We are using the DMCC SDK to record encrypted calls. We did single step conference the DMCC softphone to e call and verified that the media is encrypted using WireShark. However, the PayLoadType, TransmitKey and ReceiveKey are missing in the MediaStartedEvent. We are using the certificate exported from the AES server, have used UseSSL = true in StartApplicationSession and the specified "aes" as the encryption in the mediaInfo of RegisterTerminal.

Please let me know how to troubleshoot this.

Thanks,
Saibal Das,
TelStrat

I have an AE Services 6.3.0 and I don't see that problem. Below is my RegisterTerminalRequest and the MediaStartEvent I reI have an AE Services 6.3.0 and I don't see that problem. Below is my RegisterTerminalRequest and the MediaStartEvent I received when I SSCed the phone into a call. As you can see, it includes all of those parameters.

You could check that the Communication Manager is sending the encryption data to the AE Services. To do this, follow the instructions in the Devconnect FAQ "How can I monitor the XML being sent and received by the AE Services Server (debug, log, trace)?". You will also need to enable tracing of the Q.931 messages from the Communication Manager. The easiest way to do this is to the leave the ".level" setting, near the top of the config file, as it is:

.level=FINEST

Make sure there is encryptionSync data included in the Q.931 message that generates the MediaStartEvent.

-------------------------------

<RegisterTerminalRequest xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.avaya.com/csta">
<device typeOfNumber="other" mediaClass="notKnown">40208:CM10:0.0.0.0:0</device>
<loginInfo>
<forceLogin>true</forceLogin>
<sharedControl>false</sharedControl>
<password>40208</password>
<mediaMode>CLIENT</mediaMode>
<dependencyMode>MAIN</dependencyMode>
</loginInfo>
<localMediaInfo>
<rtpAddress>
<address>135.64.187.243</address>
<port>4726</port>
</rtpAddress>
<rtcpAddress>
<address>135.64.187.243</address>
<port>4727</port>
</rtcpAddress>
<codecs>g711U</codecs>
<packetSize>20</packetSize>
<encryptionList>aes</encryptionList>
</localMediaInfo>
</RegisterTerminalRequest>


<?xml version="1.0" encoding="UTF-8"?>
<MediaStartEvent xmlns="http://www.avaya.com/csta">
<monitorCrossRefID xmlns:ns1="http://www.ecma-international.org/standards/ecma-323/csta/ed3">63</monitorCrossRefID>
<connection>
<deviceID xmlns:ns2="http://www.ecma-international.org/standards/ecma-323/csta/ed3" typeOfNumber="other" mediaClass="voice" bitRate="constant">40208:CM10:0.0.0.0:0</deviceID>
</connection>
<rtpAddress>
<address>10.10.13.13</address>
<port>2052</port>
</rtpAddress>
<rtcpAddress>
<address>10.10.13.13</address>
<port>2053</port>
</rtcpAddress>
<codec>g711U</codec>
<packetSize>20</packetSize>
<encryption>
<protocol>aes</protocol>
<transmitKey>{42,3D,2C,56,5E,CD,42,81,EC,1F,22,B3,8C,99,D2,E6}</transmitKey>
<receiveKey>{73,19,C6,9B,C3,F8,E6,89,84,E7,80,F0,24,11,33,F4}</receiveKey>
<payloadType>103</payloadType>
</encryption>
</MediaStartEvent>

ceived when I SSCed the phone into a call. As you can see, it includes all of those parameters.

<RegisterTerminalRequest xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.avaya.com/csta">
<device typeOfNumber="other" mediaClass="notKnown">40208:CM10:0.0.0.0:0</device>
<loginInfo>
<forceLogin>true</forceLogin>
<sharedControl>false</sharedControl>
<password>40208</password>
<mediaMode>CLIENT</mediaMode>
<dependencyMode>MAIN</dependencyMode>
</loginInfo>
<localMediaInfo>
<rtpAddress>
<address>135.64.187.243</address>
<port>4726</port>
</rtpAddress>
<rtcpAddress>
<address>135.64.187.243</address>
<port>4727</port>
</rtcpAddress>
<codecs>g711U</codecs>
<packetSize>20</packetSize>
<encryptionList>aes</encryptionList>
</localMediaInfo>
</RegisterTerminalRequest>


<?xml version="1.0" encoding="UTF-8"?>
<MediaStartEvent xmlns="http://www.avaya.com/csta">
<monitorCrossRefID xmlns:ns1="http://www.ecma-international.org/standards/ecma-323/csta/ed3">63</monitorCrossRefID>
<connection>
<deviceID xmlns:ns2="http://www.ecma-international.org/standards/ecma-323/csta/ed3" typeOfNumber="other" mediaClass="voice" bitRate="constant">40208:CM10:0.0.0.0:0</deviceID>
</connection>
<rtpAddress>
<address>10.10.13.13</address>
<port>2052</port>
</rtpAddress>
<rtcpAddress>
<address>10.10.13.13</address>
<port>2053</port>
</rtcpAddress>
<codec>g711U</codec>
<packetSize>20</packetSize>
<encryption>
<protocol>aes</protocol>
<transmitKey>{42,3D,2C,56,5E,CD,42,81,EC,1F,22,B3,8C,99,D2,E6}</transmitKey>
<receiveKey>{73,19,C6,9B,C3,F8,E6,89,84,E7,80,F0,24,11,33,F4}</receiveKey>
<payloadType>103</payloadType>
</encryption>
</MediaStartEvent>

Thanks for you reply. I do see an encryptionSync but not sure if it is in the right place in the call flow. I am attaching the RegisterTerminalRequest and MediaStartEvent. The MediaStartEvent doesn't have the encryption block. Please let me know how to trouble-shoot this. I didn't receive any error or exception in any of the API calls.

<RegisterTerminalRequest xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.avaya.com/csta">
<device typeOfNumber="other" mediaClass="notKnown">3100:S8300D:192.30.0.11:0</device>
<loginInfo>
<forceLogin>true</forceLogin>
<sharedControl>false</sharedControl>
<password>3100</password>
</loginInfo>
<localMediaInfo>
<rtpAddress>
<address>192.30.0.170</address>
<port>5000</port>
</rtpAddress>
<rtcpAddress>
<address>192.30.0.170</address>
<port>5001</port>
</rtcpAddress>
<codecs>g711A</codecs>
<codecs>g711U</codecs>
<codecs>g729</codecs>
<codecs>g729A</codecs>
<packetSize>20</packetSize>
<encryptionList>aes</encryptionList>
</localMediaInfo>
</RegisterTerminalRequest>





<MediaStartEvent xmlns="http://www.avaya.com/csta">
   <connection>
      <ns1:deviceID xmlns:ns1="http://www.ecma.ch/standards/ecma-323/csta/ed2" typeOfNumber="other" mediaClass="voice" bitRate="constant">3100:S8300D:192.30.0.11:0</ns1:deviceID>
   </connection>
   <rtpAddress>
      <address>192.30.0.13</address>
      <port>2054</port>
   </rtpAddress>
   <monitorCrossRefID>344</monitorCrossRefID>
   <packetSize>20</packetSize>
   <codec>g729</codec>
   <rtcpAddress>
      <address>192.30.0.13</address>
      <port>2055</port>
   </rtcpAddress>
</MediaStartEvent>

The problem may be with your codec. The Communication manager may not support encryption with g729.

Add g711A or g711U to your codec set and see if that makes a difference.

Martin

It is using g711U now but still no keys.

Saibal
--------------------------------------------------------
<MediaStartEvent xmlns="http://www.avaya.com/csta">
   <connection>
      <ns1:deviceID xmlns:ns1="http://www.ecma.ch/standards/ecma-323/csta/ed2" typeOfNumber="other" mediaClass="voice" bitRate="constant">3100:S8300D:192.30.0.11:0</ns1:deviceID>
   </connection>
   <rtpAddress>
      <address>192.30.0.13</address>
      <port>2052</port></rtpAddress>
      <monitorCrossRefID>360</monitorCrossRefID>
      <packetSize>20</packetSize>
      <codec>g711U</codec>
   <rtcpAddress>
      <address>192.30.0.13</address>
      <port>2053</port>
   </rtcpAddress>
</MediaStartEvent>

Make sure that your codec set supports encryption. Eg.:

display ip-codec-set 1 Page 1 of 2

IP Codec Set

Codec Set: 1

Audio Silence Frames Packet
Codec Suppression Per Pkt Size(ms)
1: G.711A y 2 20
2: G.711MU y 2 20
3:
4:
5:
6:
7:


Media Encryption
1: none
2: aes
3:

Check what network region your device is registering into (list registered-ip-stations ext XXX), and find the network region in that output. Then do a 'display network-region x' to locate what ip-codec-set is being accessed. Then check to see that encryption is configured in that ip-codec-set.

I am attaching the configuration and the Status shows the call is encrypted. Do you suggest we open a ticket with Avaya for this.

Registered IP stations 3001:
Net Rgn = 1

IP Network Region:
Codec Set = 1 on Page 1 and 4

IP-codec-set 1:
1. G.711MU, N, 2, 20
Media Encryption (IP-codec-set 1)
1. aes
2. none

Status station 3001:
SRC Port to DEST Port TALKPath
src port: S00000
S00000: TX:192.30.0.50:2198/g711U/20ms/aes
S00001: RX:192.30.0.57:2970/g711u/20ms/aes

dst port: S00001

Your DMCC device appears to be x3100 (3100:S8300D:192.30.0.11:0) that is the extension you need to look from a list registered-ip-stations, and network-region and ip-codec perspective.

Here is the info for x3100
-----------------------------------------------------------
Registered IP stations 3100:
Net Rgn = 1

IP Network Region:
Codec Set = 1 on Page 1 and 4

IP-codec-set 1:
1. G.711MU, N, 2, 20

Media Encryption (IP-codec-set 1)
1. aes
2. none

Status station 3100:
SRC Port to DEST Port TALKPath (Page8)
src port: S00007
S00007:TX:192.30.0.170:5000/g711u/20ms/aes
001V023:RX:192.30.0.13:2052/g711u/20ms/aes:TX:ctxID:345
001V023:RX:ctxID:345:TX:192.30.0.13:2050/g711u/20ms/aes
S00000:RX192.30.0.50:2198/g711u/20ms/aes

dst port S00000

SRC Port to DEST Port TALKPath (Page9)
src port: S00007
S00007:TX:192.30.0.170:5000/g711u/20ms/aes
001V023:RX:192.30.0.13:2052/g711u/20ms/aes:TX:ctxID:345
001V023:RX:ctxID:345:TX:192.30.0.13:2054/g711u/20ms/aes
S00001:RX192.30.0.57:2970/g711u/20ms/aes

dst port S00001

So Communication Manager indicates it is encrypting the media stream ('aes' at the end of the RX and TX rows). So this requires increasing logging in AE Services, collecting fuller logs (enabling H.323 tracing) and doing the analysis. We need you to open a Technical Support request so we can do that work with you.