• ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
The Poly Phones Knowledge Base is live! We look forward to helping you with common issues and troubleshooting advice!
HP Recommended

Hello,

 

I've done some searching and cannot find this exact issue, or anything that has pointed me in the correct direction.

 

I have read the FAQs regarding TLS and SRTP. They were extremely helpful.

 

We're running FreePBX Distro 13 / Asterisk 13.13. On the PBX side we are using the PJSIP channel driver mainly to support multiple endpoints registering to the same extension.

 

UC versions are 5.5.1.12442 on the VVXs and 4.1.1.0731 on the SPIP 550s.

 

I'm currently testing enabling TLS and SRTP on one extension that has a VVX400 and SPIP 550 registering to it, as well as an occasioal soft phone.

 

The SPIP550 and Blink softphone register correctly and show that calls are secured. However, the VVX400 will not register.

 

The logs on the VVX show TLS connection completing successfully, but the PBX returns 480 Temporarily Unavailable when it tries to register.

 

The log on the PBX shows the following: (endpoint IP=x.x.x.x, PBX IP=y.y.y.y)

 

 

[2017-02-23 08:21:40] ERROR[6771] pjproject: sip_transport. Error processing 586 bytes packet from TLS x.x.x.x:36690 : PJSIP syntax error exception when parsing 'Request Line' header on line 1 col 1:
\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\nREGISTER sip:y.y.y.y:5061;transport=tls SIP/2.0
Via: SIP/2.0/TLS x.x.x.x:36690;branch=z9hG4bK218a0195C3AE9BEA
From: "8123" <sip:8123@y.y.y.y:5061>;tag=D4AA4B0B-DB7E9AC0
To: <sip:8123@y.y.y.y:5061>
CSeq: 1 REGISTER
Call-ID: f33530c14d784c41e4f632fcfcd0bef1
Contact: <sip:8123@x.x.x.x:36690;transport=tls>;methods="INVITE, ACK, BYE, CANCEL, OPTIONS, INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE, REFER"
User-Agent: PolycomVVX-VVX_400-UA/5.5.1.12442
Accept-Language: en
Max-Forwards: 70
Expires: 120
Content-Length: 0


-- end of packet.

The required device.sec and sec.tls settings are defined in my device.cfg file, so they are the same on both endpoints. The only configs specific to the endpoints are the mac-reg.cfg and mac-features.cfg and in both of those the port was changed for the registration as well as the transport to TLS.

 

Has anyone encountered this, and is there anything different on the VVX compared to the SPIP that would cause this failure?

 

Thank you,

Christian 

6 REPLIES 6
HP Recommended

Hello Christian ,


welcome to the Polycom Community.

The SPIP550 should be on UC Software 4.0.11 and not 4.1.1 as this is for LYNC only.

 

I suggest you post your configuration and try and get some logs of the VVX Phone.

 

  • Settings > Logging > Global Log Level Limit > Debug
  • Settings > Logging > Log File Size (Kbytes) > 160
  • Settings > Logging > Module Log Level Limits > SIP > Debug
  • Settings > Logging > Module Log Level Limits > TLS > Debug
  • Settings > Logging > Module Log Level Limits > CURL > Debug


Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
HP Recommended

Thank you Steffen.

 

I'll update the log settings and take a look through them. In the mean time, the configuration I modified for the TLS and SRTP is below.

 

device.cfg

 

<device>
<device.sec>
<device.sec.TLS device.sec.TLS.customCaCert1="-----BEGIN CERTIFICATE-----CERT_TEXT-----END CERTIFICATE-----;">
<device.sec.TLS.customCaCert1 device.sec.TLS.customCaCert1.set="1" />
</device.sec.TLS>
</device.sec>
</device>

<sec>
<sec.TLS>
<sec.TLS.SIP sec.TLS.SIP.strictCertCommonNameValidation="0" />
</sec.TLS>
</sec>

 

mac-reg-advanced.cfg

 

<reg 
reg.1.displayName="8123"
reg.1.address="8123"
reg.1.label="8021 - Main"
reg.1.auth.userId="8123"
reg.1.auth.password="SECRET"
reg.1.lineKeys="1"
reg.1.server.1.address="y.y.y.y"
reg.1.server.1.port="5061"
reg.1.server.1.expires="120"
reg.1.server.1.expires.lineSeize="30"
reg.1.server.1.register="1"
reg.1.server.1.retryMaxCount="3"
reg.1.server.1.retryTimeOut="30"
reg.1.server.1.transport="TLS"
reg.1.type="private"
reg.1.callsPerLineKey="24"
reg.1.srtp.enable="1"
reg.1.srtp.offer="1"
reg.1.srtp.require="1" >
</reg>

The items changed for the TLS test were the port, transport, and the SRTP lines were added.

 

On the 550, I changed the firmware to the 4.0.11, and it works as expected.

 

 

 

 

HP Recommended

Hello Christian ,

Can you see the certificate in the web interface?

 

Its missing the device.set="1" and we need logs

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
HP Recommended

I do see the certificate in the web interface, on both devices, and the device.set=1 is there. I only grabbed part of the cfg the fist time, here is the whole thing:

 

<polycomConfig xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="polycomConfig.xsd">
<device device.set="1">
<device.auth device.auth.localAdminPassword="222222" device.auth.localUserPassword="111111">
<device.auth.localAdminPassword device.auth.localAdminPassword.set="1" />
<device.auth.localUserPassword device.auth.localUserPassword.set="1" />
</device.auth>
<device.sec>
<device.sec.TLS device.sec.TLS.customCaCert1="-----BEGIN CERTIFICATE-----CERT_TEXT-----END CERTIFICATE-----;">
<device.sec.TLS.customCaCert1 device.sec.TLS.customCaCert1.set="1" />
</device.sec.TLS>
</device.sec>
</device>
<sec>
<sec.TLS>
<sec.TLS.SIP sec.TLS.SIP.strictCertCommonNameValidation="0" />
</sec.TLS>
</sec>
</polycomConfig>

The log from the VVX400 is attached.

 

 

HP Recommended

Hello Christian ,


The log shows an initial registration success using port 5060 and then later I only see a Register so the log is to short.

 

I would suggest using syslog or similar.

 

Looking up the phones MAC I see it was sold via First Video Communications FZ-LLC to the AFGHAN POLICE (UNDER MINISTRY OF DEFENCE) back in 15/11/2016 so it is still in warranty so you can work with FVC on opening a ticket.


Best Regards

Steffen Baier

Polycom Global Services

------------------------------------------------
Notice: I am an HP Poly employee but all replies within the community are done as a volunteer outside of my day role. This community forum is not an official HP Poly support resource, thus responses from HP Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge.
If you need immediate and/or official assistance for former Poly\Plantronics\Polycom please open a service ticket through your support channels
For HP products please check HP Support.

Please also ensure you always check the General VoIP , Video Endpoint , UC Platform (Microsoft) , PSTN
HP Recommended

Thank you Steffan for the information.

 

I took a look at it again last night and it looks like the 480 response from the PBX come before the TLS Handshake. The handshake completes successfully and the it attempts to register that extension, however, the registration generates the error in my first post on the PBX.

 

Since this seems to be an issue with this particular phone or model as it works fine using the same extension on the SPIP 550, I'll persue the warranty support avenue.

 

 

 

 

† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.