Endpoint registration problems with the Cisco TelePresence Video Communication Server (Cisco VCS)
Depending upon how you have configured your Cisco VCS, there are several possible reasons why endpoints cannot register. The most likely causes are:
- registration restriction policy settings
- authentication configuration settings
- undefined SIP domains
- SIP registration proxy mode settings
To help determine which of these settings is causing the rejections, you should first look at the Cisco VCS's Event Log (Status > Logs > Event Log). Look for logs with an Event="Registration Rejected" and then look at the Reason.
The various event log reasons, their associated configuration settings and guidelines for how to fix it are described in the following table:
| Event log reason
| Configuration area
| How to fix it
|
| AOR is not permitted by Allow/Deny list or Security denial |
Registration restriction policy settings |
Check your Restriction policy setting (VCS configuration > Registration > Configuration).
If it is set to Allow List, only those endpoints with an alias that matches an entry on the Allow List will be able to register. If there are no entries on the Allow List, no endpoints will be able to register. If this is the case, you must either add some Allow List patterns (VCS configuration > Registration > Allow List) or select a different restriction policy.
If it is set to Deny List, check the contents of the Deny List (VCS configuration > Registration > Deny List) to ensure you don't have any pattern matches set up, such as a regex (regular expression) of .*, that could reject every endpoint.
Also, from software version X6, registration policy is also applied at the subzone level. Check the Registration policy configured against the Default Subzone and any other manually created subzones, and check the subzone membership rules to identify to which subzones your endpoints' registration requests are being directed.
|
| Received from unauthenticated source |
Authentication configuration settings |
Cisco VCS X5 or earlier
Check your Authentication mode setting (VCS configuration > Authentication > Devices > Configuration). If it is set to On, only those endpoints that have their credentials set up in your selected Authentication database will be able to register. If this is the case, you must either add your endpoints' credentials to the Authentication database or change the Authentication mode to Off.
Cisco VCS X6 or later
From X6, the authentication of registration requests is managed at the subzone level. Check the Authentication policy configured against the Default Subzone and any other manually created subzones. If the subzone's Authentication policy is set to Check credentials then, as with earlier VCS software versions, the endpoint's credentials must exist within the selected Authentication database.
|
| Unknown domain |
SIP domains |
Check your list of defined domains (VCS configuration > Protocols > SIP > Domains).
The domain names that your endpoints are using to register with must be added to this list. |
Other possible causes of registration rejections, that cannot be identified through the event log, are described below:
SIP registration proxy mode settings
Check your SIP registration proxy mode setting (VCS configuration > Protocols > SIP > Configuration).
If it is set to Proxy To Known Only or Proxy To Any, this means that the Cisco VCS is attempting to proxy (pass on) the registration requests to another zone. The Cisco VCS may be unable to identify a zone to proxy the requests to (because of failing pattern matches) or the zone to which the request is being proxied may be rejecting the requests. If this is the case either set SIP registration proxy mode to Off or configure your neighbor zones so that the requests are proxied to the appropriate zone.
This article applies to the following products:
- Cisco Video Communication Server
| June 20th, 2011 | TAA_KB_460 |