Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Call decryption failure message - Jabber for Video

I have a VCS-C and VCS-E, both behind a firewall in location A. The VCS-E is accessible via the public internet. I also have a Polycom HDX 7000 in another country behind a firewall in Location b. The HDX 7000 is registered to our VCS-E and managed via TMS. The HDX can make calls to other endpoints and to other Jabber for Video clients. I upgraded our VCS units from v.7 to v.8.2.1. 

The error message appears on Jabber for Video clients that are in Location A. We are using the 4.8 version of the client and have the 4.8 version of the template installed on TMS. We did not have this issue prior to upgrading to v.8.2.1 and template version 4.8.

We have limited configuration of the template to:

Phone Book Server URI
Presence Server URI
Public SIP Server Address (VCS-E)
SIP Server Address (VCS-C)

I made a note when changing the Encryption Policy in the template:

Enabled Encryption Policy (Move 4.8 template) set to 'Auto'. and Jabber produces the error"call decryption failure".

Set Encryption Policy to be  'ForceTcpNoSrtp ' and call went through unencrypted.

Set Encryption Policy to be 'ForceTlsNoSrtp' and Jabber produces the error"call decryption failure".

Set Encryption Policy to be 'ForceTlsAutoSrtp ' and call went through unencrypted.

Set Encryption Policy to be 'ForceTlsForceSrtp ' and Jabber produces the error"call decryption failure".

Set Encryption Policy to be 'AutoNoSrtp' and Jabber produces the error"call decryption failure".

This leads me to believe there is a setting that needs to be changed between the VCS-C and VCS-E.

We want to force all of our calls to be  encrypted.

At this point, I'm at a loss right now as to what could be the issue. Is it a change from the upgrade to v.8.2.1 and v 4.8 that causes this?

 

Paul

 

1 REPLY
New Member

SolutionI have found that the

Solution

I have found that the Polycom HDX 7000 does not support AES-256 encryption. The Jabber for Telepresence client 4.8, by default, offers to connect with AES-256 and the HDX7000 responds with the message 'call decryption error'. In the debug log can be found:

 a=crypto:0 AES_CM_256_HMAC_SHA1_80 inline:a3L3+nj2j+tlj4vdVbJbulB17hfUD4gZtfgbguCq8rsRwwHwPH3lBlV6NZSXqw==|2^48
 a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:ixYsvYpLkfDxRgSyWaQ3FAP0YeCyEG6qmQKvZw2q|2^48
 a=crypto:2 AES_CM_128_HMAC_SHA1_80 inline:ixYsvYpLkfDxRgSyWaQ3FAP0YeCyEG6qmQKvZw2q|2^48 UNENCRYPTED_SRTCP
 a=crypto:3 AES_CM_128_HMAC_SHA1_32 inline:bJzN91OI3oSapIGQlVRCtKpTflBwuFnX0kEgqyiM|2^48

By changing the template in TMS to 'OFF', the client does not offer AES-256. This solved our issue.

 

205
Views
0
Helpful
1
Replies
CreatePlease to create content