Phones not registering. I feel like I've tried everything

I have this one customer that none of their phones will register. I don’t know how long they’ve been down. They got a new firewall a while back, but that was a long time ago to have not heard anything. I added a rule for udp 5060 traffic in there anyway. I also just allowed ALL traffic both ways temporarily to rule the firewall out. Other pertinent stuff:

  • The trunk is showing online.
  • I’ve reset the phones to factory and set them back up.
  • I disabled the firewall in the pbx temporarily.
  • I added their external ip to the pbx firewall. It wasn’t in there for some reason. Maybe the ISP changed it at some point and it was one of the other entries in there. Either way that didn’t fix it either.
  • In the physical firewall I see the phones sending registration attempts and none of that is getting blocked.
  • I can ping the pbx from a computer on the network. For some reason I can’t access the pbx from a computer on the network though.
  • If I watch the output in asterisk -rvvvvv I don’t see any registration attempts. I don’t know know why they wouldn’t be getting there though if the physical firewall isn’t blocking them.
  • Nothing is banned in fail2ban.

I don’t know what to try next.

I reckon the clue is here, solve that first. Check fail2ban.

Nothing is banned in Fail2Ban. I updated my original list. I forgot that one. I also have no idea why I can’t access the pbx from a computer on the network. Everything is excluded and nothing is banned.

Are you trying to reach the IP of the PBX or the FQDN?

Edit: Is the PBX remote? You haven’t said.

Just the ip. Yes, the pbx is remote.

So I just added the wan ip to a different phone system’s firewall and i was able to get to that pbx from a computer on their network.

Ok great, so now try and get to it from any other network and see if you can register a phone too. If you don’t have one handy, use MicroSIP.

I can access the pbx from my network. I’ll try it from another one.

I setup a new ext with MicroSIP and it works. Registered immediately and I added it to the ring group and made a successful test call. For some reason I just can’t access the pbx from their network. I allowed ALL traffic to and from the physical firewall earlier to see if that was blocking it. I just added a rule for the pbx’s ip and it doesn’t work so I don’t think it’s their firewall.

I can’t offer much from here without suggesting you poke around their local network some more. You just proved it’s not the PBX. Save yourself the stress of provisioning phones over and over though, and try and get MicroSIP working from one of their computers for now, it’s just easier and faster. To be honest, it sounds like you know what you are doing and the issue is their end. Good luck with it.

Yep, I installed MicroSIP on his pc and tried to set it up and it doesn’t register. I have no idea what would be blocking it though if it’s not the firewall.

New update. I had one of our remote guys try to access it and he has the same problem as they do on-site. He can ping the pbx IP, but cannot access the web portal so I don’t think it’s an issue with their physical firewall or something on their network. I added his external ip to the pbx firewall and added it to the intrusion detection whitelist.

I turned the pbx firewall off and stopped intrusion detection and still can’t get to it from anywhere other than our network here at the office. Tried 2 other networks and 2 cell phones not on wifi.

Is the far-end PBX running as a VM through a hosting service, on a VPS, etc.? For example, our company’s FreePBX is running on AWS as an EC2 instance. Besides the access rules on the FreePBX itself, I had to also whitelist IP subnets in the AWS security group for accessing it.

It is, but I’ve never had this issue with any of them before and this one is one of our oldest ones that’s been running for several years. Where can I whitelist IPs in AWS?

If a customer site has a new/different public IP, then it likely might need to be added to the AWS EC2 Security Group. Depending on whether access is just wide open or not. Likely not. Here’s a link with details → https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html

Oh, the freaking inbound rules in the security tab! That was it. We started with AWS hosted servers and moved to freepbxhosting a few years ago. We still have a few on AWS that I haven’t migrated over yet. I haven’t had any issues with them and it’s been so long I completely forgot about that! Thank you so much!