Guest

Preview Tool

Cisco Bug: CSCvu01974 - SIP OAuth lines fail to register if CUCM cannot resolve Exp-C hostname

Last Modified

Aug 12, 2020

Products (1)

  • Cisco TelePresence Video Communication Server (VCS)

Known Affected Releases

X12.5

Description (partial)

Symptom:
SIP Oauth Lines fail to register over Expressway.

It should be mentioned that CUCM has to be able to resolve the Expressway-C Hostname for SIP Oauth Lines.

Conditions:
This is seen in split DNS environments normally, where CUCM and the Expressway exist on different domains.

Upon adding or refreshing a CUCM server with SIP Oauth lines the Expressway will insert it's hostname via AXL to the CUCM.

CUCM will perform a DNS look up of the hostname with it's domain appended, then the hostname itself.

Example:

CUCM > Device > Expressway-C

Hostname: expc

CUCM Domain: example.com

DNS performed will be expc.example.com. Then expc.

If neither can resolve the SIP Oauth TLS connection will fail with a 403 Forbidden from CUCM on attempts to register.

CUCM Error Messages:

CallManager Logs - X.X.X.X will be the Expressway-C IP.

05457178.050 |10:13:13.918 |AppInfo  |SIPStationD(23930) - validateExpresswayTLSConn: TLS InvalidX509NameInCertificate Error , Couldn't find expresswayCConfiguration details in DB for Expway-C [X.X.X.X] 
05457178.051 |10:13:13.918 |AppInfo  |ConnectionFailure - Unified CM failed to open a TLS connection for the indicated device Device Name:CSFTest1 IP Address: IPV6Address: Device type:503 Reason code:2 App ID:Cisco CallManager Cluster ID:site5-pub Node ID:site5-pub.example.com
05457178.052 |10:13:13.918 |AlarmErr |AlarmClass: CallManager, AlarmName: ConnectionFailure, AlarmSeverity: Error, AlarmMessage: , AlarmDescription: Unified CM failed to open a TLS connection for the indicated device, AlarmParameters:  DeviceName:CSFTest1, IPAddress:, IPV6Address:, DeviceType:503, Reason:2, AppID:Cisco CallManager, ClusterID:site5-pub, NodeID:site5-pub.example.com,
05457178.053 |10:13:13.919 |AppInfo  |SIPStationD(23930) - Validation of TLS certificate failed, closing

Expressway:

expc tvcs: UTCTime="2020-04-23 12:34:06,327" Module="network.sip" Level="DEBUG":  Action="Received" Local-ip="1.1.1.3" Local-port="26919" Src-ip="1.1.1.1" Src-port="5091" Msg-Hash="7797330979785685322"
 SIPMSG:
 |SIP/2.0 403 Forbidden
 Via: SIP/2.0/TLS 1.1.1.3:5061;egress-zone=CEOAuthsite5pubexamplecom;branch=z9hG4bK69b18427a48e7d6f42fa344955f79eaf94859.8dc07f03e4f21c37be4eed1e07e9a5d0;proxy-call-id=bae6e72c-1ed8-420a-bffb-817f20a170d2;rport,SIP/2.0/TLS 1.1.1.4:7001;egress-zone=MRAZone;branch=z9hG4bK87109e5fd84da404a2542a1b1b6f789451025.cb9f54b76a99dcbe6d5913fae1bb4105;proxy-call-id=f7834b7f-4475-47e9-b94d-324821e5aa68;received=1.1.1.1;rport=7001;ingress-zone=MRAZone,SIP/2.0/TLS 1.1.1.2:57057;branch=z9hG4bK00007366;received=1.1.1.2;ingress-zone=CollaborationEdgeZone
 Call-ID: 005056b7-a7bd54d5-00005334-000061ac@1.1.1.2
 CSeq: 48422 REGISTER
 From: <sip:4573@site5-pub.example.com>;tag=005056b7a7bd66b1000056cc-00003151
 To: <sip:4573@site5-pub.example.com>;tag=296565438
 Server: Cisco-CUCM12.5
 Date: Thu, 23 Apr 2020 17:34:06 GMT
 Warning: 399 site5-pub "TLS authentication failure"
 Content-Length: 0
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.