cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5670
Views
0
Helpful
4
Replies

SIP trunk incoming callto CUCM 7.1.5 - authorization problem.

Alexey Platov
Level 1
Level 1

Hi everybody.

Just run into the strange problem - if SIP trunk uses digest authentification then CUCM 7.1.5 behavesin a strange way.

Incoming call goes like that:

1st invite goes without digest credentials.

After "401 Unauthorized" goes ACK and INVITE with all needed credentials.

But after that again goes "401 Unauthorized" !

INVITE sip:200@10.1.1.221 SIP/2.0

               SIP/2.0 100 Trying

               SIP/2.0 401 Unauthorized  WWW-Authenticate: Digest realm="BOINC" ...

ACK sip:200@10.1.1.221 SIP/2.0

INVITE sip:200@10.1.1.221 SIP/2.0

Authorization:  Digest username="cucm71",realm="BOINC",nonce=......

               SIP/2.0 100 Trying

               SIP/2.0 401 Unauthorized

ACK sip:200@10.1.1.221 SIP/2.0

I checked in the CUCM trace and found that digest user is not found

08/12/2011 13:02:05.005 CCM|ProcessSIPSecurity - can't find user cucm71 in the user table . Authorization fail.


But "cucm71" user is there.

appl_user.JPG

If no digest authentification is used then, of course, incoming calls are OK.

With CUCM 6.1 I never have such problem.

Any clue?

4 Replies 4

Mitchell.Drage
Level 1
Level 1

Any chance you got this to work?

I am having a similar problem where I have the application user configured and it denies me:

SIP/2.0 404 Not Found

Via: SIP/2.0/UDP 10.1.100.1:5060;branch=z9hG4bKF41929

From: ;tag=74004330-1049

To: ;tag=1504004667

Date: Sat, 21 Apr 2012 12:34:05 GMT

Call-ID: B2EB9BA8-8AE411E1-887EF97A-F80FE12A

CSeq: 5 REGISTER

Warning: 399 CUCMPUB "Unable to find device/user in database"

Content-Length: 0

sip-ua

credentials username SIPTEST password 7 ********* realm test

retry invite 2

retry register 10

timers connect 100

registrar ipv4:10.1.10.100 expires 3600

sip-server ipv4:10.1.10.100

host-registrar

Regards,

Mitch

I did manage it.

It was my negligence - you should manage "Digest Credentials" for this Application User not onle name and password! And your SIP trunk should use name and digest credentials configured.

Yeah I noticed that yesterday from your image.

I think my problem is caused by something else despite following the cisco guide to the tee.

I'll start a new thread rather than continue from yours.

Good to hear you found a solution for your problem.

Go to the trunk and check the sip security profile associated with this trunk.

uncheck the enable Digest Authentication in Device trunk security profile in the cucm.

reset the profile.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: