Cisco CMS remote error

when TLS encryption was enabled on a trunk from Cisco CMS, all of a sudden calls in from Lync/SkypeforBusiness started failing, here is the output from CMS:-

call 48: recognised as Lync
call 48: incoming encrypted SIP call from “sip:julie.microsoft@XYZ.com” to local URI “sip:1004@vc.XYZ.com” (Lync)
forwarding call to ‘sip:1004@vc.XYZ.com’ to ‘1004@vc.XYZ.com’
call 49: outgoing SIP call to “1004@vc.XYZ.com”
call 49: setting up UDT RTP session for DTLS (combined media and control)
call 49: ending; remote SIP teardown with reason 14 (remote error) – not connected after 0:00
call 48: ending; local teardown – not connected after 0:00

this does not give us much information to work from, so you need to dig deeper. You can either pull logs from CMS via logs > detailed tracing and download via SFTP or get CallManager RTMT logs downloaded to see what the problem is

SIP/2.0 401 Unauthorized
Via: SIP/2.0/TLS 192.168.0.180:5061;branch=z9hG4bK5d3181dbb905b9058
From: “Julie Microsoft” <sip:julie.microsoft@XYZ.com>;tag=e876910435d
To: <sip:dx80@vc.XYZ.com>;tag=2106778089
Date: Thu, 02 Nov 2017 12:49:31 GMT
Call-ID: e62d36f7-5d84-47a1-8ba4-1f3f3433g6a2
CSeq: 183141193 INVITE
Allow-Events: presence
Server: Cisco-CUCM11.5
WWW-Authenticate: Digest realm=”XYZCluster”, nonce=”L1CKj9PJ6qreX9PRZUMm”, algorithm=MD5
Content-Length: 0

401 Unauthorized, well that tells you it is not authenticated to make that call. The SIP Trunk Security profile which had Enable Digest Authentication ticked was not meant to be there.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s