Showing results for 
Search instead for 
Did you mean: 

Simon Battye

Proxied Movi Registrations


I have an issue where Jabber for Telepresence/Movi registrations are residing on the VCS-Expressway and not the VCS-Control, this scenario is based on only the VCS-Control being provisioned with TMS and clients are struggling to recieve phonebooks as a result of this.

Am i correct in thinking that registrations should be proxied if the following is applied:

- DefaultZone, DefaultSubzone and Traversal Zone are all set to 'Do not check credentials' on the VCS-Expressway

- The VCS-Expressway is not configured with a SIP Domain

- Under SIP Configuration, proxied registrations is configured to either proxy to known only or proxy to any

- Proxied registrations is also configured on the Traversal Zone.

Zone authentication is configured as such on the VCS-Control:

Default Subzone: Treat as Authenticated

DefaultZone: Check Credentials

Traversal Subzone: Check Credentials

Both VCS servers are running X7.1 softwaare and only the VCS-Control has the relevant SIP domain configured yet all registrations from external reside on the VCS-Expressway.

Provisioning Extension is also be used.




authentication policies on both VCSs look correct but how about your search rules configured.

are you using .* at the end of domain name for routing. x7.1 uses GRUU feature that needs that needs to be considered by adding .* to the end of search rule.



What I never understood is why there are no additional zones for provisioning, phonebooks and presence,

so you can do some more clever handling of such issues.

Simon: is there a provisioning key installed on the vcs-e? That can also cause issues, as it will

add a sip route to the local vcs which can cause no proper phonebooks to be returned.

Other things to check is if the phonebook uri for external users is properly configured.

Besides that a debug session on Jabber and or the VCSs could be handy, to see what happens


* is the phonebook provisioned

* is jabber it sending it to the expected uri

* does it reach and get processed by the right vcs

* what is returned by which vcs: nothing, empty response, error message and if which status code, ...

It is also dependends if you use which kind of authentication model you use (like AD authentication)

also which provisioning model is deployed

In general I read two issues out of your message:

* your current setup with reg on the vcs-e works but lacks the phonebooks

* you wonder how to set it up with reg. on the vcs-c

Check out the VCS admin guide and the Provisioning / VCS deployment gudes as well as the "Device authentication on Cisco VCS Deployment Guide"

Please remember to rate helpful responses and identify


if you can post a snippet of your xconfig regarding SIP in here. it may help to narrow than the problem and what may have been misconfigured.


Thanks for all your feedback.

So i logged on and there was a device provisioning option key on the VCS-Expressway which i have now removed, but i am still getting the same issue(s) where i have no phonebook and the regsitration shows on the VCS-Expressway.

Only the VCS-Control is provisioned with TMS, VCS-Expressway does not facilitate any form of authentication, it should query the VCS-Control for this, which i presume confirms that my search rules are all ok as i can see on the VCS-Control that the user has been provisioned when the registration resides on the VCS-Expressway.

I'll try do some debugging later today if i get a chance but here is a snippet of the xconfig:

*c xConfiguration SIP Mode: On

*c xConfiguration SIP Registration Standard Refresh Strategy: Maximum

*c xConfiguration SIP Registration Standard Refresh Minimum: 45

*c xConfiguration SIP Registration Standard Refresh Maximum: 60

*c xConfiguration SIP Registration Outbound Refresh Strategy: Variable

*c xConfiguration SIP Registration Outbound Refresh Minimum: 300

*c xConfiguration SIP Registration Outbound Refresh Maximum: 3600

*c xConfiguration SIP Registration Outbound Flow Timer: 0

*c xConfiguration SIP Registration Proxy Mode: ProxyToKnownOnly

*c xConfiguration SIP Registration Call Remove: No

*c xConfiguration SIP Session Refresh Value: 1800

*c xConfiguration SIP Session Refresh Minimum: 500

*c xConfiguration SIP UDP Mode: On

*c xConfiguration SIP UDP Port: 5060

*c xConfiguration SIP TCP Mode: On

*c xConfiguration SIP TCP Port: 5060

*c xConfiguration SIP TCP Outbound Port Start: 25000

*c xConfiguration SIP TCP Outbound Port End: 29999

*c xConfiguration SIP TLS Mode: On

*c xConfiguration SIP TLS Port: 5061

*c xConfiguration SIP Require UDP BFCP Mode: On

*c xConfiguration SIP Require Duo Video Mode: On

*c xConfiguration SIP Authentication Retry Limit: 3

*c xConfiguration SIP Authentication NTLM Mode: Auto

*c xConfiguration SIP Authentication NTLM SA Lifetime: 28800

*c xConfiguration SIP Authentication NTLM SA Limit: 10000

*c xConfiguration SIP Authentication Digest Nonce ExpireDelta: 300

*c xConfiguration SIP Authentication Digest Nonce Maximum Use Count: 128

*c xConfiguration SIP Authentication Digest Nonce Limit: 10000

*c xConfiguration SIP Authentication Digest Nonce Length: 60

*c xConfiguration SIP GRUU Mode: On

*c xConfiguration SIP MediaRouting ICE Mode: Off

Thanks, Simon

Hi Simon,

Could you check if the sip routes still exist on VCS Expressway after you  have removed the provisioing option key (check with xconf // routes) ?


I run the command, there are no SIP routes still on the VCS-Expressway.

Thanks, Simon

Hi Simon,

It sounds strange for me that the register request is still getting serviced on the VCS Expressway where no sip domain is configured.

I would suggest starting diagnostic log level debug, register Jabber client and when the problem is replicated stop the logging

Then collect xstat and xconf  and open a case with TAC;



Hi Simon,

do you have any CPL script running on your VCSE?

what version of Jabber clients are you using?

what version of TMS?

maybe we can replicate your error in our lab?


- No CPL Script active on VCS-Express

- Jabber video for TelePresene v4.6

- TMS 13.2.1

Let me know if there is anymore information you need to replicate this.

I did restart the VCS-E after removing the device provisioning option key, all templates and search rules are fine as registrations via the VCS-E are actually authenticated on the VCS-Control


I would suggest to open a case with Tac in order to check your configuration and some logs. I think there is something overlooked in your configuration that needs to be carefully checked out by TAC.

regards, Ahmad


Hi Simon,

All Zone in the VCS should check credential . Did restart the Vcse after removing the provisioning key. What is about your templates on the tms? You must assign the template . Try a search rule on the Vcse any any to the Vcsc . In the search rules do not use authentication to find out the problem. Did you see requests on the Vcsc ?

Sent from Cisco Technical Support iPhone App

Recognize Your Peers
Content for Community-Ad