Phones will not re-register without reset over VPN.

Discussion in '3CX Phone System - General' started by MMDTerry, Jan 12, 2017.

Thread Status:
Not open for further replies.
  1. MMDTerry

    Joined:
    Jan 11, 2017
    Messages:
    18
    Likes Received:
    2
    I just installed a new 3CX server and 60 t42g's across 4 locations. 3 locations have been flawless but they are also all on a 100m fiber ethernet link. Our 4th location has a 20/20m fiber link but not on the ENS circuit so they come in via a PTP VPN. The SIP AGL on our Firewalls have been disabled, each endpoint is a fortigate.

    On initial setup i just manually set the provisioning url and the phones worked fine. The first issue came when I change some BLF settings. The phones unregistered and would not re-register. I can ping them from the server, and get to the phone's web council just fine. Everything looks fine from what I see but they will not work until I factory reset them and manually put in the provisioning URL. Second time it happened i took the VPN down for a setting change the phones did the same thing once the tunnel was back up.

    Any Ideas? I am fairly new to VOIP but get the basics. I don't really want to have to reset the phones every time I need to make a change or there is a network interruption. The 3cx logs don't show anything about the phones trying to register, and the phone logs show this:

    Jan 12 17:58:44 sua [486]: DLG <6+info > [000] Content-Length: 0^M
    Jan 12 17:58:44 sua [486]: DLG <6+info > [000] ^M
    Jan 12 17:58:44 sua [486]: DLG <6+info > [000]
    Jan 12 17:58:44 sua [486]: NET <5+notice> [000] ===>>>> UDP socket 10.1.1.18:5060: send 554 bytes
    Jan 12 17:58:44 sua [486]: DLG <6+info > [000] cb_nict_kill_transaction (id=7)^M
    Jan 12 17:58:44 sua [486]: SUA <6+info > [000] ****eCore event:(0x0002)ECORE_REGISTRATION_FAILURE ****
    Jan 12 17:58:44 sua [486]: REG <4+warnin> [000] Register: no responser, server id:0
    Jan 12 17:58:44 sua [486]: DLG <5+notice> [000] Release a terminated transaction
    Jan 12 17:58:44 sua [486]: APP <5+notice> [SIP] linestatus lid:0, enable=1, tick=0, old_status:1, new_status:3

    I'm going to try setting up the 3CX SBC, Forward DHCP so everyone gets the provisioning url and mess with multicast forwarding across the tunnel to see if it helps, but i am open to suggestions. Thanks for your time.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. YiannisH_3CX

    YiannisH_3CX Support Team
    Staff Member 3CX Support

    Joined:
    May 10, 2016
    Messages:
    4,349
    Likes Received:
    274
    Hello @MMDTerry

    As you have 3 sites that are running without issue and only one has these issues i would look at that site for any difference in configuration.
    The phones are provisioned as local extensions?
    While the phones are registered and working if you hit reprovision on one from the management console does that work?
     
  3. MMDTerry

    Joined:
    Jan 11, 2017
    Messages:
    18
    Likes Received:
    2
    The only thing different with that location is that they are connected via ipsec vpn. All phones are provisioned as local extensions. I will try to reprovision from the web admin and see if it works.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Bit-Tween

    Joined:
    May 13, 2012
    Messages:
    2
    Likes Received:
    0
    Hi,

    You need to create a blackhole rule in your static rule on each firewall.
     
  5. MMDTerry

    Joined:
    Jan 11, 2017
    Messages:
    18
    Likes Received:
    2
    There is on both devices.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. Bit-Tween

    Joined:
    May 13, 2012
    Messages:
    2
    Likes Received:
    0
    config system settings
    set default-voip-alg-mode kernel-helper based
    end
     
  7. MMDTerry

    Joined:
    Jan 11, 2017
    Messages:
    18
    Likes Received:
    2
    sip and rtp helper/agl's are off on both endpoints. Oddly enough i updated the firmware on both fortigates to 5.4 and now it will allow me to reprovision from the 3cx web council. I'm going to simulate a outage by taking down the tunnel tonight and see if they will re-register on their own.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. MMDTerry

    Joined:
    Jan 11, 2017
    Messages:
    18
    Likes Received:
    2
    bumping this back up. I installed a polycom conference phones and it does the same thing at that location so its not a yealink issue.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Thread Status:
Not open for further replies.