Nothing registers "wrong password"

Hello All,

I just put up a new cloud server (FreePBX 16), I have same firewall rules for all servers so there should be nothing special to do.

I configure both a soft phone as well as a Cisco phone to connect as a test extension, but no matter what I do it tells me “wong password” in the logs.
I did create a short password as well as the larger more secure one, always resulting in the same wrong password.

I deleted the extension and created a new one, same result.
NO phones/extensions are authenticating

Any direction would be appreciated.
Server is 100% current.

[2022-06-02 13:47:26] NOTICE[22734]: chan_sip.c:29050 handle_request_register: Registration from ‘“120” sip:[email protected]’ failed for ‘’ - Wrong password

I do have PJSIP ONLY listening on 5060.
Under sip settings it says [chan_pjsip) and in advanced sip channel driver chan_pjsip (not both)

On Softphone I get this additional data:

Error Layer(3)
Error Code403
Error TextForbidden

Make sure you are not mixing up the SIP Extension and FreePBX user passwords, they are two different things.

Yes, using extension password.

In Asterisk SIP Settings, chan_pjsip tab, under transport (udp), Port to Listen On should be 5060. On the chan_sip tab, Bind Port should be something different. If you have changed any of these settings, after Submit and Apply Config, you must restart Asterisk.

If your PBX has a private IP address (AWS, GCP, etc.), confirm that the cloud firewall is not translating port numbers.

This is not actually a ‘wrong password’ issue – the phones should not be contacting chan_sip at all.


Those are the same settings I have, pretty default, and listening would normally be 5061 but I change it to 5060.

The authentication request makes it to the PBX, so I don’t believe its a SIP issue, but I could be wrong.

Not sure what to check on AWS as I have several servers there, all using the same firewall policies.

That’s for TLS. If that is what you are using, check Port to Listen on for (tls) for pjsip and TLS Bind Port for chan_sip.

Run sngrep then reboot a phone so it tries to register. That will show you the port the request is coming in on. If it’s correct, your FreePBX settings have somehow not propagated to Asterisk. If it’s wrong, either the phone settings are messed up or you have a networking problem. Look at the softphone log to see the destination port it is using.

The port is correct, it shows in the failed password line.

What port is correct? Which protocol? The failed password line you posted:

shows only the source port of the phone. You need to find the destination port the request was sent to, and which protocol was used.

In case you’re not already aware, you must restart Asterisk after making transport changes.

Yes, it was restarted many times :slight_smile:

Be careful with the correct SIP protocol that you use, many times Cisco Phones works with TCP or you are using rport?

UDP only, and I can get the phone with the core config to work on multiple systems, just not this new 16 install.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.