I recently upgraded my corporate UC systems to 12.4 (from 11.5) in order to implement OAuth for security vice CAPF on Jabber devices. However, once the security profile is set to OAuth, soft phones fail to register through MRA (on Prem devices continue to register and function as normal). I have checked the documents and followed the guides for implementation. OAuth on CUCM is enabled and sip-oauth mode is on. Expressway-C CUCM deployment refreshed and shows the auto created CEOAuth zone and search rule, CUCM shows contactable on port 5091. IM&P, Voicemail, and Directory all connect and function on MRA. However, I find the following errors when logging in over MRA on a desktop Jabber client:
"sipoauthflag set to TRUE on device's security profile. Register received on wrong port(5061)!
02115959.012 |10:37:57.167 |AppInfo |DMMSStationD-SD(23) - sendRegisterResp: non-200 response code 403, ccbId 213436, expires 4294967295, warning SIP OAuth Registration port Mismatch
02115959.013 |10:37:57.167 |AppInfo |DMMSStationD-SD(23) - DevStat-StopClose: SIP OAuth Registration port Mismatch"
Everything works as expected if I turn off OAuth on the sip security profile (just as it did prior to upgrade -- this includes the use of tokens)
Jabber config XML has <SSO_Enabled>TRUE</SSO_Enabled> and login provides authentication webpage, login clears, tokens are granted per Expressway logs.
I have found no way to configure this behavior... Port 5091 is NOT blocked between C and CUCM. I am unsure of why the registration is being sent to CUCM port 5061 instead of 5091. Can anyone here be of assistance?
Expressway-C Config:
UC
