Can not get Cisco Phones to Register


(John45) #5

I can connect to the FreePBx GUI at 192.168.1.15 on another device.
The phone shows an incorrect time. I did not change the time settings in the config file.
I am using a Microsoft Hyper V virtual Machine that has its own internal IP address separate from the host.
The PC and laptop are separate computers. The laptop has the tftp server
My FreePBX firewall is disabled
I can connect with a ip phone app (ZoIPer)


#6

Install (if needed) Wireshark on the PC and start a capture on the Ethernet interface (or whatever connects to the LAN that the Cisco phones are on). If you see lots of traffic from other activity on the PC, filter it out by typing
ip.addr==192.168.1.123
into the display filter box at the top, then pressing Enter (replace 192.168.1.123 with the IP address of the Cisco phone).

With luck, you’ll see some traffic from the phone. If there are REGISTER requests, what response, if any follows them? (Posting the request and reply would be useful.) If there’s no traffic, reboot the phone and see if any appears. If there is still no traffic displayed, ping the phone from the PBX to confirm that the capture setup is working properly.


(John45) #7

I have little experience with WireShark so I apologize if I am doing this wrong.

When I enter what you provided ip.addr==192.168.1.123 the nothing comes up.

When I enter ip.addr==192.168.1.40 (40 is the ip of the phone) I see NTP protocol client going from the phone to the PBX and a “118 Destination unreachable (Host administratively prohibited)” comes back from the PBX to the phone.

I have attached the ping from the PBX to the phone


#8

I am reasonably sure that some firewall is intercepting the NTP request. (If there were simply no NTP server running on the guest, I’d expect a Port unreachable ICMP instead.) However, I don’t know whether it’s in the guest, in Hyper V (which I know absolutely nothing about) or if Windows Firewall (or other security software on the host) is somehow coming into play.

At a root shell prompt in the guest, type:
iptables -L
You should see an empty rule set which looks something like:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

If you see real rules instead, a firewall is running on the guest; figure out how to stop and disable it. These links may help:

https://wiki.freepbx.org/display/FPG/Firewall+Command+Line


After stopping / disabling, run iptables -L again to confirm it’s clean.

If Windows or Hyper V is blocking the request, I am unable to help, sorry. With luck there is something obvious to turn off.

If you can’t easily get past this, try changing in the NTP section of the phone’s config file
<name>192.168.1.15</name>
to
<name>pool.ntp.org</name>
which should cause the phone to get the correct time (it’s set to display US PDT) and with luck we’ll at least see some register attempts in Wireshark.


#9

Haven’t gone through your config file in detail or the other responses here but one thing I just picked up was the fact that FreePBX default port for chansip is 5160 and not 5060 - port 5060 is used for pjsip by default. So unless you changed the default settings via the Advanced option in FreePBX your phone’s sip registration will not work.

As I said, haven’t looked at the Wireshark traces or anything else but will go through them a bit later but double check the chansip port setting to start with.


#10

This is most likely because you are not running ntpd on 192.168.1.15 - Cisco 79xx phones will not update the time or anything if there are errors in the SEPXXX.cnf.xml file. On the phone check the status messages and you will most likely find errors in reading SEPXXX.cnf.xml file - Unfortunately it does not tell you what the error is - so one has to painfully go through each line to work out the error. This could be also the reason why time does not get updated. Will go through the cnf.xml file and get back to you if I see any potential errors.


#11

We know that the phone attempted to get the time – the NTP request was seen with Wireshark.

It’s indeed possible that ntpd is not running, but we can’t tell because a firewall blocked the attempt to access it. I confirmed that CentOS firewall does (by default) send Destination unreachable (Host administratively prohibited) ICMP in response to a UDP packet directed to a closed port. I also confirmed that if the port is open but ntpd is not running, the response is Destination unreachable (Port unreachable).

I don’t know whether the 7960 will not try to register if it can’t get the time. Given that we see NTP packets but no SIP packets emitted by the phone, if the lack of SIP is caused by something wrong with the XML file, it’s not an error that the phone detected when loading the file.

I thought it worthwhile to solve the firewall issue first (if it’s not terribly hard) because it would likely also affect SIP (once we get that flowing). If it’s too much trouble, changing the XML to use a public NTP server should get past the time issue. Then, if there are still no SIP packets emitted, we’ll need to use the debug tools on the phone.

I agree that there may also be a problem with the chan_sip bind port and/or conflict with pjsip, but we won’t know until some SIP appears in Wireshark and some entries show up in the Asterisk log.


#12

@Stewart1, not sure either - I have 7960s and a 7970 but they do not seem to be too fussed about not getting a response from a sntp server. In my case the date/time field remains blank until it is able to contact the ntp server and get an update and the inability to access the ntp server does not stop loading the config and attempting to register. OP’s using 7941 phones and knowing how Cisco changes behaviours of their phone with each model, it is anyone’s guess. I would think the attempt to get to the ntp server would time out after a few tries just like with SIP registrations.

@John45, a quick test would be specify a any ntp server such as nist.gov ( which resolves to 129.6.13.49). This will show whether inability to update time stops the registration or not.

@Stewart1, what I have observed is that these phones do not explicitly say that there is a problem with the config file - the only way I have been able to figure it out is by checking the status messages which do not even tell what the problem is - it always says, “error parsing the xml file” and expects one to go figure it out! I have also noticed that if the config file has errors, invariably the time is not updated (shows an date time a few years back) and registration fails among a few other hints.

Could not see anything obviously wrong with the sepmac.cnf.xml file but these config files are very finicky. I spent days trying to work out why my config file did not work - to find out that I had put a space between two words in the phone display name!

At this stage my suggestion is to point the ntp server to an external address and take it from there.


(John45) #13

My IPtables now all say target= RETURN prot= all opt= – source= anywhere destination=anywhere

I changed my ntp server to a nist.gov server 129.6.15.28

In the status messages in the phone it gives errors updating Locale, no trust list installed and just
“SEPMAc.cnf.xml(TFTP)” it does not say that there were errors parsing the file.

My FreePBX says my Chansip is running on port 5060 and Pjsip on 5160 in the extensions editor so I believe that it should be on 5050

The and date do not go to the correct values no matter what ntp server i have tried (pool.ntp.org, 129.6.15.28-- NIST.gov, or myPBX machine which is running a ntp server). Also I no longer see ntp packets in wire shark from the phone.

Thanks again!


#14

I am getting the same error message on my 7970 but it has no impact on the operation.

I think it would be worth following @Stewart1’s line of thought - to figure out what the firewall is doing here. Is it possible to turn off the firewall completely just to eliminate that possibility?

@John45, did you specify the ntp server as “nist.gov” or did you provide the IP address? From memory, I think I had to provide the actual IP address. If you are not seeing any ntp packets and if you have specified the dns name then one possibility is that the phone cannot resolve the name at boot time and hence not sending out ntp requests.

@John45, Here a resource pertaining to the exact model you have (be mindful that on post provides config settings on 7640 handset which is NOT applicable in your case as you have a 7641). Also noted that one of the issues highlighted there is that dhcp was not providing dns server details so you may want to check your dhcp settings to make sure dns server details are sent to the phone at boot time.

Of particular interest for you would be the simplified example config file given by ‘newboy’ towards the end of the post

https://forums.whirlpool.net.au/archive/1895964

Either way, I think it would be best to disable the firewall before you try this out.

Hope this helps.


#15

@John45, and here is another good one…which is supposed to have been solved.


(John45) #16

Ok I will read these thanks.


(Paul Simmonds) #17

John,

Not sure if you have managed to fix your problems, however FYI:
There are three effective types of Cisco IP Phone configuration;

  1. The older variant deskphone such as the 7960
  2. The newer models such as the 7961 / 7965 with v8 firmware
  3. The newer models such as the 7961 / 7965 with v9 firmware
    All three variants require different configuration files & approaches.

If you are still stuck then I will try and document how to get SIP working.


(Dave Burgess) #18

If you’re not married to SIP, you can try chan-sccp-b (a SKINNY channel driver for Asterisk).

Search for “chan-sccp-b asterisk Freepbx @GitHub.com” and you should find the Wiki I wrote that tells how to install the driver and set up the system so these “just work” in SKINNY mode.

If you are married to SIP, remember that the 7940 and 7960 passwords are ridiculously short - IIRC, something like 8-11 characters. The short password is one of the reasons I recommend against using the SIP image for publically accessible PBX servers. There are others, but that’s the big one.


(John45) #19

simmondp

Unfortunately I only have 7941’s which of those categories do they fall in?

cynjut,

I can switch between the firmware and will look at that.
I assume that this is it https://github.com/Cynjut/SCCP_Manager can you confirm that this is what you were talking about?

Thanks


(Dave Burgess) #20

No. That’s the SCCP Configuration Manager I wrote for FreePBX Version 1.8 and before. With the conversion of FreePBX to the BMO model, that software is OBE, and there’s been no clamour to upgrade it (plus I’m lazy as crap).

Search the forum for chan-sccp-b. You should find me hawking away in several threads. When you start looking for webpages, stick with the ones from GitHub. Diedrich moved the project there a year or two ago, so the sourceforge URLs are all no good.


(John45) #21

Do you think you could post a link? I can find several files related to chan-sccp but not any chan-sccp-B


(Dave Burgess) #22

The problem with that thread is that irt refers to the sourceforge repo. There’s good info in the thread, though.

That’s should get you to the FreePBX Setup page on GitHub.


(John45) #23

Thanks for you help everyone I was finally able to get the phones working with SIP!

The file I used for SEPDefault.cnf.xml was provided by gdesilva and can be found here https://pbxinaflash.com/community/threads/cisco-7941-not-registering.15281/

All you have to do is change 192.168.1.194 to your PBX IP, 704 to your extension, the NTP IP, and the PASSWORD to your secret.

Thanks again


(system) closed #24

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.