Avaya Support Forums  

Go Back   Avaya Support Forums > Avaya Aura & Unified Communications

Thread Tools Search this Thread Display Modes
Old 12-02-2021, 04:10 PM
fedor36 fedor36 is offline
Join Date: Nov 2021
Posts: 3
fedor36 has 10 reputation points
Default Yealink T27P on Session Manager 6.3

I am trying to set up a Yealink T27P SIP phone on the new Session Manager. I connected my CM to the System Manager. Synchronization passed, CM settings were loaded on SMGR. Session Manager passes all tests. Configured according to this instruction. Although it is for T22 and Session Manager 6.1, I think it is configured in the same way. The user, when saving the settings in Home / Users / User Management / Manage Users, is created on the CM. In the phone settings, I specify ip Security Module in the "SIP server address", but a registration error occurs. On the Session Manager, the SIP registration log is empty. A phone appears in Home / Elements / Session Manager / System Status / User Registrations but not registered. If the phone is configured via tls, then TraceSM gives this:

TLS handshake:

Code:                                                            SM100                                                                                                         
12:54:19.640 │──CHello──►│           │           │ (T1) Client Hello 
12:54:19.642 │◄──SHello──│           │           │ (T1) Server Hello 
12:54:19.642 │◄──Cert, S─│           │           │ (T1) Certificate, Server Key Exchange, Server Hello Done 
12:54:20.299 │──CKeyEx,─►│           │           │ (T1) Client Key Exchange, Encrypted Handshake Message 
12:54:20.301 │◄──EncHand─│           │           │ (T1) Encrypted Handshake Message 
12:54:20.306 │───Alert──►│           │           │ (T1) Encrypted Alert 
12:54:27.659 │──CHello──►│           │           │ (T2) Client Hello 
12:54:27.661 │◄──SHello──│           │           │ (T2) Server Hello 
12:54:27.661 │◄──Cert, S─│           │           │ (T2) Certificate, Server Key Exchange, Server Hello Done 
12:54:28.259 │──CKeyEx,─►│           │           │ (T2) Client Key Exchange, Encrypted Handshake Message 
12:54:28.261 │◄──EncHand─│           │           │ (T2) Encrypted Handshake Message 
12:54:28.266 │───Alert──►│           │           │ (T2) Encrypted Alert 
12:55:02.889 │──CHello──►│           │           │ (T3) Client Hello 
12:55:02.891 │◄──SHello──│           │           │ (T3) Server Hello 
12:55:02.891 │◄──Cert, S─│           │           │ (T3) Certificate, Server Key Exchange, Server Hello Done 
12:55:03.567 │──CKeyEx,─►│           │           │ (T3) Client Key Exchange, Encrypted Handshake Message 
12:55:03.568 │◄──EncHand─│           │           │ (T3) Encrypted Handshake Message                                                  
12:55:03.573 │───Alert──►│           │           │ (T3) Encrypted Alert
if via tcp then TraceSM gives this:

12:37:10.090 │◄──OPTIONS─│           │           │ (107) sip: 
12:37:10.091 │◄──200 OK──│           │           │ (107) 200 OK (OPTIONS) 
12:37:20.089 │◄──OPTIONS─│           │           │ (108) sip: 
12:37:20.090 │◄──200 OK──│           │           │ (108) 200 OK (OPTIONS) 
12:37:30.090 │◄──OPTIONS─│           │           │ (109) sip: 
12:37:30.091 │◄──200 OK──│           │           │ (109) 200 OK (OPTIONS) 
12:37:40.089 │◄──OPTIONS─│           │           │ (110) sip: 
12:37:40.090 │◄──200 OK──│           │           │ (110) 200 OK (OPTIONS) 
12:37:50.090 │──OPTIONS─►│           │           │ (111) sip: 
12:37:50.090 │◄──OPTIONS─│           │           │ (111) sip: 
12:37:50.091 │──200 OK──►│           │           │ (111) 200 OK (OPTIONS) 
  12:37:50.091 │◄──200 OK──│           │           │ (111) 200 OK (OPTIONS)

Reply With Quote
Old 12-07-2021, 02:43 AM
fedor36 fedor36 is offline
Join Date: Nov 2021
Posts: 3
fedor36 has 10 reputation points

In Entity Links, in the instructions I used to configure, tcp is selected as the protocol.
But at the same time, they wrote that in the settings of the phone itself, you need to select UDP. With this setting, Session Manager does not respond at all to phone registration attempts. If you select tcp in the phone settings, then traceSM says: 403 Forbidden (Unauthorized).

17: 59: 57.390 │──REGISTE─►│ │ │ (9) "T27P-1011" <sip: 1011@ 5060> Exp: 60
17: 59: 57.392 │◄──Unautho─│ │ │ (9) 401 Unauthorized
17: 59: 57.398 │──REGISTE─►│ │ │ (9) "T27P-1011" <sip: 1011@ 5060> Exp: 60
 17: 59: 57.400 │◄──Forbidd─│ │ │ (9) 403 Forbidden (Unauthorized)
Here they write that you need to check the traceSM registration package to make sure that the domain is specified correctly, but I have <sip: 1011@ 5060> in the registration package. There is no domain here. This is the Security Module address that I specified in the phone settings. It then says to check the station settings to make sure it is programmed correctly to route messages to Communication Manager. I have checked the settings several times already, Communication Manager is connected to System Manager. Please tell me how to find out what exactly needs to be checked?

Last edited by fedor36; 12-07-2021 at 02:47 AM.
Reply With Quote
Old 12-09-2021, 06:01 AM
mlombardi1's Avatar
mlombardi1 mlombardi1 is offline
Join Date: Sep 2010
Location: New York
Posts: 511
mlombardi1 has 25 to 49 reputation pointsmlombardi1 has 25 to 49 reputation pointsmlombardi1 has 25 to 49 reputation points

Firstly, verify the port and protocol you're using for SIP registration is open on the SM100. Look toward the bottom of the SIP entity screen.

If secured, TLS 5061 needs to be open on the SM100 and the Yealink device needs the SMGR root certificate loaded into its truststore. The TLS handshake you share indicates failure establishing the TLS connection.

SM supports UDP but CM doesn't. You can use UDP for SIP registration but the trunk between CM and SM must either be TCP or TLS.

Using the SM100 IP address in the registration URI is ok as long there's a default domain selected on the SM100 listening ports. Looks like that should be asm.avaya in your case. If you can administer a domain on the Yealink, that's your best bet.
Meridian IT - Senior Engineer
Reply With Quote
Old 12-09-2021, 10:41 PM
fedor36 fedor36 is offline
Join Date: Nov 2021
Posts: 3
fedor36 has 10 reputation points

SM100 is built into Session Manager and listens to eth2 interface on Session Manager. Tell me how to open ports on SM100? And how to check if the ports are open? is that enough?

Tried to configure via TLS, downloaded the certificate from SMGR. Home/Services/Security/Certificates/Authority/CA Functions/Download pem file. Uploaded it as a trusted certificate to Yealink.
If I configure the phone to accept only trusted certificates, then the error is the same "Encrypted alert". If I turn off the "accept only trusted certificates" setting it starts to write the following:



Entity Link on SM and Signaling Grpup Transport Mestod on CM tried TCP and TLS nothing changes.

It seems there is no way to enter the sip domain name on the yealink phone. How to configure default domain on SM100 ports? This is not written in the manuals.

Last edited by fedor36; 12-10-2021 at 04:23 AM.
Reply With Quote

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT -7. The time now is 04:42 PM.

This Forum is provided solely for the use and convenience of Avaya customers and partners. Use of the Forum is subject to the Terms and Use and Privacy Statement found at www.avaya.com. No other use is permitted. The Forum including all content posted is “AS IS” and Avaya expressly disclaims all warranties and/or guarantees as to its accuracy, reliability, usefulness, quality or non-infringement of intellectual property. Avaya reserves the right to remove any content posted on the Forum at any time and for whatever reason.

Avaya will not be liable for any content posted on this Forum, including, without limitation, any errors or omissions or for any losses or damages of any kind incurred as a result of use or reliance on any content, regardless of its origin.

You expressly understand and agree that you assume all risks associated with use or reliance on this content.