Provisioning issues S505 with Zero Touch

I’m using Sangoma S505 phones with Freepbx 14 and I’m having issues with my pjsip extension being provisioned via the endpoint manager. I set up the extension along with all of the other endpoint options I’m using Http port 84 as the default Http configuration port and not using an HTTP(s) Authentication. I also cannot use any HTTP(s) Authentication because I’m not able to select both, https only, or http only.

So the phone gets no part of the config or simply doesn’t register ?

I typically start here:

From SNG7 command line run the following and reboot the phone … watching the output of the below command

tail -f /var/log/httpd/access_log | grep -i sangoma

Is the phones request for the config actually making it the server ? If you don’t see it reaching the server try using the same config server info directly inputting it into phone

If neither of the above work call support Monday after opening a phone ticket and we’ll help

It doesn’t get any of the conf and it doesn’t register, I’ll try the command line and look for what you suggested. Thanks

[[email protected] ~]# tail -f /var/log/httpd/access_log | grep -i sangoma
::1 - - [05/Oct/2019:20:49:22 +0000] “OPTIONS * HTTP/1.0” 200 - “-” “Apache/2.4. 6 (Sangoma) OpenSSL/1.0.2k-fips PHP/5.6.40 (internal dummy connection)” - - [05/Oct/2019:20:56:26 +0000] “GET //cfg00505851ff43.xml HTTP/1 .1” 401 381 “-” “Sangoma S505 00:50:58:51:ff:43” - - [05/Oct/2019:20:56:28 +0000] “GET //cfg00505851ff43.xml HTTP/1 .1” 401 381 “-” “Sangoma S505 00:50:58:51:ff:43” - - [05/Oct/2019:20:59:59 +0000] “GET //cfg00505851ff43.xml HTTP/1.1” 401 381 “-” “Sangoma S505 00:50:58:51:ff:43” - - [05/Oct/2019:21:00:01 +0000] “GET //cfg00505851ff43.xml HTTP/1.1” 401 381 “-” “Sangoma S505 00:50:58:51:ff:43”

Does the phone connect to the portal?
Did you add a local or public address in the portal?

Can you access from the same network the phone is on http://address:84 ?

Yes it connects to the portal and I’m using a Deployment redirect.

Can you access from the same network the phone is on http://address:84 ?
Yes however it is requesting a username password???

Then you have http provisioning wit auth enabled.

Go to system admin and either disable it, or enter the credentials in the redirection portal and in the template provisioning address.

this is what I receive when trying to access http://address:84


You don’t have permission to access /.noindex.html on this server.

That did it!..thank you. If I’m having phones shipped to employees that operate in their remote offices will I need to take the responsive firewall down prior to the phone being turned on or is there a way to provision through the responsive firewall?

This is good. This is how it’s supposed to be.

Glad you got it working.

I think the responsive firewall is only working with the SIP protocols.
I’d rather allow SIP and HTTP provisioning from trusted sources by IP or FQDN than turning off the firewall, and if you get that working, you don’t need the responsive firewall at all

An additional note: IIRC, you can open a connection to the client-side by having the user log into UCP from their remote location. This can also get rid of the requirement for the Responsive Firewall.

Try that and see if it helps.

Thanks!! I’ll give it a try. BTW is there a way to allow UCP through the firewall?

I want to say Yes, but I don’t remember the details. We’ve discussed it here in the forums a few times.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.