I figured that was it, although I wish it were not the case, I really didn't want to have to take down the system and rebuild it... it being a production system and all. Which is why I had to try it that way first to minimize downtime.
The only thing that I could find was that once it was using the FQDN as the authorization realm it doesn't matter if you change its domain it still wants the realm as the FQDN, it configures my phones to do that and it doesn't challenge them it seems. I even tried setting my SBC that proxies my external users to force it to use the FQDN and it just doesn't want to do it that way. When I manually change the SIPX_PROXY_AUTHENTICATE_REALM in the sipXproxy-config file from the FQDN to the domain and restart the services the external users work just fine. Internally though everything starts acting strange and there's just so many problems I wouldn't even know where to begin. I think I'll schedule some downtime and reset the server and spend the time to redo it and see if that does the trick. Lara From: Picher, Michael [mailto:mpic...@cmctechgroup.com] Sent: Wednesday, December 02, 2009 10:51 AM To: Lara Johnson; sipx-users@list.sipfoundry.org Subject: RE: [sipx-users] 4.0.2 Remote users & Authentication Realm problem I've tried with 4.0.x to change between the two and always end up having to rebuild the system... You can export your users and import them to take some of the pain away. Maybe there's a step I'm missing but I just can't make things work right. May have to do with the user accounts. Mike From: sipx-users-boun...@list.sipfoundry.org [mailto:sipx-users-boun...@list.sipfoundry.org] On Behalf Of Lara Johnson Sent: Wednesday, December 02, 2009 9:33 AM To: sipx-users@list.sipfoundry.org Subject: [sipx-users] 4.0.2 Remote users & Authentication Realm problem I have a 4.0.2 box that I replaced 3.10.2 with. I ran two boxes and then switched the 4.0.2 live. I believe this may have caused a problem with authentication realms and my remote users. The original box was using the straight domain as the sip domain, while the 4.0.2 box used a FQDN until it went live. Internally all calls are working properly. Incoming calls come in and go out. We can call remote users from inside. Remote users, however, are showing up in the registrations (through an ingate as a b2bua and proxy) like they did in 3.10.2, however they cannot call extensions that are inside the office (not connected/registered remotely) or dial out to any other numbers. Upon viewing a packet capture I get a 407 Authorization required. When I did some digging, the sipxecs-config file has the FQDN as the authorization realm. If I manually change it to the domain name only, all my external users start working, but internally things mess up (transfers do not work, calls inbound have problems). I change it back and everything is fine internally again. Is this because I switched from FQDN to domain name only? Should I reinstall the 4.0.2 box and set it up with the domain name only from the beginning? Does anyone know a way to work around this? Lara Johnson
_______________________________________________ sipx-users mailing list sipx-users@list.sipfoundry.org List Archive: http://list.sipfoundry.org/archive/sipx-users Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users sipXecs IP PBX -- http://www.sipfoundry.org/
