Cisco endpoints troubleshooting

This article covers the following Cisco endpoint issues:

Cisco CE9.10.x or later firmware unable to be activated using the Activate Endpoint app

If you see the error below while using the Activate Endpoint app to activate (sometimes referred to as provisioning) a Cisco endpoint running CE9.10.x firmware or later, please go to https://pexip.me/download and install the latest version of the app, and then re-run the activation. This error was caused by an out of date root CA certificate and has been fixed in the latest version of the app.

Cisco endpoints report activation failure with CE9.3.x or later

If you see this error while using the Activate Endpoint app to activate a Cisco endpoint running CE9.3.x firmware or newer, you can ignore it because it's a false error. The endpoint has been successfully activated for use with the Pexip Service as per the subscription template and can be used as normal to initiate and receive calls.

This is fixed in the latest version of the Activate Endpoint app which is available here: https://pexip.me/download.

Content sharing unreliable with firewall default UDP session timeout value

It has been observed in several Enterprise network environments that purpose-built video endpoint systems from Cisco Systems and Poly registered to the Pexip Service may experience unreliable content sharing behavior. This behavior may include an inability to receive or initiate content share soon after the video call is connected, either to a video bridge or in a point-to-point call. In many cases the content share capability is initially found to behave as expected, but then changes to the unreliable state within a short period of time. A list of compatible Cisco Systems and Poly endpoint models which can be registered to the Pexip Service can be found here.

The common element to these Enterprise network environments may be the presence of a Palo Alto Networks Firewall. After working alongside Palo Alto Networks Technical Support, the problem was traced to a requirement to increase the value of the UDP session timeout setting on the Palo Alto Networks Firewall. Video endpoints registered to the Pexip Service use SIP (Session Initiation Protocol) as the signaling protocol, and the content share channel is negotiated via SIP BFCP (Binary Floor Control Protocol), which is UDP-based. It was observed that the two-way BFCP communications between the video endpoint to the Pexip Service was being closed prematurely when the default UDP session timer of 30 seconds is used.

Pexip's recommendations when Palo Alto Networks or SonicWall firewalls are present are:

  • Ensure that the firewall can accommodate all the traffic types and port ranges to/from the IP address spaces shown here.
  • Increase the UDP session timeout from the default 30 second value to 600 seconds for UDP port range 10000-65535.
  • Disable the "Application Filtering" setting on the Firewall, which may be called SIP-ALG.

For firewalls from other vendors we recommend that you:

  • Increase the UDP session timeout to 180 seconds for UDP port range 10000-65535.

Migrate a DX device to CE software with the Cloud Upgrader tool

If you need to upgrade from CUCM to CE software follow the instructions on page 10 in this guide from Cisco.

Resetting factory defaults on EX series endpoints

The EX system can be factory reset in three different ways:

  • By issuing the xAPI command: xcommand systemunit FactoryReset Confirm: Yes
  • Via the Touch panel: Settings/Administrator Settings/Reset/Factory Reset

  • By using the power button:

    1. Unplug power cable.
    2. Replug power cable.
    3. Immediately when the green led in the bottom left corner lights up, press and hold the power button for 10 seconds (the led will turn off), until the green led lights up again.
    4. Push the power button twice within two seconds (two short pushes).

Hostname list is full

When the endpoint's hostname list is full you can get this message:

ERROR method="addHostnameToList": "Failed to add hostname with:" "{"error":"Need to add hostname but allow list is at limit it's limit of 10. Remove an entry from the allow list and try again"}"

If you connect to your endpoint via SSH, you can use the following commands to help resolve the issue:

  • Check the list of allowed hostnames (maximum is usually 10): xcommand httpclient allow hostname list
  • Clear the entire list: xcommand httpclient allow hostname clear
  • Remove an item from the list: xCommand HttpClient Allow Hostname Remove Id: <id of an entry in the list>