Hi,
I’m setting up a remote extension using the redirection service. The phone (Sangoma S305) contacts the redirection service and then tries the HTTP provisioning URL specified in the Sangoma portal. The URL is:
It contacts this URL but is rejected with a HTTP 401 Unauthorized error. In FreePBX > Admin > System Admin > Provisioning Protocols > HTTPS(s) Authentication is set to None. I’ve tried setting it to Both (or HTTP Only) but it reverts back to None when I Save. I presume this is because I have the free SysAdmin module and not Pro?
However, with it set to None, why does the client get prompted for username/password when it tries to authenticate? I tried via a browser and get the username/password prompt. I guess I’m missing some configuration somewhere but can’t see where. Any advice would be appreciated.
Yes it does. There is a HTTP GET request made (for cfgMACADDR.xml) to the PBX which gets a reply from the PBX with 401 Unauthorized from server (from the header) “Apache/2.4.6 (Sangoma) OpenSSL/1.0.2k-fips PHP/5.6.36\r\n”.
The Provisioning Address option is set to External which populates the textbox with the public IP address of the PBX. The template is setup for external extensions.
It seems from the PCAP on the phone that it contacts rs.samgoma.net for the config which is gets successfully (which is shown by the Poll Count in portal.sangoma.com increasing each time) but then when it tries to contact the PBX via the URL provided it fails with the 401 Unauthorized error.
I seems to get the 401 error from the PBX (Apache server) but I can’t understand why the PBX is looking for authorisation when the option is turn off in the provisioning settings.
Yes I am and have successfully setup a phone on the LAN using an internal template. Now trying to setup a remote extension using a second template for external phones.
This is weird. Perhaps it’s time to get Sangoma Support involved (since all of the part a Sangoma parts). I’m going to guess that there’s a setting somewhere that’s not set up right, but I don’t use Sangoma phones or do remote provisioning, so I can’t really help you much from here.
When I try that the browser prompts for credentials. In this link (https://wiki.freepbx.org/display/PHON/Setup+phone+with+Redirection+Service) about two-thirds of the way down there is a graphic of the data flows which shows extension username/password being provided to obtain the full configuration. Trying to use the extension number and secret does not successfully authenticate.
When I try accessing the same URL on the LAN I also get prompted for credentials. However the phone on the LAN was provisioned by setting the provisioning URL to http://PBXLANIP:84 and it worked so not sure how that phone authenticates. I’ll try to get a packet trace from that phone when it provisions.
There’s something wrong with this statement. If you have the free version of Sysadmin, then the Provisioning Protocols page shouldn’t be present. Are you sure you have the free version?
I’ve just looked at the extension on the LAN and it also gets the 401 error when I try auto provisioning. Just to be sure I reset it to factory settings and when it tried to get the config from scratch it failed. When I set it up originally I only changed the Config Server Path on the phones web GUI and it pulled the config from the PBX. Now that fails so I had to config Account 1 to the extension settings.
In summary, the 401 error now prevents any phones retrieving their config whether on the LAN or remotely.