SPA508G Phone issue

I have a phone at a remote location that has been working fine for several months. The facility the phone is used in changed some sort of internet provider and now the phone is showing a message I have not seen previously.


I had the phone sent back, did a factory reset and reconfigured the phone and sent it back to the customer and when it was plugged into the network there, this screen reappeared. The customer thinks the new network in the facility is causing the issue, but I have no experience in this issue and any help is appreciated.

If you have access to the remote network, you could watch the network traffic from and to the phone. Chances are, the network has implemented a new firewall rule that wasn’t in place before (like access to TFTP through the WAN?) and it’s jacking you up.

How is the phone configured to download config files? My experience with Cisco (granted 79xx) phones is that they use TFTP to download all of their settings. If that’s the case, the VPN might be hosed up. It’s also possible that the network addresses on the customer’s network changed (with a DHCP server update, perhaps) and now the phone can’t communicate with your provisioning server.

This phone shouldn’t be downloading any config files. Back at the corporate office, the phone works perfectly with a static IP address for the server and a user ID and password as part of a asterisk server with freepbx on the front end.
I can’t even remote into this phone’s admin console to see what the phone is doing at this point. Is there anyone in the Phoenix area who would be interesting in being my tech on site?

This is a SIP configured phone

Hi,
Do you have change in the phone configuration after your reset to factory the address of the tftp server?
Verify manualy if the file is available on the tftp server.
Bye,

There is no tftp server. This is a SIP based account, and I am speculating that the facility my client is in has a tftp server and the IT person for the facility will not return calls. I am trying to figure out how to get this phone into a mode where I can log into the admin screen, but in it’s current state, it’s useless

Unless there is a DHCP option for HTTP requests I doubt it’s anything to do with TFTP. The Cisco SPA series default to HTTP/HTTPS as their preferred method for pulling from a provisioning server. You would actively have to set the phones to use TFTP in order for Option 66 and the TFTP to take over.

As well, that is most likely the default provisioning rule. After this phone was factory default was the provisioning rule update inside of it? If you hard coding the phones did you disable the provisioning rule to stop this from happening?

I didn’t do anything to this phone except put the SIP server info in. I guess I need to be more careful in the future.
Is there anything specific I should be looking for when I get this phone back to a point where I can see the admin screen?

Log into the GUI admin, go to the Provisioning tab and disable provisioning. While you’re in there you should probably lock down the Admin/User GUIs so the phone isn’t open to the world if someone gets into the network.

My take:

There’s a new router with Option 66 Enabled to some TFTP…

I would say you should take this Phone to a different network, set a Static IP (Remotes Subnet, You will loose access to the phone until you take it back to the remote location) and see then…

Otherwise, you may do a wireshark on that remote network to see what this phone is trying to access/download

Much luck.

There is no GUI admin. The phone is locked on that screen, but that only happens in that facility. Back at the corporate office, the phone works normally.
I think taking the phone elsewhere would be better and then I can set a static IP. Problem is I am working with a non IT person 1500 miles away. the local IT support for the building will not return calls.

@PitzKey My point still stands about the Cisco SPA phones, their default provisioning protocol is HTTPS not TFTP. So it’s not sending TFTP requests on port 69 for Option 66 to grab, it’s making HTTPS requests on 443 to grab these details. The Option 66 is only an issue if these phones are making TFTP requests and sending traffic via TFTP.

Without seeing how the phone is actually programmed, it’s all a guess but since the claim was it was factory default and just the SIP settings were updated, I doubt this ended up on TFTP as the provisioning rule.

We’ve recently seen that some other phones will refuse to access an HTTPS configuration if the certificates are not in order. We know the phone is using a download (the screen says so) so the other things to check are “what provisioning server is it pointing to?” and “do you have a valid cert on that server?”