SIP trunk incoming callto CUCM 7.1.5 - authorization problem.

Unanswered Question
Aug 12th, 2011

Hi everybody.

Just run into the strange problem - if SIP trunk uses digest authentification then CUCM 7.1.5 behavesin a strange way.

Incoming call goes like that:

1st invite goes without digest credentials.

After "401 Unauthorized" goes ACK and INVITE with all needed credentials.

But after that again goes "401 Unauthorized" !

INVITE sip:200@10.1.1.221 SIP/2.0

               SIP/2.0 100 Trying

               SIP/2.0 401 Unauthorized  WWW-Authenticate: Digest realm="BOINC" ...

ACK sip:200@10.1.1.221 SIP/2.0

INVITE sip:200@10.1.1.221 SIP/2.0

Authorization:  Digest username="cucm71",realm="BOINC",nonce=......

               SIP/2.0 100 Trying

               SIP/2.0 401 Unauthorized

ACK sip:200@10.1.1.221 SIP/2.0

I checked in the CUCM trace and found that digest user is not found

08/12/2011 13:02:05.005 CCM|ProcessSIPSecurity - can't find user cucm71 in the user table . Authorization fail.


But "cucm71" user is there.

appl_user.JPG

If no digest authentification is used then, of course, incoming calls are OK.

With CUCM 6.1 I never have such problem.

Any clue?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mitchell.drage Sat, 04/21/2012 - 05:39

Any chance you got this to work?

I am having a similar problem where I have the application user configured and it denies me:

SIP/2.0 404 Not Found

Via: SIP/2.0/UDP 10.1.100.1:5060;branch=z9hG4bKF41929

From: ;tag=74004330-1049

To: ;tag=1504004667

Date: Sat, 21 Apr 2012 12:34:05 GMT

Call-ID: B2EB9BA8-8AE411E1-887EF97A-F80FE12A

CSeq: 5 REGISTER

Warning: 399 CUCMPUB "Unable to find device/user in database"

Content-Length: 0

sip-ua

credentials username SIPTEST password 7 ********* realm test

retry invite 2

retry register 10

timers connect 100

registrar ipv4:10.1.10.100 expires 3600

sip-server ipv4:10.1.10.100

host-registrar

Regards,

Mitch

Alexey Platov Tue, 04/24/2012 - 02:35

I did manage it.

It was my negligence - you should manage "Digest Credentials" for this Application User not onle name and password! And your SIP trunk should use name and digest credentials configured.

mitchell.drage Tue, 04/24/2012 - 04:54

Yeah I noticed that yesterday from your image.

I think my problem is caused by something else despite following the cisco guide to the tee.

I'll start a new thread rather than continue from yours.

Good to hear you found a solution for your problem.

Venkkatesh Laks... Tue, 01/27/2015 - 08:09

Go to the trunk and check the sip security profile associated with this trunk.

uncheck the enable Digest Authentication in Device trunk security profile in the cucm.

reset the profile.

Actions

This Discussion

Related Content