TIPS MS Teams - SIP/2.0 403 Forbidden due to IP instead of FQDN Transported?

Z

zwangzw

New Member
Joined
May 21, 2024
Messages
2
Reaction score
0
Hi All,

I would really appreciate if anyone had similiar experience on troubleshooting this.

Server: Ubuntu 22.04 / Asterisk 20.8.1

I have followed the wiki instructions on https://incrediblepbx.com/teams/. Notably:
1. Applied the Asterisk patch script mentioned in the wiki page
2. Obtained Certificate from LetsEncrypt that matched the FQDN
3. ms_signaling_address is set to FQDN (DOMAIN.COM) at /etc/asterisk/pjsip.transports_custom_post.conf

PJSIP had issues to communicate with 403 Forbidden error as below

<--- Received SIP response (677 bytes) from TLS:52.114.148.0:5061 --->
SIP/2.0 403 Forbidden
FROM: <sip:[email protected]>;tag=4f571543-7686-4ae7-b753-2b14ee159ca7
TO: <sip:sip.pstnhub.microsoft.com>
CSEQ: 5023 OPTIONS
CALL-ID: 0620fdb4-43c1-47cf-a211-4fb79fecbcab
VIA: SIP/2.0/TLS DOMAIN.COM:5061;branch=z9hG4bKPj0c86fbee-c418-4475-918e-3fb22af2b63f;rport
REASON: Q.850;cause=63;text="51182690-a6d0-41b1-8561-2c4467791d1d;SBC certificate is not issued correctly. Provided trunk FQDN '1.2.3.4' is not included in certificate's CN or SAN list. Certificate allows following FQDNs only: DOMAIN.COM."
CONTENT-LENGTH: 0
ALLOW: INVITE,ACK,OPTIONS,CANCEL,BYE,NOTIFY
SERVER: Microsoft.PSTNHub.SIPProxy v.2024.4.11.1 i.USWE2.9
Click to expand...

Am I missing something?

Many thanks,
 
zwangzw said:
Am I missing something?
Click to expand...
I'm not sure why you got a cert for this, it doesn't apply. Show the transport you created and a full debug of the INVITE the 401, the INVITE in response to the 401 and then this 403...what does the original INVITE look like?
 
Thanks all.

I tried hard coded the FQDN on res_pjsip_nat.c on a plain vanilla Asterisk (both latest version 20 and 21) as well as used acme.sh to obtain certificate from letsencrypt - it worked now.

I will investigate further if its the Certificate Manager that is behaving weird or some of the patches from IncrediblePBX no longer work.
 
Did you get any further with this? Just about to install a new instance of Incredible PBX for integrating with Teams, or should I go vanilla asterisk for now?
 
You must log in or register to reply here.

Members online

No members online now.
Total: 32 (members: 0, guests: 32)

Latest Posts

Forum statistics

Threads
26,706
Messages
174,531
Members
20,273
Latest member
rhys96999
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Verify your Email

Check your inbox!

We’ve sent you an email. Click on the button in the email body to verify your email address – (if you can not find it, check your spam folder).

Upon verification you will be directed to the 3CX setup wizard.

Back
Top