在上个星期，挨踢小茶登录CUCM8.6的Disaster Recovery System查看schedule backup的状态的时候，惊奇的发现一台PUB和一台SUB登录进页面之后，点击任何菜单都没有反映。但是另一台SUB的同样页面是正常的。而且3台CUCM集群，登录Cisco Unified CM Administration等其他页面都能正常进行操作。

　　先介绍一下环境，CUCM版本是CUCM8.6.2.21900-5，3台服务器做集群，一个PUB，2个SUB。在GUI发现点击没有反映后，第一时间进入CLI看看是Web服务的问题还是DRS的问题。利用utils disaster_recovery history Backup发现，系统定义好的周期性备份都很正常，状态也都显示了success。查看相关的服务Cisco DRF Master和Cisco DRF Local都是正常运行的。这里先科普一下这2个服务具体所执行的任务（截取自官方文档）：

Backup and Restore Services

This section describes the Backup and Restore Services.

Cisco DRF Master

The CiscoDRF Master Agent service supports the DRF Master Agent, which works with the Disaster Recovery System graphical user interface (GUI) or command line interface (CLI) to schedule backups, perform restorations, view dependencies, check status of jobs, and cancel jobs, if necessary. The Cisco DRF Master Agent also provides the storage medium for the backup and restoration process.

In a Cisco Unified Communications Manager Business Edition system, this service supports both Cisco Unified Communications Manager and Cisco Unity Connection.

Cisco DRF Local

The Cisco DRF Local service supports the Cisco DRF Local Agent, which acts as the workhorse for the DRF Master Agent. Components register with the Cisco DRF Local Agent to use the disaster recovery framework. The Cisco DRF Local Agent executes commands that it receives from the Cisco DRF Master Agent. Cisco DRF Local Agent sends the status, logs, and command results to the Cisco DRF Master Agent.

In a Cisco Unified Communications Manager Business Edition system, this service supports both Cisco Unified Communications Manager and Cisco Unity Connection.

　　进入Cisco Unified Serviceability页面，查看Network Services发现，Cisco DRF Master和Cisco DRF Local都在运行的状态，但是惊奇地发现，这2个服务的运行时间和系统其他服务的运行时间明显短许多，表示在之前的某个时候，该服务可能因为运行出错而自动重启了。

　　鉴于“重启能解决90%的IT问题”的万金油解决方法，第一个想到的方法当然是重启该服务，但是很不幸，这次遇到的是10%的情况！

　　在寻找了一遍官方解决方案后，在思科的官方Bug ToolKit找到了相关的BUG记录：DRS page can login but no any response for any menu after RU，可惜的是，描述类似，但是官方并没有提供比较有效的解决方案。

　　最后在第三方的网站找到了比较靠谱的解决方案：http://permalink.gmane.org/gmane.comp.voip.cisco/63369 ，具体操作如下：

1. Log into OS Administration page
2. Security-> Certificate Management-> find
3. Click on ipsec.pem file and then click on regenerate
4. After the successful generation of the ipsec.pem file, download the same.
5. Go back to the certificate management page
6. Delete the existing corrupted ipsec-trust entry
7. Upload the downloaded ipsec.pem file with the caption ipsec-trust.
8. Restart MA/LA.

　　可能是因为证书过期的原因，只需要重新生成证书，并且替换掉失效的证书即可。

　　操作完后，发现原本不能访问的的确能访问了，但是原本能访问的SUB变成不能访问了，囧……

　　折腾几天后，发现最好尝试多几次，另外如果之前创建过不同的用于管理员管理WEB的Application ID，最好使用默认安装时候定义的Application ID帐号进行登录操作吧！

最终，3台CUCM能正常使用DRS了！