[cisco-voip] Cisco 7942G Registration Rejected : Security Error

Jason Aarons (US) jason.aarons at us.didata.com
Fri Mar 26 09:08:09 EDT 2010


Are you using Cisco CTL (Certificate Trust Lists) ? Have you generated a CTL and is the phone using or showing one on the menu?

Have you tried unlocking the phone and erasing your config?  Check in CCMAdmin you don't have Secure SCCP enabled for that phone, etc.

From: cisco-voip-bounces at puck.nether.net [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of sasanka.pathi
Sent: Friday, March 26, 2010 2:04 AM
To: 'Samme-Nlar Tomslin'
Cc: cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] Cisco 7942G Registration Rejected : Security Error

Check this information:

nderstanding Phone Configuration Files

Configuration files for a phone are stored on the TFTP server and define parameters for connecting to Cisco Unified Communications Manager. In general, any time you make a change in Cisco Unified Communications Manager that requires the phone to be reset, a change is made to the phone's configuration file automatically.

Configuration files also contain information about which image load the phone should be running. If this image load differs from the one currently loaded on a phone, the phone contacts the TFTP server to request the required load files. (These files are digitally signed to ensure the authenticity of the files' source.)

In addition, if the device security mode in the configuration file is set to Authenticated and the CTL file on the phone has a valid certificate for Cisco Unified Communications Manager, the phone establishes a TLS connection to Cisco Unified Communications Manager. Otherwise, the phone establishes a TCP connection. For SIP phones, a TLS connection requires that the transport protocol in the phone configuration file be set to TLS, which corresponds to the transport type in the SIP Security Profile in Cisco Unified Communications Manager.
[cid:image001.gif at 01CACCC3.DA5F2D00]
________________________________

Note If the device security mode in the configuration file is set to Authenticated or Encrypted, but the phone has not received a CTL file, the phone will continuously try to obtain a CTL file so that it can register securely.

________________________________

If you configure security-related settings in Cisco Unified Communications Manager Administration, the phone configuration file will contain sensitive information. To ensure the privacy of a configuration file, you must configure it for encryption. For detailed information, refer to the "Configuring Encrypted Phone Configuration Files" chapter in Cisco Unified Communications Manager Security Guide.A phone requests a configuration file whenever it resets and registers with Cisco Unified Communications Manager.

A phone accesses a default configuration file named XmlDefault.cnf.xml from the TFTP server when the following conditions exist:

*You have enabled auto-registration in Cisco Unified Communications Manager

*The phone has not been added to the Cisco Unified Communications Manager Database

*The phone is registering for the first time

If auto registration is not enabled and the phone has not been added to the Cisco Unified Communications Manager Database, the phone registration request will be rejected. In this case, the phone will reset and attempt to register repeatedly.

If the phone has registered before, the phone will access the configuration file named SEPmac_address.cnf.xml, where mac_address is the MAC address of the phone.

The TFTP server generates these SIP configuration files:

*SIP IP Phone:

-For unsigned and unencrypted files-SEP<mac>.cnf.xml

-For signed files-SEP<mac>.cnf.xml.sgn

-For signed and encrypted files-SEP<mac>.cnf.xml.enc.sgn

*Dial Plan-<dialplan>.xml

*Softkey Template-<softkey_template>.xml

The filenames are derived from the MAC Address and Description fields in the Phone Configuration window of Cisco Unified Communications Manager Administration and the devicename field in the Cisco Unified Communications Manager database. The MAC address uniquely identifies the phone. For more information refer to the Cisco Unified Communications Manager Administration Guide.

Understanding the Phone Startup Process

When connecting to the VoIP network, the Cisco Unified IP Phone 7962G and 7942G go through a standard startup process that is described in Table 2-3<http://www-europe.cisco.com/en/US/docs/voice_ip_comm/cuipph/7962g_7942g/6_0/english/administration/guide/7962ins.html#wp1031962>. Depending on your specific network configuration, not all of these steps may occur on your Cisco Unified IP Phone.

http://www-europe.cisco.com/en/US/docs/voice_ip_comm/cuipph/7962g_7942g/6_0/english/administration/guide/7962ins.html#wp1030924



Warm Regards,

Venkata Sasanka.pathi(-91 950 265 2290)

Consultant | unified communications

Locuz Enterprise Solutions Ltd. (A Subsidiary of 3i-Infotech)

(office:914066115512)

 sasanka.pathi at locuz.com

www.locuz.com<http://www.locuz.com>

Go ahead and print this out. It's okay! The wood and paper industry plants 1.7 million new trees EVERY DAY



________________________________
From: Samme-Nlar Tomslin [mailto:tsammenlar at sevenseastech.com]
Sent: Friday, March 26, 2010 11:10 AM
To: sasanka.pathi
Cc: Carter, Bill; cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] Cisco 7942G Registration Rejected : Security Error

Hi,

It is a new installation.
The phones say "registering" then display the "Registration Rejected:Security Error"
I have upgraded the firmware from 8.3-2 to 8.5-2SR1S
CCM version is CCBE 7.13


Thanks
On Fri, Mar 26, 2010 at 8:16 AM, sasanka.pathi <sasanka.pathi at locuz.com<mailto:sasanka.pathi at locuz.com>> wrote:
Hi,

Is it a new Installation? What's the behavior of the phones after showing the error? Have u done any firmware up gradation. Which version of the call manager version are u using? And also If possible kindly give the details of the Firmware version of the IP phones


Warm Regards,

Venkata Sasanka.pathi(-91 950 265 2290)

Consultant | unified communications

Locuz Enterprise Solutions Ltd. (A Subsidiary of 3i-Infotech)

(office:914066115512)

 sasanka.pathi at locuz.com<mailto:sasanka.pathi at locuz.com>

www.locuz.com<http://www.locuz.com>

Go ahead and print this out. It's okay! The wood and paper industry plants 1.7 million new trees EVERY DAY



________________________________
From: cisco-voip-bounces at puck.nether.net<mailto:cisco-voip-bounces at puck.nether.net> [mailto:cisco-voip-bounces at puck.nether.net<mailto:cisco-voip-bounces at puck.nether.net>] On Behalf Of Carter, Bill
Sent: Thursday, March 25, 2010 10:28 PM
To: Samme-Nlar Tomslin; cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
Subject: Re: [cisco-voip] Cisco 7942G Registration Rejected : Security Error

Is the phone trying to upgrade the firmware? If so, install Cisco Phone firmware load 8.5(2).

From: cisco-voip-bounces at puck.nether.net<mailto:cisco-voip-bounces at puck.nether.net> [mailto:cisco-voip-bounces at puck.nether.net<mailto:cisco-voip-bounces at puck.nether.net>] On Behalf Of Samme-Nlar Tomslin
Sent: Thursday, March 25, 2010 4:42 AM
To: cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
Subject: [cisco-voip] Cisco 7942G Registration Rejected : Security Error


Has anyone faced the above error before? Phones giving the error during registration?

I urgently need a solution for it.

Thanks



--
Tomslin Samme-Nlar
Technical Business Manager - SP Video/Voice | Service Provider Networks | Seven Seas Technologies Group.
M: (+254) 715094434 | T: (+254 20) 4268166 | F: (+254 20) 4451231 | Ext: 166



-----------------------------------------
Disclaimer: 

This e-mail communication and any attachments may contain
confidential and privileged information and is for use by the
designated addressee(s) named above only.  If you are not the
intended addressee, you are hereby notified that you have received
this communication in error and that any use or reproduction of
this email or its contents is strictly prohibited and may be
unlawful.  If you have received this communication in error, please
notify us immediately by replying to this message and deleting it
from your computer. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20100326/c7f4443d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 1111 bytes
Desc: image001.gif
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20100326/c7f4443d/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.gif
Type: image/gif
Size: 73 bytes
Desc: image002.gif
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20100326/c7f4443d/attachment-0001.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.gif
Type: image/gif
Size: 73 bytes
Desc: image003.gif
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20100326/c7f4443d/attachment-0002.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.gif
Type: image/gif
Size: 73 bytes
Desc: image004.gif
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20100326/c7f4443d/attachment-0003.gif>


More information about the cisco-voip mailing list