What the message means:

“Illegal equipment: IMEI Check failed — IMEI is either blacklisted or not Whitelisted” means the network’s IMEI verification step rejected the device identity (IMEI). That can happen because:

• The IMEI is on a blacklist (reported lost/stolen, barred by regulator/MNO, found fraudulent).

• The IMEI is not present in the operator’s whitelist (provisioning required).

• The IMEI is malformed / fails checksum (device reported wrong IMEI).

• The network’s Equipment Identity Register (EIR) or whatever IMEI-checking service you use returned a fail.

• There’s a mismatch between the IMEI reported by the device and the IMEI stored in provisioning systems.

Quick checklist — immediate actions (in order)

1. Capture the IMEI reported by the device

   • From the device (if available): AT+CGSN or AT+GSN (modem), or check device UI.

   • From network logs: look at the attach / registration / SIP/AAA records where the IMEI is carried. Record the exact digits.

2. Validate IMEI format & checksum

   • Standard IMEI is 15 digits (IMEISV can be 16). Regex: ^\d{15}$ (or ^\d{15,16}$ if you accept IMEISV).

   • Perform a Luhn checksum on the 15th digit. If checksum fails, device is providing an invalid IMEI.

3. Example Luhn check (pseudo/Python logic):

   def imei_luhn_valid(imei):
       imei = imei.strip()
       if len(imei) != 15 or not imei.isdigit(): return False
       s = 0
       for i, ch in enumerate(imei[:-1]):  # compute on first 14 digits
           d = int(ch)
           if (i % 2) == 1:  # double every 2nd digit from left (indexing from 0)
               d *= 2
               if d > 9: d -= 9
           s += d
       check = (10 - (s % 10)) % 10
       return check == int(imei[-1])
   
   

4. Check local whitelist / provisioning database

   • Search the provisioning DB / inventory for that IMEI (or TAC block). Maybe it’s not whitelisted or stored with typos.

   • If you use a local whitelist table for SMS gateway or device provisioning, confirm the IMEI is present and correctly formatted.

5. Query the EIR / operator blacklist

   • Check your Equipment Identity Register (EIR) or the MNO’s EIR/API for that IMEI status (whitelist/greylist/blacklist).

   • If you rely on a third-party (GSMA DeviceCheck, stolen phone databases), query their API for the IMEI.

6. Check TAC (first 8 digits)

   • The TAC identifies make/model. If the TAC is unknown to your validation service it might be treated as suspicious. Cross-check TAC against an up-to-date TAC list (GSMA TAC list or vendor TAC DB).

7. Review network attach / registration logs

   • Look at RADIUS/AAA, SIP REGISTER, S6a/HSS/HLR logs, or the SMSC logs where you saw the error. Confirm whether the IMEI failed at EIR lookup or at a later policy check (whitelist check).

8. Check for duplicate / cloned IMEIs

   • Same IMEI used by multiple devices or rapid attach/detach can indicate cloning; operators may auto-blacklist suspicious IMEIs.

9. If IMEI is blacklisted

   • If confirmed blacklisted (stolen/lost/fraud), follow operator/regulator SOP: deny service and escalate to fraud/loss team. Do not whitelist without proper authorization.

10. If IMEI is valid but not whitelisted

    • Add to whitelist if you have authorization and are sure it’s legitimate:

      • Update the provisioning DB or the EIR policy to mark as allowed.

      • Re-run the registration/attach or reprocess the SMS session.

    • Communicate with the MNO if required — they may need to update their EIR.

11. If IMEI is malformed or device bug

    • Contact device vendor or ask user to reflash/update firmware or replace device.

    • For modems/IoT modules: ensure firmware reports IMEI correctly.

12. Document & escalate

    • Capture timestamps, IMSI, MSISDN, cell/SGSN/SGW IDs, logs, and screenshots.

    • Escalate to fraud team / MNO EIR team if blacklisted or suspected fraud.

Useful log fields to gather (copy-paste checklist)

• Timestamp (UTC)

• IMEI reported (exact digits)

• IMSI and MSISDN (subscriber identity and number)

• Node and interface where failure occurred (SMSC, HLR, EIR, AAA, SMSC/SMGW)

• Error message text and code (exact string from SMS gateway)

• TAC (first 8 digits of IMEI)

• Any prior related events for same IMEI (attach failures, blacklist hits)

Example operator response wording (SOP-friendly)

• For internal logs: IMEI check failed for IMEI=<IMEI> IMSI=<IMSI> MSISDN=<MSISDN> — EIR returned BLACKLISTED

• For customer-facing (if necessary): Registration blocked: device reported a blocked IMEI. Contact your retailer or operator.

Safety / compliance

• Do not whitelist an IMEI that is blacklisted for theft/loss unless you have explicit authorization from the MNO/regulator and documented justification.

• Keep any sensitive subscriber information encrypted in logs and follow your data protection policies.

Quick decision flow (one-page)

1. Get IMEI from device/logs → 2. Validate format & Luhn → 3a. If invalid → device/vendor fix. 3b. If valid → check local whitelist → 4a. If whitelisted → check infra bug/log routing. 4b. If not → query EIR/GSMA → if blacklisted → escalate to fraud/MNO. If grey/unknown → consider TAC issue / provisioning update.