Solved: Re: IP Communicator status rejected on CUCM no error on Phone

Edwin Vos · ‎08-02-2012

Hello,

I have an issue with CIPC version 8.6.1 on CUCM 8.5.1. The CUCM server is installed on voice vlan subnet 192.168.1.X/24 and the IP communicator is running on data vlan subnet 192.168.2.X/24. There is a firewall between the two vlan's but all TCP connections are allowed both ways.

When I try to connect the CIPC after giving in the correct TFTP server address the device is configured on CUCM using the auto registration option of CUCM. The CIPC however ends up on CUCM on state rejected. The phone does not show an error. So please note that this is not an error DBConfig.

To find a solution I tried these options:

- Configure a Third party SIP device X-lite to connect from data vlan to voice vlan cucm adress. The X-lite registers correctly on CUCM

- Connect CIPC phone from within the voice vlan to CUCM, CIPC does register from this subnet.

When I observe the SDI and SDL traces I can see that there is timeout on capabilies request from CUCM to CIPC

11:57:38.745 |EndPointTransientConnection - An endpoint attempted to register but did not complete registration Connecting Port:2000 Device name:SEPXXXXXXXXXXXX Device IP address:192.168.2.10 device type:30016 Reason Code:6 Protocol:SCCP IPAddressAttributes:3 LastSignalReceived:StationClose StationState:wait_capabilities App ID:Cisco CallManager Cluster ID:StandAloneCluster Node ID:HOST|AlarmSEPXXXXXXXXXXXX^*^SEPXXXXXXXXXXXX

Are the capabilies send using UDP from CIPC to CUCM?

Aaron Harrison · ‎08-02-2012

My CIPC 8.6 seems to prefer to use http on 6970 rather than TFTP (e.g. http://192.168.0.80:6970/ringlist.xml)

Maybe check you can browse that port.

Also it's possible that the firewall is doing something 'clever' e.g. trying to do application-level inspection of the traffic, and making a hash of it. Check if there is any specific SCCP support that you can disable - often the code on the firewall isn't up to date enough or has other problems.

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!

View solution in original post

Chris Deren · ‎08-02-2012

TFTP uses UDP port 69 not TCP port, so ensure you allow it to pass the firewall.

HTH,

Chris

Aaron Harrison · ‎08-02-2012

My CIPC 8.6 seems to prefer to use http on 6970 rather than TFTP (e.g. http://192.168.0.80:6970/ringlist.xml)

Maybe check you can browse that port.

Also it's possible that the firewall is doing something 'clever' e.g. trying to do application-level inspection of the traffic, and making a hash of it. Check if there is any specific SCCP support that you can disable - often the code on the firewall isn't up to date enough or has other problems.

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!

Edwin Vos · ‎08-03-2012

Thanks for the pointer Aaron,

The Juniper firewall that was in between did pass all traffic UDP and TCP, but was configured to do SCCP inspection with an out of date firmware.

After clearing the SCCP inspection the phone registers to CUCM. The strange thing is that the juniper logs were not showing any dropped SCCP traffic

Thanks again.

Aaron Harrison · ‎08-03-2012

Hi

Good stuff. I've seen this lots of times and spent lots of time debating it with firewall admins who similarly see nothing in the logs!! I presume this is because the 'fixup' that they do isn't well validated so the firewall doesn't see it as a problem, and the packets are probably not actuall dropped, just scrambled.

Glad you have it resolved!

Regards

Aaron Harrison

Principal Engineer at Logicalis UK

Please rate helpful posts...

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!

Juan carlos Arcaya Padilla · ‎10-10-2012

hi

i have a same problem but no have any firewall, the ip phone was registred normaly but the ip communicatorn 8.6.2 is rejected on cum status and the ip comunicator is CONFIGUING IP all timeeesss

can you help me

ayakkopu1 · ‎07-26-2018

4 steps to overcome this problem : 1. Make sure the device name is the SEPXXXXXXXXXX(Eg: SEP12K3J3J34J34) in phone config page 2. Change from default to statically assigned TFTP (CUCM secondary and primary) 3. Go to security settings, erase the CTL file and phone will reload 4. Close application and relaunch in admin mode.