Guest

Gateway Protocols

Troubleshooting Gatekeeper Registration Issues

Cisco - Troubleshooting Gatekeeper Registration Issues

Document ID: 22378

Updated: Feb 02, 2006

   Print

Introduction

This document addresses some of the common issues that are known to result in endpoints that do not register with Cisco gatekeepers (Cisco IOS® gateways/routers). This document also explains how to check if the endpoints or gateways are registered with the gatekeeper, and suggests some debug commands to troubleshoot the issue. It is assumed that the reader understands the basic concept of Registration, Admission, and Status (RAS) signaling and the functionality of the Cisco gatekeeper.

For more information about gatekeepers, please refer to Understanding H.323 Gatekeepers.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

This document is not restricted to specific software and hardware versions.

Conventions

For more information on document conventions, refer to the Cisco Technical Tips Conventions.

Problem

When you use a Cisco gatekeeper to route a call between Cisco gateways, the gateways do not register with the gatekeeper. These products are affected:

  • Cisco 2600, 3600, 7200 series routers

  • Cisco IOS with Multimedia Conference Manager (MCM) or H.323 features

Commands

This section describes some debug commands to assist you while you troubleshoot the issue.

show gatekeeper endpoint

Use this gatekeeper command to verify the endpoint's registration status to the gatekeeper.

This example shows the common output of this command if an endpoint is registered.

gatekeeper#show gatekeeper endpoint
            GATEKEEPER ENDPOINT REGISTRATION
            ================================
CallSignalAddr   Port   RASSignalAddr   Port   Zone Name   Type   Flags 
--------------   -----  -------------   ----   ---------   ----   ----- 
172.16.13.35     1720   172.16.13.35    50890  gk          VOIP-GW 
    E164-ID: 2073418
    E164-ID: 5251212
    H323-ID: gw3
   Total number of active registrations = 1

In Cisco IOS Software Release 12.3(1) the output was modified to include concurrent calls for the endpoints.

This example shows the common output of this command if an endpoint is not registered.

gatekeeper#show gatekeeper endpoint
            GATEKEEPER ENDPOINT REGISTRATION
            ================================
CallSignalAddr   Port   RASSignalAddr   Port   Zone Name   Type   Flags 
--------------   -----  -------------   ----   ---------   ----   ----- 
   Total number of active registrations = 0

show gateway

Use this gateway command to verify the registration status of the gateway to a gatekeeper.

This example shows the common output of this command if the gateway is registered to a gatekeeper.

gw3#show gateway
 Gateway gw3/ww is registered to Gatekeeper gk

Alias list (CLI configured) 
 E164-ID 2073418
 E164-ID 5251212
 H323-ID gw3
Alias list (last RCF) 
 E164-ID 2073418
 E164-ID 5251212
 H323-ID gw3

    H323 resource thresholding is Disabled

This example shows the common output of this command if the gateway is not registered to a gatekeeper.

gw3#show gateway
 Gateway gw3 is not registered to any gatekeeper

Alias list (CLI configured) 
 E164-ID 2073418
 E164-ID 5251212
 H323-ID gw3/ww
Alias list (last RCF) 

    H323 resource thresholding is Disabled

debug h225 asn1

This is a gatekeeper and gateway debug command. For the purpose of this document, only look for the Registration Reject (RRJ) field, and search for the rejection reason. This example shows the RRJ field output.

This is the output from the gateway.

*Mar 8 06:03:53.629: RAS INCOMING PDU ::=

value RasMessage ::= registrationReject : 
    {
     requestSeqNum 2829
     protocolIdentifier { 0 0 8 2250 0 3 }
     rejectReason securityDenial : NULL
     gatekeeperIdentifier {"gk"}
      }

This is the output from the gatekeeper.

*Mar 1 06:49:32.699: RAS OUTGOING PDU ::=

value RasMessage ::= registrationReject : 
    {
     requestSeqNum 3055
     protocolIdentifier { 0 0 8 2250 0 3 }
     rejectReason securityDenial : NULL
     gatekeeperIdentifier {"gk"}
      }

Solutions/Reject Reasons

Verify that the gatekeeper is enabled:

gatekeeper
 zone local gk cisco.com
 no shutdown

The gateway is not registered if there are no debug ras and debug h225 ans1 outputs from the gateway.

The show gatekeeper endpoint and show gateway commands indicate that no gateway is registered. Check the gateway for:

  • The gateway command is enabled:

    gw3(config)#gateway
    
  • At least one dial-peer voice <tag> voip is configured.

RRJ: rejectReason duplicateAlias

This output from the debug h225 asn1 command shows a registration reject reason of duplicateAlias.

RAS INCOMING PDU ::=

value RasMessage ::= registrationReject :
   {
    requestSeqNum 24
    protocolIdentifier { 0 0 8 2250 0 3 }
    rejectReason duplicateAlias:
    {
    }
    gatekeeperIdentifier {"gk"}
   }

This is usually the result of the gateway registering a duplicate of an E164-ID or H323-ID: Another gateway has already been registered to the gatekeeper. If it is a duplicated E164-ID, change the destination pattern configured under a POTS dial-peer associated with an FXS port. If it is a duplicated H323-ID, change the gateway's H.323 ID under the H.323 VoIP interface.

RRJ: rejectReason terminalExcluded

*Mar 1 09:48:09.553: RAS OUTGOING PDU ::=

value RasMessage ::= gatekeeperReject : 
   {
    requestSeqNum 3421
    protocolIdentifier { 0 0 8 2250 0 3 }
    rejectReason terminalExcluded : NULL
   }

This is the result of the subnet of the gateway being disabled in the gatekeeper. Check the gatekeeper configuration.

You will most likely see this configuration. If so, removing the no zone subnet gk 172.16.13.0/27 enable command resolves the issue. To remove the command completely, remove zone local gk cisco.com.

gatekeeper
 zone local gk cisco.com
 no zone subnet gk 172.16.13.0/27 enable
 zone prefix gk 5*
 gw-type-prefix 510#* default-technology
 no shutdown

RRJ: rejectReason securityDenial

*Mar 1 09:54:32.372: RAS OUTGOING PDU ::=

value RasMessage ::= registrationReject : 
   {
    requestSeqNum 3010
    protocolIdentifier { 0 0 8 2250 0 3 }
    rejectReason securityDenial : NULL
    gatekeeperIdentifier {"gk"}
   }

This RRJ is the result of the security commands being enabled in the gatekeeper, and the gateway could not match the h323-id, E164-id, passwords, or security token the gatekeeper requires. To resolve the issue, check which security command has been configured in the gatekeeper. For further information on security, refer to the Gateway to Gatekeeper (H.235) and Gatekeeper to Gatekeeper (IZCT) Security Troubleshooting Guide.

If security h323-id is enabled, make sure the gatekeeper has been configured as shown here:

username gw3 password 0 ww

gatekeeper
 zone local gk cisco.com
 no zone subnet gk 172.16.13.0/27 enable
 zone prefix gk 5*
 security h323-id
 security password separator /
 gw-type-prefix 510#* default-technology
 no shutdown

Also, make sure the gateway has this configuration:

interface Ethernet0/0
 ip address 172.16.13.35 255.255.255.224
 half-duplex
 h323-gateway voip interface
 h323-gateway voip id gk ipaddr 172.16.13.14 1718
 h323-gateway voip h323-id gw3/ww

Note: Make sure the gateway does not have this command:

gateway
 security password 010411 level endpoint

If security E164 is enabled, make sure the gatekeeper is configured as shown here:

username 5551212  - E164 address the gateway tries to 
registered to gatekeeper

gatekeeper
 zone local gk cisco.com
 no zone subnet gk 172.16.13.0/27 enable
 zone prefix gk 5*
 security E164
 gw-type-prefix 510#* default-technology
 no shutdown

If security token is enabled, make sure the gatekeeper is configured as shown here:

gatekeeper
 zone local gk cisco.com
 no zone subnet gk 172.16.13.0/27 enable
 zone prefix gk 5*
 security token required-for registration
 gw-type-prefix 510#* default-technology
 no shutdown

Also, make sure the gateway has this configuration:

gateway 
 security password 010411 level endpoint

Note: Make sure the gatekeeper has been configured properly with the AAA and RADIUS, and that both the gatekeeper and gateway point to the same NTP server.

RRJ: rejectReason invalidAlias

*Mar 1 22:03:28.929: RAS OUTGOING PDU ::=

value RasMessage ::= registrationReject :
   {
    requestSeqNum 2994
    protocolIdentifier { 0 0 8 2250 0 3 }
    rejectReason invalidAlias : NULL
    gatekeeperIdentifier {"gk-A"}
   }

The RRJ is the result of a no-zone prefix defined in the gatekeeper. Check the configuration on the gatekeeper and add the zone prefix with the proper E.164 address. You should check the Cisco IOS defects in Cisco bug ID CSCdu78917 (registered customers only) .

Configure the gatekeeper as seen here:

!
gatekeeper
 zone local gk-A cisco.com
 zone prefix gk-A 2000*
 zone prefix gk-A 3000*
 zone prefix gk-A 4000*
 no shutdown
!

Related Information

Updated: Feb 02, 2006
Document ID: 22378