Users phone keeps getting logged off
This article is related to a trouble case where we had a user who's Avaya 9600 series phone was continuously being logged out
Details

In this case, a user at extension 2114 reported that her extension would log itself off from time to time with a message on her display saying "extension in use".

Problem Clarification

Another IP phone had been left with extension 2114 as the login and password had been retained in the memory of the phone. Other indications could be a denial "event=1934" which is the denial event generated when a phone tries to register as an extension that has already been assigned. Here, we can grep the log that coincided with the time of the occurrence:

avaya-cm01> grep event=1934 2020-1015-094203.log

20201015:094300619:12306702:capro(2526):MED:[ DENYEVT ERR event=1934 d1=9f47 d2=10.21.31.72]

20201015:095414003:12307394:capro(2526):MED:[ DENYEVT ERR event=1934 d1=9e63 d2=10.21.32.60]

20201015:095651187:12307511:capro(2526):MED:[ DENYEVT ERR event=1934 d1=9f5b d2=10.21.36.168]

20201015:095957983:12307741:capro(2526):MED:[ DENYEVT ERR event=1934 d1=9db8 d2=10.21.31.58]

20201015:100045808:12307775:capro(2526):MED:[ DENYEVT ERR event=1934 d1=a021 d2=10.21.30.79]

20201015:100301029:12307927:capro(2526):MED:[ DENYEVT ERR event=1934 d1=9f47 d2=10.21.31.72]

20201015:101414476:12308653:capro(2526):MED:[ DENYEVT ERR event=1934 d1=9e63 d2=10.21.32.60]


From the 5 repeat offending IP Addresses from the output, one of them will be our offending device, but which one?

Solution

To Quickly determine the IP Address of the Offending device, at the CM bash, use the command:

avaya-cm01> sudo logc lxsys | grep 'ext= 2114' > ~/extension2114.txt

This will create a text file in the dadmin user directory, that we can then grep for the date of the report:

avaya-cm01> grep 20201015 extension2114.txt | awk '{print $10, $13}'

2114 net_reg=

2114 net_reg=

2114 ip=10.21.30.79;

2114 net_reg=

2114 net_reg=

2114 ip=10.21.31.51;

avaya-cm01>

In this particular case, the actual user was using a device with the IP Address of 10.21.31.51. The IP Address and MAC Address can be determined with the SAT command: status station xxxx when we verify that the user is logged on with the actual device to be used, when the status is checked.

While not necessary, we can verify that we have found the offending device IP. If we go back to the output from the grep of the log file, and observe the d1=(value) that lines up with the d2=10.21.30.79

20201015:100045808:12307775:capro(2526):MED:[ DENYEVT ERR event=1934 d1=a021 d2=10.21.30.79]

Here we find "a021"

For this particular denial event, data 1 is the UID of the extension in contention. If we use the SAT command: display internal-data ext-map xxxx, we can see that the UID from d1 matches our extension:
Was this article helpful?
Cancel
Thank you!