09-05-2013 11:45 AM - last edited on 03-25-2019 09:09 PM by ciscomoderator
Hi, I need help please, because I do not have contract and I can not open a TAC case.
I have the following two problems:
1. When I make the switch to tms provisioning extension mode ,stop working sip calls, I get the following error from both scenarios internal and internet to my internal network:
On VCS-E when the call is Internet to internal network
2013-09-05T11:50:38-04:-30 | tvcs: Event="Search Completed" Reason="Invalid permission - Insufficient privilege" Service="H323" Src-alias-type="E164" Src-alias="7449" Dst-alias-type="H323" Dst-alias="anthony_accardi" Call-serial-number="1a069dfa-1647-11e3-86f9-0010f328943a" Tag="1a069f44-1647-11e3-b22f-0010f328943a" Detail="found:false, searchtype:ARQ" Level="1" UTCTime="2013-09-05 16:20:38,670" |
On VCS-C when the call is Internal network to Internet:
2013-09-05T11:53:31-04:-30 | tvcs: Event="Search Completed" Reason="Forbidden" Service="H323" Src-alias-type="E164" Src-alias="7429" Dst-alias-type="H323" Dst-alias="vianyfel_cordaro" Call-serial-number="812a5198-1647-11e3-ba89-0010f325da04" Tag="812a52e2-1647-11e3-93c9-0010f325da04" Detail="found:false, searchtype:ARQ" Level="1" UTCTime="2013-09-05 16:23:31,687" |
2013-09-05T11:53:31-04:-30 | tvcs: Event="Search Attempted" Service="H323" Src-alias-type="E164" Src-alias="7429" Dst-alias-type="H323" Dst-alias="vianyfel_cordaro" Call-serial-number="812a5198-1647-11e3-ba89-0010f325da04" Tag="812a52e2-1647-11e3-93c9-0010f325da04" Detail="searchtype:ARQ" Level="1" UTCTime="2013-09-05 16:23:31,680" |
2013-09-05T11:53:23-04:-30 | tvcs: Event="Search Completed" Reason="Forbidden" Service="H323" Src-alias-type="E164" Src-alias="7429" Dst-alias-type="H323" Dst-alias="vianyfel_cordaro" Call-serial-number="7c9181c4-1647-11e3-bda8-0010f325da04" Tag="7c918304-1647-11e3-865b-0010f325da04" Detail="found:false, searchtype:ARQ" Level="1" UTCTime="2013-09-05 16:23:23,974" |
BUT WHEN THE MODE IS TMS AGENT LEGACY ALL THE CALL WORK FINE
2. When I make the switch I can provisioning tms mode i can make the equipment provisioning from internal network but not from outside, and that worries me most is the jabber that being from the internet I get the following error:
013-09-05T11:07:42-04:-30 | tvcs: UTCTime="2013-09-05 15:37:42,263" Module="network.sip" Level="INFO": Src-ip="192.168.0.252" Src-port="25084" Detail="Receive Request Method=OPTIONS, Request-URI=sip:192.168.0.250:7001;transport=tls, Call-ID=624afa120c59ba26@192.168.0.252" |
2013-09-05T11:07:42-04:-30 | tvcs: UTCTime="2013-09-05 15:37:42,261" Module="network.sip" Level="DEBUG": Dst-ip="192.168.0.252" Dst-port="25084" |
2013-09-05T11:07:42-04:-30 | tvcs: UTCTime="2013-09-05 15:37:42,261" Module="network.sip" Level="INFO": Dst-ip="192.168.0.252" Dst-port="25084" Detail="Sending Response Code=401, Method=OPTIONS, To=sip:192.168.0.250:7001, Call-ID=624afa120c59ba26@192.168.0.252" |
2013-09-05T11:07:42-04:-30 | tvcs: UTCTime="2013-09-05 15:37:42,261" Module="network.sip" Level="DEBUG": Src-ip="192.168.0.252" Src-port="25084" |
2013-09-05T11:07:42-04:-30 | tvcs: UTCTime="2013-09-05 15:37:42,261" Module="network.sip" Level="INFO": Src-ip="192.168.0.252" Src-port="25084" Detail="Receive Request Method=OPTIONS, Request-URI=sip:192.168.0.250:7001;transport=tls, Call-ID=624afa120c59ba26@192.168.0.252" |
2013-09-05T11:07:36-04:-30 | tvcs: UTCTime="2013-09-05 15:37:36,757" Module="network.tcp" Level="DEBUG": Src-ip="10.10.10.1" Src-port="10191" Dst-ip="10.10.10.10" Dst-port="5060" Detail="TCP Connection Closed" |
2013-09-05T11:07:36-04:-30 | tvcs: UTCTime="2013-09-05 15:37:36,641" Module="network.sip" Level="DEBUG": Dst-ip="10.10.10.1" Dst-port="10191" |
2013-09-05T11:07:36-04:-30 | tvcs: UTCTime="2013-09-05 15:37:36,641" Module="network.sip" Level="INFO": Dst-ip="10.10.10.1" Dst-port="10191" Detail="Sending Response Code=404, Method=SUBSCRIBE, To=sip:provisioning@protokolgroup.com, Call-ID=6623b1a226372826@127.0.0.1" |
2013-09-05T11:07:36-04:-30 | tvcs: UTCTime="2013-09-05 15:37:36,638" Module="network.sip" Level="DEBUG": Src-ip="10.10.10.1" Src-port="10191" |
The configuration I have is:
Configuration on VCS Expressway:
Mode TMS Agent Legacy
Seach rule:
Any | Any | No | Alias pattern match | Regex | (.+)@domain.com.* | Replace | Continue | LocalZone |
Any | Any | No | Alias pattern match | Regex | (.+)@domain.com.* | Leave | Continue | LocalZone |
Any | Any | No | Any alias | Continue |
Any | AllZones | No | Alias pattern match | Regex | (?!.*@%localdomains%.*$).* | Leave | Continue |
Transform
([^@]*) | Regex | Replace |
Presence PUA---on
Presence server--off
VCS CONTROL:
Mode TMS Provisioning Extension
Search rule
Any | Any | No | Alias pattern match | Regex | (.+)@domain.com.* | Replace | Continue | LocalZone |
Any | Any | No | Alias pattern match | Regex | (.+)@domain.com.* | Leave | Continue | LocalZone |
Any | Any | No | Any alias | Continue |
Any | Any | No | Any IP address | Continue |
Transform
([^@]*) | Regex | Replace |
Pua--on
presence server--on
I dont hace call policy
Please help me to see what I'm missing or where is the error?
Thankss
Solved! Go to Solution.
09-06-2013 02:28 PM
Well, maybe you have got some changing in the network and not only the migration from TMS Agent legacy to TMSPE. Are you sure that it was the only chaging in your environment?
Anyway, following Cisco documentation, your current deployment is not correct, mainly the inspection/ALG feature enabled in your router/firewall. That is the cause for VCSe reject the SUBSCRIBE message from Jabber.
Take a look at this thread, check the responses by Zac with five green stars:
https://supportforums.cisco.com/thread/2238051?tstart=0
The guy has a VCSe with the same error message, "404 not found". He has a NAT problem too, the IP address in the "route" field inside the SUBSCRIBE message was not recognized by VCSE, so VCSe rejected the message. Just like your issue, but in your case, the firewall is putting the wrong IP address inside the SIP message. In his case, VCSe was not configured with the NAT IP address, but in your case, the inspection/ALG is the problem.
And take a look at the guide that I posted above, the guide states clearly to turn off any inspection/ALG feature in the Firewall/NAT device.
Regards
Paulo Souza
Was my response helpful? Please rate useful replies and remember to mark any solved questions as "answered".
09-10-2013 11:31 AM
Hello,
I do the NAT settings as suggested by the documentation:
Effectively solved the problem jabber connection from the external network. So thank you very much for the help!
But continuing with the problem of trying to calls with alias firstname_lastname, the logs on the vcs-e indicate the following message:
2013-09-10T11:33:14-04:-30 | tvcs: Event="Search Completed" Reason="Invalid permission - Insufficient privilege" Service="H323" Src-alias-type="E164" Src-alias="7449" Dst-alias-type="H323" Dst-alias="anthony_accardi" Call-serial-number="7fc1a8d0-1a32-11e3-98a1-0010f328943a" Tag="7fc1aa24-1a32-11e3-bfb7-0010f328943a" Detail="found:false, searchtype:ARQ" Level="1" UTCTime="2013-09-10 16:03:14,565" |
2013-09-10T11:33:14-04:-30 | tvcs: Event="Search Attempted" Service="H323" Src-alias-type="E164" Src-alias="7449" Dst-alias-type="H323" Dst-alias="anthony_accardi" Call-serial-number="7fc1a8d0-1a32-11e3-98a1-0010f328943a" Tag="7fc1aa24-1a32-11e3-bfb7-0010f328943a" Detail="searchtype:ARQ" Level="1" UTCTime="2013-09-10 16:03:14,534" |
What could it be?
09-10-2013 01:46 PM
Hi,
Great to hear that you have fixed the NAT settings. =)
Well, can you post the search history details for this call attempt (Status >> Search History)?
Regards
Paulo Souza
Was my response helpful? Please rate useful replies and remember to mark any solved questions as "answered".
09-10-2013 02:03 PM
On the calls history i see nothing but on log>>event log:
2013-09-10T16:30:55-04:-30 | tvcs: Event="Search Completed" Reason="Invalid permission - Insufficient privilege" Service="H323" Src-alias-type="E164" Src-alias="7449" Dst-alias-type="H323" Dst-alias="anthony_accardi" Call-serial-number="15d7b354-1a5c-11e3-b73a-0010f328943a" Tag="15d7b4a8-1a5c-11e3-8331-0010f328943a" Detail="found:false, searchtype:ARQ" Level="1" UTCTime="2013-09-10 21:00:55,761" |
2013-09-10T16:30:55-04:-30 | tvcs: Event="Search Attempted" Service="H323" Src-alias-type="E164" Src-alias="7449" Dst-alias-type="H323" Dst-alias="anthony_accardi" Call-serial-number="15d7b354-1a5c-11e3-b73a-0010f328943a" Tag="15d7b4a8-1a5c-11e3-8331-0010f328943a" Detail="searchtype:ARQ" Level="1" UTCTime="2013-09-10 21:00:55,702" |
Log>>network log
2013-09-10T16:32:54-04:-30 | tvcs: UTCTime="2013-09-10 21:02:54,351" Module="network.h323" Level="DEBUG": Dst-ip="10.10.10.1" Dst-port="62003" Sending RAS PDU: value RasMessage ::= admissionReject : { requestSeqNum 46482, rejectReason invalidPermission : NULL, genericData { { id nonStandard : '65CD7B8ADC6711DBBED400123F634B1D'H, parameters { { id nonStandard : '65CD7B8BDC6711DBBED400123F634B1D'H, content number32 : 14 } } } } } |
2013-09-10T16:32:54-04:-30 | tvcs: UTCTime="2013-09-10 21:02:54,351" Module="network.h323" Level="INFO": Dst-ip="10.10.10.1" Dst-port="62003" Detail="Sending RAS ARJ SeqNum=46482 Reason='invalid permission' AdditionalCauseCode='insufficient privilege' " |
2013-09-10T16:32:54-04:-30 | tvcs: UTCTime="2013-09-10 21:02:54,349" Module="network.sip" Level="DEBUG": Src-ip="192.168.0.252" Src-port="25026" SIPMSG: |SIP/2.0 403 Forbidden Via: SIP/2.0/TLS 192.168.0.250:7001;egress-zone=TraversalZone;branch=z9hG4bKb74138b1c7558fb00c1c4d6d93745d8e884.9bd60383ce63180d0267417314b41c71;proxy-call-id=5c86c434-1a5c-11e3-8bac-0010f328943a;received=192.168.0.250;rport=7001;ingress-zone=TraversalZone Via: SIP/2.0/TCP 127.0.0.1;branch=z9hG4bKc835a9c72018fb7532f2fff18c32aed2883 Call-ID: 8d63cdca61a738e6@127.0.0.1 CSeq: 26498 OPTIONS From: To: Server: TANDBERG/4120 (X7.2.1) Warning: 399 192.168.0.252:5061 "Policy Response" Content-Length: 0 |
09-10-2013 02:11 PM
Hi,
In fact, I am talking about search history. Go to Status >> Search History. Find your call attempt and click in "View details". Then post the result here.
Furtheremore, provide further informaion, such as, are you trying to call from internal jabber registered VCSC to an external Jabber registered to VCSE? Is there Call Policy enabled on any VCS?
Regards
Paulo Souza
Was my response helpful? Please rate useful replies and remember to mark any solved questions as "answered".
09-10-2013 07:18 PM
Hi,
The details for search>>history:
when I make the call from a registered jabber Internet to any internal endpoint alias dialing works.
But if from the internet EX90 registered, we perform alias call fails, or the registered EX90 marking the internal network by alias does not work.
I don´t have any call policy
09-10-2013 07:50 PM
Hi,
This searc history output was taken from VCSE, right? The call is being rejected by the other VCS. So, can you post the search history of the another VCS as well??
As I understand, you have an EX90 registered to VCSE and you cannot use it to call internal endpoints. And you also have an internal EX90 registered to VCSC that cannot dial external endpoint registered to VCSE. Is my understanding correct?? Sorry, I really didn't understand your scenario very well.
Regards
Paulo Souza
Was my response helpful? Please rate useful replies and remember to mark any solved questions as "answered".
09-10-2013 08:16 PM
the output of the VCS Control is:
The scenario is such that you indicate :
-1 Ex90 register on VCS-E
-1 EX90 register on VCS-C
-1 Jabber on VCS-E
-1 Jabber on VCS-C
All are configured to register for H323 and sip:
h323: E164 >> 74XX
SIP: firstname_lastname@mydomain.com
when I try to make a call by dialing firstname_lastname not work either from the EX90 registered with VCS-E to the registered EX90 VCS-C or vice versa, but if I call dialing 74XX it works.
09-10-2013 08:33 PM
Hi,
Now I understand! =)
Ok, take a look at the output that you posted from VCS Control:
Are you using FindMe? If yes, your Find configuration is wrong. If not, please, turn off FindMe feature on TMS and on VCS Control.
Another important point is, what did you configured in TMS in the provisioning directory? What is the device address of your endpoints? Can you share a print of that configuration? Probably, you have configured a device address that doesn't match your search rules, that's why you cannot make the calls.
Regards
Paulo Souza
Was my response helpful? Please rate useful replies and remember to mark any solved questions as "answered".
09-12-2013 11:57 AM
I turn off findme, and it works!
Thanks for your help!
09-12-2013 12:09 PM
Great to hear that your issue has been resolved! Thanks for your feedback. You are welcome!
Regards
Paulo Souza
Was my response helpful? Please rate useful replies and remember to mark any solved questions as "answered".
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: