Can not get Cisco Phones to Register

Hello, I am using 2 Cisco 7941 IP phones and can not get them to connect to the Freepbx Server I have. I know that there have been a lot of posts like this on the internet but I can not seem to find a solution to my problem.

My two phones will download their files from the tftp server running on my laptop and then just sit at the registering screen. I also see a phone with an x next to it next to the line button . I know they are on the network because I can ping them and they receive DHCP addresses.

Here is some of the set up I am using :

  • Cisco 7941 Ip phone running Sip software downloaded directly from Cisco
  • FreePBX running in a virtual machine on my PC
  • tftp32 running on my laptop to flash the files needed to boot the phones
  • I have created a Chansip extension on port 5060 in freepbx

I tried include a copy of my SEPMAc.cnf.xml file but the post kept taking some of it into a scroll box and removing other parts. I got all the files from this post and edited them to my system.

Any help would be greatly appreciated.

I suspect there could be a problem with your Cisco config files as I am using Cisco7960s with chan_sip without any issues. Really need to see the config file to even guess what could be the problem. An alternative would be to log in to your Freepbx via ssh and run ‘asterisk -rvvvv’ to see what is going on with the SIP registrations. The ‘X’ next to the line button means the phone is not registered with the sip server. Try to post your config file and provide the url here if you cannot upload in this forum but make sure to remove all sensitive information first.

The following also might be useful…

Here is a pastebin of my spemac.cnf.xml. To make things simple I have changed the extension number and password to 101 that is not an error.

When I log into my freepbx (via putty) and run asterisk -rvvvv all I get back is information about warenty and a line that says Connected to Asterisk 13.19.2 currently running on freepbx (pid = 1925)

I have looked at the link you provided as well but it seems that my phone is looking for files not found in there : term41default and other files that are SEPMAC.cnf.xml not SIPMAC.cnf like in the link. I have these files from cisco but that are not specified by the link.

A few questions to see where the problem might lie:

Can you access the FreePBX GUI at from a device on your LAN other than the PC running the host OS?

Does the Cisco phone show the correct date / time?

I don’t know how aggressive the phone is about retrying failed registration. When you ran asterisk -rvvvv, did you try rebooting the phone (while still connected to Asterisk)?

What virtualization system are you using? Networking set up as bridged? Is ‘my PC’ (the host) the same hardware as ‘my laptop’ (the TFTP server)?

Have you tried disabling any software firewall on the guest OS?

Have you tried any other VoIP devices (such as a SIP app on your smartphone) as extensions on this PBX?

I can connect to the FreePBx GUI at on another device.
The phone shows an incorrect time. I did not change the time settings in the config file.
I am using a Microsoft Hyper V virtual Machine that has its own internal IP address separate from the host.
The PC and laptop are separate computers. The laptop has the tftp server
My FreePBX firewall is disabled
I can connect with a ip phone app (ZoIPer)

Install (if needed) Wireshark on the PC and start a capture on the Ethernet interface (or whatever connects to the LAN that the Cisco phones are on). If you see lots of traffic from other activity on the PC, filter it out by typing
into the display filter box at the top, then pressing Enter (replace with the IP address of the Cisco phone).

With luck, you’ll see some traffic from the phone. If there are REGISTER requests, what response, if any follows them? (Posting the request and reply would be useful.) If there’s no traffic, reboot the phone and see if any appears. If there is still no traffic displayed, ping the phone from the PBX to confirm that the capture setup is working properly.

I have little experience with WireShark so I apologize if I am doing this wrong.

When I enter what you provided ip.addr== the nothing comes up.

When I enter ip.addr== (40 is the ip of the phone) I see NTP protocol client going from the phone to the PBX and a “118 Destination unreachable (Host administratively prohibited)” comes back from the PBX to the phone.

I have attached the ping from the PBX to the phone

I am reasonably sure that some firewall is intercepting the NTP request. (If there were simply no NTP server running on the guest, I’d expect a Port unreachable ICMP instead.) However, I don’t know whether it’s in the guest, in Hyper V (which I know absolutely nothing about) or if Windows Firewall (or other security software on the host) is somehow coming into play.

At a root shell prompt in the guest, type:
iptables -L
You should see an empty rule set which looks something like:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

If you see real rules instead, a firewall is running on the guest; figure out how to stop and disable it. These links may help:

After stopping / disabling, run iptables -L again to confirm it’s clean.

If Windows or Hyper V is blocking the request, I am unable to help, sorry. With luck there is something obvious to turn off.

If you can’t easily get past this, try changing in the NTP section of the phone’s config file
which should cause the phone to get the correct time (it’s set to display US PDT) and with luck we’ll at least see some register attempts in Wireshark.

Haven’t gone through your config file in detail or the other responses here but one thing I just picked up was the fact that FreePBX default port for chansip is 5160 and not 5060 - port 5060 is used for pjsip by default. So unless you changed the default settings via the Advanced option in FreePBX your phone’s sip registration will not work.

As I said, haven’t looked at the Wireshark traces or anything else but will go through them a bit later but double check the chansip port setting to start with.

This is most likely because you are not running ntpd on - Cisco 79xx phones will not update the time or anything if there are errors in the SEPXXX.cnf.xml file. On the phone check the status messages and you will most likely find errors in reading SEPXXX.cnf.xml file - Unfortunately it does not tell you what the error is - so one has to painfully go through each line to work out the error. This could be also the reason why time does not get updated. Will go through the cnf.xml file and get back to you if I see any potential errors.

We know that the phone attempted to get the time – the NTP request was seen with Wireshark.

It’s indeed possible that ntpd is not running, but we can’t tell because a firewall blocked the attempt to access it. I confirmed that CentOS firewall does (by default) send Destination unreachable (Host administratively prohibited) ICMP in response to a UDP packet directed to a closed port. I also confirmed that if the port is open but ntpd is not running, the response is Destination unreachable (Port unreachable).

I don’t know whether the 7960 will not try to register if it can’t get the time. Given that we see NTP packets but no SIP packets emitted by the phone, if the lack of SIP is caused by something wrong with the XML file, it’s not an error that the phone detected when loading the file.

I thought it worthwhile to solve the firewall issue first (if it’s not terribly hard) because it would likely also affect SIP (once we get that flowing). If it’s too much trouble, changing the XML to use a public NTP server should get past the time issue. Then, if there are still no SIP packets emitted, we’ll need to use the debug tools on the phone.

I agree that there may also be a problem with the chan_sip bind port and/or conflict with pjsip, but we won’t know until some SIP appears in Wireshark and some entries show up in the Asterisk log.

@Stewart1, not sure either - I have 7960s and a 7970 but they do not seem to be too fussed about not getting a response from a sntp server. In my case the date/time field remains blank until it is able to contact the ntp server and get an update and the inability to access the ntp server does not stop loading the config and attempting to register. OP’s using 7941 phones and knowing how Cisco changes behaviours of their phone with each model, it is anyone’s guess. I would think the attempt to get to the ntp server would time out after a few tries just like with SIP registrations.

@John45, a quick test would be specify a any ntp server such as ( which resolves to This will show whether inability to update time stops the registration or not.

@Stewart1, what I have observed is that these phones do not explicitly say that there is a problem with the config file - the only way I have been able to figure it out is by checking the status messages which do not even tell what the problem is - it always says, “error parsing the xml file” and expects one to go figure it out! I have also noticed that if the config file has errors, invariably the time is not updated (shows an date time a few years back) and registration fails among a few other hints.

Could not see anything obviously wrong with the sepmac.cnf.xml file but these config files are very finicky. I spent days trying to work out why my config file did not work - to find out that I had put a space between two words in the phone display name!

At this stage my suggestion is to point the ntp server to an external address and take it from there.

My IPtables now all say target= RETURN prot= all opt= – source= anywhere destination=anywhere

I changed my ntp server to a server

In the status messages in the phone it gives errors updating Locale, no trust list installed and just
“SEPMAc.cnf.xml(TFTP)” it does not say that there were errors parsing the file.

My FreePBX says my Chansip is running on port 5060 and Pjsip on 5160 in the extensions editor so I believe that it should be on 5050

The and date do not go to the correct values no matter what ntp server i have tried (,, or myPBX machine which is running a ntp server). Also I no longer see ntp packets in wire shark from the phone.

Thanks again!

I am getting the same error message on my 7970 but it has no impact on the operation.

I think it would be worth following @Stewart1’s line of thought - to figure out what the firewall is doing here. Is it possible to turn off the firewall completely just to eliminate that possibility?

@John45, did you specify the ntp server as “” or did you provide the IP address? From memory, I think I had to provide the actual IP address. If you are not seeing any ntp packets and if you have specified the dns name then one possibility is that the phone cannot resolve the name at boot time and hence not sending out ntp requests.

@John45, Here a resource pertaining to the exact model you have (be mindful that on post provides config settings on 7640 handset which is NOT applicable in your case as you have a 7641). Also noted that one of the issues highlighted there is that dhcp was not providing dns server details so you may want to check your dhcp settings to make sure dns server details are sent to the phone at boot time.

Of particular interest for you would be the simplified example config file given by ‘newboy’ towards the end of the post

Either way, I think it would be best to disable the firewall before you try this out.

Hope this helps.

@John45, and here is another good one…which is supposed to have been solved.

Ok I will read these thanks.


Not sure if you have managed to fix your problems, however FYI:
There are three effective types of Cisco IP Phone configuration;

  1. The older variant deskphone such as the 7960
  2. The newer models such as the 7961 / 7965 with v8 firmware
  3. The newer models such as the 7961 / 7965 with v9 firmware
    All three variants require different configuration files & approaches.

If you are still stuck then I will try and document how to get SIP working.

If you’re not married to SIP, you can try chan-sccp-b (a SKINNY channel driver for Asterisk).

Search for “chan-sccp-b asterisk Freepbx” and you should find the Wiki I wrote that tells how to install the driver and set up the system so these “just work” in SKINNY mode.

If you are married to SIP, remember that the 7940 and 7960 passwords are ridiculously short - IIRC, something like 8-11 characters. The short password is one of the reasons I recommend against using the SIP image for publically accessible PBX servers. There are others, but that’s the big one.


Unfortunately I only have 7941’s which of those categories do they fall in?


I can switch between the firmware and will look at that.
I assume that this is it can you confirm that this is what you were talking about?


No. That’s the SCCP Configuration Manager I wrote for FreePBX Version 1.8 and before. With the conversion of FreePBX to the BMO model, that software is OBE, and there’s been no clamour to upgrade it (plus I’m lazy as crap).

Search the forum for chan-sccp-b. You should find me hawking away in several threads. When you start looking for webpages, stick with the ones from GitHub. Diedrich moved the project there a year or two ago, so the sourceforge URLs are all no good.