ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Yealink T4XG phones will not talk to FreePBX 14 over HTTPS

    Scheduled Pinned Locked Moved IT Discussion
    yealinkyealink t46gfreepbx 14
    61 Posts 10 Posters 8.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JaredBuschJ
      JaredBusch
      last edited by

      looking for the logs, I cannot find anything. when a valid system hits, I can see it in access_log.

      The ssl_error log is empty and has been since 2016.

      The only thing I see in access_log is repeated timeouts when I tell the phone to provision with https

      64.53.188.39 - - [06/Oct/2017:10:29:17 -0500] "-" 408 - "-" "-"
      64.53.188.39 - - [06/Oct/2017:10:29:46 -0500] "-" 408 - "-" "-"
      64.53.188.39 - - [06/Oct/2017:10:30:16 -0500] "-" 408 - "-" "-"
      64.53.188.39 - - [06/Oct/2017:10:30:45 -0500] "-" 408 - "-" "-"
      
      
      1 Reply Last reply Reply Quote 0
      • JaredBuschJ
        JaredBusch
        last edited by

        [root@pbx ~]# ls -l /var/log/httpd
        total 46104
        -rw-r--r--  1 root root  6784013 Oct  6 10:31 access_log
        -rw-r--r--  1 root root   101243 Sep 11 03:24 access_log-20170911
        -rw-r--r--  1 root root   908614 Sep 17 03:23 access_log-20170917
        -rw-r--r--  1 root root  1014085 Sep 25 09:25 access_log-20170925
        -rw-r--r--  1 root root 38078761 Oct  1 03:37 access_log-20171001
        -rw-r--r--  1 root root     2742 Oct  5 10:05 error_log
        -rw-r--r--  1 root root    12883 Sep 11 03:47 error_log-20170911
        -rw-r--r--  1 root root     8360 Sep 17 06:59 error_log-20170917
        -rw-r--r--  1 root root     3305 Sep 25 09:29 error_log-20170925
        -rw-r--r--  1 root root     1587 Oct  1 03:37 error_log-20171001
        -rw-r--r--  1 root root        0 Oct 16  2016 ssl_access_log
        -rw-r--r--. 1 root root    21393 Oct  2  2016 ssl_access_log-20161002
        -rw-r--r--  1 root root    59064 Oct  9  2016 ssl_access_log-20161009
        -rw-r--r--  1 root root     8669 Oct 10  2016 ssl_access_log-20161016
        -rw-r--r--  1 root root        0 Oct 16  2016 ssl_error_log
        -rw-r--r--. 1 root root    10997 Oct  2  2016 ssl_error_log-20161002
        -rw-r--r--  1 root root    14011 Oct  9  2016 ssl_error_log-20161009
        -rw-r--r--  1 root root     1947 Oct 10  2016 ssl_error_log-20161016
        -rw-r--r--  1 root root        0 Oct 16  2016 ssl_request_log
        -rw-r--r--. 1 root root    23391 Oct  2  2016 ssl_request_log-20161002
        -rw-r--r--  1 root root    69536 Oct  9  2016 ssl_request_log-20161009
        -rw-r--r--  1 root root     9621 Oct 10  2016 ssl_request_log-20161016
        
        1 Reply Last reply Reply Quote 0
        • JaredBuschJ
          JaredBusch
          last edited by

          I change the autoprovision to http://pbx.domain.com:84

          and boom.

          64.53.188.39 - - [06/Oct/2017:10:40:56 -0500] "GET /001565649346.boot HTTP/1.1" 404 215 "-" "Yealink SIP-T46G 28.82.0.20 00:15:65:64:93:46"
          64.53.188.39 - - [06/Oct/2017:10:40:56 -0500] "GET /y000000000000.boot HTTP/1.1" 404 216 "-" "Yealink SIP-T46G 28.82.0.20 00:15:65:64:93:46"
          64.53.188.39 - - [06/Oct/2017:10:40:56 -0500] "GET /y000000000028.cfg HTTP/1.1" 200 10433 "-" "Yealink SIP-T46G 28.82.0.20 00:15:65:64:93:46"
          64.53.188.39 - - [06/Oct/2017:10:40:58 -0500] "GET /T46-28.82.0.20.rom HTTP/1.1" 200 23234624 "-" "Yealink SIP-T46G 28.82.0.20 00:15:65:64:93:46"
          64.53.188.39 - - [06/Oct/2017:10:41:02 -0500] "GET /001565649346.cfg HTTP/1.1" 200 4421 "-" "Yealink SIP-T46G 28.82.0.20 00:15:65:64:93:46"
          
          syko24S 1 Reply Last reply Reply Quote 0
          • syko24S
            syko24 @JaredBusch
            last edited by

            @jaredbusch - Not sure if this is related but something I found interesting with my T46S phones are that when I autoprovision them using https they revert back to http. I am using option 66 and point to https://pbx.domain.com:1443. The phones provision fine but when I log into the phone the address under autoprovision is http://pbx.domain.com:83. I am using the endpoint manager module for configuration.

            JaredBuschJ 1 Reply Last reply Reply Quote 0
            • JaredBuschJ
              JaredBusch @syko24
              last edited by

              @syko24 said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:

              @jaredbusch - Not sure if this is related but something I found interesting with my T46S phones are that when I autoprovision them using https they revert back to http. I am using option 66 and point to https://pbx.domain.com:1443. The phones provision fine but when I log into the phone the address under autoprovision is http://pbx.domain.com:83. I am using the endpoint manager module for configuration.

              You get that because that is what Enpoint Manager puts in the config file.

              You have to force it to not do that.

              1 Reply Last reply Reply Quote 0
              • JaredBuschJ
                JaredBusch
                last edited by JaredBusch

                @syko24
                The Endpoint Manager puts this in the basefile for Yealink phones.
                0_1507308604327_bea90b16-0c8e-4952-80a4-4d8bca56c173-image.png

                So you need to manually override that, or find where that variable gets set to make it use https instead.

                syko24S 1 Reply Last reply Reply Quote 0
                • syko24S
                  syko24 @JaredBusch
                  last edited by

                  @jaredbusch said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:

                  @syko24
                  The Endpoint Manager puts this in the basefile for Yealink phones.
                  0_1507308604327_bea90b16-0c8e-4952-80a4-4d8bca56c173-image.png

                  So you need to manually override that, or find where that variable gets set to make it use https instead.

                  So I would need to select custom under Provision Server Address and enter https://pbx.domain.com:1443 ?

                  0_1507318682880_image13.png

                  JaredBuschJ 1 Reply Last reply Reply Quote 0
                  • JaredBuschJ
                    JaredBusch @syko24
                    last edited by JaredBusch

                    @syko24 said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:

                    @jaredbusch said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:

                    @syko24
                    The Endpoint Manager puts this in the basefile for Yealink phones.
                    0_1507308604327_bea90b16-0c8e-4952-80a4-4d8bca56c173-image.png

                    So you need to manually override that, or find where that variable gets set to make it use https instead.

                    So I would need to select custom under Provision Server Address and enter https://pbx.domain.com:1443 ?

                    0_1507318682880_image13.png

                    Well you could probably do HTTP and disable http in SysAdmin -> port management.

                    Then see what it puts in the file.

                    1 Reply Last reply Reply Quote 0
                    • JaredBuschJ
                      JaredBusch
                      last edited by

                      @syko24 ah, here it is.. Assuming you have SysAdmin pro

                      0_1507321373826_f8ebe664-a17a-4444-8dd2-ffaa477449cd-image.png

                      1 Reply Last reply Reply Quote 0
                      • JaredBuschJ
                        JaredBusch
                        last edited by

                        No good answer from the FreePBX community.

                        The COO tried to help, but another community member was less than helpful.

                        I also posted on the Yealink community, but have no answer yet.
                        http://forum.yealink.com/forum/showthread.php?tid=41194

                        1 Reply Last reply Reply Quote 1
                        • JaredBuschJ
                          JaredBusch
                          last edited by

                          Neither thread has a response worth anything.

                          This is getting annoying as fuck.

                          I suspect that a W52/W56 will also not work. I do not have one to test, but I was helping someone setup a W52 a month ago and it would not autoprovision. I was in a hurry and moved on doing that phone manually. I bet this was the problem.

                          1 Reply Last reply Reply Quote 0
                          • brianlittlejohnB
                            brianlittlejohn
                            last edited by

                            So, my T46G at my house will provision over https to FreePBX 14.

                            JaredBuschJ 1 Reply Last reply Reply Quote 0
                            • JaredBuschJ
                              JaredBusch @brianlittlejohn
                              last edited by

                              @brianlittlejohn said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:

                              So, my T46G at my house will provision over https to FreePBX 14.

                              I need a whole lot more information on this as I have tested wit multiple systems.

                              1 Reply Last reply Reply Quote 0
                              • JaredBuschJ
                                JaredBusch
                                last edited by

                                Update: FreePBX devs have been trying to help a little, but this is not a priority to them.

                                I am at a loss for where to troubleshoot next. I modified the ssl.conf to write to a dedicated log file and all was good, but still no new info. All it ever does is show HTTP error 408 in the ssl_access log. The ssl_error log never has anything.

                                Getting the log from a Yealink T42G phone I see this.

                                Phone talking to FreePBX 13:

                                <134>Oct  8 03:48:37 ATP [1022]: ATP <6+info  > Upgrade from com.cfg
                                <134>Oct  8 03:48:37 LIBD[1022]: DCMN<6+info  > Connecting pbx.domain.com:1443
                                <134>Oct  8 03:48:37 LIBD[1022]: DCMN<6+info  > Connecting IP = 45.XXX.XXX.XXX, Port = 1443
                                <134>Oct  8 03:48:37 LIBD[1022]: DCMN<6+info  > ssl cipher num is 18
                                <134>Oct  8 03:48:37 LIBD[1022]: DCMN<6+info  > SSL_connect (read done)
                                <134>Oct  8 03:48:38 LIBD[1022]: DCMN<6+info  > SSL_connect (read done)
                                <134>Oct  8 03:48:38 LIBD[1022]: HTTP<6+info  > Request Line: GET /y000000000029.cfg HTTP/1.1
                                <134>Oct  8 03:48:38 LIBD[1022]: HTTP<6+info  > Host: pbx.domain.com:1443
                                <134>Oct  8 03:48:38 LIBD[1022]: HTTP<6+info  > User-Agent: Yealink SIP-T42G 29.82.0.20 00:15:65:65:xx:xx
                                <134>Oct  8 03:48:38 LIBD[1022]: HTTP<6+info  > process response
                                <133>Oct  8 03:48:38 LIBD[1022]: HTTP<5+notice> response code: 200
                                <134>Oct  8 03:48:38 LIBD[1022]: HTTP<6+info  > Content-Length: 12129
                                <134>Oct  8 03:48:38 LIBD[1022]: HTTP<6+info  > connection: close
                                <133>Oct  8 03:48:38 LIBD[1022]: HTTP<5+notice> response process finish!
                                <133>Oct  8 03:48:38 LIBD[1022]: HTTP<5+notice> recv : 12129 bytes
                                <134>Oct  8 03:48:38 ATP [1022]: ATP <6+info  > need_cmp_md5=1
                                <134>Oct  8 03:48:38 ATP [1022]: ATP <6+info  > cfg md5 same!
                                <132>Oct  8 03:48:38 ATP [1022]: ATP <4+warnin> error: phone_setting.inactive_backlight_level
                                <134>Oct  8 03:48:38 ATP [1022]: ATP <6+info  > skip item<phone_setting.inactive_backlight_level>
                                <134>Oct  8 03:48:38 ATP [1022]: ATP <6+info  > parse item finish 
                                

                                Phone Talking to FreePBX 14:

                                <134>Oct  8 03:33:08 ATP [780]: ATP <6+info  > Upgrade from mac.boot
                                <134>Oct  8 03:33:08 LIBD[780]: DCMN<6+info  > Connecting pbx.domain.com:1443
                                <134>Oct  8 03:33:08 LIBD[780]: DCMN<6+info  > Connecting IP = 107.XXX.XXX.XXX, Port = 1443
                                <134>Oct  8 03:33:08 LIBD[780]: DCMN<6+info  > SSL_connect (read done)
                                <134>Oct  8 03:33:08 Log [900]: WEB <6+info  > URI: /servlet?p=settings-autop&q=result&Rajax=0.09716529952707398
                                <134>Oct  8 03:33:08 Log [900]: ETLL<6+info  > mkit_call failed! src[0x000c72a8] name[__h900] tar[0xc4098f94] name[autoServer] msg[0x00030206] ret[-1] size[0]
                                <134>Oct  8 03:33:08 Log [900]: WEB <6+info  > Partition free(byte): /tmp/ [104325120], /config/ [90112], /data/ [90112]
                                <134>Oct  8 03:33:13 Log [900]: ETLL<6+info  > mkit_call failed! src[0x000c72a8] name[__h900] tar[0xc4098f94] name[autoServer] msg[0x00030206] ret[-1] size[0]
                                <134>Oct  8 03:33:13 Log [900]: WEB <6+info  > URI: /servlet?p=settings-autop&q=result&Rajax=0.8728236330210573
                                <134>Oct  8 03:33:13 Log [900]: WEB <6+info  > Partition free(byte): /tmp/ [104321024], /config/ [90112], /data/ [90112]
                                <134>Oct  8 03:33:18 Log [900]: WEB <6+info  > URI: /servlet?p=settings-autop&q=result&Rajax=0.649367081619797
                                <134>Oct  8 03:33:18 Log [900]: WEB <6+info  > Partition free(byte): /tmp/ [104316928], /config/ [90112], /data/ [90112]
                                <134>Oct  8 03:33:18 Log [900]: ETLL<6+info  > mkit_call failed! src[0x000c72a8] name[__h900] tar[0xc4098f94] name[autoServer] msg[0x00030206] ret[-1] size[0]
                                <134>Oct  8 03:33:23 Log [900]: WEB <6+info  > URI: /servlet?p=settings-autop&q=result&Rajax=0.6691534391904461
                                <134>Oct  8 03:33:23 Log [900]: ETLL<6+info  > mkit_call failed! src[0x000c72a8] name[__h900] tar[0xc4098f94] name[autoServer] msg[0x00030206] ret[-1] size[0]
                                <134>Oct  8 03:33:23 Log [900]: WEB <6+info  > Partition free(byte): /tmp/ [104316928], /config/ [90112], /data/ [90112]
                                <134>Oct  8 03:33:28 Log [900]: WEB <6+info  > URI: /servlet?p=settings-autop&q=result&Rajax=0.14837767361288257
                                <134>Oct  8 03:33:28 Log [900]: ETLL<6+info  > mkit_call failed! src[0x000c72a8] name[__h900] tar[0xc4098f94] name[autoServer] msg[0x00030206] ret[-1] size[0]
                                <134>Oct  8 03:33:28 Log [900]: WEB <6+info  > Partition free(byte): /tmp/ [104312832], /config/ [90112], /data/ [90112]
                                <134>Oct  8 03:33:33 Log [900]: WEB <6+info  > URI: /servlet?p=settings-autop&q=result&Rajax=0.9179317121887864
                                <134>Oct  8 03:33:33 Log [900]: WEB <6+info  > Partition free(byte): /tmp/ [104288256], /config/ [90112], /data/ [90112]
                                <134>Oct  8 03:33:33 Log [900]: ETLL<6+info  > mkit_call failed! src[0x000c72a8] name[__h900] tar[0xc4098f94] name[autoServer] msg[0x00030206] ret[-1] size[0]
                                <134>Oct  8 03:33:37 LIBD[780]: DCMN<6+info  > SSL_connect write/read error
                                <131>Oct  8 03:33:37 LIBD[780]: HTTP<3+error > Connect Error
                                <131>Oct  8 03:33:37 ATP [780]: ATP <3+error > https to file failed, code = -3, msg = Connect Failed, retry = 1
                                <134>Oct  8 03:33:37 ATP [780]: ATP <6+info  > Wait 0 second to next file transfer!
                                

                                Notice that the initial connection never completes when talking to FreePBX 14. The phone never gets a cipher like it did with FreePBX 13. This line: <134>Oct 8 03:48:37 LIBD[1022]: DCMN<6+info > ssl cipher num is 18

                                1 Reply Last reply Reply Quote 0
                                • JaredBuschJ
                                  JaredBusch
                                  last edited by

                                  ssl.conf is identical between 13 and 14.

                                  Obviously openssl is not because one is CentOS 6 based and the other is CentOS 7 based.

                                  But I have no idea how to move forward.

                                  bigbearB 1 Reply Last reply Reply Quote 0
                                  • bigbearB
                                    bigbear @JaredBusch
                                    last edited by

                                    @jaredbusch said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:

                                    ssl.conf is identical between 13 and 14.

                                    Obviously openssl is not because one is CentOS 6 based and the other is CentOS 7 based.

                                    But I have no idea how to move forward.

                                    Was about to volunteer to test with a couple T46 units I have but it appears you are well beyond that now.

                                    1 Reply Last reply Reply Quote 0
                                    • brianlittlejohnB
                                      brianlittlejohn
                                      last edited by

                                      What information do you need?

                                      JaredBuschJ 1 Reply Last reply Reply Quote 0
                                      • JaredBuschJ
                                        JaredBusch @brianlittlejohn
                                        last edited by

                                        @brianlittlejohn said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:

                                        What information do you need?

                                        First would be to determine how you got your SSL cert and that it is setup like mine.

                                        Then to confirm the models and firmware levels.

                                        Finally, the best thing would be to drop to an offline conversation and have you whitelist my IP and let me point my phone to your system to confirm your stated behavior.

                                        brianlittlejohnB 1 Reply Last reply Reply Quote 0
                                        • brianlittlejohnB
                                          brianlittlejohn @JaredBusch
                                          last edited by

                                          @jaredbusch said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:

                                          @brianlittlejohn said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:

                                          What information do you need?

                                          First would be to determine how you got your SSL cert and that it is setup like mine.

                                          Then to confirm the models and firmware levels.

                                          Finally, the best thing would be to drop to an offline conversation and have you whitelist my IP and let me point my phone to your system to confirm your stated behavior.

                                          I used a GoDaddy Certificate, installed through certificate manager and sysadmin module.

                                          Phone is Yealink T46G
                                          Firmware Version 28.81.0.110
                                          Hardware Version 28.2.0.128.0.0.0

                                          FreePBX Version Info
                                          -Current PBX Version: 14.0.1.14
                                          -Current System Version: 12.7.3-1708-1.sng7

                                          JaredBuschJ 1 Reply Last reply Reply Quote 0
                                          • JaredBuschJ
                                            JaredBusch @brianlittlejohn
                                            last edited by JaredBusch

                                            @brianlittlejohn said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:

                                            @jaredbusch said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:

                                            @brianlittlejohn said in Yealink T4XG phones will not talk to FreePBX 14 over HTTPS:

                                            What information do you need?

                                            First would be to determine how you got your SSL cert and that it is setup like mine.

                                            Then to confirm the models and firmware levels.

                                            Finally, the best thing would be to drop to an offline conversation and have you whitelist my IP and let me point my phone to your system to confirm your stated behavior.

                                            I used a GoDaddy Certificate, installed through certificate manager and sysadmin module.

                                            Phone is Yealink T46G
                                            Firmware Version 28.81.0.110
                                            Hardware Version 28.2.0.128.0.0.0

                                            FreePBX Version Info
                                            -Current PBX Version: 14.0.1.14
                                            -Current System Version: 12.7.3-1708-1.sng7

                                            That is not the same process. I used Let's Encrypt. This is good It may narrow the issue to the LE process.

                                            Also did you remove the self signed and set GoDaddy as Default?

                                            Like this:
                                            0_1508509614335_402c504c-5e1d-4755-be63-8972bb7641bc-image.png

                                            brianlittlejohnB 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 2 / 4
                                            • First post
                                              Last post