Plantronics + Polycom. Now together as Poly Logo

UC Software 4.0.15.1009 / 4.1.1.0934 TLS incompatibility, SoundPoint IP 650

SOLVED
Frequent Visitor

UC Software 4.0.15.1009 / 4.1.1.0934 TLS incompatibility, SoundPoint IP 650

Hello, I have the following configuration on a SoundPoint IP 650 with UC Software 4.0.15.1009:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<PHONE_CONFIG>
	<ALL
        log.level.change.sip="0"
		log.level.change.tls="0"
		reg.1.address="22222"
		reg.1.auth.domain="host.example.com"
		reg.1.auth.userId="22222"
		reg.1.auth.password="examplepass"
		reg.1.displayName="testuser"
		reg.1.server.1.address="host.example.com"
		reg.1.server.1.port="3333"
        reg.1.label="testhase"
        reg.1.type="private"
        reg.1.server.1.transport="TLS"
    	tcpIpApp.sntp.address="europe.pool.ntp.org"
		tcpIpApp.sntp.address.overrideDHCP="1"
        voIpProt.SIP.specialEvent.checkSync.alwaysReboot="1"
        voIpProt.SIP.serverFeatureControl.cf="0"
        voIpProt.SIP.serverFeatureControl.dnd="0"
        voIpProt.server.1.address="host.example.com"
        voIpProt.server.1.transport="TLS"
        dialplan.digitmap="**xx.T|*xx.T|[9]11|0T|011xxx.T|xxxxxT|xxxxT|xxxT|xxT|1xxxxxxxxxxT|xxxxxxxxxxT|xxxxxxxT"
        dialplan.digitmap.timeOut="3|3|3|3|3|4|4|5|5|5|5|5"
        feature.presence.enabled="1"
        feature.urlDialing.enabled="0"
        pres.idleSoftkeys="0"
        sec.srtp.offer="1"
        sec.srtp.offer.HMAC_SHA1_32="1"
        sec.srtp.offer.HMAC_SHA1_80="0"
        sec.srtp.resumeWithNewKey="0"
        device.set="1"
        device.sec.TLS.customCaCert1.set="1"
        device.sec.TLS.customCaCert1="-----BEGIN CERTIFICATE-----
... here the contents of the cafile. I got the file from letsencrypt,
it is the chainfile.pem in the live/host.example.com folder you get
when you optain key and cert from letsencrypt. I pasted it here including
the BEGIN... and END... lines, and including the linebreaks ...
-----END CERTIFICATE-----"
        device.sec.TLS.profile.caCertList1.set="1"
        device.sec.TLS.profile.caCertList1="All"
        voice.codecPref.G729_AB="0"
        voice.codecPref.G711_A="0"
        msg.mwi.1.callBack="*1"
        msg.mwi.1.callBackMode="contact"
    />
</PHONE_CONFIG>

(Secrets and Addresses differ in real config.) All other configuration are the default factory-settings. The configuration works perfectly with a freeswitch-server, TLS negotiation succeeds, Signaling  is encrypted and  and also Data (srtp).

 

When I try the exact same configuration with the same server but the Phone (IP 650) updated to UC Software 4.1.1.0934, the Phone fails to register. Here is the log, as far as I think it is relevant:

1201185038|sip  |3|03|NoCall::TimeOut500ms 'Registering' m_nExpire == 0 RegisterCall -> Schedule Register listSize 0 lTimeout 0
1201185038|sip  |1|03|Shedule 'Register' busyFlag 0 num events waiting 0
1201185038|sip  |2|03|new UA Client Non-INVITE trans state 'callingTrying', timeout=0 (0x94f0a180)
1201185038|sip  |3|03|RegClient:RegClient expire 66 overlap 0 
1201185038|sip  |2|03|SendCommand: reqDest 'host.example.com' isLync 0 isGRUU 0 isIP 0 useEffectiveProxy 1 
1201185038|sip  |1|03|SendCommand: isLync 0 isGRUU 0 isIP 0 useEffectiveProxy 1 
1201185038|sip  |1|03|CreateFailOverProxyList : Reg to Domain 'host.example.com' nPort 3333
1201185038|sip  |1|03|CreateFailOverProxyList : For REGISTER Request nPort 3333
1201185038|sip  |1|03|doDnsListLookup(tls): doDnsSrvLookupForARecordList for 'host.example.com' port 3333 returned 1 results
1201185038|sip  |1|03|doDnsListLookup(tls): result 0 host 'host.example.com' IP '46.8.8.220' port 3333 isInBound 0
1201185038|sip  |1|03|CreateFailOverProxyList : 'TLS' for 'host.example.com' port 3333 IP 0 is '46.8.8.220' on tls port 3333
1201185038|sip  |2|03|CreateFailOverProxyList : Exit 'TLS' lookup with 1 IP Addresses
1201185038|sip  |2|03|CreateFailOverProxyList : IP 1 is '46.8.8.220' on tls port 3333
1201185038|sip  |1|03|CTcp::Send(TLS) entry for address 46.8.8.220 port 3333 can Connect 1 canFailOver 0
1201185038|sip  |2|03|CTcpSocket::CTcpSocket entry Inbound 0 Timeout 120 this 0x94f0b9c0
1201185038|sip  |2|03|Open socket 17(0x94f0b9c0)
1201185038|sip  |1|03|SetRemoteAddress set SND BUF to 32000 OK
1201185038|sip  |1|03|SetRemoteAddress set SEND TIMEOUT to 100ms not OK
1201185038|sip  |1|03|SetRemoteAddress OK on try 1 nPort 60682 0x94f0b9c0
1201185038|sip  |1|03|Task name tTCPCnt17
1201185038|sip  |1|03|CTcp::Send(TLS) exit for address 46.8.8.220 port 3333 can Connect 1 status 1 canFailOver 0 FoundSocket 0
1201185038|sip  |2|03|adjustRetransWhenTimerCreated UA Client Non-INVITE REGISTER state 'callingTrying' timeout=65 (0x94f0a180)
1201185038|sip  |1|03|MsgSipTcpSocketStatus socket 17 status 1
1201185038|sip  |2|03|CTcpSocket::OnSocketStatus socket 17(0x94f0b9c0) bStatus 1
1201185039|sip  |4|03|MakeTlsConnection: SSL_connect error 6
1201185039|sip  |4|03|MakeTlsConnection: connection failed error 0
1201185039|sip  |3|03|CTrans::TCPFail workingServer 1 -> 2 0x94f0a180
1201185039|sip  |3|03|UA Client Non-INVITE REGISTER trans state 'callingTrying'->'completed' by 480 resp 10 timeout(0x94f0a180)
1201185039|sip  |2|03|CTrans:: REGISTER NonInv reTrans ALREADY stopped in 'completed' state at retryCount 0 code 480, timeout=10 (0x94f0a180)
1201185039|sip  |2|03|CTrans::AbandonSockets server 2 entry 0x94f0a180
1201185039|sip  |1|03|Dialog 'ide25883cf' State 'Trying'->'Confirmed'
1201185039|sip  |3|03|CUser::OnRegistered Entry for call 0x94faf600 with expires 0 ticks Transport 'TLS' inval Method 2 RROFO 0
1201185039|sip  |3|03|CUser::NewWorkingServer user 0 oldServer 0 newServer 0 expires 0
1201185039|sip  |3|03|SipOnEvNewWorkingServer User 0, old 0, new 0, expire 0
1201185039|sip  |3|03|SipOnEvRegistrarUpdate User 0, index 0, state 0, expire 0, working 1
1201185039|sip  |1|03|Dialog 'ide25883cf' State 'Confirmed'->'Terminated'
1201185039|sip  |2|03|CStkDialog::CStkDialog SetAddressLocal Config 'teamuser1' <22222@host.example.com:3333>
1201185039|sip  |2|03|CStkDialog::CStkDialog AddressLocal set to Config
1201185039|sip  |3|03|CStkDialog::SetAddressLocal localTag set to ''
1201185039|sip  |3|03|CStkDialog::SetAddressLocal new address added of 1
1201185039|sip  |2|03|CStkDialog::CStkDialog TAG '884FC1A6-66E019B3' generated
1201185039|sip  |2|03|CStkDialog::CStkDialog local addr 'teamuser1' <22222@host.example.com:3333> Tag '884FC1A6-66E019B3'
1201185039|sip  |2|03|CStkDialog::CStkDialog exit 0x94fe19b4 local list size 1
1201185039|sip  |2|03|CStkDialogList::CreateDialogObject localTarg usr '22222' 
1201185039|sip  |3|03|Reg UAC Response: code 480 consecutive Attempts 3 baseTimeOut 60 maxTimeOut 60 exponTimeOut 480 randomTimeOut 41
1201185039|sip  |3|03|Reg UAC Response: code 480 new m_nExpire 82 m_nOverlap 0 Trans 0x94f0a180
1201185039|sip  |3|03|SipStartFailOver 0
1201185039|sip  |1|03|MsgSipTcpSocketStatus socket 17 status 0
1201185039|sip  |2|03|CTcpSocket::OnSocketStatus socket 17(0x94f0b9c0) bStatus 0
1201185039|sip  |3|03|CTcpSocket::~CTcpSocket socket 17 entry for 0x94f0b9c0
1201185039|sip  |3|03|CTcpSocket::~CTcpSocket socket 17(0x94f0b9c0) SSL_shutdown rc=1
1201185039|sip  |3|03|CTcpSocket::~CTcpSocket socket 17(0x94f0b9c0) close

This is the log from the failing registration with UC Software 4.1.1.0934, as said before, the same config works perfectly with UC Software 4.0.15.1009.

 

Unfortunately I can't find any hints in the existing documentation. How do I have to update the config, to make it work with UC Software 4.1.1.0934? What am I missing? Any hints appreciated.

Message 1 of 2
1 ACCEPTED SOLUTION

Accepted Solutions
Polycom Employee & Community Manager

Re: UC Software 4.0.15.1009 / 4.1.1.0934 TLS incompatibility, SoundPoint IP 650

Hello @Gidmoth ,

Your post ended up in the Spam Filter so I moved this here. 

 

UC Software 4.0.15 is the latest software for your phone. UC Software 4.1.1 as explained below is for Microsoft LYNC only:

 

Jun 30, 2015 Question:What is the difference using the UC Software 4.0.0 for compatible SoundPoint or SoundStation IP Phones?

Resolution: Please always check the release Notes or

Software Version  Call Server
4.0.X SIP Only
4.1.X LYNC Only



Best Regards

Steffen Baier

----------------
The title Polycom Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. My official "day" Job is 3rd Level support at Poly but I am unable to provide official support via the community.

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

View solution in original post

Message 2 of 2
1 REPLY 1
Polycom Employee & Community Manager

Re: UC Software 4.0.15.1009 / 4.1.1.0934 TLS incompatibility, SoundPoint IP 650

Hello @Gidmoth ,

Your post ended up in the Spam Filter so I moved this here. 

 

UC Software 4.0.15 is the latest software for your phone. UC Software 4.1.1 as explained below is for Microsoft LYNC only:

 

Jun 30, 2015 Question:What is the difference using the UC Software 4.0.0 for compatible SoundPoint or SoundStation IP Phones?

Resolution: Please always check the release Notes or

Software Version  Call Server
4.0.X SIP Only
4.1.X LYNC Only



Best Regards

Steffen Baier

----------------
The title Polycom Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. My official "day" Job is 3rd Level support at Poly but I am unable to provide official support via the community.

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

View solution in original post

Message 2 of 2