B179 restarting in TLS mode

[Granty600]

Hi

Im installing a new B179 on IP Office 9.1, it works for 30 mins! on the hour or at 30 minutes past the hour it restarts its application and changes it transport setting from TCP to TLS, I have disabled NTP and also upgraded to the latest firmware, log below, any ideas please?

Mar 21 16:37:06: INF: <sip:2184@10.100.6.248;transport=tcp>: registration success, status=200 (OK), will re-register in 180 seconds
Mar 21 16:37:06: INF: mmi: Account 'Conference MRA' registered
Mar 21 16:40:01: INF: <sip:2184@10.100.6.248;transport=tcp>: registration success, status=200 (OK), will re-register in 180 seconds
Mar 21 16:40:01: INF: mmi: Account 'Conference MRA' registered
Mar 21 16:42:56: INF: <sip:2184@10.100.6.248;transport=tcp>: registration success, status=200 (OK), will re-register in 180 seconds
Mar 21 16:42:56: INF: mmi: Account 'Conference MRA' registered
Mar 21 16:45:51: INF: <sip:2184@10.100.6.248;transport=tcp>: registration success, status=200 (OK), will re-register in 180 seconds
Mar 21 16:45:51: INF: mmi: Account 'Conference MRA' registered
Mar 21 16:48:46: INF: <sip:2184@10.100.6.248;transport=tcp>: registration success, status=200 (OK), will re-register in 180 seconds
Mar 21 16:48:46: INF: mmi: Account 'Conference MRA' registered
Mar 21 16:51:41: INF: <sip:2184@10.100.6.248;transport=tcp>: registration success, status=200 (OK), will re-register in 180 seconds
Mar 21 16:51:41: INF: mmi: Account 'Conference MRA' registered
Mar 21 16:54:37: INF: <sip:2184@10.100.6.248;transport=tcp>: registration success, status=200 (OK), will re-register in 180 seconds
Mar 21 16:54:37: INF: mmi: Account 'Conference MRA' registered
Mar 21 16:57:31: INF: <sip:2184@10.100.6.248;transport=tcp>: registration success, status=200 (OK), will re-register in 180 seconds
Mar 21 16:57:31: INF: mmi: Account 'Conference MRA' registered
Mar 21 17:00:25: INF: ctl: System restart request
Mar 21 17:00:25: INF: mmi: Sys restart request
Mar 21 17:00:25: INF: sip_manager: Shutting down the SIP stack
Mar 21 17:00:25: INF: Unregistration sent
Mar 21 17:00:27: INF: <sip:2184@10.100.6.248;transport=tcp>: unregistration success
Mar 21 17:00:27: INF: main: exit 2
Mar 21 17:00:27: Need Sysrestart
Mar 21 17:00:27: Loading configuration
Mar 21 17:00:32: Stopping lldpd
Mar 21 17:00:32: stopped process in pidfile '/var/run/lldpd.pid' (pid 5835)
Mar 21 17:00:33: Starting lldpd
Mar 21 17:01:16: INF: sip_manager: ua_cfg.nameserver_count = 2
Mar 21 17:01:16: INF: sip_manager: ua_cfg.nameserver[0] = 10.1.20.5
Mar 21 17:01:16: INF: sip_manager: ua_cfg.nameserver[1] = 10.12.6.1
Mar 21 17:01:16: INF: sip_manager: ua_cfg.outbound_proxy_cnt = 0
Mar 21 17:01:16: INF: lldp_functions: Got vlan prio -1 from lldp
Mar 21 17:01:16: INF: lldp_functions: Got dscp -1 from lldp
Mar 21 17:01:16: INF: pjsua version 1.0-trunk for arm-926-linux-gnu initialized
Mar 21 17:01:16: INF: Registration sent
Mar 21 17:01:16: INF: sip_manager: Setting codec G722, prio 4
Mar 21 17:01:16: INF: sip_manager: Setting codec PCMA, prio 3
Mar 21 17:01:16: INF: sip_manager: Setting codec PCMU, prio 2
Mar 21 17:01:16: INF: sip_manager: Setting codec G729, prio 1
Mar 21 17:01:16: WAR: Failed to send Request msg REGISTER/cseq=56531 (tdta0x335f00)! err=171168 (Unknown error when performing SSL connect() (PJSIP_TLS_ECONNECT))
Mar 21 17:01:16: WAR: SIP registration failed, status=503 (Service Unavailable)
Mar 21 17:01:46: INF: Registration sent
Mar 21 17:01:47: WAR: Failed to send Request msg REGISTER/cseq=51550 (tdta0x335f00)! err=171168 (Unknown error when performing SSL connect() (PJSIP_TLS_ECONNECT))
Mar 21 17:01:47: WAR: SIP registration failed, status=503 (Service Unavailable)
Mar 21 17:02:17: INF: Registration sent
Mar 21 17:02:17: WAR: Failed to send Request msg REGISTER/cseq=40503 (tdta0x335f00)! err=171168 (Unknown error when performing SSL connect() (PJSIP_TLS_ECONNECT))
Mar 21 17:02:17: WAR: SIP registration failed, status=503 (Service Unavailable)
Mar 21 17:02:47: INF: Registration sent
Mar 21 17:02:47: WAR: Failed to send Request msg REGISTER/cseq=20489 (tdta0x335f00)! err=171168 (Unknown error when performing SSL connect() (PJSIP_TLS_ECONNECT))
Mar 21 17:02:47: WAR: SIP registration failed, status=503 (Service Unavailable)

 

[Granty600]

Installed 2 more today, same thing, different firmware levels on the set, must be a 9.1 issue?

 

[tlpeter]

TLS requires a certificate.

BAZINGA!

I'm not insane, my mother had me tested!

 

[Granty600]

Yes, understand that but I'm setting the devices to use TCP and after being idle for 30 minutes they restart and reload in TLS mode, I left a call in progess for hours and it didn't restart until it I cleared the call, again set the transport to tls

 

[derfloh]

Maybe the phone gets a config file from a fileserver. B179 is able to use DHCP option 242 like 1600/9600 phones.

 

[samnm1]

Has this been fixed?
I suggest this is something to do with LLDP.

 

[Granty600]

No fix yet, I raised a case with Avaya and it's now with T4/Development

 

[Granty600]

Good Pointer Derfloh, Thanks
on the B179 under settings, provisioning, file server address, it had the IP address of the IP Office, I have removed this and all is well.
I’m assuming there is a file on the IP Office similar to the 96xxsettings file which in default must force the B179 devices to TLS and they check every 30 mins?

 

[derfloh]

It is a XML file. I think it is autocreated like the others if you don't create your own. It usually has an option to pull a new config every 30 minutes. If you configure the phone to use TCP and it gets a config with TLS enabled... You know it...

Download the admin guide for B179 and have a look at the provisioning options. It's worth to take a look at the options because the newest firmware releases support DHCP option 242 as well.

 

[derfloh]

Another thing to look at... It seems that the file names the phone will request from HTTP server differ to the documented ones. So take a look into SysMon with HTTP filter enabled to see which files the phone wants to have.

 

[pjazz]

Thanks I removed the IPO address in provisioning and the phones stay up.

 

[derfloh]

That's great news! I think there is a setting in that settings file - you can create your own one - where you can set how often B179 will check for new settings. You can create a file for all B179 devices and another file with settings for every single device bound to it's MAC address. The admin guide is not very clear about the file names for these settings files. Have a look into SysMon with HTTP filter enabled to check what files are requested by B179.

 

[samnm1]

Ok guys, here is how ours got fixed.

Initially all B179s were working perfectly.
We then enabled TLS on the LAN1 SIP Registrar on the IPO and as soon as this is done, seems the IPO changes the default firmware of the B179 to another firmware which is TLS and SRTP enabled.
Notice that the B179 has two firmware files, one with TLS and another without TLS.

https://support.avaya.com/downloads...20_0&productId=P0968&releaseId=B179 SIP 2.4.x

Since that time, the B179 has never held registrations if they register!!

We figured out that to fix this, we should get away from TLS, to do so:
- we changed the firmware on the IPO to be the one without TLS and SRTP.
- we followed this process to restore the firmware on the B179s to factory firmware

https://www.youtube.com/watch?v=DXBA75x9RLg

- Afterwards B179s booted normally and upgraded to the [latest now 2.4] with no TLS.
- no B179s configuration doesn't have TLS at all and works perfectly.

Let me know if this is unclear or if you need anyhelp with it.

 

[derfloh]

That's a workaround but not a solution. It is for pre 9.1 systems. With R9.1 you are able to use TLS. You only have to let the B179 trust the certificate used by IPO. Have a look at technical bulletin No. 175.

 

[derfloh]

And to be honest. I would avoid using the autogenerated files from IPO. Create a bunch of them for all devices and copy them to SD card. Change needed IP addresses and you will be fine. No more surprises about changed settings or firmware updates you don't want to have.