Intermittent SCSCF → HSS Diameter Connection Failure - CER Not Sent After TCP Connect - sr-users

5 Jan 2026


      Hello Kamailio Community,
*This issue is being re-submitted with CDP debug logs for further analysis.*
We are experiencing a *critical issue* with Kamailio where the *SCSCF
randomly stops sending CER messages to the HSS* in some cases, even after
TCP connections are successfully established. This results in *complete
authentication failures*.
Please find the (IMS containers + HSS) logs with and the diameter config
through the following link:
https://www.filemail.com/d/vhdnkujjnernogn
*Environment*
- *Kamailio Version:* kamailio 6.0.2 (x86_64/linux) d4dc5d
   - *Deployment:* SCSCF and HSS as a container on same physical machine
   using macvlan networking
*Components:*
- SCSCF: 172.22.1.20
   - HSS: 172.22.1.3
   - ICSCF: 172.22.1.19
*Problem Description*
The issue occurs *randomly*. The system works normally for a period of
time, then suddenly the Diameter connection between the SCSCF and HSS fails
and enters what appears to be a *reconnection loop*.
*Here's the cycle we're observing:*
*1. *ERROR: ims_auth [cxdx_mar.c:132]: async_cdp_callback(): Transaction
timeout - did not get MAA
*2. *SCSCF: WARNING: cdp [peermanager.c:337]: peer_timer(): Inactivity on
peer [hss.epc.mnc092.mcc418.3gppnetwork.org] and no DWA, Closing peer...
*3. State Timeout (~40 seconds later):* S-CSCF: ERROR: cdp
[peerstatemachine.c:164]: sm_process(): in state Closed timeout event
Timeout
*4. Reconnection Attempt (~30 seconds later):*
SCSCF: INFO: cdp [peerstatemachine.c:551]: I_Snd_Conn_Req():  Peer
hss.epc.mnc092.mcc418.3gppnetwork.org
SCSCF: INFO: cdp [receiver.c:991]: peer_connect(): Trying to connect to
172.22.1.3 port 3870
SCSCF: INFO: cdp [receiver.c:1090]: peer_connect(): Peer
hss.epc.mnc092.mcc418.3gppnetwork.org:3870 connected
*5. HSS Side (waiting indefinitely):*HSS: [hss:0.19.37] 2025/12/25
04:46:39.060208 [INF]  [scscf>hss:0][waiting for CER from 172.22.1.20:33284]
*Cascading Effects:*
*ICSCF accumulates branches:*
ICSCF: ERROR: tm [t_fwd.c:792]: add_uac(): maximum number of branches
exceeded
ICSCF: ERROR: tm [t_fwd.c:1771]: t_forward_nonack(): failure to add branches
As a result, *UEs are unable to register to IMS*, leading to a *VoLTE
service outage for all UEs*.
Thank you and I look forwarding to hearing from you