Logo

Poly Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

VVX 411's in Metaswitch environment flooding SUBSCRIBE spawning 401 Unauthorized responses

SOLVED
Go to solution
gfcornely
Occasional Visitor
‎12-19-2019 03:01 PM
‎12-19-2019 03:01 PM

VVX 411's in Metaswitch environment flooding SUBSCRIBE spawning 401 Unauthorized responses

Firmware 5.7.0.11768

Provisioning using Metaswitch Endpoint Pack developed by Poly

Frankly it seems every instrument in the system is now exhibiting this behavior and last night sometime it overwhelmed the SAS server to the point it was discarding messages.

 

EX:

SUBSCRIBE sip:bdbccb34dadf230645da907d89b1cf2a@69.9.0.10:5060 SIP/2.0
Via: SIP/2.0/UDP 192.168.10.11:5060;branch=z9hG4bKb17f49c344C31F90
From: "Confroom" <sip:5203185207@meta01.voip.prosvc.biz>;tag=E1D705A5-DBDC351A
To: <sip:5203185207@meta01.voip.prosvc.biz:5060>;tag=sip+3+83af0003+f97539b4
CSeq: 287 SUBSCRIBE
Call-ID: a4383424c21e0227a6c6c91a810887b1
Contact: <sip:5203185207@192.168.10.11:5060>
Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, INFO, MESSAGE, SUBSCRIBE, NOTIFY, PRACK, UPDATE, REFER
Event: as-feature-event
User-Agent: PolycomVVX-VVX_411-UA/5.7.0.11768_64167f0887b1
Accept-Language: en-us,en;q=0.9
Accept: application/x-as-feature-event+xml
Authorization: Digest username="5203185207", realm="meta01.voip.prosvc.biz", nonce="f6f156e30f6c", qop=auth, cnonce="aEmJcdVESfKZ/K7", nc=00000002, uri="sip:bdbccb34dadf230645da907d89b1cf2a@69.9.0.10:5060", response="8ae8056c719be37212d72da0dfe9b0f4", algorithm=MD5
Max-Forwards: 70
Expires: 3600
Content-Length: 0

 

Currently we're seeing about 150 SUBSCRIBE messages spawning 401 Unauthorized responses per 15 minutes.  The config of my personal phone 

Message 1 of 3
0 Kudos
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
cwallace-ena
Advisor
‎12-19-2019 03:13 PM
‎12-19-2019 03:13 PM

Re: VVX 411's in Metaswitch environment flooding SUBSCRIBE spawning 401 Unauthorized responses

This typically happens if you have monitored extensions setup on the phone and the Line State Monitoring feature on the Metaswitch subscriber line is not enabled.

I have also seen this when a second line on the Polycom is configured but it is the same number and line 1. IE: rather than just creating a second line key appearance for line 1, the user creates a whole new line configuration for line 1 which duplicates the existing line 1 configuration.

View solution in original post

Message 2 of 3
Reply
2 REPLIES 2
cwallace-ena
Advisor
‎12-19-2019 03:13 PM
‎12-19-2019 03:13 PM

Re: VVX 411's in Metaswitch environment flooding SUBSCRIBE spawning 401 Unauthorized responses

This typically happens if you have monitored extensions setup on the phone and the Line State Monitoring feature on the Metaswitch subscriber line is not enabled.

I have also seen this when a second line on the Polycom is configured but it is the same number and line 1. IE: rather than just creating a second line key appearance for line 1, the user creates a whole new line configuration for line 1 which duplicates the existing line 1 configuration.
Message 2 of 3
Reply
gfcornely
Occasional Visitor
‎12-19-2019 04:04 PM
‎12-19-2019 04:04 PM

Re: VVX 411's in Metaswitch environment flooding SUBSCRIBE spawning 401 Unauthorized responses

I also as I dug deeper discovered a DOS attack at the same time so combined this overwhelmed my SAS.  

 

Thank you tho for your insight.  I think I need to audit all the monitored items and just make sure I'm frugal..  ;)

Message 3 of 3
0 Kudos
Reply