S205 Not polling rs server

I have a brand new S205 phone.

Version
Product Model S205
Firmware Version BOOT–2.0.4.22(2017-06-07 10:11:00)
IMG–2.0.4.36(2017-09-15 17:30:00)
ROM–2.0.4.36(2017-09-15 17:30:00)
DSP–9.0.3(Patch 1.0.0)
Config Provision Url
Config Provision Url https://rs.sangoma.net/cfg

It is getting an IP address and i can talk to it over the network via web gui, but it doesn’t seem to be talking to the configuration server.

I can see it listed in the portal (was purchased direct from Sangoma) but no matter how many times I’ve rebooted the phone (even did a Factory Reset), the poll count is still 0.

If i try to visit https://rs.sangoma.net/cfg thru a web browser I am getting a certificate error.

Where do I go from here?

Thanks,
Westley

I did find the manual downloads for firmware and upgraded the firmware to the latest version.

Firmware Version BOOT–2.0.4.22(2017-06-07 10:11:00)
IMG–2.0.4.53(2018-05-24 16:46:00)
ROM–2.0.4.53(2018-05-24 16:46:00)
DSP–9.0.3(Patch 1.0.0)

Nothing else has changed. Still can’t provision.

Have you tried a factory reset of the phone as the URL with https tells me it hit our server as we first request on http and then we tell the phone to switch to https. Maybe @xrobau has some input.

Yep, tried the factory refresh.

Although I will be using it for an internal connection, for testing purposes, I also connected a new s305 and having the same issue.

I watched the traffic on my router and I can see it hitting rs.sangoma.net (199.102.239.89) on port 80 and then changes to port 443. End up with about six connections on port 443.

I just realized I could download a log and it looks like for some reason it is trying to hit 192.168.0.254 and I’ve got no idea why.

[07-20 19:45:14 00:00:03] RTOS_Upgrade: Will Parse Config Server Path 192.168.0.254/newcfg
[07-20 19:45:14 00:00:03] ParseSerPathStr:====== addr is 192.168.0.254
[07-20 19:45:14 00:00:03] ParseSerPathStr: ip is 192.168.0.254, 0xc0a800fe
[07-20 19:45:14 00:00:03] ParseSerPathStr: path is newcfg
[07-20 19:45:14 00:00:03] ==============================DHCP OPTION set to hanlongproduct, fm_path: 192.168.0.254/newfm
[07-20 19:45:14 00:00:03] ParseSerPathStr:====== addr is 192.168.0.254
[07-20 19:45:14 00:00:03] ParseSerPathStr: ip is 192.168.0.254, 0xc0a800fe
[07-20 19:45:14 00:00:03] ParseSerPathStr: path is newfm
[07-20 19:45:14 00:00:03] RTOS_Upgrade: Alloc ImgBuf
[07-20 19:45:14 00:00:03] RTOS_Upgrade: Device Will Upgrade Factory Crts …
[07-20 19:45:14 00:00:03] HTTPC: Need Resolve Domain 192.168.0.254
[07-20 19:45:14 00:00:03] HTTPC: Resolve Domain 192.168.0.254, IP 192.168.0.254
[07-20 19:45:14 00:00:03] HTTPC: Resolve Domain 192.168.0.254, IP 192.168.0.254
[07-20 19:45:14 00:00:03] CfgUpgradeOpen(Protocol HTTP, Port 80, Filename newcfg/crt/crt001fc1000003.bin)
[07-20 19:45:14 00:00:03] HttpCOpen - AF_INET (4)
[07-20 19:45:14 00:00:03] Image_2 Read Head: len = 512
[07-20 19:45:14 00:00:03] HttpCOpen: HTTP Command Size 159 bytes, Command:
GET /newcfg/crt/crt001fc1000003.bin HTTP/1.1
Host: 192.168.0.254
User-Agent: Sangoma S205 2.0.4.34 00:1f:c1:00:00:03
Accept: /
Connection: Keep-Alive

Westley

You must have the redirect setup to go to that IP from a quick glance at the logs. Anyways contact support and they can assist you and it’s free with Sangoma phones.

I opened a support ticket 36 hours ago but no response yet.

The good news is that it looks like the phone is hitting the sangoma server, the bad news is that it can’t download anything.

I’m getting a 403 error when trying to get 0018.cfg and cfg/cfg005058XXXXXX.xml

On a positive note, I brought the 305 into the office and it connected right away.

[08-29 20:48:32 51:3e:1b] GetXmlMacCfgFileByHTTPS:xml file path=cfg/cfg0018.xml,line=3228
[08-29 20:48:32 51:3e:1b] HTTPSC: HttpsGetFile cfg/cfg0018.xml, Resolve Domain rs.sangoma.net Success, SerIP:0xc766ef59
[08-29 20:48:32 51:3e:1b] HTTPSC: There are Default Device Cert and Key!!!
[08-29 20:48:32 51:3e:1b] TLS: commonName: MAC-005058XXXXXX
[08-29 20:48:32 51:3e:1b] HTTPSC: Load Device Cert and Key Success!!!
[08-29 20:48:32 51:3e:1b] TLS: HTTPSC Get File, SUPPORT TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256
[08-29 20:48:32 51:3e:1b] client https://rs.sangoma.net:443/cfg/cfg0018.xml, ser ip: 199.102.239.89, new: 1, resumed: 0, nciphers: 3, version: TLS 1.2
[08-29 20:48:32 51:3e:1b] Image_1 Read Head: len = 512
[08-29 20:48:32 51:3e:1b] HTTPS: INITIAL CLIENT SESSION, Will Get /cfg/cfg0018.xml
[08-29 20:48:32 51:3e:1b] <<< Client creating CLIENT_HELLO message
[08-29 20:48:32 51:3e:1b] >>> Client parsing SERVER_HELLO message
[08-29 20:48:32 51:3e:1b] >>> Client parsing CERTIFICATE message
[08-29 20:48:32 51:3e:1b] TLS: commonName: rs.sangoma.net
[08-29 20:48:32 51:3e:1b] TLS: commonName: Corporate Certificate Authority (Level 2)
[08-29 20:48:32 51:3e:1b] TLS: commonName: Sangoma Root Certificate Authority
[08-29 20:48:32 51:3e:1b] TLS: SSLHandshake, setting(Trusted Certificates) is 2, Doing Custom Certificates Validations…
[08-29 20:48:32 51:3e:1b] TLS: X509AuthCert, Easy case of single subject and single issuer
[08-29 20:48:32 51:3e:1b] TLS: sc.issuer .commonName: Corporate Certificate Authority (Level 2)
[08-29 20:48:32 51:3e:1b] TLS: ic.subject.commonName: Corporate Certificate Authority (Level 2)
[08-29 20:48:32 51:3e:1b] TLS: X509AuthCert, sc 0x16892c8, ic 0x168a800
[08-29 20:48:32 51:3e:1b] TLS: X509AuthCert, issuerCert was used, that is always final test
[08-29 20:48:32 51:3e:1b] TLS: X509AuthCert, Easy case of single subject and single issuer
[08-29 20:48:32 51:3e:1b] TLS: sc.issuer .commonName: Sangoma Root Certificate Authority
[08-29 20:48:32 51:3e:1b] TLS: ic.subject.commonName: Sangoma Root Certificate Authority
[08-29 20:48:32 51:3e:1b] TLS: X509AuthCert, sc 0x168a800, ic 0x168af80
[08-29 20:48:32 51:3e:1b] TLS: X509AuthCert, issuerCert was used, that is always final test
[08-29 20:48:32 51:3e:1b] TLS: X509AuthCert, Easy case of single subject and single issuer
[08-29 20:48:32 51:3e:1b] TLS: sc.issuer .commonName: Sangoma Root Certificate Authority
[08-29 20:48:32 51:3e:1b] TLS: ic.subject.commonName: Sangoma Root Certificate Authority
[08-29 20:48:32 51:3e:1b] TLS: X509AuthCert, sc 0x168af80, ic 0x16758b0
[08-29 20:48:32 51:3e:1b] TLS: X509AuthCert, issuerCert was used, that is always final test
[08-29 20:48:32 51:3e:1b] TLS: commonName: Sangoma Root Certificate Authority
[08-29 20:48:32 51:3e:1b] TLS: Have Found Custom Trusted CA, index 0, Creat New sslKeys->CAcerts
[08-29 20:48:32 51:3e:1b] SUCCESS: Validated cert for: rs.sangoma.net.
[08-29 20:48:32 51:3e:1b] >>> Client parsing CERTIFICATE_REQUEST message
[08-29 20:48:32 51:3e:1b] >>> Client parsing SERVER_HELLO_DONE message
[08-29 20:48:32 51:3e:1b] <<< Client creating CERTIFICATE message
[08-29 20:48:32 51:3e:1b] <<< Client creating CLIENT_KEY_EXCHANGE message
[08-29 20:48:32 51:3e:1b] <<< Client creating CERTIFICATE_VERIFY message
[08-29 20:48:32 51:3e:1b] <<< Client creating CHANGE_CIPHER_SPEC message
[08-29 20:48:32 51:3e:1b] <<< Client creating FINISHED message
[08-29 20:48:32 51:3e:1b] >>> Client parsing NEW_SESSION_TICKET message
[08-29 20:48:32 51:3e:1b] >>> Client parsing CHANGE_CIPHER_SPEC message
[08-29 20:48:32 51:3e:1b] >>> Client parsing FINISHED message
[08-29 20:48:32 51:3e:1b]
[08-29 20:48:32 51:3e:1b] TLS 1.2
[08-29 20:48:32 51:3e:1b] connection established:
[08-29 20:48:32 51:3e:1b] TLS_RSA_WITH_AES_256_CBC_SHA256
[08-29 20:48:32 51:3e:1b] SEND:
[GET /cfg/cfg0018.xml HTTP/1.1
User-Agent: Sangoma S205 2.0.4.36 00:50:58:51:3e:1b
Host: rs.sangoma.net
Connection: Keep-Alive
Content-Length: 0

]
[08-29 20:48:32 51:3e:1b]
--------------------------len is 244--------------------------------
[08-29 20:48:32 51:3e:1b] HTTP/1.1 403 Forbidden
Date: Wed, 29 Aug 2018 20:48:35 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.6.33
X-Error-Reason: Redirect Disabled in Portal
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

[08-29 20:48:32 51:3e:1b] ---------------------------------------------------------------------

[08-29 20:48:32 51:3e:1b] RECV PARSED: [HTTP/1.1 403 Forbidden]
[08-29 20:48:32 51:3e:1b] httpBasicParse:843===>>>Https Resv Response=403==
[08-29 20:48:32 51:3e:1b] HTTPSC: HttpsGetFile:2889====ResponseCode=403===
[08-29 20:48:32 51:3e:1b] HTTPSC: 0 bytes received
[08-29 20:48:32 51:3e:1b] HTTPSC: 1240 msec (1240 avg msec/conn SSL handshake overhead)
[08-29 20:48:32 51:3e:1b] HTTPSC: 10 msec (10 avg msec/conn SSL data overhead)
[08-29 20:48:32 51:3e:1b] HTTPS get cfg005058XXXXXX.xml from rs.sangoma.net:0 Fail

I just looked at your logs and pulled up the MAC on our redirect server. You have it setup to redirect to your deployment which I wont define here that deployment ID but in the deployment you have nothing setup for how to reach the PBX under the phone tab so it is redirecting to nowhere. See this wiki on how to setup your deployment with redirect information. Saving Redirect Server Information - Sangoma Portal/Store - Documentation

57%20PM2290×746 44.1 KB

PS I am not finding any tickets from you on this. Maybe its under a different user but I did take a look. PM me the ticket number please.

UPDATE - I found the ticket. You opened it Thurs at 7:29 AM and we replied back Friday at 1:49 once you included the logs that we ask for on all tickets and we provided you with links to what you had setup wrong and how to fix it.

Good news - I’m able to download the configuration thanks to the pointers sent in the support ticket.

Bad news - Phone is showing “Register Failed” on the account page of the web gui and I can’t make any calls.

I can see traffic flowing from both the local and remote routers on port 5060.

Can’t see what’s wrong.

What does your asterisk logs show.

Asterisk log isn’t showing anything. Not even showing the phone downloading the config files (not sure if it would show that anyway).

I did a pcap and I can see the phone is trying to register with the internal address rather than the external (I hid the domain name and IP address).

REGISTER sip:server.domain.net:5060 SIP/2.0
Via: SIP/2.0/UDP 192.168.1.XXX:5060;branch=z9hG4bK1506758658
From: “Telemarketing-150” sip:[email protected]:5060;tag=de61899a4a8df69
To: “Telemarketing-150” sip:[email protected]:5060
Call-ID: [email protected]
CSeq: 1 REGISTER
Contact: sip:[email protected]:5060;transport=UDP
Max-Forwards: 70
Supported: path
User-Agent: Sangoma S205 V2.0.4.44
Expires: 900
Allow: INVITE, ACK, UPDATE, INFO, CANCEL, BYE, OPTIONS, REFER, SUBSCRIBE, NOTIFY, MESSAGE, PRACK
Content-Length: 0

Is there anyway to clear out the phone’s SYSLOG? Clicking Factory Reset doesn’t do it.

And is the phone on the same network that the PBX is. The logs show ita trying to register to the PBX on the IP.

No. This phone is in a remote location. That’s half of what’s causing all the headaches.

Do you have NAT set to yes on the advanced tab for the extension?

Ok well your template in EPM just be setup to use the internal IP then. You need to change that. Might help you to read the wiki on setting up phones or even our onlilne free training inside Sangoma University that you can access from the Sangoma Portal. This is all pretty basic stuff here and well documented.

Yes, the extension has NAT Mode set to Yes - (force_rport,comedia).

In EPM, I created another template for external phones. It is the default external template, SIP Destination address is set to External and provision address is set to External.

I’ll try going over the WIKI again.

But have you mapped this specific phone to that template. As your logs shows the phone is trying a 192.168 IP address.

Yep.

EPM1020×187 20 KB

Clipboard011050×410 48.5 KB

Clipboard021099×810 79.3 KB

Not sure what to tell you. I think you will need to get support involved more. Something doesn’t seem right here.

Only thing I can think of is that you had the internal IP at one time in the template when the phone first pulled it’s config which means the phone has that saved for the config server so it keeps looking to the internal IP for new configs so it’s never getting a updated config that now has the external IP. You could log into the phone GUI and look at what URL it has for configs and modify it to be external if my theory is correct.

Also since the phone is remote make sure all the ports needed are also opened on your firewalls including the provisioning port you have set.

At least I’m not the only one scratching my head.

I manually entered the IP address into the Use NAT IP on the account page and the PCAP shows it is using it, but still no go on registration.

I’m also a bit perplexed on making sure the phone has done a factory reset. Even though I’ve clicked the Reset to Factory button on the Management->Upgrade page, it’s not clearing out old SYSLOG entries, so I’m wondering if it is doing a factory reset.

Even tried doing a factory reset straight from the phone with no luck.

As much as I’d like to get this working over the weekend, it isn’t a priority.

I’ll just have to wait till Tuesday.

Thanks for your help all the same!

Issue solved!

I finally tracked down the problem. I had port 5060 locked down by IP address, so, naturally, when I tried to use this phone at home, which wasn’t allowed, it couldn’t register or do anything else.

Once I allowed the IP address, all the Sangoma provisioning magic could happen.