Thank you for the answer, Klaus

I have tried your way(commented my subst and added your rows), so now it looks like this:

failure_route[2] {

if (!t_is_canceled() && t_check_status("486|408")) {

$avp(alias_seq)=$avp(alias_seq)+1;

xdbg("HERE WE ARE! $avp(alias_seq)\n");

revert_uri();

sql_query("main", "select username from subscriber where alias='$tU' and alias_seq='$avp(alias_seq)'", "alias_name");

sql_query("main", "select domain from subscriber where alias='$tU' and alias_seq='$avp(alias_seq)'", "alias_domain");

if ($dbr(alias_name=>rows) != 0 && $dbr(alias_domain=>rows) != 0) {

subst_uri('/^sip:.*@.*$/sip:$dbr(alias_name=>[0,0])@$dbr(alias_domain=>[0,0])/');

# subst('/^To:.*<sip:.*>/To: <sip:$dbr(alias_name=>[0,0])@$dbr(alias_domain=>[0,0])>\r\n/'); <--COMMENTED OUT THIS ONE

remove_hf("To"); # <--ADDED THIS ONE

append_hf("To: <sip:$dbr(alias_name=>[0,0])@$dbr(alias_domain=>[0,0])>\r\n"); # <--ADDED THIS ONE

sql_result_free("alias_name");

sql_result_free("alias_domain");

setflag(10);

if (!lookup("location")) {

switch ($retcode) {

case -1:

case -3:

t_reply("404", "Not Found");

exit;

case -2:

exit;

}

append_branch();

route(5);

}

if (is_method("INVITE")) {

unforce_rtp_proxy();

}

route[5] {

if (!t_relay()) {

sl_reply_error();

}

exit;

}

So the code now supposed to delete "To: <sip:ncm0000b@domain.com>"

and to append "To: <sip:ncm0000a@domain.com>"

But with ngrep i can see:

To: <sip:ncm0000b@domain.com>.Date: Tue, 08 Jun 2010 09:40:10 GMT.

With timestamp, which seems to me to be unusual.

So maybe it's impossible to rewrite "To" header from failure_route for some reason... (For example according to RFC)

Actually my phones ring, and everything works fine, I am just interested with this behavior of Kamailio.

Thanks again for your reply.

Sincerely yours,
Kosilov Fedor.

remove_hf("To");
append_hf("To: <sip:$dbr(alias_name=>[0,0])@$dbr(alias_domain=>[0,0])>\r\n");