Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Andrzejek on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Remote J179 Logs in, 9608 does not 2

Status
Not open for further replies.

dsm600rr

IS-IT--Management
Nov 17, 2015
1,444
US
Hello all,

So we have an IPO w/TLS Enabled, certificates in place and what not. I can log in on IX Workplace and a J100 phone with no issue.

When I try and log into my 9608, I get error:

IMG_0717_tsfy3e.jpg

IMG_0719_agfntk.jpg

IMG_0720ssss_u45b0x.jpg


Below are the H.323 Settings:
I did set H.323 over TLS to "Preferred", not sure if this is needed however makes sense.

2024-04-18_15-10-56_xrvgjh.png


Notes:
- IPO: R11.1.3.1.0 Build 34
- Using a NoIP/DigiCert Public Certificate
- Extension is set up as H.323

What am I missing here?

ACSS / ACIS
 
Made a few firewall changes, Monitor looks a bit better however same error on the phone:

2024-04-19_8-25-42_novouz.jpg


ACSS / ACIS
 
Where are you putting the password, on the User>Supervisor settings or the Extension. ON the 96xx it should be on the User>Supervisor settings tab.
Also, check System Status under VoIP security and make sure the phone isn't blacklisted or blocked due to failed attempts.
Is so, remove them from the list.

 
IPOTS: Its not a password issue, when I intentionally input the incorrect password, I see it in SSA.

I also have the same password under: User>User, User>Telephony>Supervisor Settings, and on the H.323 Extension

VoIP Security in SSA is Empty.

Thank you for the suggestions.

ACSS / ACIS
 
Update, got the 9608 phone to log in. Had to modify the auto generated file to do so, which I would prefer not to do. Is there something in the IPO that we may have missed that would trigger these values in the auto generated file so we do not have to modify? Thanks.

**Highlighted parts are what we added**

2024-04-20_10-36-54_ewykkr.jpg


ACSS / ACIS
 
Was this upgraded from an earlier release? The 46xxsettings file cannot be adjusted on 11.1.
If this file exists. You should deleted it and system rebooted. It creates a new 46xxsettings file. This is a read only file.
The only was to adjust settings at that point is creating a 46xxspecials.txt file with additional instructions. (or add to the nouser source number)

 
IPOTS: The system was updated and already had a modified 46xxsettings.txt file before I got ahold of it.

I added all the TLS Stuff, deleted the 46xxsettings.txt so that it was auto generated and confirmed it looked ok. I was able to get remote J100's and the IX Workplace to log in with the auto generated file. However we could never get remote 9608's to log in with the auto generated file. So what we did was copy the auto generated file, added what was shown above and added it to the Primary folder. Not sure what we are missing to get 9608's to log in with TLS without making the modifications to the auto generated 46xx.

Do you happen to know what is needed in the nouser to accomplish the same results?

ACSS / ACIS
 
You can create a 46xxspecials.txt file with the same info. The 46xxsettings file recognizes the 46xxspecials file and is instructed to look in that file for additional info.
You will notice once you add the specials file there is an additional line at the bottom of the 46xxsettings. Goto>46xxspecials.txt (or similar)

 
IPOTS: Would I need to just add the updates to the: # 96X1SPECIALS or the whole string?

For Example, in the 46xxspecials.txt would I add:

# 96X1SPECIALS
SET TLSSRVRVERIFYID 0 (Not sure if this should be 0 or 1)
SET BRURI SET HTTPPORT 80
SET TLSPORT 411
GOTO GENERALSPECIALS

Or With Everything, for example:

# 96X1SPECIALS
SET TRUSTCERTS "Root-CA-0210033A.pem"
SET TLSSRVRVERIFYID 0 (Not sure if this should be 0 or 1)
IF $SIG SEQ 2 GOTO NONAUTOGENERATEDSETTINGS
SET MCIPADD fqdn.com
SET NVMCIPADD fqdn.com
SET BRURI "SET HTTPPORT 80
SET TLSPORT 411
GOTO GENERALSPECIALS

Thank you.

ACSS / ACIS
 
The file would be called: 46xxspecials.txt
Add that file to the Primary folder on the SD card.

Contained in that file would be:

SET TRUSTCERTS "Root-CA-0210033A.pem"
SET TLSSRVRVERIFYID 0 (Not sure if this should be 0 or 1) (Probably set to 1 as you as using TLS)
IF $SIG SEQ 2 GOTO NONAUTOGENERATEDSETTINGS
SET MCIPADD fqdn.com
SET NVMCIPADD fqdn.com
SET BRURI "SET HTTPPORT 80
SET TLSPORT 411

The GOTO is automatically created in the 46xxsettings file. No need to add it.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top