Call decryption failure message - Jabber for Video
I have a VCS-C and VCS-E, both behind a firewall in location A. The VCS-E is accessible via the public internet. I also have a Polycom HDX 7000 in another country behind a firewall in Location b. The HDX 7000 is registered to our VCS-E and managed via TMS. The HDX can make calls to other endpoints and to other Jabber for Video clients. I upgraded our VCS units from v.7 to v.8.2.1.
The error message appears on Jabber for Video clients that are in Location A. We are using the 4.8 version of the client and have the 4.8 version of the template installed on TMS. We did not have this issue prior to upgrading to v.8.2.1 and template version 4.8.
We have limited configuration of the template to:
Phone Book Server URI Presence Server URI Public SIP Server Address (VCS-E) SIP Server Address (VCS-C)
I made a note when changing the Encryption Policy in the template:
Enabled Encryption Policy (Move 4.8 template) set to 'Auto'. and Jabber produces the error"call decryption failure".
Set Encryption Policy to be 'ForceTcpNoSrtp ' and call went through unencrypted.
Set Encryption Policy to be 'ForceTlsNoSrtp' and Jabber produces the error"call decryption failure".
Set Encryption Policy to be 'ForceTlsAutoSrtp ' and call went through unencrypted.
Set Encryption Policy to be 'ForceTlsForceSrtp ' and Jabber produces the error"call decryption failure".
Set Encryption Policy to be 'AutoNoSrtp' and Jabber produces the error"call decryption failure".
This leads me to believe there is a setting that needs to be changed between the VCS-C and VCS-E.
We want to force all of our calls to be encrypted.
At this point, I'm at a loss right now as to what could be the issue. Is it a change from the upgrade to v.8.2.1 and v 4.8 that causes this?
I have found that the Polycom HDX 7000 does not support AES-256 encryption. The Jabber for Telepresence client 4.8, by default, offers to connect with AES-256 and the HDX7000 responds with the message 'call decryption error'. In the debug log can be found:
You have reached the Cisco Logistics Support Center.. To Check Status of
your RMA, visit Product Returns & Replacements (RMA). Need help? Contact
us by Phone or Email. North Americas Phone: 1800 553 2447 Option 4
Email: email@example.com Europe Phone: +3...
The short answer is that you don't.... That isn't entirely true while at
the same time it kind of is, but for the most part you don't configure
the softkeys. You enable or disable them via TCL. Here is the long
answer. Be sure to read the whole thing or e...
Topology: IP Phone > Switches > Microsoft NPS setup to forward 802.1x
proxy to > ISE 2.1 patch 3 Authentication: EAP-TLS using Cisco MIC SANs
Phone Models 802.1X support? 802.1x flavor Addtl Comment EAP-MD5 EAP-TLS
Cisco 3905 Y Y N Cisco 6911 Y Y N Cisco ...