Preview Tool

Cisco Bug: CSCvu01974 - SIP OAuth lines fail to register if CUCM cannot resolve Exp-C hostname

Last Modified

Aug 12, 2020

Products (1)

  • Cisco TelePresence Video Communication Server (VCS)

Known Affected Releases


Description (partial)

SIP Oauth Lines fail to register over Expressway.

It should be mentioned that CUCM has to be able to resolve the Expressway-C Hostname for SIP Oauth Lines.

This is seen in split DNS environments normally, where CUCM and the Expressway exist on different domains.

Upon adding or refreshing a CUCM server with SIP Oauth lines the Expressway will insert it's hostname via AXL to the CUCM.

CUCM will perform a DNS look up of the hostname with it's domain appended, then the hostname itself.


CUCM > Device > Expressway-C

Hostname: expc

CUCM Domain:

DNS performed will be Then expc.

If neither can resolve the SIP Oauth TLS connection will fail with a 403 Forbidden from CUCM on attempts to register.

CUCM Error Messages:

CallManager Logs - X.X.X.X will be the Expressway-C IP.

05457178.050 |10:13:13.918 |AppInfo  |SIPStationD(23930) - validateExpresswayTLSConn: TLS InvalidX509NameInCertificate Error , Couldn't find expresswayCConfiguration details in DB for Expway-C [X.X.X.X] 
05457178.051 |10:13:13.918 |AppInfo  |ConnectionFailure - Unified CM failed to open a TLS connection for the indicated device Device Name:CSFTest1 IP Address: IPV6Address: Device type:503 Reason code:2 App ID:Cisco CallManager Cluster ID:site5-pub Node
05457178.052 |10:13:13.918 |AlarmErr |AlarmClass: CallManager, AlarmName: ConnectionFailure, AlarmSeverity: Error, AlarmMessage: , AlarmDescription: Unified CM failed to open a TLS connection for the indicated device, AlarmParameters:  DeviceName:CSFTest1, IPAddress:, IPV6Address:, DeviceType:503, Reason:2, AppID:Cisco CallManager, ClusterID:site5-pub,,
05457178.053 |10:13:13.919 |AppInfo  |SIPStationD(23930) - Validation of TLS certificate failed, closing


expc tvcs: UTCTime="2020-04-23 12:34:06,327" Module="network.sip" Level="DEBUG":  Action="Received" Local-ip="" Local-port="26919" Src-ip="" Src-port="5091" Msg-Hash="7797330979785685322"
 |SIP/2.0 403 Forbidden
 Via: SIP/2.0/TLS;egress-zone=CEOAuthsite5pubexamplecom;branch=z9hG4bK69b18427a48e7d6f42fa344955f79eaf94859.8dc07f03e4f21c37be4eed1e07e9a5d0;proxy-call-id=bae6e72c-1ed8-420a-bffb-817f20a170d2;rport,SIP/2.0/TLS;egress-zone=MRAZone;branch=z9hG4bK87109e5fd84da404a2542a1b1b6f789451025.cb9f54b76a99dcbe6d5913fae1bb4105;proxy-call-id=f7834b7f-4475-47e9-b94d-324821e5aa68;received=;rport=7001;ingress-zone=MRAZone,SIP/2.0/TLS;branch=z9hG4bK00007366;received=;ingress-zone=CollaborationEdgeZone
 Call-ID: 005056b7-a7bd54d5-00005334-000061ac@
 CSeq: 48422 REGISTER
 From: <>;tag=005056b7a7bd66b1000056cc-00003151
 To: <>;tag=296565438
 Server: Cisco-CUCM12.5
 Date: Thu, 23 Apr 2020 17:34:06 GMT
 Warning: 399 site5-pub "TLS authentication failure"
 Content-Length: 0
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.