Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Remote SIP Phones

Status
Not open for further replies.
wpetilli

wpetilli

Technical User
Joined
May 17, 2011
Messages
1,877
Location
US
I have provisioned around 30+ J169 SIP phones and tested every single one of them off a dirty Internet connection and ensured each extension logged in successfully. I have a user who received the phone and it sits at acquiring service and it doesn't go away. I log this user into my remote SIP phone and it works instantly. As stated, I definitely tested every one of these phones before shipping out. What can be the issue here? Is it the user's home Internet? Seems to pass the login portion and sits at acquiring service.

 
Sort by date Sort by votes
Maybe carrier grade NAT? If they check their public IP on their router - not by googling it - do they get a 10.?
 
Upvote 0 Downvote
I had the user boot the phone while I had a trace up on the SBC and it gets a fatal alert on the cert exchange (unknown CA). I looked at the cert the SBC is presenting and the phone identity cert. Not seeing why this would fail. I know I tested this phone before it went out. No doubt about it.
 
Upvote 0 Downvote
phone identity cert is 1 thing - the SBC must trust that authority.
SBC cert to the phone is another thing - the phone must trust that authority

So, unless you staged them in the office and the phone hit the same IP on the same signaling interface of the SBC with the same TLS Server Profile offering the same cert as the internet interface had, you'd have to trace back to be sure that the phone is receiving the same cert from the SBC on the internet than when it did when it was staged in the office. and that it came from the same CA
 
Upvote 0 Downvote
Only other thing I can think of is the trust certs somehow didn't get installed on the phone, but I'm very certain I put these on my home internet and ensured a successful login before I shipped out.
 
Upvote 0 Downvote
Maybe, maybe not. Unknown CA means something doesn't trust the authority having issued a cert. Either the phone not trusting the SBC's issuing CA or vice versa

If you can pcap it - like tshark -i B1 port 5061 -w /tmp/my.pcap while it happens then chmod 777 /tmp/*.pcap and mv /tmp/*.pcap /home/ipcs you can get it off with WinSCP

You can also extract the cert from the packet capture to be damn sure
 
Upvote 0 Downvote
so weird because there are other phones I shipped out that came online straight away. Same exact process.. Same SCEP process.. Same folder/file. the traceSBC isn't sufficient for that? I'll try the pcap.
 
Upvote 0 Downvote
might be, but its better to get it right off the wire
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

hebegb41
  • Locked
  • Question Question
Avaya SM/CM 8.1 J139 SIP phones and "bridged Appearances"
Replies
4
Views
1K
hebegb41
hebegb41
CarlosPrex
  • Locked
  • Question Question
Caller ID on analog phones
Replies
2
Views
502
busster
busster
hebegb41
  • Question Question
Converting 1 SIP carrier to another
Replies
1
Views
311
dialtonebone
dialtonebone
tweege
  • Locked
  • Question Question
Wireless phones - What all are folks using?
Replies
1
Views
369
Shaun E
Shaun E
lexer
  • Locked
  • Question Question
Avaya phone set 4610SW SIP firmware
Replies
2
Views
428
lexer
lexer

Part and Inventory Search

Sponsor

Back
Top