<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Security Error eh?<br>
<br>
Normally that would be related to a device configured for security
attempting to register without security.<br>
<br>
Since you are using SCCP controlled FXS ports I would be concerned
about:<br>
CSCsv02123 Devices with no security profile cannot register to mixed
mode cluster <br>
This defect was found specifically based on VG224 SCCP virtual port
usage. <br>
<br>
Looking through other previously resolved defects this also looks
interesting:<br>
CSCsy20149 VG224: Voice-port goes to transient unregister under SRST
mode. <br>
appears resolved in 12.4(24)T01.<br>
<br>
<br>
Along the diagnostic path:<br>
So either CM got confused about the device configuration or the gateway
got confused and sent incorrect registration sequence. Do you have
traces showing the device AN1D7015355A000 both registering properly and
failing? Would be good to see what (if any) changes happen on the CM
between the working and failing cases.<br>
<br>
Initially, based on your statement "bounced the voice port on the
router and every one registered", I suspect the SCCP process on the
router got confused and started sending incorrect information. It
would be great to compare successful and failed registrations at any of
the available points:<br>
1. debugs on the router<br>
2. packet capture of traffic between CM and the router<br>
3. CM SDI/SDL traces<br>
<br>
If you have any of those for both working/failing cases and all times
in between it will be significant step toward isolating the issue.<br>
<br>
/Wes<br>
<br>
On Tuesday, September 29, 2009 10:22:45 AM, Keith Klevenski
<a class="moz-txt-link-rfc2396E" href="mailto:KKlevenski@cstcorp.net"><KKlevenski@cstcorp.net></a> wrote:<br>
<blockquote
cite="mid:446FC7BED58B5F46882727BBD8333F492CB77AA72D@CSTDC01.cstcorp.local"
type="cite">
<meta http-equiv="Content-Type" content="text/html; ">
<meta name="Generator" content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Arial","sans-serif";
color:windowtext;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Arial","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="Section1">
<div>
<div
style="border-style: solid none none; border-color: rgb(181, 196, 223) -moz-use-text-color -moz-use-text-color; border-width: 1pt medium medium; padding: 3pt 0in 0in;">
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">Double
checking to see if anyone has any clue about this one.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">ty.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Tahoma","sans-serif";"><o:p> </o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">Ah,
the joys of supporting an infrastructure that consists of only SCCP
controlled
FXS ports over satellite links… <o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">Here
is the issue this time. There was some bad weather at the teleport
(where
the big dish is) which causes a satellite outage for a few minutes.
Each
remote site has a SCCP gateway (2801 running 12.4(24)T) that is
registered to
CM 7.0 and is also configured with SRST so it will register with itself
when
(not if) the sat link eventually goes down. This has worked fine in
testing and in the few months this network has been in place. This
time
however, when the sat link went down for a few minutes, lots of phones
(SCCP
controlled FXS ports) did not re-register to the CM when the link came
back up.
It seemed to be very random. At some sites all ports were registered,
at
some no ports were registered and others there was only 1 or 2 ports
not
registered. I went through CM to find the ports that were not
registered
and simply bounced the voice-port on the router and every one
registered almost
immediately after doing this.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">We
have a test site at the office and fortunately it did not register
either so I
have the problem reproduced. I see the following on the SCCP gateway
doing a ‘deb sccp packet’ while experiencing the problem:<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">Sep
28 09:07:56.028 CST: sccpapp_process_socket_events: appl_type 4, soc_fd
1, soc
0, swb_soc 1<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">Sep
28 09:07:56.028 CST: sccpapp_process_socket_events:
SWB_TCP_SOCKET_READ:
appl_type 4, swb_eve 4, swb_state 1<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">Sep
28 09:07:56.028 CST: sccp_send_register_msg: Send register msg for
appl_type 4,
swb_soc 1, device_name AN1D7015355A000, ip_addr 10.222.115.6,
ipv4_scope
2, ipv6_addr ::, ipv6_scope 0, device_type 30027, protVer -->
rsvp_enabled 0<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">Sep
28 09:07:56.032 CST: protocol_ver 0x11000102 max_streams 1,
active_streams 0<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">Sep
28 09:07:56.032 CST: sccp_send_register_msg: st_ptr EF1A49A0<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">Sep
28 09:07:56.032 CST: sccp_send_register_msg: Register msg txed in
hex(including
header) - len 136<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">Sep
28 09:07:56.032 CST: sccp_print_hex_msg: Len:136 Hex:<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">80
00 00 00 00 00 00 00 01 00 00 00 41 4E 31 44 37 30 31 35 33 35 35 41 30
30 30
00 00 00 00 00 01 00 00 00 0A DE 73 06 4B 75 00 00 01 00 00 00 00 00 00
00 11
00 01 02 30 30 20 30 30 20 30 30 00 00 00 00 00 00 00 00 00 00 00 00 02
00 00
00 30 30 20 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00
00 00 00 00 00 <o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">Sep
28 09:07:56.032 CST: sccp_transmit_msg: sending on socket 1<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">DGL394GW01#<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">Sep
28 09:07:56.032 CST: sccp_send_ip_port_msg_v1: send ip port msg with id
2, port
0<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">Sep
28 09:07:56.032 CST: sccp_transmit_msg: sending on socket 1<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">Sep
28 09:07:56.628 CST: sccpapp_process_socket_events: appl_type 4, soc_fd
1, soc
0, swb_soc 1<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">Sep
28 09:07:56.628 CST: sccpapp_process_socket_events:
SWB_TCP_SOCKET_READ:
appl_type 4, swb_eve 4, swb_state 5<o:p></o:p></span></p>
<p class="MsoNormal"><b><span
style="font-size: 10pt; font-family: "Arial","sans-serif"; color: red;">Sep
28 09:07:56.628 CST: sccp_process_swb_control_message: rcvd
register rej from SWB CCM, reason: Security Error<o:p></o:p></span></b></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">The
last line stands out to me. What type of security error would there
be? I see the same in the CM traces (taken last week):<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">09/25/2009
16:57:28.376 CCM|StationD: (1605527) RegisterReject
text='Security
Error'.|<CLID::StandAloneCluster><NID::10.1.101.11><CT::2,100,37,1.51862723><IP::10.222.115.6><DEV::AN1D7015355A000><LVL::State
Transition><MASK::0020><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">This
seems to be key. I’m assuming the port will register if I bounce the
voice-port on the gateway, but I wanted to keep it ‘broken’ to see what
is
going on. The test bed and all other sites are configured with SRST as
well, but many did not register even to the SRST router. Obviously this
is a
problem for the customer if they cannot be sure the ports will register
after
an outage. I have all the traces if more will be useful.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">Any
assistance is appreciated as always. <o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">Thanks!<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">-Keith
Klevenski<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<pre wrap="">
<hr size="4" width="90%">
_______________________________________________
cisco-voip mailing list
<a class="moz-txt-link-abbreviated" href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a>
<a class="moz-txt-link-freetext" href="https://puck.nether.net/mailman/listinfo/cisco-voip">https://puck.nether.net/mailman/listinfo/cisco-voip</a>
</pre>
</blockquote>
<br>
</body>
</html>