Solved: Re: Yes, there are two extensions

jan.klepal · ‎10-21-2016

Hi,

I am testing Cisco CP 7841 phone as replacement for 6900 series IP phones. All works fine until two or more SIP accounts are provisioned. In such case telephone sends credentials for first account registration with Authorization header having credentials from second account. In case I add more accounts then credentials from last account are used.

Phone: 7841, Protocol: SIP, Tried with enterprise (non 3PCC) firmware: 10.3(1) and 11.5(1), SIP registrar: Asterisk 11

First account "alice" registration message:

REGISTER sip:192.168.222.1 SIP/2.0
From: <sip:alice@192.168.222.1>
To: <sip:alice@192.168.222.1>
Contact: <sip:alice@192.168.222.41:50015;transport=tcp>
Authorization: Digest username="bob",realm="asterisk",uri="sip:192.168.222.1",response="***",nonce="5f830b34",algorithm=MD5

This register message is rejected beacuse fromuser != authuser.

Accounts are correct in SEPMAC.cnf.xml:

    <sipLines> 
      <line button="1" lineIndex="1"> 
        <featureID>9</featureID> 
        <featureLabel>alice</featureLabel> 
        <proxy>USECALLMANAGER</proxy> 
        <port>5060</port> 
        <name>alice</name> 
        <displayName>alice</displayName> 
        <autoAnswer> 
          <autoAnswerEnabled>2</autoAnswerEnabled> 
        </autoAnswer> 
        <callWaiting>3</callWaiting> 
        <authName>alice</authName> 
        <authPassword>alice</authPassword> 
        <sharedLine>false</sharedLine> 
        <messageWaitingLampPolicy>3</messageWaitingLampPolicy> 
        <messagesNumber>alice</messagesNumber> 
        <ringSettingIdle>4</ringSettingIdle> 
        <ringSettingActive>5</ringSettingActive> 
        <contact>alice</contact> 
        <forwardCallInfoDisplay> 
          <callerName>true</callerName> 
          <callerNumber>true</callerNumber> 
          <redirectedNumber>false</redirectedNumber> 
          <dialedNumber>false</dialedNumber> 
        </forwardCallInfoDisplay> 
        <maxNumCalls>2</maxNumCalls> 
        <busyTrigger>1</busyTrigger> 
      </line> 
      <line button="2" lineIndex="2"> 
        <featureID>9</featureID> 
        <featureLabel>bob</featureLabel> 
        <proxy>USECALLMANAGER</proxy> 
        <port>5060</port> 
        <name>bob</name> 
        <displayName>bob</displayName> 
        <autoAnswer> 
          <autoAnswerEnabled>2</autoAnswerEnabled> 
        </autoAnswer> 
        <callWaiting>3</callWaiting> 
        <authName>bob</authName> 
        <authPassword>bob</authPassword> 
        <sharedLine>false</sharedLine> 
        <messageWaitingLampPolicy>3</messageWaitingLampPolicy> 
        <messagesNumber>bob</messagesNumber> 
        <ringSettingIdle>4</ringSettingIdle> 
        <ringSettingActive>5</ringSettingActive> 
        <contact>bob</contact> 
        <forwardCallInfoDisplay> 
          <callerName>true</callerName> 
          <callerNumber>true</callerNumber> 
          <redirectedNumber>false</redirectedNumber> 
          <dialedNumber>false</dialedNumber> 
        </forwardCallInfoDisplay> 
        <maxNumCalls>2</maxNumCalls> 
        <busyTrigger>1</busyTrigger> 
      </line>
    <sipLines>

Does anybody experience same problem? Can anybody with access to CUCM make SIP communication dump and confirm this issue?

Regards,

Jan

jan.klepal · ‎10-10-2019

Unfortunately not. Cisco uses their proprietary SIP with Callmanager and Asterisk SIP stack can't handle that.

We use IP phones with 3PCC firmware (for example CP-7841-3PCC-K9=).

And again, unfortunately you can't flash non-3PCC IP phone with 3PCC firmware without buing additional conversion licence L-CP-E2M-XXXX SKU (as mentioned by @Ashish Patel).

To make things even more funny, in case you accidentaly flash 3PCC phone with enterprise firmware you ~~can't revert it back~~ can revert it back by buing conversion licence. Thanks to Cisco licence policy you are struck with phone working only with Callmanager even you paid them extra money for non-Callmanager firmware. Unless you pay them another extra money for "conversion" licence. I loved Cisco products, now I try to avoid them whenever I can.

View solution in original post

Leo Laohoo · ‎10-21-2016

First off, attach the complete SEPmacaddress.cnf.xml file.

Next, what happens if one line is configured? Do both lines work?

Finally, the Asterisk server, who owns it? The provider?

jan.klepal · ‎10-22-2016

Hi Leo,

here is complete provision file. I've checked consolelog messages in the phone and there are no error messages about configuration file parsing.

If single line is configured registration works correctly.

If two or more lines are configured, phone tries to register first line and it fails because REGISTER message contains credentials from last configured account in SIP Authorization header (From, To and Contact headers contains correct username as you can see in my original post). Phone never tries to register second account because registration of first account fail. In other words phone registers alice's account with bob's credentials.

I own the Asterisk, it rejects registration with 403 Forbidden (Bad auth) and logs:

[2016-10-22 11:59:55.552] WARNING[2237] chan_sip.c: username mismatch, have <alice>, digest has <bob>

It corresponds with REGISTER SIP message, see attached sip-register.txt.

--Edit:

In case I switch SIP transport protocol from TCP to UDP, phone will register successfully second line with bob's username and bob's credentials however it still tries to register first line with alice's username and bob's credentials.

Also tried to change alice to 1111 and bob to 2222, however same result, it still uses invalid credentials: username mismatch, have <1111>, digest has <2222>.

Leo Laohoo · ‎10-22-2016

So under Asterisk extensions, there are two accounts: One for Alice and another one for Bob. Is this correct?

Have you tried other firmware versions?

jan.klepal · ‎10-22-2016

Yes, there are two extensions (two SIP peers in Asterisk terms), one for Alice and second for Bob. 6900 and 7900 series phones can register two or more accounts without problems.

I've tried 10.3(1) and 11.5(1) with same result. I can't downgrade below 10.3(1) because IP phone rejects firmware with message invalid load. 10.3(1) and above firmwares are twice in size of previous firmwares so I assume they changed whole system and therefore it can't be downgraded. Unfortunetaly switch to 3PCC firmware is not possible too.

I need somebody with access to CUCM to check if Callmanager ignores invalid credentials for second line on same IP phone or if Cisco changed provisioning for 7800 series phones and it just requires some additional tag in XML provisioning file.

Ian Stephens · ‎10-10-2019

Did you ever resolve this? If so, what did you do? We are having the same issue with Asterisk.

jan.klepal · ‎10-10-2019

Unfortunately not. Cisco uses their proprietary SIP with Callmanager and Asterisk SIP stack can't handle that.

We use IP phones with 3PCC firmware (for example CP-7841-3PCC-K9=).

And again, unfortunately you can't flash non-3PCC IP phone with 3PCC firmware without buing additional conversion licence L-CP-E2M-XXXX SKU (as mentioned by @Ashish Patel).

To make things even more funny, in case you accidentaly flash 3PCC phone with enterprise firmware you ~~can't revert it back~~ can revert it back by buing conversion licence. Thanks to Cisco licence policy you are struck with phone working only with Callmanager even you paid them extra money for non-Callmanager firmware. Unless you pay them another extra money for "conversion" licence. I loved Cisco products, now I try to avoid them whenever I can.

bijpraka · ‎10-10-2019

You can refer to https://upgrade.cisco.com/ which details the process of conversion from MPP -> Enterprise or vice-versa.

jan.klepal · ‎10-11-2019

OK, I have CP-7841-3PCC-K9 = which was accidentally upgraded to enterprise firmware. Can I revert it back to 3PCC without any cost? Document you linked states:

For customers that are not part of the Flex plan, the transition from one call control platform to another will incur a cost.

We are not part of the "Flex plan".

Ashish Patel · ‎10-11-2019

Hi

I think you are going to have to order the conversion L-CP-E2M-XXXX SKU to get the phone back to MPP Firmware at cost. I dont see any other way around it.
https://www.cisco.com/c/dam/en/us/products/collateral/collaboration-endpoints/unified-ip-phone-7800-series/firmware-migration-master-guide.pdf
Rgs

ashish

Invalid credentials if multiple SIP accounts on 7800 series IP phone