| Product Category | UCaaS |
|---|---|
| Product Family | Evolve Office Seat |
| Trouble Type | 403 Lock Out |
| Support Tier | Triage |
| Last Updated | 08/30/2019 |
In Rel20sp1, we have a new feature available that allows us to set lockouts when a user's SIP authentication is received incorrectly by Broadsoft.
SIP Authentication Rules
We can set rules to make sure that SIP auth passwords are always secure. After a password is attempted incorrectly, it is logged and temporarily locked out. After too many attempts, it will be permanently locked out and require voice engineering to unlock the user.
How to determine a user is locked out
There are 3 ways to determine if a user is locked out.
Registration SIP messages
When a user is locked out, Broadsoft will respond to the user's registration attempts with a 403 Locked Out message
We have also found that if the polycom has the lync profile, it will cause the phone to be locked out as well.
It looks like the image below, and can be fixed following Polycom VVX Phones and Microsoft Lync Troubleshooting
Resolution
Before requesting the user be unlocked, the registration issue MUST be resolved. Use palladion registrations to try to find the device with the bad SIP auth credentials. The lockout will clear occasionally so you may not need the lockout cleared by VE.
Data to send to VE
- Ticket #
- please take 30 seconds with each lockout and add a note in the ticket as to WHY it was locked out so we can fix this process.
- Userid
- line/port
- Platform /enterprise / group
- Have you checked for multiple registrations in Palladion?
- Look at the registrations in palladion for that user. If you look at the registration itself, the line User Agent contains MAC. Confirm there is only 1 attempting.
- IF there are more than 1 MAC attempting, make sure the configs on TFTP are correct ( they should NOT both have the same phone data) locate the wrong device and disconnect it.
- Next confirm that MAC is the one the customer is rebooting.
- Check the TFTP logs to make sure its grabbing its config successfully.
- passwords updated?
- Phone rebooted? DMS phones that have been rebuilt will need to be factory defaulted
If everything has been completed, then send the info up to VE to unlock. Without fixing the actual issue, the phone will NOT remain unlocked.