Asterisk keep saying AOR '' not found

Asterisk Asterisk SIP
1

Good morning,

I’m setting up an asterisk server on ubuntu 24 using PJSIP, but I’m facing a problem that I can’t understand :

I’ve set "pjsip set logger on "
Each time a user try to register the asterisk console keep saying :



PJSIP Logging enabled

<--- Received SIP request (740 bytes) from UDP:10.10.10.249:57656 --->

REGISTER sip:192.255.255.251;transport=UDP SIP/2.0

Via: SIP/2.0/UDP 10.10.10.249:57656;branch=z9hG4bK-524287-1---a4965a221872255f;rport

Max-Forwards: 70

Contact: <sip:vromain_endpoint@10.10.10.249:57656;rinstance=11419768bdec1fbb;transport=UDP>

To: <sip:vromain_endpoint@192.255.255.251;transport=UDP>

From: <sip:vromain_endpoint@192.255.255.251;transport=UDP>;tag=caf63217

Call-ID: hrRxLnS3O7emPXPjeTM9Ag..

CSeq: 1 REGISTER

Expires: 60

Allow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, MESSAGE, OPTIONS, INFO, SUBSCRIBE

Supported: replaces, norefersub, extended-refer, timer, sec-agree, outbound, path, X-cisco-serviceuri

User-Agent: Z 5.5.15 v2.10.19.5

Allow-Events: presence, kpml, talk, as-feature-event

Content-Length: 0

<--- Transmitting SIP response (533 bytes) to UDP:10.10.10.249:57656 --->

SIP/2.0 401 Unauthorized

Via: SIP/2.0/UDP 10.10.10.249:57656;rport=57656;received=10.10.10.249;branch=z9hG4bK-524287-1---a4965a221872255f

Call-ID: hrRxLnS3O7emPXPjeTM9Ag..

From: <sip:vromain_endpoint@192.255.255.251>;tag=caf63217

To: <sip:vromain_endpoint@192.255.255.251>;tag=z9hG4bK-524287-1---a4965a221872255f

CSeq: 1 REGISTER

WWW-Authenticate: Digest realm="asterisk",nonce="1725111052/dd76d89ae075212458209e6c132925bd",opaque="5f91c66f76ffcf79",algorithm=MD5,qop="auth"

Server: Asterisk PBX 20.9.2

Content-Length: 0

<--- Received SIP request (1038 bytes) from UDP:10.10.10.249:57656 --->

REGISTER sip:192.255.255.251;transport=UDP SIP/2.0

Via: SIP/2.0/UDP 10.10.10.249:57656;branch=z9hG4bK-524287-1---42cbe424caa14219;rport

Max-Forwards: 70

Contact: <sip:vromain_endpoint@10.10.10.249:57656;rinstance=11419768bdec1fbb;transport=UDP>

To: <sip:vromain_endpoint@192.255.255.251;transport=UDP>

From: <sip:vromain_endpoint@192.255.255.251;transport=UDP>;tag=caf63217

Call-ID: hrRxLnS3O7emPXPjeTM9Ag..

CSeq: 2 REGISTER

Expires: 60

Allow: INVITE, ACK, CANCEL, BYE, NOTIFY, REFER, MESSAGE, OPTIONS, INFO, SUBSCRIBE

Supported: replaces, norefersub, extended-refer, timer, sec-agree, outbound, path, X-cisco-serviceuri

User-Agent: Z 5.5.15 v2.10.19.5

Authorization: Digest username="vromain",realm="asterisk",nonce="1725111052/dd76d89ae075212458209e6c132925bd",uri="sip:192.255.255.251;transport=UDP",response="0d1685885c15f52c2a082c39ce4d4648",cnonce="4cad997cf1ee8ac294202cfdcbc72770",nc=00000001,qop=auth,algorithm=MD5,opaque="5f91c66f76ffcf79"

Allow-Events: presence, kpml, talk, as-feature-event

Content-Length: 0

<--- Transmitting SIP response (384 bytes) to UDP:10.10.10.249:57656 --->

SIP/2.0 404 Not Found

Via: SIP/2.0/UDP 10.10.10.249:57656;rport=57656;received=10.10.10.249;branch=z9hG4bK-524287-1---42cbe424caa14219

Call-ID: hrRxLnS3O7emPXPjeTM9Ag..

From: <sip:vromain_endpoint@192.255.255.251>;tag=caf63217

To: <sip:vromain_endpoint@192.255.255.251>;tag=z9hG4bK-524287-1---42cbe424caa14219

CSeq: 2 REGISTER

Server: Asterisk PBX 20.9.2

Content-Length: 0

[Aug 31 13:30:53] **WARNING**[26008]: **res_pjsip_registrar.c**:**1166** **find_registrar_aor**: AOR '' not found for endpoint 'vromain_endpoint' (10.10.10.249:57656)

Here is the configuration I’m testing (I’ve been checking it with mistral AI which confirmed that the reference to the aor are properly set):


[general]

type=global

[transport-udp]

type=transport

protocol=udp ;udp,tcp,tls,ws,wss,flow

bind=0.0.0.0:5060

local_net=192.168.17.248/29

local_net=192.255.255.248/29

local_net=10.10.10.248/29

external_media_address=46.4.42.59

external_signaling_address=46.4.42.59

[registrar]

type=registrar

transport=transport-udp

[user_registration](!)

type=registration

server_uri=sip:192.1255.255.251

transport=transport-udp

[assistance_endpoint](!)

type=endpoint

transport=transport-udp

context=assistance

disallow=all

allow=ulaw,alaw,g722,gsm

rtp_symmetric=yes

force_rport=yes

rewrite_contact=yes

[assistance_auth](!)

type=auth

auth_type=userpass

[assistance_aor](!)

type=aor

max_contacts=1

remove_existing=yes

[commercial_endpoint](!)

type=endpoint

transport=transport-udp

context=commercial

disallow=all

allow=ulaw,alaw,g722,gsm

rtp_symmetric=yes

force_rport=yes

rewrite_contact=yes

[commercial_auth](!)

type=auth

auth_type=userpass

[commercial_aor](!)

type=aor

max_contacts=1

remove_existing=yes

;;;;;;;;;;;;;;;;;;;;

;DEFINITION MANUELLE DES UTILISATEURS

;;;;;;;;;;;;;;;;;;;;

[vromain_endpoint](assistance_endpoint)

auth=vromain_auth

aors=vromain_aor

[vromain_auth](assistance_auth)

username=vromain

password=test

[vromain_aor](assistance_aor)

contact=sip:vromain@192.168.2.34:5060

[vromain_registration](user_registration)

client_uri=sip:vromain@192.255.255.251

contact_user=vromain

outbound_auth=vromain_endpoint

[jandrena_endpoint](assistance_endpoint)

auth=jandrena_auth

aors=jandrena_aor

[jandrena_auth](assistance_auth)

username=jandrena

password=test

[jandrena_aor](assistance_aor)

contact=sip:jandrena@192.168.2.34:5060

[contact_endpoint](commercial_endpoint)

auth=contact_auth

aors=contact_aor

[contact_auth](commercial_auth)

username=contact

password=test

[contact_aor](commercial_aor)

contact=sip:contact@192.168.2.34:5060

The endpoints, auth and aors seems to be correctly set as they are recognized by asterisk and the console is able to display each of them :


obelix*CLI> pjsip show endpoints

Endpoint: <Endpoint/CID.....................................> <State.....> <Channels.>

I/OAuth: <AuthId/UserName...........................................................>

Aor: <Aor............................................> <MaxContact>

Contact: <Aor/ContactUri..........................> <Hash....> <Status> <RTT(ms)..>

Transport: <TransportId........> <Type> <cos> <tos> <BindAddress..................>

Identify: <Identify/Endpoint.........................................................>

Match: <criteria.........................>

Channel: <ChannelId......................................> <State.....> <Time.....>

Exten: <DialedExten...........> CLCID: <ConnectedLineCID.......>

==========================================================================================

Endpoint: contact_endpoint Not in use 0 of inf

InAuth: contact_auth/contact

Aor: contact_aor 1

Contact: contact_aor/sip:contact@192.168.2.34:5060 13734030c8 NonQual nan

Transport: transport-udp udp 0 0 0.0.0.0:5060

Endpoint: jandrena_endpoint Not in use 0 of inf

InAuth: jandrena_auth/jandrena

Aor: jandrena_aor 1

Contact: jandrena_aor/sip:jandrena@192.168.2.34:506 75c417a6f8 NonQual nan

Transport: transport-udp udp 0 0 0.0.0.0:5060

Endpoint: vromain_endpoint Not in use 0 of inf

InAuth: vromain_auth/vromain

Aor: vromain_aor 1

Contact: vromain_aor/sip:vromain@192.168.2.34:5060 8004a1d667 NonQual nan

Transport: transport-udp udp 0 0 0.0.0.0:5060

Objects found: 3

obelix*CLI> pjsip show registrations

<Registration/ServerURI..............................> <Auth....................> <Status.......>

==========================================================================================

vromain_registration/sip:192.1255.255.251 vromain_endpoint Rejected (exp. 676s ago)

Objects found: 1

obelix*CLI> pjsip show aors

Aor: <Aor..............................................> <MaxContact>

Contact: <Aor/ContactUri............................> <Hash....> <Status> <RTT(ms)..>

==========================================================================================

Aor: contact_aor 1

Contact: contact_aor/sip:contact@192.168.2.34:5060 13734030c8 NonQual nan

Aor: jandrena_aor 1

Contact: jandrena_aor/sip:jandrena@192.168.2.34:5060 75c417a6f8 NonQual nan

Aor: vromain_aor 1

Contact: vromain_aor/sip:vromain@192.168.2.34:5060 8004a1d667 NonQual nan

Objects found: 3

obelix*CLI> pjsip show auths

I/OAuth: <AuthId/UserName.............................................................>

==========================================================================================

Auth: contact_auth/contact

Auth: jandrena_auth/jandrena

Auth: vromain_auth/vromain

Objects found: 3

I don’t understand why asterisk cannot find any of the aor configured for my endpoints ?
I’m not setting it for external call yet.
Can somebody explain me and help me to configure it the right way please ?
PS : My English is not so good so please be comprehensive and forgive my mistakes

Cordially,

2

You are trying to register to vromain_endpoint, but you should be registering to vromain_aor!

3

I’m sorry but I don’t understand why the aor should be the right login. Can you explain me please ?
I thought I should use the username defined in [auth].

4

You should always make the aor name the same as the endpoint name otherwise you’re going to get NOTICE or WARNING messages about the endpoint not being found. If none of the other identification methods (auth_username, ip, etc) match an endpoint, then the request is going to fail.

5

If I try to log with the aor the answer look like this :
[Aug 31 17:08:08] NOTICE[26453]: res_pjsip/pjsip_distributor.c:673 log_failed_request: Request ‘REGISTER’ from ‘sip:vromain_aor@192.255.255.251’ failed for ‘10.10.10.249:57656’ (callid: hI-4EzAbAtzvN9vL9JtVEA…) - No matching endpoint found

[Aug 31 17:08:08] NOTICE[26453]: res_pjsip/pjsip_distributor.c:673 log_failed_request: Request ‘REGISTER’ from ‘sip:vromain_aor@192.255.255.251’ failed for ‘10.10.10.249:57656’ (callid: hI-4EzAbAtzvN9vL9JtVEA…) - Failed to authenticate

6

thank you for the advice I’ve set the same name for each registration, auth, aor and endpoint bound to a user with the same name.
Thank you a lot for that because I wouldn’t think that it could break the configuration. I thought the [auth] section was designed to bind the endpoint to the aor.

7

Asterisk has to identify both the endpoint and aor based on the incoming SIP request. It can do that based on the user part of the From URI, the username in the Authorization header or the source IP address (there are a few other rarely used options). That’s controlled by the identify-by parameter on the endpoint. It’s a bit more complicated than that but in practice it means the endpoint and aor should have the same name, and must match either the From user (identify_by=username) or the Authorization username (identify_by=auth_username).

8

Just to clarify… unlike the endpoint and aor names, It’s the username parameter of the auth section that is used for the match, not the name of the auth section itself.

1 Like
9

It identifies the AOR from the To header. The From header is one of ways of identifying the endpoint.

In the general case, the system making the registration doesn’t have to be the one that is being registered. However the common case is where a phone registers itself. In that case, it may not allow you to set To and From headers independently. That’s why you normally have to make the section names the same.

However, you can actually register more than one AOR against an endpoint, in which case the names would have to differ. I’m not sure in what practical circumstances that would be relevant.

10

thank you for the clarification

11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.