cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8043
Views
10
Helpful
13
Replies

Registration Rejected Security error

eslam rizk
Level 4
Level 4

It was Old system Running on CUCM 6.1.2 ,
and we Install new Call manager 10.5.2 with two servers ( Sub & Pub )
and I configure all Phones in our New Call manager and Move the Phones to register with it using (Sub/Pub) order In my CM Group But ...

- When I restart all Phones, it Start Upgarding firmware Process but , It register with Publisher Not Subscriber !!! 
- Trying to Put Sub Only in CM group and use it in Phone Registration But See This Error 
   [ Registration Rejected Security error ] 

Notes : 
1- all Our Phones (7911,7931,7961) Show This Message 
2- Try to Register one Phone Manually with Subscriber and It register and working fine 
3- I have Configure CSF Device(jabber) and Login on it and I see It Register with Subscriber  (when my Phones Register with Publisher)

What Can be Reason for This Issue and How to Solve 

13 Replies 13

Deepak Rawat
Cisco Employee
Cisco Employee

Can you check the status of DB replication using below command and make sure it should be showing 2:

utils dbreplication runtimestate

If replication is not fine, try to repair it using below command from publisher CLI:

utils dbreplication rebuild all

Also, I am assuming that auto registration is enabled on the Subscriber server as well.

Regards

Deepak

- Rate Helpful Posts -

Thats What I do 
I test DB Replicationa From Publisher Console 
I display me Replication is Fine 

Can be CTL Issue as I see in Some Topics or there are other issues may cause this ? 

Well yes it definitely could be if you are moving phones from one cluster to other but that is only applicable if phones at some point had been registered to a 8.x cluster or later, since you mentioned 6.x in your post so that does not make much sense and secondly the phones are getting registered when the publisher on top of CM group.

But you can definitely give it a try delete the CTL file completely reset the phone and then see if it registers with subscriber CM. Also make sure the services in subscriber CM are in started state, it will also be worth trying to restart Cisco Call Manager service on subscriber and see if it helps

Regards

Deepak

I will Test it and see if it's Cause this issue
But why Jabber for Windows (CSF Device) Register with Subscriber !!!
Thats Weird 

Note :
1- In My CM Group the Order is 1- Subscriber
                                                    2- Publisher 
2- Phones see Subscriber but Skip or Not Register with it , and Go to register with Publisher 
3- In Unified CM Configuration on the Phones I See CM1 is Sub and CM2 is Pub 
Thats Mean Device Pool Configuration is Correct 

BR 
Eslam

Just adding to the good tips from my friend Deepak, if your 6.1.2 cluster was a secure cluster then this could be an issue with CTL files downloaded on IP phones. Since jabber clients won't have the CTL files they are able to register.

Manish

In Customer Site I try to Reset one Phone to test it when Phone registration rejected message appear , 
1- Create CM Group Contain Sub Only 
2- Create Device Pool Contain This Group 
3- assign this Pool to my Phone 
4- Reset the Phone 
5- Phone Replay with the same error message 

Is CTL Files are Deleted by Hard Reset or Not

Other Note :
Is CTL Files is may be not provided  from Subscriber server to Phones , and for this Phones Failed in registration with it ?

I will be on Customer site today and will try to delete CTL files from Phones and test

Do there are any Other Reasons cause this problem to can do and test the resault ?


The most likely reasons have already been covered, you can test and update us.

Manish

I do Hard Reset for IP Phone as test ( I think any thing on it must be deleted )
and it's start to upgrade new firmware ,
and create new CM Group contain only Sub
But Phone still Refuse to Register to it , and show me the same error 
I am surprised , Only Phones can't 
I Guess its Certificate issue as My MGCP Gateway Register to Sub as main and working fine , also Jabber CSF Devices register to Sub
Is there is any method can stop this security or Certificate issue

- I do Hard Reset for IP Phone as test ( I think any thing on it must be deleted )
and it's start to upgrade new firmware ,
and create new CM Group contain only Sub
But Phone still Refuse to Register to it , and show me the same error 
- I am surprised , Only Phones can't 
- MGCP Gateway Register to Sub as main and working fine , also Jabber CSF Devices register to Sub
- I run all services on the Sub and Pub 

Do i need to add IP of subscriber as 2nd option 150 ? 

Can Help please 

Adding subscriber in option 150 wont be of any help as it just provides TFTP server info to the phone.

As long as the phone gets the list of CUCM to register to, the TFTP is fine. Then the phone should send register message to the CUCMs in the same order and the corresponding CUCM node will ACK that.

Since the phone registration is rejected by subscriber, can you try to get the below phone configuration file file from the sub in windows command line with below command

tftp -i <ipaddress of subscriber> get <SEPXXXXXXXXXXXX>.cnf.xml

(replace SEPXXXXXXXXXXXX with the actual MAC address of the phone you are trying to register)

eslam rizk
Level 4
Level 4

It Was Due to missing of Domain Name in DHCP Pool That Phones Take
When Adding it in the DHCP Pool , Phones Register Normally
Thanks All for your Info, help and support

Thanks a l0t, you saved my day