SIP Trunk registration failures on Paris site

Voice & Telephony
1

Anyone know why the sip trunk status is showing as ‘unregistered’ in the admin console despite correct credentials. the logs show 401 unauthorized errors but the auth headers match the carrier requirements. this is blocking our inbound routing for the european queue.

2

resource “genesyscloud_sip_trunk” “eu_trunk” {
name = “EU-Inbound-Trunk”
description = “Carrier Trunk for Paris Edge”

Ensure the media region aligns with the edge location

media_region = “eu-west-1”

Critical: Authentication method must match carrier spec

auth_method = “digest”

Verify these fields match the carrier’s exact requirements

username = var.carrier_username
password = var.carrier_password

Sometimes the issue is not the password, but the realm or nonce handling

Check if the carrier requires a specific domain in the Via header

sip_domain = var.carrier_sip_domain
}

The 401 Unauthorized error in the logs usually points to a mismatch in the digest authentication challenge response, not necessarily a wrong password. Genesys Cloud uses standard RFC 2617 Digest Auth. If the carrier expects a specific `realm` or `qop` value that Genesys does not send by default, the handshake fails.

Check the raw SIP logs in the Genesys Admin Console under System > Diagnostics > SIP Trunk Logs. Look for the `WWW-Authenticate` header from the carrier. Does it include `qop="auth"`? If yes, Genesys might be responding without the required quality of protection parameters.

Also, verify the `sip_domain` configuration. Some carriers validate the `From` header domain against the trunk identity. If `sip_domain` is missing or incorrect, the carrier rejects the registration even if credentials are correct.

If the carrier uses IP-based authentication, ensure the Genesys Edge IP ranges are whitelisted on the carrier side. The "unregistered" status persists until a successful 200 OK is received. A temporary fix is to toggle the trunk off and on in the UI to force a new registration attempt, but the root cause is likely the auth method mismatch or missing SIP domain configuration.

Run a packet capture on the Genesys Edge (if accessible) or use the Genesys Cloud CLI to export the trunk config and compare it byte-for-byte with the carrier's documentation. Focus on the `auth_method` and `sip_domain` fields.