Re: SIP 403 Forbidden when dialing enpoints registered to CUCM 11.5

robertb · ‎03-07-2017

Hi,

I have recently deployed CUCM 11.5 with Expressway-C & E with CMS and have a couple Telepresnence Video systems registered to CUCM. Directory numbers have been associated to the units and units are registered. when attempting to dial the DN i recieve the below when looking at the call logs:

This occurs on all endpoints that are registered. I have searched CUCM top to bottom trying to find a reason for this as well at the endpoint as it seems the CUCM is acknowledging the call but the receiving party may be rejecting it.

Any Ideas?

Thanks.

TimHuffman · ‎09-26-2017

Did you happen to get a resolution to this issue? I'm having the same issue.

Thanks,

Tim

TimHuffman · ‎09-26-2017

I got it figured out with TAC's assitance. As stated with this link, it had to do with the Subject name in my SIP Trunk security profile: https://supportforums.cisco.com/t5/telepresence/cms-video-conferencing-error/td-p/3092752

The issue I was seeing is that I'm using a wildcard certificate so I had to have *.domain.name in my Subject line on the SIP Trunk Security Profile

Thanks,

Tim

Patrick Sparkman · ‎09-26-2017

Should be noted that wildcard certificates aren't supported with the VCS/Expressway products, from the certificate creation guides:

Wildcard certificates manage multiple subdomains and the services names they support, they can be less secure than SAN (Subject Alternate Name) certificates. Expressway does not support wildcard certificates.

TimHuffman · ‎09-26-2017

I couldn't agree more. This isn't expressways though, just CMS. Wildcards are supported on that platform.

Thanks,

Tim