Release Notes for the Cisco SIP Proxy Server (SPS) Version 2.2
August 30, 2004
Cisco SIP Proxy Server Version 2.2
OL-5875-01 Rev. 5
This document lists the known problems in the Cisco SIP Proxy Server (SPS) Version 2.2 and contains information about the Cisco SPS that was not included in the Cisco SIP Proxy Server Administrator Guide.
Contents
These release notes describe the following topics:
In addition to this release note, use the following publications to learn how to install and use the Cisco SIP Proxy Server:
•Cisco SIP Proxy Server CD Installation Guide Version 2.2 —Describes how to install the Cisco SPS software on a Sparc-based server running Solaris 2.6 or later Operating Environment and on an Intel Pentium III-based server running Linux Kernel 2.2.13 or later. This document ships with the product CD and is available online at: http://www.cisco.com/univercd/cc/td/doc/product/voice/sipproxy/cdinst/flaskin.htm
•Up to 1000 Transmission Control Protocol (TCP) Connections per Server
•Performance assumptions
–Redundant servers
–Record route used
–Maximum number of dynamic registrations
–TCP connections not reused. (Reuse will improve performance.)
–30% overhead allowed for other features
•For Solaris servers with concurrent registrations and calls, a conservative engineering guideline is:
–X = (expected peak registers per second (rps) / value in table) * 100%
–Y = (expected peak calls per second (cps) / value in table) * 100%
–X + Y <= 80%
•Linux servers can sustain peak rps and cps concurrently
New and Changed Information
The following sections list the new hardware and software features supported by the Cisco SIP Proxy Server, Version 2.2.
New Hardware Features in Cisco SIP Proxy Server, Version 2.2
Cisco SPS is software based and does not support hardware features.
New Software Features in Cisco SIP Proxy Server, Version 2.2
This section documents new software features supported by the Cisco SIP Proxy Server, Version 2.2.
Functional Enhancements for Cisco SIP Proxy Server, Version 2.2
•Upgrade support Linux OS to Red Hat Enterprise Linux 3.0.
•Improved privacy
–Configurably add and remove P-Asserted-Identity headers to authenticated INVITE requests received from or sent to trusted or untrusted addresses.
–Configurably add and remove Remote-Party-ID headers to authenticated INVITE requests received from or sent to trusted or untrusted addresses.
•Diversion headers
–Configurably validate and rewrite Diversion headers in 3xx Redirection responses received prior to sending the corresponding INVITE requests.
–Configurably remove Diversion headers from INVITE requests received from untrusted addresses
–Configurably, per subscriber, add "privacy=full" token in locally generated Diversion headers in call forwarding scenarios, and anonymize such Diversion headers before sending to untrusted addresses.
–Rewrite Diversion headers before sending to untrusted addresses.
•Support additional wildcard usage in static routes.
–Support embedded '*' characters in static routes
–Handle wildcard routes as a single route rather than expanding as a set of routes with variable number of trailing '.' characters.
•TLS security patch.
•MySQL upgrade to 3.23.58 incorporating latest security patches.
Administrative Enhancements for Cisco SIP Proxy Server, Version 2.2
•Provide a "Privacy" page in graphical user interface (GUI) to support configuration of CLIR features for the proxy.
•Modify the Access Control page to add information for Trust Lists.
•Subscriber database and GUI support for CLIR field per subscriber.
•Represent registration expiration time as a date, and color red if registration has expired.
•Simplified log file rotation configuration with checkbox enable/disable and menu for rotation units.
Caveats in this Release
Open Caveats—Cisco SIP Proxy Server, Version 2.2
This section documents possible unexpected behavior by the Cisco SIP Proxy Server, Version 2.2.
Table 3 Open Caveats for the Cisco SIP Proxy Server, Version 2.2
DDTS ID Number
Description
CSCdr26023
Comments not supported in header value
Problem Description: SPS doesn't support comments embedded in sip header. However, from SIP RFC:
Comments can be included in some SIP header fields by surrounding the comment text with parentheses. Comments are only allowed in fields containing "comment" as part of their field value definition. In all other fields, parentheses are considered part of the field value.
ctext includes all chars except left and right parentheses and backslash. A string of text is parsed as a single word if it is quoted using double-quote marks. In quoted strings, quotation marks (") and backslashes (\) need to be escaped.
Problem Description: SPS doesn't support headers in sip URL. From RFC 3261, headers are an option component of a SIP URI.:
•Headers: Header fields to be included in a request constructed from the URI.
•Headers fields in the SIP request can be specified with the "?" mechanism within a URI. The header names and values are encoded in ampersand separated hname = hvalue pairs. The special hname "body" indicates that the associated hvalue is the message-body of the SIP request.
Problem Description: Each time the server is started a file named "fileXXXXX.sem", where XXXXX is a random string is created in the "/tmp" directory. This causes no operational problems but the administrator may want to occasionally delete them to eliminate clutter.
Recommended Action: There is no workaround.
CSCdr80773
misconfiguration of nameserver in /etc/resolve.conf delays startup
Problem Description: The proxy server might take up to 5 minutes to start if the nameserver specified in /etc/resolv.conf contains an invalid address. Make sure /etc/resolv.conf contains correct nameserver address before starting the server process.
Recommended Action: There is no workaround.
CSCds20027
ENUM NAPTR Preference field treated different than standard
Problem Description: ENUM NAPTR values are treated the same way we treat SRV records. This is not a violation of ENUM, but is a behavior that is required to make the proxy server have the exact same behavior as all other modules that select random contacts.
Recommended Action: There is no workaround.
CSCds42804
CSPS: Bug in tcb delete/refcount interaction
Problem Description: The process that handles the age-off timer for this TCB will hang until re-started by the parent process. There is no way to identify a process in this state.
Conditions: This problem occurs when a sipd worker process with a TCB lock crashes after the age-off timer for that TCB has been started. This would likely occur only during the handling of re-transmitted requests or responses.
It should be noted that this error has never been observed, but it has been identified as being possible.
Recommended Action: There is no workaround.
CSCds50145
CSPS: Duplicate Contacts in first REGISTER for a user undetected
Problem Description: This problem will occur only if the first REGISTER for a user/device has more than 1 identical Contact header. For example a user abc sends the first REGISTER with duplicate Contacts:
REGISTER sip:domain.com SIP/2.0
To: abc@domain.com
Contact: sip:abc@machine1.domain.com:5055
Contact: sip:abc@machine1.domain.com:5055
Both Contacts will be added, rather than one.However, when handling a call for this user, the proxy will not send duplicate messages.
On the other hand, if 2 different REGISTER messages are received by the proxy:
The second will correctly update the first Contact.
Recommended Action: The simple workaround is to not send duplicate Contacts in the very first REGISTER for a user. Even, if some user agent does, this bug will not hurt or affect call forwarding to that user.
CSCds52504
misleading Syntax error message when sipd.conf is wrong
Problem Description: When there is a syntax error in the sipd.conf config file, the line number is reported incorrectly. It always shows the last line of the config file instead of the line number where the error actually occurred. An example of such a config error would be an illegal value given for a valid directive.
A related problem is that only the first syntax error in the configuration file is reported.
Recommended Action: There is no workaround other than correcting the misconfiguration.
CSCds53849
CSPS: sipdctl configtest does not detect all syntax errors
Problem Description: The "sipdctl configtest" command does not accurately detect all syntax errors. Also an incorrect line number is reported when a syntax error is detected. Possible errors that are not detected include illegal values given in non-boolean directives.
Conditions: Run "./sipdctl configtest" with an invalid sipd.conf file.
Recommended Action: The sipd.conf configuration file can only be verified by successfully loading the server.
CSCds56981
CSPS: Start Sip_Services after a Farm DBs Old entries are deleted
Problem Description: If the proxy server has been down for more than the Cisco_Routing_Max_DB_Age_on_Boot or Cisco_Registry_Max_DB_Age_On_Boot, the ServerRoot/logs/*.db files will be removed/cleaned. Otherwise, these values might actually get re-used if a farm member tries to sync.
Recommended Action: There is no workaround.
CSCds73530
CSPS: sipd.conf include directive does not work for some stanza
Problem Description: The block configuration directives <StaticRoute ID> and <StaticRegistry ID> can not be placed in a separate file and included in the sipd configuration file.
Recommended Action: There is no workaround. StaticRoutes and StaticRegistries can only be directly placed within the main sipd.conf configuration file.
CSCds75715
CSPS: sipdctl start: sipd started message is misleading
Problem Description: When starting SPS from the graphical user interface (GUI) or command line, it is possible to see "sipdctl start: sipd started" when in reality sipd was not able to start correctly.
Conditions: This can happen for a number of reasons, including a failure to allocate enough shared memory or corrupted databases.
Recommended Action: Manually check that sipd started successfully by looking at the error_log file and/or running the command "ps -ef | grep sps" to make sure there are the correct number of sipd processes running (the default is 7).
CSCds82140
CSPS: Bypassing sipdctl can cause multiple sets of sipd process
Problem Description: When an attempt is made to bypass the sipdctl script and start sipd directly, the following situation can occur:
There is a previously running copy of sipd and another copy of sipd will be started. This new set of sipd processes will consume unnecessary memory and can potentially destabilize the original set of sipd running on the system.
Recommended Action: The simple workaround is to never start sipd directly, but always use sipdctl start/stop etc
Description: Server child processes have no means to communicate failures of external entities to the other child processes.
Conditions: A failure of an external entity (e.g., RADIUS, DNS, subscriber db), is not communicated to all child processes.
Problem Description: Server performance can drop significantly, depending on the number of child processes executing.
Recommended Action: Reducing the number of child processes is the only was to alleviate this problem.
CSCdt35294
Add Registry/Routing Code changes to support TEL URL
Problem Description: Proxy parses tel Urls completely based on the rules specified in RFC 2806. At this point, there are no routing changes based on tel: url additional fields.
Conditions: For example, in "tel:1111;phone-context=919;phone-context=456", only 1111 is used for routing the call like in sip: url, not the additional fields. And tel url is transformed to a sip: Url as follows:
sip:1111@whatever-proxy.com SIP/2.0
RecordRoute:<sip:1111@whatever-proxy.com;parameters including phone-context>
Recommended Action: At this point, there is no intelligence to change the number from "tel:555XXXX;phone-context=919" to "tel:+1-919-555-XXXX".
CSCdt50814
CSPS: Log file check and verification needed for proxy server
Problem Description: When the CSPS is started, it writes the logs to the error_log and access_log files in the logs subdirectory by default. The log files can be deleted manually while the server is still running, the CSPS will continue to run but no logs will be logged due to the deletion of the log files.
Recommended Action: After the deletion of the log files, one can (graceful) restart the server so new log files can be created and server can then continue the logging process.
CSCdt65349
sipdctl & sipd should use relative paths for conf, logs & libraries
Problem Description: The sipdctl tool contains absolute paths to various file locations such as sipd.pid, Sip_Services.pid, sip_registry.conf and sip_routing.conf. They will need to be manually modified if different file locations will be used. Also, the sipd process looks for the sipd.conf file at the pre-configured path ServerRoot/conf/sipd.conf.
Recommended Action: To use a different configuration file, one can use the "-f" switch to force sipd to look for a different configuration file. For example, to force sipd to read in the sipd.conf file from the user's home directory.
sipd -f ~/sipd.conf
CSCdt87934
CSPS: Proxy will crash if SharedMemorySize too little for call rate
Problem Description: The CSPS proxy can crash if it is not configured with enough shared memory to handle the call rate.
Recommended Action: This problem can be resolved by increasing the value of SharedMemorySize directive in sipd.conf file. To configure the total usable shared memory segment size on Linux or Solaris platform, please follow the instructions in the README.cisco file.
CSCdu00398
User agents on same box/different port disallowed
Problem Description: Proxy will not terminate calls to a user agent running on the same box but different port.
Conditions: Setup a testcase when there is another SIP entity running on same box where SIP proxy is running (on different port), and try to make a call that has that SIP entity in the call path.
Recommended Action: User agents should be running on a different machine than the proxy.
CSCdu05953
Static routes need to have unique tags for import/export
Problem Description: When more than one route is assigned the same tag/number, only the first route is used. Subsequent routes with the same tag/number will be ignored. An error message will be printed only if DebugFlag directive under Cisco_Routing module is On.
For example the following 2 routes have a tag value of 10:
<StaticRoute 10>
Static_Route_DestinationPattern 919.......
Static_Route_Type PHONE
Static_Route_NextHop tisu-view1.cisco.com
Static_Route_NextHopPort 5060
Static_Route_TransportProtocol UDP
Static_Route_Priority 1
Static_Route_Weight 5
Static_Route_Delete_or_Add ADD
</StaticRoute>
<StaticRoute 10>
Static_Route_DestinationPattern 919.......
Static_Route_Type PHONE
Static_Route_NextHop grigio.cisco.com
Static_Route_NextHopPort 5060
Static_Route_TransportProtocol UDP
Static_Route_Priority 1
Static_Route_Weight 5
Static_Route_Delete_or_Add ADD
</StaticRoute>
The second route (with Static_Route_NextHop value of grigio.cisco.com) will be ignored.
Recommended Action: The sysadmin_csps_regroute tool and/or provisioning system graphical user interface (GUI) can be used to add/update routes and the administrator does not need to enter route tags. See the admin guide for more details on the sysadmin_csps_regroute tool and provisioning system GUI.
CSCdu12370
CSPS: Sip_services get killed when sysadmin_csps_regroute exits
Problem Description: When starting sysadmin_csps_regroute and sipd with the following sequence, the Sip_Services daemon can be killed while the CSPS is still running. However, the Sip_Services daemon will be started again once the CSPS discovers that the process does not exist.
1. Start sysadmin_csps_regroute before starting sipd. (Note: Starting Sip Services ... message after the command is issued).
> ./sysadmin_csps_regroute
Starting Sip Services . Success
Cisco SIP Proxy Server Command Line Interface V1.112
Conditions: When the error_log or the access_log file size grows beyond 2147483647 bytes (~2.1GB), CSPS will stop logging to the file.
Recommended Action: One can use log rotation to avoid this problem. One can also specify size thresholds in CIAgent (default is 5MB) which if when crossed result in the sending of an SNMP trap.
CSCdu12594
SPS stops writing error_log if disk is at 100% of capacity
Problem Description: Cannot write to the error_log or access_log
Conditions This happens if the file system runs out of disk space while writing to the log file. Even if disk space is later freed and made available, the error_log will remain unwritable.
Recommended Action: The only workaround is to insure that the file system always has free disk space. This may be done by enabling rotate logs and operational procedures that insure some disk space is always available. Another thing to help with this is to set size thresholds using CIAgent (defaults are 5MB). If the thresholds are crossed, an SNMP trap is generated.
CSCdu65165
CSPS: Solaris pkgadd prompts ?, ??, q
Just press 'enter' key to install all.
CSCdu69703
CSPS: Accounting with XACCT Radius not working properly
Problem Description: If accounting is enabled on CSPS, the session-id for START and STOP records is populated with SIP Call-Id, which is needed so that it is possible for the Radius/billing server to correlate the STOP with the appropriate START. For accounting to work correctly, the back end Radius/billing server must be able to accept and correlate START/STOP records with duplicate session-id values. In the case of the XACCT Radius server, XACCT does not respond at all to records with duplicate session-ids. As a result, CSPS blocks waiting for a response. Eventually, CSPS times out and continues processing the call; however, if enough concurrent calls are placed, it is possible that all of CSPS's processes will be blocked waiting for Radius responses and call processing will effectively stop.
Conditions: Accounting is enabled and the backend Radius server does not respond to RADIUS request records with duplicate session-ids.
Recommended Action: Disable accounting or use a backend Radius server, such as Livingston, which supports the reception of multiple Radius records with the same session-id.
CSCdu72935
CSPS: Accouting with Cisco Access Registrar conflicts
Problem Description: When CSPS interoperates with Cisco Access Register (CAR v1.7) server, error messages similar to the following can seen in the CAR trace:
07/16/2001 15:13:47: Log: SessionManager session-mgr-1 was unable to create/acquire a
Session because the request packet did not contain a NAS and/or NAS-Port attribute.
These are required for Session Management.
07/16/2001 15:13:47: P286: Dropping packet because we did not acquire or create the
session
This will cause the Radius packets to be dropped and the CSPS will timed-out waiting for
the response back from the CAR.
Recommended Action: The DefaultSessionManager parameter can be set to "" in the CAR server to workaround this problem. i.e.
> cd Radius
> set DefaultSessionManager ""
CSCdv34778
CSPS: CFNA timers not reset if BYE sent instead of CANCEL
Problem Description: When a call is made to a IP phone registered to CSPS which has a Call
Forward No Answer (CFNA) entry in MySQL, if the caller hangs up on the call during the ringing phase before it is answered, the behavior of CSPS is dependent on the IP phone sending a CANCEL before/instead of sending a BYE.
1. If CANCEL is sent when the caller hangs up, the call is terminated without any problems.
2. If BYE is sent instead of CANCEL, CSPS keeps the CFNA timer running and this leads to an INVITE being sent by CSPS to wherever the user has CFNA configured after the timer expires. This may lead to a phone ringing suddenly out of the blue when no call is being made.
Conditions: This is an issue only in the following circumstances:
1. CFNA is being used
2. The SIP client originating the call does not send a CANCEL when aborting an attempted call, but sends only a BYE instead.
Recommended Action: There is no workaround.
CSCdv54154
CSPS: Proxy returns 400 Req-URL is bad when rec tel url w/cic parm
Problem Description: When handling a SIP INVITE with a tel URL containing the cic parameter, the proxy returns "SIP/2.0 400 Request-URI is bad". If should convert the tel URL to its equivalent sip URL.
For example, the following INVITE:
INVITE tel:+19195550001;cic=1234 SIP/2.0
results in a 400 response from the proxy.
Conditions: This problem occurs whenever the proxy receives a tel URL containing a parameter it does not explicitly support.
Recommended Action: There is no workaround.
CSCdw58265
CSPS: segfault in Sip_Services/ACE with CSS and RegFarm
Problem Description: When Sip_Services is first started using sipdctl start, it dumps core and then starts correctly. This happens on Linux only, and it has no effect on functionality. The only oddity is a core file is left over. On Solaris, Sip_Services starts correctly the first time.
Conditions: This happens on Linux when using a virtual IP or hostname as the ServerName in combination with having registry or route farming enabled. This never happens on Solaris.
Recommended Action: There is no workaround.
CSCdw94123
CSPS: Cannot rename MySQL db fields if using provisioning
Problem Description: In sipd.conf, it is possible to re-map the MySQL subscriber database field names from the default names used by the MySQL installation script to new values which may be preferred. One reason to do this is perhaps because the customer already has an existing MySQL subscriber database and wants CSPS to use it. In this case, CSPS will read and use the new field names specified in sipd.conf.
The problem is that if the customer is using provisioning, the provisioning graphical user interface (GUI) will not read sipd.conf, nor will it use the new field names. Rather, it will ignore any new field names and use the default names which match those used by the MySQL install script.
Conditions: This is an issue only if the customer is using CSPS with Provisioning and has an existing MySQL database which they wish to use rather than using the MySQL installation script to create a new database. If the existing database has different names for the MySQL table fields than those used by the Provisioning system, new subscriber information entered using the provisioning GUI may not be accessible by CSPS.
Recommended Action: There is no workaround.
CSCdx61275
CSPS: SNMP: Error message in csps_ciagent_install
Problem Description: When installing ciagent, error messages are displayed
setany $Version $Agent $User \ smLaunchControl.$LOwner.$LName abort Error code set in
packet - INCONSISTENT_VALUE_ERROR: 1. setany $Version $Agent $User \
smScriptAdminStatus.$SOwner.$SName disabled Error code set in packet -
INCONSISTENT_VALUE_ERROR: 1. setany $Version $Agent $User \
smScriptRowStatus.$SOwner.$SName destroy smScriptRowStatus.1.65.1.66 = destroy(6)
These error messages logged from running the script "smPopScript" when installing CIAgent for the first time on a system are benign and are due to the fact that it is trying to remove an item that does not exist in the script MIB table. As far as all the other subsequent "setany" commands are executed successfully, the "smPopScript" is considered to finish its job well.
Recommended Action: There is no workaround.
CSCdx66179
CSPS: SNMP: sappagt is taking 100% cpu for a few minutes at startup
Problem Description: sappagt is taking 100% CPU when starting ciagent. This is fine, since we don't plan to restart ciagent frequently. Response from vendor: "Both the sappagt subagent and the hostagt subagent show high CPU utilization upon startup because they both must retrieve a large amount of information from the system, to initialize the tables they support. Once these tables are initialized, the utilization will go down. This is not abnormal behavior."
Recommended Action: On a Linux machine that has a lot of packages or softwares installed, the System Applications Monitor (sappagt) may take 100% CPU for a few minutes at startup. If you think this is not acceptable, you can disable this subagent from being invoked by removing its name, sappagt, from the "ciagent" script file under /usr/local/ciagent directory on your Linux machine and restart ciagent.
CSCdx67593
CSPS: MySQL Suscriber table needs to be CASE SENSITIVE to USER info
Conditions: I was testing our SIP products for CASE Sensitivity to the USER portion of the SIP URI and I have noticed that the CSPS, Phones, and Gateways recognize the differences between "tdeleon" and "TDELEON". One issue that I did see was with MySQL.
Problem Description: MySQL sees "tdeleon" and "TDELEON" as the same. As a result, CSPS accesses MySQL for Authentication & Call Forwarding info for a single entry which is incorrect. And MySQL will not allow another entry.
Recommended Action: There is no workaround.
CSCdx77555
CSPS: sipd core dumps after 8+ hr of stress using TCP
Problem Description: sipd core dumps after 8+ of very high Transmission Control Protocol (TCP) traffic load
Conditions: sipd may crash after a very high TCP traffic is run for more than 8 hours, because it may run out of shared memory.
Recommended Action: Configure shared memory to high (>128M)
CSCdx78228
CSPS: TCP on solaris using too many fds for reuse=off
Problem Description: Transmission Control Protocol (TCP) calls are not accepted/connected by proxy
Conditions: When TCP services are not configured to reuse the TCP connections, the proxy can run out of file decriptors because OS may not free the file descriptors immediately. this happens when proxy is connected with other SIP entity on Solaris or Linux, however with Cisco gateways the connections are closed immediately.
Recommended Action: When configuring the system, if proxy is expected to connect with Solaris or Linux based SIP entities, it should be configured to reuse the TCP connections.
CSCdx83047
SNMP critagt sends trap with sipds child process id
Problem Description: The Solaris version of the critagt (Critical Applications Monitor) subagent sometimes reports critAppUp traps with one of sipd children's process id. The vendor explained that is because the critagt always try to get and monitor the first process id in the process table that matches the specified application name. However, since on Solaris the first process id that matches sipd is not always the master/parent sipd, but rather likely one of the child sipd's. We really want to monitor master sipd's status, so we want the vendor to fix/improve their handling of process ids in critagt. This doesn't seem to be a problem on Linux, since the first process id seems always to be the master sipd's, and the traps correctly report that.
Recommended Action: There is no workaround.
CSCdx88304
CSPS: GUI does not allow input of &, >, < in any field
Problem Description: Data entered into any field through the graphical user interface (GUI) may not not contain any of the characters &, < or >. The GUI will reject any data with these characters and prompt for it to be re-input.
Recommended Action: There is no workaround.
CSCdx91876
csps does not convert a tel: url to a sip: url correctly
Problem Description: CSPS provides only limited support for the tel URL. Essentially, it translates the tel: URL into a sip: URL, then handles the message based on the sip: URL. The translation performed is as follows:
Conditions: The tel to sip URL conversion will be a problem if the URL contains additional parameters other than a global phone number.
Recommended Action: There is no workaround.
CSCdx95989
CSPS: sysadmin_csps_regroute takes 97% CPU when window closed
Problem Description: Closing the window in which the sysadmin_sps_regroute is running, rather than exiting cleanly using the 'Q', 'q', or 'Ctrl-C' command, will cause the sysadmin_sps_regroute to take 97% CPU time.
Recommended Action: The workaround is to not close the window prior to exiting the tool, however, once in this state, you can stop the process with either SIGINT or SIGQUIT signal.
CSCdy01790
CSPS: CIAgent: Dr-Web on Linux Make Changes button not working
Problem Description: On Linux, when using dr-web to make changes to the critical application monitor and clicking on "Make Changes" button, sometimes the change does not take place until the user clicks on the "Reload" button on the web browser.
Recommended Action: Click on the "Reload" button on the web browser to make the changes reflected in CIAgent.
CSCdy02211
CSPS: sipd process(es) block when handling REGISTERs
Problem Description: Requests, such as REGISTERs and INVITEs, are handled by CSPS at a reduced rate or not at all.
Conditions:
1. CSPS is configured as a farm of 2 or more servers with Registry farming enabled, and the farm member processing the request is not able to connect to one or more of the other farm members.
2. The traffic levels exceed the following for an extended period of time: REGISTERs/second = 5 INVITEs/second = 50
Recommended Action: There are two possible actions:
1. Ensure the calls rates do not exceed those described above OR
2. Do not enable Registry farming
CSCdy02296
CSPS: when recovering from a split netwrok, some registrations lost
Problem Description: In the event of a split network, it is possible that each farm member will separately accept new registrations. When the networks join, a sync is performed; however, the sync is performed based which member accepted the most registrations rather than as a merge. As a result, some registrations may be lost. For example, if there are farm members P1 and P2: The registration database prior to let split contains entries for a,b,c. A network split occurs. P1 accepts new registrations for d,e,f P2 accepts new registrations for g,h The networks join. P1's view of the world is inherited by P2, so the registry is: a,b,c,d,e,f; and g,h are lost.
Conditions:
1. 1) There must be a farm of 2 or more servers with registration farming enabled.
2. Clients must be configured to load balance or failover between the servers.
3. A split network must exist for a period of time, and during that time more than one server must accept one of more registrations.
Recommended Action: Configure the servers as primary and secondary such that all clients register with the same server at any point in time. This requires that the clients do not experience the split with some seeing only the primary and some seeing only the secondary. This may or may not be possible.
CSCdy05591
CSPS: Too many open files with persistent TCP connection
Problem Description: Transmission Control Protocol (TCP) calls may fail with error message "socket: Too many open files".
Conditions: When proxy is connecting with other Solaris or Linux based SIP entities, it may run out of file descriptor even with the persistent connections. 1000 concurrent TCP connections is the supported limit.
Recommended Action: There is no workaround.
CSCdy05850
CSPS: MySQL wont install if SNMP just started
Problem Description: MySQL installation fails with the error message:
"cannot get exclusive lock on /var/lib/rpm/Packages"
Conditions: This happens when MySQL installation is started just after starting ciagent. The problem is that when ciagent starts, it gets an exclusive lock on /var/lib/rpm/Packages. MySQL installation also needs this lock, therefore MySQL installation will fail.
Recommended Action: When starting ciagent, wait for about 30s before installing MySQL.
CSCdy07416
CSPS: escaped characters in URIs are not handled
Problem Description: A customer ran into a problem with this specifically when dealing with tech prefixes. The problem was that the '#' character was inserted in the Request URI and To headers by the GW in the INVITE is sends to SPS. SPS can strip the '#' from the Request URI, but not from the To. SPS also includes the '#' in its Record-Route header. The fix is to have the GW escape the '#' as "%23" wherever it appears. Now SPS needs to be able to translate from escaped to non-escaped for the LRQ.
Currently SPS treats escaped characters within URIs no differently than any other character. It parses them fine, and is able to store them (e.g. in the registry db) and pass them along, but it doesn't convert them from escaped to non escaped when it should.
At a minimum to solve this problem, a solution is to have the GW makes code changes to escape the '#' character in all urls before sending the INVITE to the proxy. SPS will need to modify the remote access server (RAS) module to unescape the %23 before constructing the LRQ.
As for fixing this in general, it is legal for URLs to escape any characters it likes, meaning that SPS could receive %31%32%33%34 in the username which should be interpreted as "1234" for number expansion, accounting, routing, etc.
Recommended Action: There is no workaround.
CSCdy24211
core not created when run as root and changed uid on solaris
Problem Description: On Solaris, when Cisco SPS is started as root, the effective user id of the processes is changed to csps, and as such core file will does not get generated when something goes wrong. This is for security reasons.
Conditions: If Cisco SPS is started as part of the boot process for the machine, it will be started as root.
Recommended Action: If it is desired to create core files for debugging in the case something goes wrong, it is best to stop Cisco SPS, change the user to csps, and restart the server.
CSCdy26700
CSPS: Linux cant handle overload of Invites
Problem Description: No calls are processed. SPS server's CPU goes to 100% idle.
Conditions: Overload the SPS with more Invites than it can handle. This number varies depending on the release of SPS and the hardware platform. reference the Release Notes for performance numbers for each recommended platform.
Recommended Action: Perform a graceful restart on the SPS.
CSCdy29642
CSPS: Regroute cannot parse DOS formatted sipd.conf file
Problem Description: Open a valid sipd.conf file using Wordpad and save it. This will reformat it into DOS format. Try to use sysadmin_csps_regroute tool and you will get the following error:
: No such file or directory
Recommended Action: Convert sipd.conf back to UNIX format, or use the graphical user interface (GUI) to create a new sipd.conf.
CSCdy75125
CSPS: convert_mysql_db[v2] needs to be more robust
Problem Description: Upgrades work smoothly for customers who have not modified the SPS database. We are passed the SPS Version 1.X to SPS Version 2.0 upgrade time period and we have significantly improved the SPS Version 2.0to SPS Version 2.1 upgrade. We will not expend effort to improve SPS Version 1.X to SPS Version 2.0.
Recommended Action: There is no workaround.
CSCdz20402
CSPS: tcp to udp translation is not 99.999
Problem Description: The call success rate for Transmission Control Protocol (TCP) to UDP translation calls is not 99.999%
Conditions: When proxy is doing translation of transport between TCP and UDP, some of the calls may fail.
Recommended Action: There is no workaround.
CSCdz23707
CSPS: proxy retransmits non-local non-2xx over TCP
Problem Description: SPS retransmits non-local non-2xx responses over Transmission Control Protocol (TCP). According to the standards, this retransmission is not supposed to happen; however, it will not cause any problems.
Conditions: If the client on the TCP connection does not send an ACK for non-200 response, then SPS starts to retransmit the final response, similar to UDP behavior.
Recommended Action: There is no workaround., but the retransmission may be safely ignored.
CSCea58230
static routes do not support . in middle of dest pattern
Problem Description: SPS allows wildcarded digits in the destination pattern of static routes in the form of a '.' character. For example, 5... as a destination pattern means any 4-digit number beginning with a 5. However, SPS does not support wildcarded digits followed by non-wildcarded digits. For example, the following are not supported:
5..5
.555
55.5
...5
Recommended Action: There are two options:
1. use a less restrictive destination pattern which does not require embedded wildcard digits. For example, each of the problematic destination patterns above could be made less restrictive as follows:
5..5 -> 5...
.555 -> ....
55.5 -> 55..
...5 -> ....
2. use multiple more restrictive destination patterns which do not require embedded wildcarded digits. For example: .555 -> 0555, 1555, 2555, etc.
CSCea58268
regroute does not allow * in middle of destination pattern
Problem Description: sysadmin_csps_regroute does not allow a '*' character in the middle of a route destination pattern. The route is rejected as invalid.
Conditions: If trying to add a static route for a destination pattern which includes the '*' character as a valid digit (not a wildcard), after having set the '*' as a valid character as follows:
NumericUsernameCharacterSet *+0123456789.-()#
Entering a static route via sysadmin_csps_regroute with a destination pattern such as *69 fails.
Recommended Action: Us a static registration instead. To do this, define a new user with a user id which matches the intended destination pattern. For example:
user_id = *69@<ProxyDomain>
contact = <next-hop>
CSCea66342
rfc 3261 compliance, dont send CANCEL if no provisional response
Problem Description: A proxy should not send a CANCEL for an INVITE for which it has not received a provisional response, but SPS sends CANCEL for all branches associated with the INVITE regardless of whether or not a provisional response has been received.
Conditions: SPS received an INVITE and forwarded it to one or more downstream entities. It then receives a CANCEL and forwards the CANCEL to any downstream entities from which it has not received a final response, including those from which it has not received any provisional response. According to RFC 3261, the CANCEL should not be sent unless a provisional response has been sent.
Recommended Action: There is no workaround. This bug does not effect the functionality of SPS. This was allowed in RFC 2543 but leads to potential race conditions.
CSCea82993
Cannot redirect output of sysadmin_csps_regroute to a file
Problem Description: Attempts to redirect the output to a file fail. Example:
Recommended Action: Use expect scripts rather than redirecting the output.
CSCea91984
ControlCSPS on 2 servers checked only unchecks one
Problem Description: In certain situations in the Proxy Control screen, only one of two servers becomes unchecked after a Graceful Restart.
Conditions: This has only been observed on Windows. In the ProxyControl screen check both servers in the farm and make sure the bottom one is highlighted. Click the Graceful button. Only one of the servers becomes unchecked. The other one stays checked. Note that if the top server is highlighted, both servers become unchecked. Also note that the Graceful Restart will have been performed.
Recommended Action: Make sure that the top server in the table is highlighted instead of the bottom one to prevent the situation. Should the scenario occur, the checkmark will be cleared if the window is redrawn. Simply minimize and reopen the window or the user can click on the affected row.
CSCeb05010
SIP client diverts not working properly (double diverts not working)
Problem Description: Multiple redirects not working properly. When inserting Diversion headers SPS does not order them properly. New Diversion headers are always added last rather than first. This may cause undesired or unexpected results with respect to call completion, voice mail, and/or billing for calls involving multiple diversions.
Conditions: Using SPS with the following feature set:
SPS configured as a stateful, recursive proxy CFNA, CFB, CFUNV features enabled AddDiversionHeader enabled
A call flow involving multiple call forward invocations by SPS on the same call.
Recommended Action: There is no workaround.
CSCeb05745
SPS: pserverctl needs to stop Sip_Services
Problem Description: If using pserverctl rather than the sip script to stop or restart the pserver, the Sip_Services process will not be restarted or stopped, but will continue to run.
Conditions: For custom setups where pserver is the only Cisco SPS process running on the farm member, and pserver is being restarted in order to change the farming configuration.
If the farm configuration is changed, and Sip_Services continues to run without itself being restarted, then that Sip_Services can seriously degrade the performance of the farm, either by trying to connect to a missing farm member, or by causing unnecessary data synchronization between farm members.
Recommended Action: If possible, use the /etc/init.d/sip script to restart and stop SPS.
Otherwise, when you need to restart the pserver via pserverctl,
do a pserverctl stop first, then kill the Sip_Services process,
the issue a pserverctl start.
CSCeb21352
with reuse off and record route on, run out of tcp connections
Problem Description: Under high Transmission Control Protocol (TCP) traffic SPS may run out of TCP connection limit of 1000 soon.
Conditions: When AddRecordRoute flag is On, and the SipTcpReuseConnection flag is Off, then some of the TCP connections take longer to get freed.
Recommended Action: Decrease the value of SipMaxT3InMs, which is used to detect timeouts for idle connections.
CSCeb27053
CSPS: Wait Timer remains after edit multiple entries
Problem Description: After performing an Edit or Add within a table in the Cisco SPS graphical user interface (GUI), the wait cursor does not change back to the default cursor.
Conditions: Can occur when editing multiple records at once.
Recommended Action: The user need only move the mouse cursor to the top menu bar of the GUI or off of the GUI completely and back on to restore the default cursor.
CSCeb27117
SPS: proxy does not handle failover for ACK messages
Problem Description: When the next hop in the ACK's route list is not reachable, proxy is not able to failover to the alternate DNS records, unlike other SIP requests.
Conditions: This happens when the next hop is not reachable from the default n/w interface, but it uses the alternate n/w interface to retransmit the 200 OK, which result in the upstream user retransmitting the ACK.
Recommended Action: There is no workaround.
CSCeb29415
h323setuptime not displayed in RADIUS stop record
Problem Description: SPS does not include h323setuptime in Stop records for successful calls. SPS is not call stateful and therefore does not have access to the time a call was setup (INVITE) when it processes the teardown (BYE ).
Recommended Action: See SPS Radius Interface Spec description of correlating accounting records.
CSCeb38768
error seen when exiting CiscoSPS GUI on Windows OS
Problem Description: When closing the graphical user interface (GUI) installed on a Windows 2000 PC, the following log is generated in ./logs/pserver_log:
# tail -f ./logs/pserver_log
ERR : transport/Connection.cxx:257 Failed to read data, reason:Connection reset by peer
This eror is NOT seen when using the GUI installed on Linux or Solaris.
Recommended Action: The error message is non service affecting and can be ignored.
CSCeb44311
client side STOP not generated if no 487 is received
Problem Description: When a 200 to CANCEL is received on a branch but no 487 ever comes back from the downstream, SPS will not be able to generate a client side STOP record for that branch.
Recommended Action: If the canceled branch is the only branch or the best branch to return response upstream, a 408 response will be returned upstream when the original INVITE request finally times out in SPS, and the user can gather some information from the server side STOP record instead.
CSCeb49412
CSPS: Toggling Virtual Proxy Host on/off can cause duplicate records
Problem Description: Cisco SPS has virtual proxy host enabled, and two registrations with the same user id but different domains have been entered, i.e. user id: 3000, domain: foo.com and user id: 3000, domain: bar.com.
If virtual proxy host is then disabled in SPS, it appears as if there are duplicate records for the 3000 user. If one of these records is then changed, the database starts behaving badly.
Recommended Action: Once virtual proxy host is enabled, do not disable it.
CSCeb61814
GUI dynamic column resize sometimes fails
Problem Description: One column of a table can stretch across the entire viewable area of the graphical user interface (GUI). The user must move the slider bar to see the other columns.
Conditions: Sporadically, after performing an action in the GUI, a column may fill up the viewable area of the GUI and cause the other columns to be pushed to the side.
Recommended Action: Click on the Refresh button or click on the column header to resize the columns.
Problem Description: When the Cisco SPS is configured in Recursive mode and configured for remote access server (RAS). The SPS will ignore the "SipResolveLocalContactsInRedirectMode" parameter. and always try RAS first.
Conditions: This symptom is observed when the SPS is configured in Recursive mode and configured for RAS. The SPS will ignore the "SipResolveLocalContactsInRedirectMode" parameter. and always try RAS first.
Recommended Action: Create a SPS route for to the proxy for all destinations for which you want SPS to check its registry and/or MySQL db prior to checking RAS for the call forwarding contact.
CSCeb71070
CSPS: Changing UseVirtualProxyHost from Off to On causes conflicts
Problem Description: Turning the 'Use Virtual Proxy Host' directive from On to Off can cause several problems.
1. Phones using entries with a Domain Name previously set to a Virtual Proxy Host before the 'Use Virtual Proxy Host' directive was turned Off can no longer be called.
2. Entries with a Domain Name previously set to a Virtual Proxy Host before the 'Use Virtual Proxy Host' directive was turned Off can no longer be edited or deleted via the graphical user interface (GUI).
3. Entries which were unique before the directive was turned Off may no longer be unique.
4. The Domain Name column is empty.
Conditions: The database uses the Registry entry's 'Domain Name' as one of the key fields for identifying unique registry records. When the directive is On, the database stores the value of each Registry record's domain name and retrieves it when requested. When the directive is turned off the database no longer uses the stored value, but instead, uses the current value of the 'Proxy Domain' directive.
When attempting to access records, the Proxy Domain is used. Since this does not match what is stored in the database, the records which have domains which do not match the Proxy Domain can not be accessed.
Recommended Action: Recommendation is that you leave 'Use Virtual Proxy Host' set to On. If you no longer wish to have any Virtual Proxy Hosts, delete all of them from the table, but leave 'Use Virtual Proxy Host' set to On. If you must turn it Off for some reason, follow the steps below.
Before turning 'Use Virtual Proxy Host' Off, the user should prepare the existing Registry records. Manually change the Domain Name for each Registry Record to match the Proxy Domain. Verify that this does not cause two records to become the same. If so, assign a new user ID to one of them or change one of the other values such that the records remain unique. If a record is no longer needed, delete it.
If the database is large, this can be done more quickly using the export/import functions under the GUI's Operations menu. Export the Registry database into a comma separated value (csv) file using the GUI's export command. Open the saved file in Microsoft Excel and modify the Domain Name column so that all entries are set to the Proxy Domain. Import the modified csv file back into Cisco SPS using the GUI's import command.
If these steps were not followed before turning 'Use Virtual Proxy Host' from On to Off, simply turn it back on and follow the steps above before turning it off again.
CSCec03170
Support multiple Proxy-Authorization headers in INVITE
Problem Description: When multiple Proxy-Authorization headers are present in an INVITE and authentication is turned on, SPS can't handle these Proxy-Authorization headers and sends back 407.
Recommended Action: Only configure one SPS do authentication so that only one Proxy-Authorization header is present and necessary to pass authentication check.
CSCec24660
SPS: Timestamps in error_log do not corresond to servers date & time
Problem Description: The timestamps in the log files are always in GMT rather than in the time format configured on the machine.
Recommended Action: There is no workaround.
CSCec24701
SPS: Registry Cleanup Interval does not remove expired registeration
Problem Description: The Registration database is not periodically purged of expired registrations regardless of the value set in the Registry Cleanup Interval directive.
Conditions: Allow a registration to expire or manually change a registered entry's registration time so that it is expired. It will not be removed from the database unless it is called or manually removed.
Recommended Action:
1. Calling a registered user who's registration has expired will cause the registration to be aged out and removed from the database.
2. Manually run the sip/bin/sysadmin_sps_regroute tool. Follow the menus and list all of the registry entries. This will cause the expired registrations to be removed from the database. This can also be done on the command line by typing ./sysadmin_sps_regroute -l -m registry To have this be performed automatically, set up a cron job on the machine the proxy is running on to run the following command: ./sysadmin_sps_regroute -l -m registry
3. Using the provisioning graphical user interface (GUI), display all of the registrations. The expired registrations will have their Expiration time shown in the color red. Click on the column header to sort on the expiration time. Manually delete the expired entries. Note, make sure the time and date on the machine running the GUI matches the time and date of the machine running the proxy as this is used to change the expire time color to red.
CSCec61373
Need to validate contents of Contact_Age
Problem Description: Entering an invalid value for the Contact_Age field of a static registration results in the Contact being added to the database without any error message; but then when the associated user is called the Contact is treated as if it has expired and the call fails. The correct behavior would be to flag the invalid value when the Contact was being entered.
Conditions: This is applicable to static registrations via the graphical user interface (GUI) or CLI only. An example of an invalid contact is misspelling the word "Permanent".
Recommended Action: Re-enter the Contact with a valid Contact Age value.
CSCed21297
SPS does not support complete Remote-Party-ID syntax
Problem Description: SPS supports only that portion of the Remote-Party-ID syntax that is required for and parallels that of the P-Asserted-Identity header as used to facilitate Privacy in a network consisting of other Cisco SIP endpoints.
Conditions: PrivacyWithRPID is enabled and SPS receives an INVITE from a trusted entity with the following Remote-Party-ID header:
When forwarding to an untrusted entity,SPS will not recognize that privacy was requested since it does not support quoted strings as privacy values, so it will not remove the header.
Recommended Action: Use the semicolon separated syntax for rpi-privacy tokens rather than the quoted string syntax.
CSCed27525
Linux GUI install gives spurrious warnings
Problem Description: Upon installation of the SPS graphical user interface (GUI), the user will see several warning messages.
Conditions: The messages may be due to the version of InstallAnywhere currently used to create the installer.
Recommended Action: Ignore the messages as they are harmless.
CSCed40792
RAS Gatekeeper Cluster Host/Port pairs need to be made required
Problem Description: The proxy fails to restart correctly after modifying the remote access server (RAS) Gatekeeper Clusters via the graphical user interface (GUI).
Conditions: When a GK or port is added without giving a value to the corresponding port or Gk. For example, if a value is added to the GK1 column, a value must be added to the Port1 column for the same row.
Recommended Action: Always add both GK and port data when modifying or creating RAS Gatekeeper clusters.
CSCed83101
Multiple registrations dont all show up in provisioning
Problem Description: At times, registrations by independent ua's to the same number will appear to overwrite each other when using provisioning to view the registrations. When a call is made to the number both sets ring. Also, when using the CLI tool in ACE mode, both registrations appear.
Conditions: This may occur if the Contact in the Register message does not contain a User portion of the URL.
Recommended Action: Use the sysadmin_sps_regroute CLI tool to view the registrations with the same number.
CSCee24124
Slow export of registry/routing entries in sysadmin_sps_regroute
Problem Description: The export function of the sysadmin_sps_regroute tool takes a long period of time when compared to doing an export when in ACE mode or through the graphical user interface (GUI).
Conditions: Perform an export of the registry or routing databases via the sysadmin_sps_regroute tool. Process completes, but takes longer than if done by other methods.
Recommended Action: Use the ACE mode of the sysadmin_sps_regroute tool when performing an export of the routing or registry database. Another option is to export from the GUI.
Resolved Caveats—Cisco SIP Proxy Server, Version 2.2
All the caveats listed in this section are resolved in the Cisco SIP Proxy Server, Version 2.2.
Table 4 Resolved Caveats for the Cisco SIP Proxy Server, Version 2.2
DDTS ID Number
Description
CSCdz62420
CSPS: GUI needs a warning notification for required missing values
Problem Description: Server may fail to restart if a value for a required field has not been provided.
Conditions: Using the Provisioning graphical user interface (GUI) set remote access server (RAS) to ON. Add a Tech prefix, but leave the Dialed Number or Tech Prefix field blank. Submit the changes. Perform a restart in the Proxy Control screen.
Recommended Action: Add information for all fields when configuring RAS.
CSCea58255
routes with embedded * ignored by provisioning system
Problem Description: It is not possible using the graphical user interface (GUI) based provisioning system to define a static route with a destination pattern including a '*' character. Trailing '*' characters are to be treated as expanded wildcards, but embedded '*' characters are to be treated as single '*' characters. The GUI accepts the destination pattern as valid input; however, the route does not make it into the routing database used by SPS.
Conditions:
1) Add '*' to the numeric character set as follows:
NumericUsernameCharacterSet *+0123456789.-()#
2) Define a static route with destination pattern *69
3) The GUI accepts the input but no route is added to the in memory route database (can be verified using sysadmin_csps_regroute).
Workaround: Define a static registration for the destination pattern instead. For the example above:
1) define a user as *69@<ProxyDomain>
2) set the contact to *69@<next-hop>
Sample output from sysadmin_csps_regroute is as follows:
user type --> PHONE
user --> *69
Domain --> <ProxyDomain>
contact --> *69@<next-hop>
contact user type --> PHONE
contact port --> 5060
transport --> UDP
expired at --> -
CSCea69911
CSPS: unable to insert registry contact with @host
Problem Description: While entering a contact for a static registration in either the CLI or provisioning graphical user interface (GUI), if the customer neglects to add a user_info portion, i.e. user_info@host_info, the registration cannot be viewed via the GUI or CLI.
Recommended Action: Always have a user_info portion when adding a contact in the CLI or GUI.
CSCeb61810
GUI should disallow sip: in contact for static registrations
Problem Description: Calls may not be delivered successfully to a static Registry if the user entered the contact incorrectly in the graphical user interface (GUI). The syntax should be user@host and not sip:user@host.
Conditions: The GUI does not perform checking on the static Registry contact to see if the user entered 'sip:' in front of the contact address.
Recommended Action: When manually entering a Registry contact, do not put 'sip:' in front of the contact.
CSCeb63312
First graceful restart after adding IgnoreProxyRequire fails
Problem Description: If add an IgnoreProxyRequire directive (vi sipd.conf or in graphical user interface (GUI)) and gracefully restart the server, the graceful signal shows in error_log, but the daemons get stuck in <defunct> state and never restart.
1. No IgnoreProxyRequire directive was configured the last time the proxy was started
2. An IgnoreProxyRequire directive was added via the GUI or by manually editing sipd.conf
3. ./sip graceful or ./sipdctl graceful was performed to gracefully restart the server with the new configuration
Recommended Action: A full restart fixes the problem
# ./bin/sip restart or
# ./bin/sipdctl restart
Further graceful restarts are successful and new IgnoreProxyRequire directives that are added will gracefully restart successfully.
CSCeb77737
SPS: Recursive Proxy adds portnum in ROUTE hdr causing DNS A query
Problem Description: When the Cisco SPS is configured in Recursive mode, The SPS adds a port# to address in Route header of ACK causing a DNS "A" record query for a SRV FQDN. As a result, the call setup fails due a DNS query failure.
Conditions: This symptom is observed when the SPS is configured in Recursive. The SPS adds a port# to address in Route header of ACK causing a DNS "A" record query for a SRV FQDN. As a result, the call setup fails due a DNS query failure.
Recommended Action: There is no workaround.
CSCeb85264
Cannot add wildcarded route by editing existing route in GUI
Problem Description: When using the graphical user interface (GUI) to edit an existing route, adding a wildcard destination pattern such as "408*" will not work correctly. Rather than expanding the route into multiple routes of the form 408, 408., 408.., etc.; a single route of 408* is entered into the database instead.
Recommended Action: Instead of editing the existing route, first delete the existing route and then add a new wildcard route.
CSCec11580
SIP: Provisioning GUI will not add GK cluster to sipd.conf
Problem Description: A remote access server (RAS) gatekeeper cluster configured through the graphical user interface (GUI) fails to work correctly. The cluster information does not show up in sipd.conf.
Conditions: When adding a RAS Gatekeeper cluster through the GUI the data is not added to sipd.conf. The spa_log will show the following error:
ALRT : Ras.cxx:132 Invalid Number Of GateKeeper Cluster (num=12)
Recommended Action: When adding a cluster through the GUI, make sure to populate the last column in the row (GK 5, port 5) You do not need to have values in the GK1 through GK4 columns, but you can if you like.
CSCec13130
unwanted character in register contact field in GUI
Problem Description: SPS provisioning graphical user interface (GUI) shows extra character ">" at the end of a contact in a dynamic registration.
Conditions: With some third party endpoints, when they dynamically register with SPS 2.1, the GUI shows an extra character ">" at the end of their registered contact.
Recommended Action: This is a harmless bug which is not noticed with Cisco equipment. Even when the bug occurs, it creates no problem in call processing. No workaround is required.
CSCec31901
Apply OpenSSL patches for vulnerability
Problem Description: New vulnerabilities in the OpenSSL implementation for SSL have been announced.
An affected network device, running an SSL server based on the OpenSSL implementation, may be vulnerable to a Denial of Service (DoS) attack when presented with a malformed certificate by a client. The network device is vulnerable, to this vulnerability, even if it is configured to not authenticate certificates from the client. There are workarounds available to mitigate the effects of these vulnerabilities.
Cisco SPS 2.1 Installation Guide - Need doc update in troubleshootin
Problem Description: The SPS 2.1 Installation Guide "Troubleshooting Tips" section of the "Setting Up Servers and MySQL Databases in a New System" as the following error:
--------------------
Verify MySQL installation with the following commands: <serverroot>/bin/mysqlshow
<serverroot>/bin/mysqladmin version status proc
--------------------
These two commands do not work because their syntax is wrong.
Recommended Action: The correct syntax is:
<serverroot>/bin/mysqlshow -u guest -p
Enter password: nobody (by default)
<serverroot>/bin/mysqladmin -u guest -p version status proc
Enter password: nobody (by default)
CSCed10488
RedHat 7.3 logrotate can result in maxed-out CPU on SPS systems
Problem Description: RedHat 7.3 systems contain a problem with logrotate and mailman. This is a problem with the distribution and will effect all systems running the distro regardless of patch level. It is fixed in RH9 and AS3, and thus is not an issue for SPS 2.2, but the fix was not backported to 7.3.
Basically, a program called 'mailman' creates a bunch of different log files in /var/log/mailman. Rather than listing out all 20 logfile names, the logrotate script simply says to rotate '*'. This means that on the first rotate, 'error' rotates to 'error.1'. On week 2 you now rotate 'error.1' to 'error.2' and 'error' to 'error.1', but because of the * you also re-rotate 'error.1' to 'error.1.1'.
After a few months, you have several million files and logrotate chokes.
This problem can be accelerated by introducing a full-disk error condition. The mailman logs are of zero size so continue to rotate, but the status file can not be updated, which results in a rotation every day instead of every week.
Recommended Action: rm -f -r /var/log/mailman Remove all references to mailman from '/var/lib/logrotate.status' Uninstall the mailman rpm
CSCed37564
SPS GUI license doesnot delete the license key properly from the db
Problem Description: Can not delete and add a new license key for the same host using the license key graphical user interface (GUI) application.
Conditions: Once you delete the license key for a particular host and try to re-add it back using the GUI, it will failed. The system will stated that there is an entry already exist for that.
Recommended Action: There is no workaround.
CSCed55241
Route failover corrupted if transaction expires prior to failover
Problem Description: SPS does not fail over from first route to subsequent routes if the INVITE transaction expires prior to the fail over timer expiring. Instead, SPS sends a CANCEL for the outstanding transaction and subsequently a corrupted INVITE to the subsequent routes.
This is due to a race condition between the transaction expiring timer and the retransmission timer not being handled correctly. The default transaction expiration when there is no response is 60 seconds.
The default retransmission timers take over 60 seconds to expire. Therefore the transaction expires, but is not expired cleanly, and the retransmission timers then expire and use corrupted data.
Conditions:
1. Multiple routes exist for same destination:
destination next-hop
-----------------------------
555.... 10.2.3.4
555.... 10.6.7.8
2. There is no response from the next-hops
3. Default values for retransmission timers and counters as well as transaction expiration.
4. Place a call to 5551212.
There must be no Expires header in the INVITE as this will replace the default transaction expiration timer.
Recommended Action: These are several.
1. Reduce the retransmission timers such that they are less than the transaction expiration timer.
2. Increase the transaction expiration timer such that it is greater than the retransmission timers
3. Have the endpoint sending the INVITE include an Expires header with a value greater than the retransmission timers. For example, the ATA includes an Expires header with a value of 300 seconds, and the 7960 includes an Expires header with a value of 180 seconds.
CSCed68752
400 bad from returned if user parameter is other than ip or phone
Problem Description: When receiving a SIP message with a From header containing a user parameter, SPS rejects the From as bad if the user parameter value is something other than IP or PHONE.
Recommended Action: There is no workaround.
CSCed75539
licenseMgr dumps core when exiting
Problem Description: licenseMgr dumps core when exiting.
Conditions: A running licenseMgr is stopped via: lmctl stop, sip stop, or by sending a KILL signal Rather than exiting gracefully, it seg faults and dumps core.
Recommended Action: This is not a service affecting issue. The only potential problem is buildup of core files on the hard disk. By default, no core is produced for security reasons, so it is only in cases in which core files have been explicitly enabled that this is an issue at all. On Linux, core files can be suppressed by as follows: ulimit 0 On Solaris, core files can be suppressed via the coreadm utility.
CSCed80185
accounting record not sent for invalid request
Problem Description: When SPS receives a BYE with an invalid Request URI, it returns a 400 - Bad Message to the sender. If server side accounting is enable, SPS also attempts to send an accounting record. At this point, the sipd seg faults and no accounting record is sent. Note, call processing still completes as usual. When SPS receives an INVITE with an invalid Request URI, it returns a 400 - Bad Message to the sender. If server side accounting and unsuccessful accounting is enable, SPS also attempts to send an accounting record. At this point, the sipd seg faults and no accounting record is sent. Note, call processing still completes as usual.
Conditions: Server Side Accounting enabled and BYE with invalid Request URI received. and/or Server Side and Unsuccessful Accounting enabled and INVITE with invalid Request URI received.
Recommended Action: There is no workaround.
CSCee41545
CustomLog Format value missing in MySQL after upgrade
Symptom: The proxy is unable to start after upgrading to SPS Version 2.2 and enabling Custom Logs.
Condition: You would have used the backup_db_2.X_as_2.2.sh script while no CustomLog was defined for their system. After the upgrade, you had to tried to enable the CustomLog for the problem to become apparent.
Workaround: To avoid the problem, before upgrading to SPS Version 2.2, the user should configure a CustomLog.
Once the problem has occurred, the user can remove the CustomLog from their configuration to allow the proxy to restart correctly.
The missing format value must be placed in the MySQL database in order for CustomLog to be able to be activated in the future. Follow these directions:
1. Log into MySQL and give the following commands:
mysql -uguest -p<password> sip - log in using your password
select CustomLogFormat from CSPS; - to verify that it is empty
update CSPS set CustomLogFormat='combined'; - restores the correct value
select CustomLogFormat from CSPS; - to verify that it is set
quit
2. Once the CustomLogFormat value is restored, the user should be able to enable and disable Custom Logs normally through the GUI.
Obtaining Documentation
The following sections explain how to obtain documentation from Cisco Systems.
World Wide Web
You can access the most current Cisco documentation on the World Wide Web at the following URL:
Cisco documentation and additional literature are available in a Cisco Documentation CD-ROM package, which is shipped with your product. The Documentation CD-ROM is updated monthly and may be more current than printed documentation. The CD-ROM package is available as a single unit or through an annual subscription.
Ordering Documentation
Cisco documentation is available in the following ways:
•Registered Cisco Direct Customers can order Cisco product documentation from the Networking Products MarketPlace:
•Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco corporate headquarters (California, USA) at 408 526-7208 or, elsewhere in North America, by calling 800 553-NETS (6387).
Documentation Feedback
If you are reading Cisco product documentation on Cisco.com, you can submit technical comments electronically. Click Leave Feedback at the bottom of the Cisco Documentation home page. After you complete the form, print it out and fax it to Cisco at 408 527-0730.
You can e-mail your comments to bug-doc@cisco.com.
To submit your comments by mail, use the response card behind the front cover of your document, or write to the following address:
Cisco Systems Attn: Document Resource Connection 170 West Tasman Drive San Jose, CA 95134-9883
We appreciate your comments.
Obtaining Technical Assistance
Cisco provides Cisco.com as a starting point for all technical assistance. Customers and partners can obtain documentation, troubleshooting tips, and sample configurations from online tools by using the Cisco Technical Assistance Center (TAC) Web Site. Cisco.com registered users have complete access to the technical support resources on the Cisco TAC Web Site.
Cisco.com
Cisco.com is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information, networking solutions, services, programs, and resources at any time, from anywhere in the world.
Cisco.com is a highly integrated Internet application and a powerful, easy-to-use tool that provides a broad range of features and services to help you to
•Streamline business processes and improve productivity
•Resolve technical issues with online support
•Download and test software packages
•Order Cisco learning materials and merchandise
•Register for online skill assessment, training, and certification programs
You can self-register on Cisco.com to obtain customized information and service. To access Cisco.com, go to the following URL:
The Cisco TAC is available to all customers who need technical assistance with a Cisco product, technology, or solution. Two types of support are available through the Cisco TAC: the Cisco TAC Web Site and the Cisco TAC Escalation Center.
Inquiries to Cisco TAC are categorized according to the urgency of the issue:
•Priority level 4 (P4)—You need information or assistance concerning Cisco product capabilities, product installation, or basic product configuration.
•Priority level 3 (P3)—Your network performance is degraded. Network functionality is noticeably impaired, but most business operations continue.
•Priority level 2 (P2)—Your production network is severely degraded, affecting significant aspects of business operations. No workaround is available.
•Priority level 1 (P1)—Your production network is down, and a critical impact to business operations will occur if service is not restored quickly. No workaround is available.
Which Cisco TAC resource you choose is based on the priority of the problem and the conditions of service contracts, when applicable.
Cisco TAC Web Site
The Cisco TAC Web Site allows you to resolve P3 and P4 issues yourself, saving both cost and time. The site provides around-the-clock access to online tools, knowledge bases, and software. To access the Cisco TAC Web Site, go to the following URL:
All customers, partners, and resellers who have a valid Cisco services contract have complete access to the technical support resources on the Cisco TAC Web Site. The Cisco TAC Web Site requires a Cisco.com login ID and password. If you have a valid service contract but do not have a login ID or password, go to the following URL to register:
If you cannot resolve your technical issues by using the Cisco TAC Web Site, and you are a Cisco.com registered user, you can open a case online by using the TAC Case Open tool at the following URL:
If you have Internet access, it is recommended that you open P3 and P4 cases through the Cisco TAC Web Site.
Cisco TAC Escalation Center
The Cisco TAC Escalation Center addresses issues that are classified as priority level 1 or priority level 2; these classifications are assigned when severe network degradation significantly impacts business operations. When you contact the TAC Escalation Center with a P1 or P2 problem, a Cisco TAC engineer will automatically open a case.
To obtain a directory of toll-free Cisco TAC telephone numbers for your country, go to the following URL:
Before calling, please check with your network operations center to determine the level of Cisco support services to which your company is entitled; for example, SMARTnet, SMARTnet Onsite, or Network Supported Accounts (NSA). In addition, please have available your service agreement number and your product serial number.
Obtaining Technical Assistance
