Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3636
Views
5
Helpful
16
Replies

CUBE with MS Teams Direct Routing SIP TLS error

Go to solution
Rene Mueller
Level 5
Level 5

‎06-17-2025 01:41 AM

Hi Folks!

strange situation here. Since a week or two I can see on almost every CUBE we are running in our branch offices that there are SIP TLS errors coming up. Here is an example:

 

7231900: Jun 16 07:40:07.293 SAST: %SIP-2-TLS_HANDSHAKE_FAILED: TLS handshake failure - remote_addr=52.114.132.46, remote_port=5061
7231908: Jun 16 07:42:03.362 SAST: %SIP-2-TLS_HANDSHAKE_FAILED: TLS handshake failure - remote_addr=52.114.132.46, remote_port=5061
7231909: Jun 16 07:43:05.509 SAST: %SIP-2-TLS_HANDSHAKE_FAILED: TLS handshake failure - remote_addr=52.114.148.0, remote_port=5061
7231910: Jun 16 07:44:05.513 SAST: %SIP-2-TLS_HANDSHAKE_FAILED: TLS handshake failure - remote_addr=52.114.148.0, remote_port=5061
7231912: Jun 16 07:45:05.528 SAST: %SIP-2-TLS_HANDSHAKE_FAILED: TLS handshake failure - remote_addr=52.114.148.0, remote_port=5061
7231924: Jun 16 07:47:04.525 SAST: %SIP-2-TLS_HANDSHAKE_FAILED: TLS handshake failure - remote_addr=52.114.148.0, remote_port=5061
7231929: Jun 16 07:49:05.513 SAST: %SIP-2-TLS_HANDSHAKE_FAILED: TLS handshake failure - remote_addr=52.114.148.0, remote_port=5061
7231935: Jun 16 07:51:03.336 SAST: %SIP-2-TLS_HANDSHAKE_FAILED: TLS handshake failure - remote_addr=52.114.132.46, remote_port=5061
7231939: Jun 16 07:52:04.537 SAST: %SIP-2-TLS_HANDSHAKE_FAILED: TLS handshake failure - remote_addr=52.114.148.0, remote_port=5061
7231943: Jun 16 07:54:05.285 SAST: %SIP-2-TLS_HANDSHAKE_FAILED: TLS handshake failure - remote_addr=52.114.132.46, remote_port=5061
7231946: Jun 16 07:56:05.339 SAST: %SIP-2-TLS_HANDSHAKE_FAILED: TLS handshake failure - remote_addr=52.114.132.46, remote_port=5061
7231954: Jun 16 07:58:03.486 SAST: %SIP-2-TLS_HANDSHAKE_FAILED: TLS handshake failure - remote_addr=52.114.148.0, remote_port=5061
7231955: Jun 16 07:59:04.516 SAST: %SIP-2-TLS_HANDSHAKE_FAILED: TLS handshake failure - remote_addr=52.114.148.0, remote_port=5061

In this scenario we receive incoming pstn call, but cannot dial out anymore. We don't use the Baltimore cert anymore which was used by MS before.

We used the design configruation from Cisco:

https://www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/interoperability-portal/direct-routing-with-cube.pdf&ved=2ahUKEwiL9s_yhviNAxX7TqQEHUU9E4oQFnoECB4QAQ&usg=AOvVaw0xFsI1k...

 

Does anyone here experience the same issue in the last couple of weeks?

2 people had this problem
Labels:
0 Helpful
16 Replies 16

Go to solution
Stijni
Level 1
Level 1

‎06-22-2025 12:07 AM

We had this problem too and even though I read about the Baltimore certificate being expired, I found it strange that problems started to show up after a month.

Your solution worked perfectly. I initially added the digicert certificate, but those 2 last commands did the trick:

no crypto pki trustpool policy
no crypto pki certificate pool

 Thanks. Wished I found this one earlier.

0 Helpful

Go to solution
Alessandro Bertacco
Level 1
Level 1

‎07-04-2025 03:07 AM

Thank you so Much Rene, Same issue here and solve with your solution.

Best regards

Alessandro

0 Helpful
Customers Also Viewed These Support Documents