I have multiple IP550s running UCS 4.0.2b. They register to my pbx using TLS. After they register, I can make a couple of calls, but usually after a few calls or a few minutes, when I try to make another call, one of two things happen. In one scenario, I will dial numbers and hit send and the light next to my linekey will turn green, but the phone doesn't actually send any packets out. It's like it takes the phone off hook, but doesn't do anything. The second scenario is that the phone tries to dial and an INVITE hits my pbx, but when the pbx responds with a 407 the polycom suddenly indicates that the line is unregistered and obviously the call doesn't go through.
This is happening on every IP550 that I have (6 of them) and only seems to happen when using TLS. This behavior started after I upgraded my pbx software, so I thought it may be a pbx issue. However, in the one scenario where the polycom doesn't send any traffic out, that can't be the pbx. And to check functionality fo the pbx, I also connected multiple soft-clients and a Cisco SPA504G phone, all using TLS. No other phones have this issue.
Any help would be appreciated. I also have a tcpdump of the scenario when the phone "unregisters" itself while trying to make a call if anyone is interested.
I did more testing and it seems that if I downgrade my phone to 3.3.2, I don't have the issue anymore, however the phone will freeze randomly. Once I upgrade to the 4.0 series, I get the problem again. If I just use TCP and not TLS to register, the phone will work for a while but then locks up.
welcome to the Polycom Community.
Without knowing more details or checking logs nobody will be able to suggest a fix for your issue.
This could be caused by a multitude of issues and without knowing the history or more details of your setup I can only guess that you upgraded from a pre UCS 3.3.x Software and are using some sip.cfg / phone1.cfg or custom files.
I would suggest you check your <mac>-app.log / <mac>-boot.log for any errors and if above guess is correct utilize the cfcUtility as described in the newly added FAQ post:
Oct 03, 2012 Question: What is the cfcUtility and where can I get it?
Resolution: Please check => here <=
Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.
Polycom Global Services
The history: I took the IP 550 out of the box and upgraded it to UCS 4.0.2b. It had no configuration files from a provisioning server or any other configs, other than pointing to the ftp server with the new software. I then logged into the web interface and only configured one line on the phone to use TLS and connect to my freeswitch 1.2.3 pbx. I installed a custom cacert on the phone which was used to sign the cert that my pbx is using. I described the problem I'm having in my original post. If you want log files, I will recreate the issue and upload log files as soon as I can.
feel free to post a log and I have a look if anything sticks out.
I cannot guarantee that other community members provide a solution and can only recommend if you require further support to raise a service ticket via your Polycom reseller.
I'm having the exact same issue with a Polycom 335 running firmware 4.1
How was this resolved?
This is the exact error from polycom log:
0417092324|sip |4|03|CTcpSocket::TlsListenThread: SSL_get_error Error code=5
0417092324|sip |4|03|TLS Listen Thread Exit
Here is the Polycom log with DEBUG enabled:
0417095617|sip |1|03|CTcpSocket::SendData TLS queuedTxData = 0 TotalLen 551 loop count 1 maxQueueDepth 20000 0417095617|sip |1|03|CTcpSocket::SendData TLS Sent 551 loop count 1 0417095617|sip |2|03|SendCommand: reqDest '14' isLync 0 isGRUU 0 isIP 0 useEffectiveProxy 1 0417095617|sip |1|03|SendCommand: isLync 0 isGRUU 0 isIP 0 useEffectiveProxy 1 0417095617|sip |1|03|CreateFailOverProxyList : Reg to Domain '14' nPort 5061 0417095617|sip |1|03|CreateFailOverProxyList : Domain is in user part 0417095617|sip |1|03|CreateFailOverProxyList : For INVITE Request nPort 5061 0417095617|sip |1|03|doDnsListLookup(tls): doDnsSrvLookupForARecordList for 'fs01.voip.demo.i-demo.net' port 5061 returned 1 results 0417095617|sip |1|03|doDnsListLookup(tls): result 0 host 'fs01.voip.demo.i-demo.net' IP 'XX.YY.JJ.III' port 5061 isInBound 0 0417095617|sip |1|03|CreateFailOverProxyList : 'TLS' for 'fs01.voip.demo.i-demo.net' port 5061 IP 0 is 'XX.YY.JJ.III' on tls port 5061 0417095617|sip |1|03|CreateFailOverProxyList : 'TLS' Add rest Total to Try 1 0417095617|sip |2|03|CreateFailOverProxyList : Exit 'TLS' lookup with 1 IP Addresses 0417095617|sip |2|03|CreateFailOverProxyList : IP 1 is 'XX.YY.JJ.III' on tls port 5061 0417095617|sip |1|03|CTcp::Send(TLS) entry for address XX.YY.JJ.III port 5061 can Connect 1 canFailOver 0 0417095617|sip |0|03|>>> Data Send TLS port:5061 0417095617|sip |0|03| INVITE sip:1004@14;user=phone;transport=tls SIP/2.0 0417095617|sip |0|03| Via: SIP/2.0/TLS 192.168.15.80:40769;branch=z9hG4bKa85bfedcF4B1A2E3 0417095617|sip |0|03| From: "T1000" <sip:1000@14>;tag=EE256F6B-553B5942 0417095617|sip |0|03| To: <sip:1004@14;user=phone> 0417095617|sip |0|03| CSeq: 2 INVITE 0417095617|sip |0|03| Call-ID: email@example.com 0417095617|sip |0|03| Contact: <sip:firstname.lastname@example.org:40769;transport=tls> 0417095617|sip |0|03| Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE, REFER 0417095617|sip |0|03| User-Agent: PolycomSoundPointIP-SPIP_335-UA/18.104.22.168097 0417095617|sip |0|03| Accept-Language: en 0417095617|sip |0|03| Supported: 100rel,replaces 0417095617|sip |0|03| Allow-Events: conference,talk,hold 0417095617|sip |0|03| Proxy-Authorization: Digest username="1000", realm="14", nonce="9497799a-a766-11e2-a2c9-676fb48a8de8", qop=auth, cnonce="3JVhbBfzj4/hZVC", nc=00000001, uri="sip:1004@14;user=phone;transport=tls", response="c4267ff48e03fe63f5208a8713481953", algorithm=MD5 0417095617|sip |0|03| Max-Forwards: 70 0417095617|sip |0|03| Content-Type: application/sdp 0417095617|sip |0|03| Content-Length: 561 0417095617|sip |0|03| 0417095617|sip |0|03| v=0 0417095617|sip |0|03| o=- 1366206978 1366206978 IN IP4 192.168.15.80 0417095617|sip |0|03| s=Polycom IP Phone 0417095617|sip |0|03| c=IN IP4 192.168.15.80 0417095617|sip |0|03| t=0 0 0417095617|sip |0|03| a=sendrecv 0417095617|sip |0|03| m=audio 2224 RTP/SAVP 9 0 8 18 127 0417095617|sip |0|03| a=crypto:2 AES_CM_128_HMAC_SHA1_80 inline:nJTz6x44Ust7IRvXzaq06tZKU0amF2CwKNSd4umI 0417095617|sip |0|03| a=rtpmap:9 G722/8000 0417095617|sip |0|03| a=rtpmap:0 PCMU/8000 0417095617|sip |0|03| a=rtpmap:8 PCMA/8000 0417095617|sip |0|03| a=rtpmap:18 G729/8000 0417095617|sip |0|03| a=fmtp:18 annexb=no 0417095617|sip |0|03| a=rtpmap:127 telephone-event/8000 0417095617|sip |0|03| m=audio 2224 RTP/AVP 9 0 8 18 127 0417095617|sip |0|03| a=rtpmap:9 G722/8000 0417095617|sip |0|03| a=rtpmap:0 PCMU/8000 0417095617|sip |0|03| a=rtpmap:8 PCMA/8000 0417095617|sip |0|03| a=rtpmap:18 G729/8000 0417095617|sip |0|03| a=fmtp:18 annexb=no 0417095617|sip |0|03| a=rtpmap:127 telephone-event/8000 0417095617|sip |1|03|CTcpSocket::SendData TLS queuedTxData = 581 TotalLen 1454 loop count 1 maxQueueDepth 20000 0417095617|sip |1|03|CTcpSocket::SendData TLS Sent 1454 loop count 1 0417095617|sip |4|03|CTcpSocket::TlsListenThread: SSL_get_error Error code=5 0417095617|sip |4|03|TLS Listen Thread Exit 0417095617|sip |1|03|MsgSipTcpSocketStatus socket 17 status 0 0417095617|sip |2|03|CTcpSocket::OnSocketStatus socket 17(0x94d20480) bStatus 0 0417095617|sip |3|03|SocketFailCb: for REG call m_nExpire 6987 m_nOverlap 120
This INVITE never gets to the PBX server.
I never was able to resolve this. I have been running my polycom with TLS disabled for a while. Two days ago, I updated freeswitch to a commit from February and turned on TLS on my polycom to see if anything changed. I am also now running 22.214.171.12462 on my polycom. The phone connected and could place calls, so I let it sit overnight. When I came in the next morning, every light on my polycom was lit up and the screen was blank. The phone was basically frozen and I had to pull the power to get it to do anything. This is one of the same problems I was having from before related to TLS and polycom. I'd be curious if you find anything. I'm also in the #freeswitch irc room as jackal.
this sounds like a mix of configuration issues and issues possibly with your certificate.
I have therefore created a short FAQ on how to implement this and tested the functionality:
Apr 17, 2013 Question: How can I setup a TLS connection for SIP signaling and / or troubleshoot this?
Resolution: Please check => here <=
If you require any further support you will need to liaise with your Polycom reseller.
After lot's of aggravation I found the problem here was the SDP the Polycom was sending was too large and it caused the SSL thread on the Polycom to crash (this is a bug!!!)
two solutions in order of best to worst:
1. Disable two codecs on Polycom with:
2. Require SRTP (which will remove AVP from the SDP)
Thanks for your help Polycom (that was sarcastic because they didn't help me at all!!!)
Maybe you guys at Polycom should read this and fix the bug in your SSL code!