Asterisk ignore WWW-Authenticate

I have a trunk which stopped to register yesterday. In the package dump I can see that the request REGISTER is sent, then there is the answer 401 Unauthorized. After that my Asterisk should send one more request with the field “Authorization”, but is my case it just sends one more REGISTER without that field, and answers 401…
How can I fix it?

Configure a secret for Asterisk to send. The only reason it wouldn’t respond to 401 would be if it didn’t know how to (that might also happen if it was requested to use something other than basic authentication).

This should have been asked on Asterisk Support.

U 193.105.XXX.X:5060 -> 109.106.YYY.YY:5060
REGISTER sip:zorro.kvant-telecom.ru SIP/2.0.
Via: SIP/2.0/UDP 193.105.XXX.X:5060;branch=z9hG4bK066c2bf3.
Max-Forwards: 70.
From: sip:74742XXYYZZ@zorro.kvant-telecom.ru;tag=as255623d8.
To: sip:74742XXYYZZ@zorro.kvant-telecom.ru.
Call-ID: 26cf2e090b25081f2ca7d1c14787fdc5@127.0.1.1.
CSeq: 791 REGISTER.
User-Agent: FPBX-2.10.0(1.8.4.4).
Expires: 120.
Contact: sip:74742XXYYZZ@193.105.XXX.X:5060.
Content-Length: 0.
.

U 109.106.YYY.YY:5060 -> 193.105.XXX.X:5060
SIP/2.0 401 Unauthorized.
Via: SIP/2.0/UDP 193.105.XXX.X:5060;branch=z9hG4bK066c2bf3;rport=5060.
From: sip:74742XXYYZZ@zorro.kvant-telecom.ru;tag=as255623d8.
To: sip:74742XXYYZZ@zorro.kvant-telecom.ru;tag=1c2882143f0a49e146456ea6b00920ab.8724.
Call-ID: 26cf2e090b25081f2ca7d1c14787fdc5@127.0.1.1.
CSeq: 791 REGISTER.
WWW-Authenticate: Digest realm=“zorro.kvant-telecom.ru”, nonce=“UokeAFKJHNQzhHNyTypPi4weCaTyZhVt”.
Server: kamailio (3.1.1 (x86_64/linux)).
Content-Length: 0.
.

U 193.105.XXX.X:5060 -> 109.106.YYY.YY:5060
REGISTER sip:zorro.kvant-telecom.ru SIP/2.0.
Via: SIP/2.0/UDP 193.105.XXX.X:5060;branch=z9hG4bK066c2bf3.
Max-Forwards: 70.
From: sip:74742XXYYZZ@zorro.kvant-telecom.ru;tag=as255623d8.
To: sip:74742XXYYZZ@zorro.kvant-telecom.ru.
Call-ID: 26cf2e090b25081f2ca7d1c14787fdc5@127.0.1.1.
CSeq: 791 REGISTER.
User-Agent: FPBX-2.10.0(1.8.4.4).
Expires: 120.
Contact: sip:74742XXYYZZ@193.105.XXX.X:5060.
Content-Length: 0.
.

U 109.106.YYY.YY:5060 -> 193.105.XXX.X:5060
SIP/2.0 401 Unauthorized.
Via: SIP/2.0/UDP 193.105.XXX.X:5060;branch=z9hG4bK066c2bf3;rport=5060.
From: sip:74742XXYYZZ@zorro.kvant-telecom.ru;tag=as255623d8.
To: sip:74742XXYYZZ@zorro.kvant-telecom.ru;tag=1c2882143f0a49e146456ea6b00920ab.8724.
Call-ID: 26cf2e090b25081f2ca7d1c14787fdc5@127.0.1.1.
CSeq: 791 REGISTER.
WWW-Authenticate: Digest realm=“zorro.kvant-telecom.ru”, nonce=“UokeAlKJHNbd63HZaItIk145+E6EwYjm”.
Server: kamailio (3.1.1 (x86_64/linux)).
Content-Length: 0.

This is my register string:
74742XXYYZZ:ThisIaALongPassword@zorro.kvant-telecom.ru/74742XXYYZZ

and trunk settings:

username=74742XXYYZZ
type=peer
secret=ThisIaALongPassword
qualify=no
insecure=invite
host=zorro.kvant-telecom.ru
fromuser=74742XXYYZZ
fromdomain=zorro.kvant-telecom.ru
disallow=all
canreinvite=no
allow=alaw&ulaw
pedantic=yes
registertrying=yes

If you are using the canreinvite option it look as you are using an old version of Asterisk. And as said David55 viewtopic.php?f=1&t=88527

[quote]
Not related to your current problem, canreinvite is deprecated, and may even be non-functional in the latest versions, and, more importantly, you have an invalid combination of options from a security point of view. insecure=invite is incompatible with host=ip and the configuring of secret on the peer; the secret will never be used. The chances are that insecure=port is not benefiting you, either.

Unfortunately, because making things secure can make misconfigurations more obvious, most cookbook configurations seem to include “insecure=port, invite”, or the, obsolete, equivalent, “very”. However, the name, “insecure”, was supposed to warn you that this option reduces security and should only be used if you understand what it does and why you need it.[/quote]