Assume you are trying to register RMX with authentication.
Have you change Authentication policy to “Check credentials” on DefaultSubZone?
-Authentication policy configuration options-
Authentication policy is applied by the VCS at the zone and subzone levels. It controls how the VCS challenges incoming messages (for provisioning, registration, presence, phonebooks and calls) from that zone or subzone and whether those messages are rejected, treated as authenticated, or treated as unauthenticated within the VCS.
The primary authentication policy configuration options and their associated behavior are as follows:
• Check credentials: verify the credentials using the relevant authentication method. Note that in some scenarios, messages are not challenged..
• Do not check credentials: do not verify the credentials and allow the message to be processed.
• Treat as authenticated: do not verify the credentials and allow the message to be processed as if it is has been authenticated. This option can be used to cater
More detail, please refer to on-line help on VCS available from
After looking at this a bit more, the VCS fails the registration and authentication attempt from the RMX because the nonce counter is not included.
Snipit from VCS Debug Log:
Method="SipProxyAuthentication::validateDigestAuthorisationCredentials" Thread="x": Could not find "nc" parameter in authentication header
Snipit from RFC 3261
"Use of the "qop" parameter is optional in RFC 2617 for the purposes of backwards compatibility with RFC 2069; since RFC 2543 was based on RFC 2069, the "qop" parameter must unfortunately remain optional for clients and servers to receive. However, servers MUST always send a "qop" parameter in WWW-Authenticate and Proxy-Authenticate header field values. If a client receives a "qop" parameter in a challenge header field, it MUST send the "qop" parameter in any resulting authorization header field."
So VCS sends 401 Unauthorized to RMX. Authentication:
But i do not see qop=auth in the authorization from the RMX.
Plus the nonce counter would need to be included as well if presented with qop. So if the RMX would present qop="auth" in Authorization header, it would need to include nonce counter (nc=) in the same Authorization Header. Reading in RFC 2617:
This MUST be specified if a qop directive is sent (see above), and
MUST NOT be specified if the server did not send a qop directive in
the WWW-Authenticate header field. The nc-value is the hexadecimal
count of the number of requests (including the current request)
that the client has sent with the nonce value in this request. For
example, in the first request sent in response to a given nonce
value, the client sends "nc=00000001". The purpose of this
directive is to allow the server to detect request replays by
maintaining its own copy of this count - if the same nc-value is
seen twice, then the request is a replay. See the description
below of the construction of the request-digest value.
VCS seems to retry it here and resend 401 Back to RMX, but keeping the log running for a bit, I didn't see it being resent by RMX, but will reconfirm.
Anyhow, I think it would be wise for you to connect with Polycom to check on this issue.
Could you try creating a subzone, which is set to treat as authenticated. And a membership rule for the subzone which has the IP address of the MCU and a subnet mask of /32 in it. Then try registering the MCU.
The short answer is that you don't.... That isn't entirely true while at
the same time it kind of is, but for the most part you don't configure
the softkeys. You enable or disable them via TCL. Here is the long
answer. Be sure to read the whole thing or e...
Topology: IP Phone > Switches > Microsoft NPS setup to forward 802.1x
proxy to > ISE 2.1 patch 3 Authentication: EAP-TLS using Cisco MIC SANs
Phone Models 802.1X support? 802.1x flavor Addtl Comment EAP-MD5 EAP-TLS
Cisco 3905 Y Y N Cisco 6911 Y Y N Cisco ...
This document describe how DST changes and how time changes are
implemented in DST. Daylight Saving Time (DST) is the practice of
setting the clocks forward 1 hour from standard time during the summer
months, and back again in the fall, in order to make b...