I configured a 2911 router for secure conferences, sccp admin state is up but i got TCP connection error. We are using CUCM v8.5.1.
When I telnet on port 2443 to our CUCM (through gi0/0 - phone vlan) it is able to establish the connection thus firewall/routing doesn't seem to be the prob.
sh sccp shows:
SCCP Admin State: UP
Gateway Local Interface: GigabitEthernet0/0
IPv4 Address: 10.36.38.254
Port Number: 2000
IP Precedence: 5
User Masked Codec list: None
Call Manager: 10.20.30.2, Port Number: 2000
Priority: N/A, Version: 7.0, Identifier: 1
Call Manager: 10.20.30.1, Port Number: 2000
Priority: N/A, Version: 7.0, Identifier: 2
Call Manager: 10.20.0.2, Port Number: 2000
Priority: N/A, Version: 7.0, Identifier: 3
Call Manager: 10.20.30.3, Port Number: 2000
Priority: N/A, Version: 7.0, Identifier: 4
Conferencing Oper State: ACTIVE_IN_PROGRESS - Cause Code: TCP_CONN_ERROR
Active Call Manager: NONE
TCP Link Status: NOT_CONNECTED, Profile Identifier: 10
Signaling Security: ENCRYPTED TLS
Media Security: SRTP
Config of GW is the following:
dsp services dspfarm
sccp local GigabitEthernet0/0
sccp ccm 10.20.0.3 identifier 4 version 7.0 trustpoint nhscm02
sccp ccm 10.20.0.2 identifier 3 version 7.0 trustpoint nhscm01
sccp ccm 10.20.30.1 identifier 2 version 7.0 trustpoint wacm01
sccp ccm 10.20.30.2 identifier 1 version 7.0 trustpoint wacm02
sccp ccm group 999
bind interface GigabitEthernet0/0
associate ccm 2 priority 1
associate ccm 1 priority 2
associate ccm 4 priority 3
associate ccm 3 priority 4
associate profile 10 register wienvoicegw01
registration retries 5
registration timeout 15
switchover method immediate
switchback method immediate
dspfarm profile 10 conference security
description ***DSP for Conference ***
maximum sessions 4
associate application SCCP
I created the trustpoints, imported via terminal the CUCM certificates / created a self-signed for the router.
Then I exported the router certifcate and uploaded it to our Publisher.
I configured enhanced conference bridge (encypted mode).
Everything else except conference calls are working - any idea?
Thanks and regards
I've been unable to fix it yet - still need help. Does nobody have an idea?
In most cases it seems to be a routing / firewall issue. I am quite sure that it isn't that kind of problem over here..
Not sure if you checked out this great link secure conferencing:
It covers the registration troubleshooting as well. Let me know if it still fails and we can try and take a deeper dive into it.