Credentials don't match

Discussion in '3CX Phone System - General' started by dvs4man, Sep 4, 2011.

Thread Status:
Not open for further replies.
  1. dvs4man

    Joined:
    Oct 5, 2009
    Messages:
    50
    Likes Received:
    0
    I have a PAP2T for the Extension I am setting up. I actually have 4 PAP2T's that I am configuring on the new Version 10 system.
    I had these running, no changes done, on the V8 3CX phone system. After I put this new system in, in the 'Server Activity Log', I see that it connected to the IP address of the 3CX server, but gets the error 'Credentials don't match'. I did a factory reset and redid the config as per the 3CX Wiki for the PAP2T devices as an extension, but still get the same issue.

    My login credentials are simple, the extension, which is a 2-digit one, of '10' for the Extension, Display Name, UserID, Auth ID and Password, to keep it simple. I have seen on other posts that the extension is as the Auth or User ID is key, so I had it that way from when it was working on the old 3CX system.

    I have verified several times the userid and password are the same in the 3CX and PAP2T device.
    I can run Netmon or Wireshark if this helps, but wondering if it is something simple I am missing. I still have the old system to compare the config to.

    Let me know if anyone has any ideas here?

    Thanks.
     
  2. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,362
    Likes Received:
    227
    You should not have to use the Auth ID. Use the Extension number in both the User ID and Extension Number, then your Password. In fact, set "Use Auth ID" to NO
     
  3. dvs4man

    Joined:
    Oct 5, 2009
    Messages:
    50
    Likes Received:
    0
    ok? So is this link wrong when it tells you to use Auth ID to 'yes'?
    Is that why the credentials are not working?

    https://sites.google.com/a/3cx.com/3cx-wiki/gateway-configuration/vendor-supported/linksys-pap2t

    Thanks.
     
  4. dvs4man

    Joined:
    Oct 5, 2009
    Messages:
    50
    Likes Received:
    0
    I set the Auth ID to 'No' as you instructed. I then checked the Server Log and Firewall checker as well.
    The Firewall has been turned off on this Windows 7 Pro/Business PBX server I have. Anti-virus is also off.
    I use 2 Digit Extensions here, since I only have 5 in total for our School.
    You will see 10 and 11 below.
    I changed the Anti-Hacking Timeout to be 60 seconds, since I set the PAP2T for the 'Register' to try every 600 seconds, and the secondary to try every 900 seconds, so since the blacklist Anti-Hacking is set to 1800 seconds, I would continually fail.

    The firewall Checker passes all tests with Warnings though, so the final exit code is 53. That surprises me since I have the sames rules in my gateway, Microsoft TMG Server as I did with the old 3CX V8 system for SIP and RTP traffic, allowing all to travel anywhere in the network.


    I get this error message in the Server Event Log:

    SIP request (REGISTER) from 198.168.0.61 was rejected. Reason: Block WAN requests is ON.
    Message:
    REGISTER sip:198.168.0.135 SIP/2.0
    Via: SIP/2.0/UDP 198.168.0.61:5060;branch=z9hG4bK-c79c8c2a
    Max-Forwards: 70
    Contact: "10"<sip:10@198.168.0.61:5060>;expires=600
    To: "10"<sip:10@198.168.0.135>
    From: "10"<sip:10@198.168.0.135>;tag=36a8656227a03d09o0
    Call-ID: a05efbb-ea780e7b@198.168.0.61
    CSeq: 32630 REGISTER
    Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER
    Proxy-Authorization: Digest username="10",realm="3CXPhoneSystem",nonce="414d535c047567f076:cf619ca1dbde1335ba45d35560875815",uri="sip:198.168.0.135",algorithm=MD5,response="d3051ea8de8bc4e2f556e7d904e7e504"
    Supported: x-sipura, replaces
    User-Agent: Linksys/PAP2T-5.1.6(LS)
    Content-Length: 0



    SIP request (REGISTER) from 198.168.0.61 was rejected. Reason: Block WAN requests is ON.
    Message:
    REGISTER sip:198.168.0.135 SIP/2.0
    Via: SIP/2.0/UDP 198.168.0.61:5061;branch=z9hG4bK-e913e0af
    Max-Forwards: 70
    Contact: "11"<sip:11@198.168.0.61:5061>;expires=600
    To: "11"<sip:11@198.168.0.135>
    From: "11"<sip:11@198.168.0.135>;tag=f9a53a9a73caa931o1
    Call-ID: 2750cb7b-e964e5bb@198.168.0.61
    CSeq: 37196 REGISTER
    Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER
    Proxy-Authorization: Digest username="11",realm="3CXPhoneSystem",nonce="414d535c047567f037:078f158556189db4984a56281f03b76e",uri="sip:198.168.0.135",algorithm=MD5,response="e65cc2eed4ccc991530080277d4a392a"
    Supported: x-sipura, replaces
    User-Agent: Linksys/PAP2T-5.1.6(LS)
    Content-Length: 0

    Even after changing all this, I still get 'Blocked WAN request is ON'. That seems to be why that device is not talking to the 3CX PBX. Where can I remote it? It is not in the Blacklist list, since that is only phone numbers.

    Please advise?

    Thanks.
     
  5. dvs4man

    Joined:
    Oct 5, 2009
    Messages:
    50
    Likes Received:
    0
    Sorry, typo in the previous post. Where can I 'remove' this not 'remote' this for the WAN Blacklist?
    And this is the error I get from the server activity log below. 198.168.0.135 is the 3CX PBX and 198.168.0.61 is the PAP2T device with the 2 extensions configured.

    09:31:43.207 [CM102001]: Authentication failed for SipReq: REGISTER 198.168.0.135 tid=-22f47fc0 cseq=REGISTER contact=11@198.168.0.61:5061 / 37200 from(wire); Reason: Credentials don't match, check that authorization-ID and password match the ones in extension settings
     
  6. leejor

    leejor Well-Known Member

    Joined:
    Jan 22, 2008
    Messages:
    10,362
    Likes Received:
    227
    I had a look a a few spa2102's on my network, some have the Auth ID set the same as the extension number but all are set to Use Auth ID = No

    There is an option in version 10 to allow /not allow remote registration of extensions. it's in the settings for each extension. I'm not sure why 3CX would think that your PAP2's are on a different network. As far as the blacklist. If a device tries to register too often with incorrect credentials, it does get blacklisted. You can change the parameters in 3CX...Settings/Advanced/Anti-Hacking. The IP blacklist is in there too.
     
Thread Status:
Not open for further replies.