 4 Wait ten minutes for the Cisco Unified IP Phones to automatically restart and register with Unified Communications Manager. Perform Bulk Reset of ITL File Make sure you perform this procedure only from the Unified Communications Manager publisher. The bulk reset of the ITL file is performed, when phones no longer trust the ITL file signer and also cannot authenticate the ITL file provided by the TFTP service locally or using TVS. To perform a bulk reset, use the CLI command utils itl reset. This command generates a new ITL recovery file and re-establishes the trust between phones and the TFTP service on CUCM. When you install Unified Communications Manager, use the CLI command file get tftp ITLRecovery.p12to export the ITL Recovery pair and then perform a backup through DR. You will also be prompted to enter the SFTP server (where the key is exported) and password. Tip Procedure Step 1 Perform any one of the following steps: • Run utils itl reset localkey. • Run utils itl reset remotekey. Note For utils itl reset localkey, the local key resides on the publisher. When issuing this command, the ITL file is signed temporarily by the CallManager key while the ITL Recovery key is resetting. Step 2 Run show itl to verify that the reset was successful. Step 3 From Cisco Unified CM Administration, choose System > Enterprise Parameters. Step 4 Click Reset. The devices restart. They are ready to download the ITL file that is signed by the CallManager key and accept configuration files. Step 5 Restart the TFTP service and restart all devices. Note Restarting the TFTP service causes the ITL File to be signed by the ITLRecovery Key and rolling back the changes in Step 1. The devices download the ITL file that is signed with the ITLRecovery Key and register correctly to Unified Communications Manager again. Security Guide for Cisco Unified Communications Manager, Release 15 and SUs 33 An Introduction to Unified CM Security Perform Bulk Reset of ITL File