All of our endpoints lost their registrations again last night around 2:00 am - all of our 911 admin lines are being fed into the system via an analog gateway, so they got ahold of one of our techs and he wound up rebooting sipXecs (which always fixes this issue) - as does restarting the service. So, obviously, no calls go thru during this time.
If anyone knows how to read a sipXecs snapshot - it is available here: http://www.garrettcounty.org/snapshot.tar.gz - This snapshot encompasses about 20 minutes (from the last call that worked - to the first one that didn't). The only thing I did yesterday: Deleted 1 user / also ran a sipXecs snapshot for another issues (around 6:00 pm last night) I've had this happen on various installs (happened on 4.2 32-bit - I've since re-done everything and am now on 4.4 64-bit). Seems not to happen if I send server profiles after making changes (which I didn't do yesterday...). Nathaniel Watkins IT Director Garrett County Government 203 South 4th Street, Room 210 Oakland, MD 21550 Telephone: 301-334-5001 Fax: 301-334-5021 E-mail: [email protected]<mailto:[email protected]> From: [email protected] [mailto:[email protected]] On Behalf Of Tony Graziano Sent: Friday, July 15, 2011 9:40 AM To: Discussion list for users of sipXecs software Subject: Re: [sipx-users] phone registrations expired Why don't you start over. The sipdomain and hostname should be unique to each other. There should be no tls records (if you updated to the latest patch and let sipx manage its own dns its not likely an issue). tls over udp would cause as much an issue and over tcp. I have seen snom phones with a misproperly configured dns zone bring systems down. As for the sipvicious stuff, thats been talked about many times. You should at the least ratelimit the connections to port 5060 in your firewall. What you have not provided is: what version you are on. what the patch level is. what type of phones you are using and whether or not you have seen connection attempts from scripts in your registrar.log. If I were you I would address all of those things. If you are still having an issue, I'd suggest opening a new thread and providing adequate details. On Fri, Jul 15, 2011 at 9:23 AM, Keith Laidlaw <[email protected]<mailto:[email protected]>> wrote: 1) Dns record that should not be there Easily checked, but I doubt it. Wouldn't this likely cause a "predictable" failure (e.g. it would always fail on the re-register)? 2) Sipdomain and hostname the same This may be the case (I will check). In what way is this a bad thing and how does it cause this behavior? Again, though, wouldn't this cause a predictable failure? 3) Unauthorized device trying to register via tcp or tls What about UDP? How does this cause the registrar and proxy services to fail without recovery? Is there a patch in the works? 4) Sipvicious Not likely (assuming you mean attacked, not just occasional). Again, how does this cause the failure? Is there a patch in the works that would allow the system to recover after the attack is over? Keith Laidlaw Manager of Engineering Dakins Engineering 19-3105 Unity Drive Mississauga ON L5L 4L2 905 814-6024<tel:905%20814-6024> (w) 416 805-6024<tel:416%20805-6024> (c) From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Tony Graziano Sent: Thursday, July 14, 2011 10:00 PM To: KeithL Subject: Re: [sipx-users] phone registrations expired its either a dns record that should not be there (_sip._tls), your sipdmain ans hostname are the same, you have a device trying to register via tcp or tls that should not be, or you are being attacked by sip vicious scripts. On Jul 14, 2011 9:47 PM, "Keith Laidlaw" <[email protected]<mailto:[email protected]>> wrote: > I have had this difficulty for many weeks. The only things I have added > from the 4.4 ISO was sendmail-mc and, of course, the latest updates > (last ran yum update last week). I verified that Tony's idea of > restarting registrar and proxy works, but it is simply a kludge. > > > > Any idea where I can look to find out why this is happening? > > > > Keith Laidlaw > > Manager of Engineering > > Dakins Engineering > > 19-3105 Unity Drive > > Mississauga ON L5L 4L2 > > > > 905 814-6024<tel:905%20814-6024> (w) > > 416 805-6024<tel:416%20805-6024> (c) > > > > From: > [email protected]<mailto:[email protected]> > [mailto:[email protected]<mailto:[email protected]>] > On Behalf Of Douglas > Hubler > Sent: Tuesday, May 31, 2011 12:46 PM > To: KeithL > Subject: Re: [sipx-users] phone registrations expired > > > > > > On Tue, May 31, 2011 at 12:09 PM, Tony Graziano > <[email protected]<mailto:[email protected]>> wrote: > > what I have seen is that the busier the environnment the more frequent > the stops occur. That made me think it was related to the RLS patch. I > tried taking the RLS patch and related components separately from the > build repo, but it became moreso problematic after doing so. > > > > (sample cron entry for daily at 3 hour intervals) > > * 0,3,6,9,12,15,18,21 * * * sipxproc -r SIPRegistrar > * 0,3,6,9,12,15,18,21 * * * sipxproc -r SIPXProxy > > > > I think it stems from a needed patch to RLS, but I might be wrong. I > have querid this already on the sipx-dev list and am hoping to see some > activity on it. If you are also having this issue on 4.4.0 (anyone) it > would help to know. I am not sure whether it is related to XX-9634 or > not. > > > > Patch for RLS can't possibly effect this in a negative way, fix was > isolated to these 2 files. > > > > M sipXrls/src/ResourceListFileReader.cpp > > M sipXrls/src/ResourceListSet.cpp > > > > It could affect it in a positive way in that devices won't be blasting > SUBSCRIBEs to RLS because they are not getting a response. > > > > I do think Mark should take Tony's advice on looking into sipvicious > attacks, they seem to be more common then uncommon. > > > > > > > _______________________________________________ sipx-users mailing list [email protected]<mailto:[email protected]> List Archive: http://list.sipfoundry.org/archive/sipx-users/ -- ====================== Tony Graziano, Manager Telephone: 434.984.8430 sip: [email protected]<mailto:[email protected]> Fax: 434.326.5325 Email: [email protected]<mailto:[email protected]> LAN/Telephony/Security and Control Systems Helpdesk: Telephone: 434.984.8426 sip: [email protected]<mailto:[email protected]> Helpdesk Contract Customers: http://support.myitdepartment.net Blog: http://blog.myitdepartment.net Linked-In Profile: http://www.linkedin.com/pub/tony-graziano/14/4a6/7a4 ________________________________ This message and any files transmitted with it are intended only for the individual(s) or entity named. If you are not the intended individual(s) or entity named you are hereby notified that any disclosure, copying, distribution or reliance upon its contents is strictly prohibited. If you have received this in error, please notify the sender, delete the original, and destroy all copies. Email transmissions cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Garrett County Government therefore does not accept any liability for any errors or omissions in the contents of this message, which arise as a result of email transmission. Garrett County Government, 203 South Fourth Street, Courthouse, Oakland, Maryland 21550 www.garrettcounty.org
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
