Restoring Allworx 6x from backup after system failure.

We had a power surge that damaged the memory card or system and rendered the entire phone system useless.  Luckily, we had the OfficeSafe backup system running.  Allworx shipped a new unit to replace the damaged unit and rather than attempt to restore the older one (which was booting to safe mode) I just unwrapped and used the new one.

The frustrating part of this process is that when in safe mode, the Allworx units will only use the 192.168.2.254 default IP (192.168.2.254:8080 for the interface) and there is no way to alter this.  The issue there is, that if your OfficeSafe system resides on any other subnet, other than 192.168.2.0, the Allworx box will not be able to reach that system to perform a restore.  You cannot edit the network settings and you cannot enter alternative router information.

I ended up having to set the OfficeSafe system (our main server, of course) to the 192.168.2.0 subnet in order to get the safe mode restore to work.  You also have to launch the OfficeSafe Administrative console on that system, go to Options–>Restore and choose the actual restore file you want the Allworx system to use before you tell the Allworx to contact the OfficeSafe PC for restoration.  So in summary:

1.) Get the system that is running the Allworx OfficeSafe software and set it to the same subnet as the Allworx running in safe mode.  In a Windows system, this is as easy as setting the network adapter to 192.168.2.253 with a mask of 255.255.255.0 and leaving all other fields blank.

2.) Connect the Allworx LAN  port directly to the system running OfficeSafe with an ethernet cable.

3.) Reboot the Allworx into safe mode.  Turn off the unit and turn it back on while holding down the power button for a few moments.

4.) Use the PC with OfficeSafe to open the OfficeSafe Admin Console.  Go to “Tools–>Options” and select the type of restore (I used a specific file) and click “OK”.

5.) Go back to the browser and type in 192.168.2.254:8080 and select to restore the allworx system from the OfficeSafe PC (this is the very first option on the left side).  Type in the IP of the PC (192.168.2.253) and leave the port as 5001 unless you manually changed that when setting up OfficeSafe.

6.) Proceed with the restore.  You can view the event log in the browser and see it on the PC under “View–>Current Activity” to make sure it is working.

7.) When the restore is complete, select “Reboot into normal mode” and turn off the Allworx.  Set your server/PC back to the original network settings and plug the Allworx back into the network as it was before the failure and power it on.  After a few short moments, you should be back in business.  Reboot phones if necessary.

I also had to go into the “Feature Keys” section of the admin tools to re-download all the feature keys to restore multi-site functionality and a few other things, but that was extremely simple.

 

Advertisements
Posted in Uncategorized | Tagged , , , | Leave a comment

Allworx IP Phone Handsets = Less Than Amazing

Several years ago, after checking with a few references, we signed on with Windstream Communications to install and support 3 Allworx IP phone systems.  Everyone we called said they liked the system and they had no major issues with it.  I always treat references with caution, as Windstream is only going to provide references with positive experiences, but at some point you have to take a chance and make a decision.

The install was a difficult, as Windstream botched some phone number porting and ported a cell carrier’s voicemail portal to our location.  In addition to that, some firmware issue on the Adtran switches caused tons of early phone problems.  Those were eventually sorted out and things like this tend to happen when moving between systems.

The systems themselves (48x, 6x) are quite nice and capable, but the handsets they pair with them are prone to issues.  I assume there is some planned obsolescence going on here but I’ve had to return/replace 30-40 phones (under contract but still a problem that a new phone system shouldn’t have) because of the same faulty switch-hook.   Some extensions have had the same problem multiple times.  That is 30-40 phones in an organization with only 150 phones or so.  This issue causes staff to not be able to make calls without using speaker, calls not getting answered without going to speaker and even randomly hanging up on people when the switch-hook decides to suddenly make contact with the circuit board again.  Their techs admitted they get tons of calls regarding this problem and they don’t even ask to troubleshoot this problem anymore.

With both the 9212L and 9204 phones (far more prevalent with the 9204) the switch-hook, which is the little button that detects that the receiver has been picked up, stops working. The spring system is designed to push a soft button onto a contact point on the circuit board inside the phone when the phone is off-hook.  The spring is either too weak/too short to make good contact or the materials that make contact are too soft and weak to be detected.  Either way, it makes for a phone that you’ll spend 50% of your time just un-boxing and returning to Allworx.  I’ve spent hours traveling and troubleshooting these sets while I think I replaced maybe 1-2 phones from an older digital PBX in the previous 7 years.

 

Posted in Uncategorized | Tagged , , , , , , , | 2 Comments

AT&T Uverse Internet with 5 Static IP and 3rd Party Router

Recently, I decided we were paying too much for our small business internet.  Our current provider provides good service, but we aren’t in a field that demands 100% up time so I felt that I could shop around for something a bit less expensive, even if it meant losing a bit of speed in the process.

We have three locations, one large HQ and two satellite campuses.  The HQ currently uses 35/5 service from TWBC but if I watch the traffic on our router, very little of the bandwidth is actually utilized most of the time.  I assumed then, that I could shop around a little bit for a few other options even if it meant losing some bandwidth.  Well, that brought me to AT&T Uverse “Business” internet which is really just a re-branded residential service with less restrictions.  In total, including the 5 static IPs, they could offer 18/2 service for roughly 1/3 of the cost.  Given the possible savings there, I decided I had to give it a shot.

Just getting the gateway installed at our location was a pain.  It wasn’t configured properly, the technicians didn’t communicate with each other well (several attempts to draw lines from the CO ended in conflicting setups) and support was woefully unequipped to answer questions for a business trying to route traffic through their own router. I also had to call in order to get the IP address information.

After all the back and forth, I finally was able to get this running but I was so frustrated during setup just trying to find accurate instructions, I figured I’d post what worked for me, here.

Our equipment:

  • Cisco 891 Integrated Security Router
  • Motorola NVG859 (AT&T)
  • 5 static (really 8) public IP addresses.

AT&T support repeatedly had me attempt to set “IP Passthrough” to “DHCP Fixed” and other settings but this resulted in requiring the CISCO interfaces setup for DHCP and in the gateway handing out yet another public IP address to the outside world.  Since we host our own e-mail server and we secure several web applications based on what the client IP is, this wouldn’t work, especially if this other IP (not one of the 5 we were given) was handed out dynamically.

Here is what worked:

The Cisco router’s interface that is connected to the NVG589 was set to a manual IP address that was provided by AT&T.

Setup your Cisco router and plug the inside interface into the NVG589.

  1. Plug into your NVG or connect to the wifi if tech support enabled it.
  2. By default, the IP address of the unit will be 192.168.1.254, if this is the same network as your business network, you’ll need to disconnect from that network first.
  3. Once connected, click on “Home Network” and within that, “Subnets & DHCP”
    1. The password for this page should be written on your gateway.
  4. Under the “Private LAN Subnet” change the IPv4, subnet mask and the DHCP address information to values that will not conflict with your work network or any networks that it may be connected to.
  5. Under “Public Subnet”:
    1. Set “Public Subnet Enable” to “ON”
    2. Set “Public IPv4 Address to the gateway address that AT&T gave you.  If AT&T handed you a /29 address, this will typically be the last address in that group.
    3. Set the “Public Subnet Mask” to what AT&T gave you.  For a 5 block, this is 255.255.255.248.
    4. Set “DHCPv4 Start Address” to the first routable IP AT&T provided.
    5. Set “DHCPv4 End Address” to the last routable IP AT&T provided.
    6. Set “Allow Inbound Traffic” to “ON”
    7. Set “Primary DHCP Pool” to “Private”.
  6. Leave all other settings on this page off.
  7. Click Save at the bottom of the page.  Don’t reboot if asked.
  8. Click on “Firewall” at the top of the page and within that, click on “IP Passthrough”.
    1. Set “Allocation Mode” to “Default Server”
      1. Under “Default Server Internal Address” you should see only the Cisco 891 manually set IP and possibly whatever laptop you connected to the device.  Select the Cisco device (which should be one of your public addresses).  This may only work for a single device.
    2. Alternatively, set “Allocation Mode” to “Passthrough” and set “Passthrough Mode” to “Manual”.
  9. Click “Save”.
  10. No other settings had to be turned on/off for me to finally get this working, despite numerous other online guides suggesting otherwise.Firewall HomeSubnet
Posted in Uncategorized | Tagged , , , , , , , | 1 Comment

Generating and Applying an SSL Certificate for MailCleaner

MailCleaner is an excellent and free mail filtering solution for small businesses/non-profits.  I won’t cover the install procedure, because all it really involves is burning a CD and allowing the system to practically install itself (don’t skimp on the system requirements, it leads to all sorts of issues).

However, one aspect of setup that is a bit technical is setting up a third party certificate to be presented to end users when they are accessing the web interface.  This involves either physically standing in front of the machine or using an SSH client (“Putty” is what I used) to connect to it remotely and executing commands through the shell.  I’ll assume most people know where to find that and how to connect.  From there, you follow the following procedure:

1.) Generating the private key and CSR.

  • Log into the system using the “root” user and the password you chose when installing MailCleaner.
  • To create the private key, at the prompt (typically root@mailcleaner:~#) type:

openssl genrsa -des3 -out mykey-mailcleaner.key 2048

  • You’ll be prompted to create and verify a password to use in the next step.

openssl rsa -in mykey-mailcleaner.key -out mailcleaner.key

  • You’ll be prompted for the password entered above.

Most modern CA’s require 2048 now, so ignore examples that show this line with 1024. The section ‘mykey-mailcleaner.key’ can be anything you want.

Make a note of this file name, you’ll need it later when you update the SSL settings via the web interface of MailCleaner.

  • To create the CSR (the request you submit to whichever third party CA you choose), type the following line (all as one line unless specified otherwise):

openssl req -new -key mailcleaner.key -out mailcleaner.csr

    • The above line will prompt you for some information that is to be used in generating your certificate.  The only bits that are required are:

Country Name  – Two letter code “US”, “AU”, etc.

State or Province Name = “Texas”, “Wisconsin”, etc.

Locality Name = Whatever city your business operates in.

Organizational Name = Whatever you want.

Common Name = This should be the exact URL of your web server, “secure.mywebsite.com”.

The rest of the prompts can (but don’t have to be) ignored in order to generate a valid CSR.

  • Here is where you actually submit the CSR you generated above to a third party like GoDaddy, StartSSL, etc.  When you are purchasing the certificate, make sure you match the URL to the “common name” entered above.  Once you get to the stage in which you actually copy and paste your CSR request, do the following:

Find the CSR file you created above.  If you didn’t specify a special file path, then the CSR will be located in the root of your system.  To verify type “dir” at the prompt and get a list of the files there.  You should see your CSR file there.

Now, type:

nano mailcleaner.csr

This will launch a text editor that will allow you to copy the CSR request from MailCleaner.  Make sure you get the entire CSR, from the “Begin CSR” line to the “End CSR” line.  Using Putty within a Windows client allowed for direct copy and paste to notepad.  Do not paste this is any other text editor that might add unwanted formatting characters.

Paste the CSR in the third party web interface and proceed through the rest of the request.  Your next step involves confirming the new cert and actually retrieving and downloading it from the vendor.

  • Download and open the new certificate using Notepad or similar program.
  • Log into MailCleaner’s web interface (as an admin) and navigate to Configuration–>Services–>Web Interfaces.  If not already checked, check off “Enable SSL (HTTPS)”
  • In the first box, “Encoded SSL Certificate” you paste the new certificate that was issued to you by the CA.  Use Notepad to open the certificate, copy and paste it exactly as it was. Do not put in any trailing or leading spaces.
  • In the second box, “Encoded SSL Private Key” you go back to your MailCleaner SSH connection (you are going to use the same procedure you did for the CSR) and type:

nano mailcleaner.key

This is the private key you generated at the very beginning of this process.

  • Again, copy and paste what you see into the second box, no trailing spaces, etc.
  • Finally, in the third box, “Encoded SSL certificate chain” you paste the certificate of the CA (typically provided to you along with your certificate).  Again, use Notepad to open this file and paste the contents directly.
  • Once done, click “Submit” and if everything goes well, you will have a third party certificate, trusted by browsers, running on the Apache server for MailCleaner.
Posted in Uncategorized | Tagged , , , , , , , , , | 2 Comments

Troubleshooting 2.4ghz WiFi with Metageek’s Chanalyzer Pro

I work for a relatively small business comprised of about 120 employees and three locations.  One of the most difficult things about working for a company this size is troubleshooting IT related issues with a limited toolset and budget.

Once such problem was a wireless networking issue that had been irritating me for some time.  We have a set of classrooms, which are frequently used for training classes, presentations, fundraising and various other functions.  Many times, staff and/or visitors need an internet connection for part of their work.

Several times, I brought in wireless access points into the classrooms and connected them to Cat5 ports we have along the walls so people could conveniently connect to the wireless network without having to string around a 50ft Ethernet cable.  This rarely worked.  Most of the time, users would get connected and then suddenly drop off or have their browsing session time out despite Windows claiming they had excellent signal strength and were connected at 54mbps (the limit at the time).  Most of the time, I chalked this up to cheap equipment (I was limited to the Linksys WAP54G at the time) and just ended up wiring their laptop into the Cat5 ports.

Much more recently, we decided to provide a service to low income members of the public on a semi-regular basis.  This service, relies heavily on a web based, database application and we would have to setup and tear down a small extension of our network in these classrooms every two weeks or so.  Having known of the wireless problems I had in the past, I decided to use as small Ethernet switch and just wire all the laptops into our network.

The problem with this, is that with the laptop power cables, printers, paperwork and mice, etc. this became a tangled mess of wiring that gave a sloppy impression and was just a kick or trip away from being taken down and/or possibly yanking some expensive new laptops onto the floor.  This is when I decided I had to figure out what exactly was causing our wireless issue.

My first thought was to blame the construction materials; mostly thick cinder block and some special tiling on the floor for easy cleanup (with some drywall).  After all, concrete/cinder block is known for quickly absorbing wireless signals and causing signal attenuation.  However, I quickly realized that the entire back of the building, which gets heavy wireless use, was constructed of the same material and no one had ever reported the same type of issue there.

I then assumed that there had to be some sort of interference.  Possibly a neighboring business using the same channel I had chosen for the AP in that room.  To check this, I installed two applications; inSSIDer (developed by Metageek) and NetStumbler .  Both applications are popular, free applications that allows a user to get a quick list of the available wireless networks in the area, what channel they are broadcasting on, signal strength and a few other useful bits of data.  So, I loaded these up expecting to see some other network broadcasting on the same channel, but was disappointed when no other outside networks even registered on the lists. In addition, these applications are limited in that they’ll only show you wireless networks, not any source of interference on the 2.4ghz band.

I was now frustrated and essentially just throwing out guesses.  Maybe the fire systems or alarm systems were interfering with it?  Maybe they communicate wirelessly with some controller system?  I checked with our building operations team and maintenance and everyone claimed there wasn’t any type of system communicating wirelessly that might be interfering with the WiFi.

So, I decided I had to try and find some other tool for discovering the source of the problem.  I checked out handheld spectrum scanners, some small tools for mobile devices and a few other options, but I wanted something a bit more robust and future proof (anyone keeping up with the new 802.11 specifications should know that the 2.4ghz is on it’s way out).

After a lot of searching I found myself back at Metageek’s site, looking at their Chanalyzer Pro software (similar in style to inSSIDer but with a lot more power), the WiSpy DBX Spectrum Analyzer (analyzes both bands) and the Device Finder (this is only useful at the 2.4ghz frequency, but relatively inexpensive).  After some thought and price shopping, I bit the bullet and purchased all three directly from their site.

Fast forward a few days, and I’m in the classroom with all software installed and all of our network APs powered off.  The only thing I should see now is whatever is interfering on the 2.4ghz band.  Sure enough, I notice this:

Image

Snapshot of the 2.4ghz spectrum using Metageek’s Chanalyzer Pro.

Not only can I see a live feed of the 2.4ghz spectrum but I can also look at a timeline waterfall to see if the issue is intermittent or static.

chanalyzer2

Waterfall view.

Clearly, there is something on the 2.4ghz band (something very dense and intense), but what exactly is it?  I moved all over the classroom, using both the WiSpy DBX and the Device Finder, but both seem to fluctuate wildly depending upon where I am in the room.  They do however seem to spike, the closer I move to the parking lot.  I then head outside, to the parking lot, and both the spectrum view and device finder spike as I move farther from the building.  Finally, I spot the likely culprit and walk right up to the base of a light post in the parking lot and look up.  There, bolted to it, are three surveillance cameras.  Another two or three light posts with the same type of cameras are located on different sides of the classrooms.  As I move from one to the next, the same spike moves to another channel.  Still, why are these cameras interfering when the others around the building don’t impact the WiFi?

An e-mail to our vendor and a trip up to the roof with our operations director, and everything is cleared up.  Those three sets of cameras are part of “The Eagle Plus 2.4ghz FM All-Weather Wireless Video System”.  Each beams the video feed directly to receivers placed on the roof, directly over the classrooms.  Had I not travelled out to the parking lot, I may still have figured this out, as Chanalyzer Pro provides common “signatures” of interference sources and can attempt to match the signals you are seeing with those signatures.  You can even set a confidence level and exclude signatures you know it couldn’t be, but on this particular day all I needed was this software and my laptop as I knew there wasn’t going to be an area I couldn’t readily access.

Now that I know the problem, and that the cameras have to stay, we’re going to need to invest in some newer, 5ghz capable hardware, but being able to say with 100% certainty what the problem is makes management more comfortable spending money on a solution and makes my job a lot easier when it comes to troubleshooting WiFi.

I cannot recommend Chanalyzer Pro enough.  You have to give your IT staff the tools they need to solve problems efficiently and this is one of those tools.

Posted in Uncategorized | Tagged , , , , , , , , | Leave a comment