registration problem SIP/2.0 401 Unauthorized

Discussion in 'General' started by witekprytek, Apr 15, 2009.

  1. witekprytek

    Joined:
    Dec 19, 2007
    Messages:
    145
    Likes Received:
    0
    I have couple f cisco phones 7906 flashed with SIP firmware. They were connected with TB box (asterisk 1.2) and have worked fine. Today I have duplicated TB extension on my elastix (1.5.2) and try to register phones with elastix. No one phone has registered.

    Asterisk CLI on elastix shows (the same for each phone):

    avs01*CLI>
    <--- Transmitting (no NAT) to 10.233.112.104:49157 --->
    SIP/2.0 401 Unauthorized
    Via: SIP/2.0/UDP 10.233.112.104:49157;branch=z9hG4bK56af9061;received=10.233.112.104
    From: <sip:885@10.233.111.132>;tag=001e4a922caf000be65eaa81-1ee177a1
    To: <sip:885@10.233.111.132>;tag=as387f0e26
    Call-ID: 001e4a92-2caf0002-48138062-9bfd58cb@10.233.112.104
    CSeq: 110 REGISTER
    User-Agent: Asterisk PBX
    Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
    Supported: replaces
    WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="35948ba5"
    Content-Length: 0

    Both networks are connected via router without NAT. I can ping phones.

    Any idea why it does not work? The extension configuration was simple copied from old TB and only IP of server has been changed in phone configuration.

    How to debug it? what does mean "SIP/2.0 401 Unauthorized" - how to check what is wrong - pass or username?
     
  2. witekprytek

    Joined:
    Dec 19, 2007
    Messages:
    145
    Likes Received:
    0
    I have made some tests and sniffing.
    This problem appears on some softphones too.
    I have noticed, that:
    1. Phone send auth request to elastix (asterisk) and try to provide registration
    2. Asterisk answer - method not allowed try to replace
    3. Cisco phones and some softphones do not understand this and retransmit register request.

    I have noticed, that GXP 2000 after receiving "replace" send second auth as digest and register with Asterisk (elastix)

    The question is - is it possible to allow extension to register with "plain text"?
     
  3. Patrick_elx

    Joined:
    Dec 14, 2008
    Messages:
    1,120
    Likes Received:
    0
    do you have alwaysauthreject=yes in your sip.general.custom or other sip.conf?

    If so, it can mask the real reason why you can't register. Try do deactivate it for the debug.
     
  4. witekprytek

    Joined:
    Dec 19, 2007
    Messages:
    145
    Likes Received:
    0
    I do not see "alwaysauthreject=yes" in config files.
    I have added "alwaysauthreject=no" in sip_general_custom.conf (for sure) but effect is still the same.
     
  5. blackgecko

    Joined:
    Apr 13, 2009
    Messages:
    29
    Likes Received:
    0
    the extensions you are using with the Cisco Phones have to had

    nat=never

    at least thats what i had to do to make them work, try that and let me know
     
  6. witekprytek

    Joined:
    Dec 19, 2007
    Messages:
    145
    Likes Received:
    0
    Hi all,
    I did all the above:
    1. set in sip_general_custom.conf "alwaysauthreject=no"
    2. for extensions nat=never

    Nothing has changed. I try to use another cisco phone c7911 flashed with sip. On the first I have connected it to old box running Trixbox with Asterisk 1.2 - everything work fine.
    But with Elastix and Asterisk 1.4 - I have 401 Unauthorized error.

    In cisco config file I can see lines like this:
    <authenticationURL>http://server/cisco/services/authentication.php</authenticationURL>
    <directoryURL>http://server/xmlservices/PhoneDirectory.php</directoryURL>
    <idleURL>http://server/xmlservices/index.php</idleURL>
    <informationURL />
    <messagesURL />
    <proxyServerURL />
    <servicesURL>http://server/xmlservices/index.php</servicesURL>

    But elastix does not include any of the files above - are they necessary for proper Digest authentication for Cisco phones? I did not find it in TB with Asterisk 1.2, but phones can authorize without any problems.

    I have noticed, related problems with softphones - they try to register at least two times. "Fring" running on mobile phone is not able to register to elastix 1.52 at all.
    "401 Unauthorized"

    I have googled a little and it seems to be a bug in some Asterisk 1.4 compilation.
    (e.g. http://bugs.digium.com/view.php?id=14284)

    So I really don't know where to go now and what to check/change on my elastix pbx.

    Any suggestions?
     
  7. Patrick_elx

    Joined:
    Dec 14, 2008
    Messages:
    1,120
    Likes Received:
    0
    could you show us the CLI output of: sip show settings
     
  8. witekprytek

    Joined:
    Dec 19, 2007
    Messages:
    145
    Likes Received:
    0
    Here you are

    Global Settings:
    ----------------
    SIP Port: 5060
    Bindaddress: 0.0.0.0
    Videosupport: Yes
    AutoCreatePeer: No
    Allow unknown access: Yes
    Allow subscriptions: Yes
    Allow overlap dialing: Yes
    Promsic. redir: No
    SIP domain support: No
    Call to non-local dom.: Yes
    URI user is phone no: No
    Our auth realm asterisk
    Realm. auth: No
    Always auth rejects: No
    Call limit peers only: Yes
    Direct RTP setup: No
    User Agent: Asterisk PBX
    MWI checking interval: 10 secs
    Reg. context: (not set)
    Caller ID: Unknown
    From: Domain:
    Record SIP history: Off
    Call Events: Off
    IP ToS SIP: CS3
    IP ToS RTP audio: EF
    IP ToS RTP video: AF41
    T38 fax pt UDPTL: No
    RFC2833 Compensation: No
    SIP realtime: Disabled

    Global Signalling Settings:
    ---------------------------
    Codecs: 0x1c010d (g723|ulaw|alaw|g729|h261|h263|h263p)
    Codec Order: ulaw:20,alaw:20,g729:20,g723:30
    T1 minimum: 100
    Relax DTMF: No
    Compact SIP headers: No
    RTP Keepalive: 0 (Disabled)
    RTP Timeout: 60
    RTP Hold Timeout: 120
    MWI NOTIFY mime type: application/simple-message-summary
    DNS SRV lookup: Yes
    Pedantic SIP support: No
    Reg. min duration 60 secs
    Reg. max duration: 3600 secs
    Reg. default duration: 60 secs
    Outbound reg. timeout: 20 secs
    Outbound reg. attempts: 0
    Notify ringing state: Yes
    Notify hold state: Yes
    SIP Transfer mode: open
    Max Call Bitrate: 384 kbps
    Auto-Framing: No
    avs01*CLI>
    Default Settings:
    -----------------
    Context: from-sip-external
    Nat: RFC3581
    DTMF: rfc2833
    Qualify: 0
    Use ClientCode: No
    Progress inband: Never
    Language: (Defaults to English)
    MOH Interpret: default
    MOH Suggest:
    Voice Mail Extension: *97
     
  9. Patrick_elx

    Joined:
    Dec 14, 2008
    Messages:
    1,120
    Likes Received:
    0
    ok, just a question:

    you've said that your system is connected via router. Which one?

    Are you sure that the setup of your network was exactly the same with your TB box (same network, same connection to the router, etc...).

    I had recently a problem with some Cisco firewall were the sip fixup protocol was faulty and created some registration problem.

    Could you try to debug by putting your extensions or softphones on the same hub or switch than your pbx to make sure that your router is not involved.
     
  10. witekprytek

    Joined:
    Dec 19, 2007
    Messages:
    145
    Likes Received:
    0
    OK.
    I have connected the C7911 phone direct to the switch where the Elastix is connected. On second Elastix interface. No NAT, no routing - this same subnet, no vlans.
    I have tested the connection and registration with ekiga on linux before - it was OK but with Cisco Effect is still the same:


    <--- Transmitting (no NAT) to 192.168.1.229:49154 --->
    SIP/2.0 100 Trying
    Via: SIP/2.0/UDP 192.168.1.229:49154;branch=z9hG4bKd80ca874;received=192.168.1.229
    From: <sip:885@192.168.1.113>;tag=001e4a928fd0001b601357f6-e46b43ac
    To: <sip:885@192.168.1.113>
    Call-ID: 001e4a92-8fd00002-1501474e-18bf292d@192.168.1.229
    CSeq: 126 REGISTER
    User-Agent: Asterisk PBX
    Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
    Supported: replaces
    Content-Length: 0


    <------------>

    <--- Transmitting (no NAT) to 192.168.1.229:49154 --->
    SIP/2.0 401 Unauthorized
    Via: SIP/2.0/UDP 192.168.1.229:49154;branch=z9hG4bKd80ca874;received=192.168.1.229
    rom: <sip:885@192.168.1.113>;tag=001e4a928fd0001b601357f6-e46b43ac
    To: <sip:885@192.168.1.113>;tag=as759c9a34
    Call-ID: 001e4a92-8fd00002-1501474e-18bf292d@192.168.1.229
    CSeq: 126 REGISTER
    User-Agent: Asterisk PBX
    Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
    Supported: replaces
    WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="0854a9ed"
    Content-Length: 0


    So any future ideas?
     
  11. Lobzhanidze

    Joined:
    Nov 10, 2012
    Messages:
    5
    Likes Received:
    0
    I have the same problem, but i have D-link FXS. did you solve this problem ?
     

Share This Page