What the message means:

“Illegal equipment: IMEI Check failed — IMEI is either blacklisted or not Whitelisted” means the network’s IMEI verification step rejected the device identity (IMEI). That can happen because:

  • The IMEI is on a blacklist (reported lost/stolen, barred by regulator/MNO, found fraudulent).

  • The IMEI is not present in the operator’s whitelist (provisioning required).

  • The IMEI is malformed / fails checksum (device reported wrong IMEI).

  • The network’s Equipment Identity Register (EIR) or whatever IMEI-checking service you use returned a fail.

  • There’s a mismatch between the IMEI reported by the device and the IMEI stored in provisioning systems.

Quick checklist — immediate actions (in order)

  1. Capture the IMEI reported by the device

    • From the device (if available): AT+CGSN or AT+GSN (modem), or check device UI.

    • From network logs: look at the attach / registration / SIP/AAA records where the IMEI is carried. Record the exact digits.

  2. Validate IMEI format & checksum

    • Standard IMEI is 15 digits (IMEISV can be 16). Regex: ^\d{15}$ (or ^\d{15,16}$ if you accept IMEISV).

    • Perform a Luhn checksum on the 15th digit. If checksum fails, device is providing an invalid IMEI.

  3. Example Luhn check (pseudo/Python logic):

    def imei_luhn_valid(imei):
        imei = imei.strip()
        if len(imei) != 15 or not imei.isdigit(): return False
        s = 0
        for i, ch in enumerate(imei[:-1]):  # compute on first 14 digits
            d = int(ch)
            if (i % 2) == 1:  # double every 2nd digit from left (indexing from 0)
                d *= 2
                if d > 9: d -= 9
            s += d
        check = (10 - (s % 10)) % 10
        return check == int(imei[-1])

  4. Check local whitelist / provisioning database

    • Search the provisioning DB / inventory for that IMEI (or TAC block). Maybe it’s not whitelisted or stored with typos.

    • If you use a local whitelist table for SMS gateway or device provisioning, confirm the IMEI is present and correctly formatted.

  5. Query the EIR / operator blacklist

    • Check your Equipment Identity Register (EIR) or the MNO’s EIR/API for that IMEI status (whitelist/greylist/blacklist).

    • If you rely on a third-party (GSMA DeviceCheck, stolen phone databases), query their API for the IMEI.

  6. Check TAC (first 8 digits)

    • The TAC identifies make/model. If the TAC is unknown to your validation service it might be treated as suspicious. Cross-check TAC against an up-to-date TAC list (GSMA TAC list or vendor TAC DB).

  7. Review network attach / registration logs

    • Look at RADIUS/AAA, SIP REGISTER, S6a/HSS/HLR logs, or the SMSC logs where you saw the error. Confirm whether the IMEI failed at EIR lookup or at a later policy check (whitelist check).

  8. Check for duplicate / cloned IMEIs

    • Same IMEI used by multiple devices or rapid attach/detach can indicate cloning; operators may auto-blacklist suspicious IMEIs.

  9. If IMEI is blacklisted

    • If confirmed blacklisted (stolen/lost/fraud), follow operator/regulator SOP: deny service and escalate to fraud/loss team. Do not whitelist without proper authorization.

  10. If IMEI is valid but not whitelisted

    • Add to whitelist if you have authorization and are sure it’s legitimate:

      • Update the provisioning DB or the EIR policy to mark as allowed.

      • Re-run the registration/attach or reprocess the SMS session.

    • Communicate with the MNO if required — they may need to update their EIR.

  11. If IMEI is malformed or device bug

    • Contact device vendor or ask user to reflash/update firmware or replace device.

    • For modems/IoT modules: ensure firmware reports IMEI correctly.

  12. Document & escalate

    • Capture timestamps, IMSI, MSISDN, cell/SGSN/SGW IDs, logs, and screenshots.

    • Escalate to fraud team / MNO EIR team if blacklisted or suspected fraud.

Useful log fields to gather (copy-paste checklist)

  • Timestamp (UTC)

  • IMEI reported (exact digits)

  • IMSI and MSISDN (subscriber identity and number)

  • Node and interface where failure occurred (SMSC, HLR, EIR, AAA, SMSC/SMGW)

  • Error message text and code (exact string from SMS gateway)

  • TAC (first 8 digits of IMEI)

  • Any prior related events for same IMEI (attach failures, blacklist hits)

Example operator response wording (SOP-friendly)

  • For internal logs: IMEI check failed for IMEI=<IMEI> IMSI=<IMSI> MSISDN=<MSISDN> — EIR returned BLACKLISTED

  • For customer-facing (if necessary): Registration blocked: device reported a blocked IMEI. Contact your retailer or operator.

Safety / compliance

  • Do not whitelist an IMEI that is blacklisted for theft/loss unless you have explicit authorization from the MNO/regulator and documented justification.

  • Keep any sensitive subscriber information encrypted in logs and follow your data protection policies.

Quick decision flow (one-page)

  1. Get IMEI from device/logs → 2. Validate format & Luhn → 3a. If invalid → device/vendor fix. 3b. If valid → check local whitelist → 4a. If whitelisted → check infra bug/log routing. 4b. If not → query EIR/GSMA → if blacklisted → escalate to fraud/MNO. If grey/unknown → consider TAC issue / provisioning update.