ShoreTel Dropped Calls – Some fixes

This is quick post today. Recently we fixed a dropped call problem around here. I’d like to outline what actually caused the problem and how it was resolved.

Cause

I believe the initial cause was that I had upgraded to ShoreTel 12.1. If you take a look at shoretelforums.com you’ll see that they have a LOT of posts on how buggy this release was. The second problem we had only aggravated the first. We were having a lot of buggy faxes coming in and jittery phone calls.

Remedy

ShoreTel support was pretty good at being able to figure out the problem, but had I noticed something I could have fixed it myself months ago.

First off, upgrade to 12.2. This will fix a lot of the dropped calls almost instantly.

As for the bad call quality. Our problem was simply that if you set your ports on your network switch to manually go to 100/Full Duplex the ShoreTel switch will guess that you really want “100/Half Duplex” which will lead to massive packet loss on heavy traffic days.

So all you need to do is console into the ShoreTel switch and make sure that the port is set to “100/Full Duplex”.

If you need instructions on how to do this, the “Quick Install Guide” provided with most switches and online at http://support.shoretel.com/products/voice_switches/. If you go through the configuration menu for network settings you’ll be given the option to set the port to whatever you need.

I recommend against setting these to Auto unless you’re using Netgear switches on the network. Cisco switches and ShoreTel switches don’t particularly play nice together.

How to set up L2TP VPN in Cyberoam

If you need a super easy VPN that can be used without buying a software client like Cisco VPN Client, then L2TP is definitely the way to go. Windows 7, Vista and XP all have a built-in VPN client that can hook up to it. It’s a really good alternative to traditional IPSEC especially for your road warriors.

 L2TP Connection Setup

  1. Log into your Cyberoam and click “VPN” on the left hand side.
  2. Select L2TP and fill in the blanks.
    1. The Local IP address should be the one corresponding to the LAN port on your Cyberoam.
    2. “Assign IP” should be a range of UNUSED IP addresses on your Local Network. I selected a range of 10. For example if 192.168.1.100 through 192.168.1.110 were not used for anything on your network and could be reserved for this, place those IP addresses in these field.
    3. The DNS server blanks should be your internal network DNS servers so that your users can hit your internal servers without IP addresses. Please see the note below on client set up as I’ve run into a couple of issues with this.
    4. You can add a WINS server, but who uses WINS anymore?
  3. Once you’re done there click on save, then click the policy tab.
  4. You can use the Default L2TP policy, I know it works just fine.
    Capture of Cyberoam L2TP settings
  5. Select pre-shared key in the drop down and put in a good strong passkey for your connection. Cyberoam will typically recommend a simple number sequence for testing purposes and to insure you confirmed it correctly on both ends. You can start out with something like “12345678” but please change this after you’ve tested it.
  6. The WAN port should be the internet facing IP address your users will be entering into Windows. Please note that if you don’t have a static IP address for your internet connection, you’ll need to use a dynamic DNS service or configure Cyberoam’s dynamic DNS service.
  7. I usually check the “Allow NAT Traversal” checkbox. This helps if your end users are behind a router somewhere.
  8. Set Remote LAN Network to “Any” as you might not know how the other end’s network is set up.
  9. Leave remote ID like it is.
  10. Leave the Quick Mode Selecters as default (it should look like the picture above), unless you know you need a different port.
  11. Click Save, and activate the connection.

L2TP users

I like using Active Directory Integration anywhere I can but for some reason the Cyberoam doesn’t like LDAP users authenticating to it over VPN. I might have a setting wrong, but I’ve never gotten this to work right anywhere I’ve installed one. If  you have LDAP/AD integration set up, you’ll just need to add extra users in the Cyberoam for L2TP access. If you imported all your users manually then you can just go into users you want to give access and select the L2TP enable box.

Setting Up Windows VPN

I assume Windows 7 for this. Vista directions are almost identical, XP should be easy to figure out. I would imagine Windows 8 uses the same basic wizard as Vista/7.

  1. Go into your network and sharing center and click “Set up a new connection or network”.
  2. Select “Connect to a Workplace” in the next window. Click Next.
  3. Select “Use my Internet Connection (VPN)”
  4. Type in the IP address you selected in step 6 when you set up the L2TP connection on the Cyberoam. You can also put a DNS name here if you want (Like if you use dynamic DNS or have a DNS record set up on the internet for this IP). Name the Destination. I also will typically select the “Allow other people to use this connection” if multiple usernames will be used on the target computer. Click Next.
  5. Put the username and password in on the next window. These are the Cyberoam user names. Again if you use LDAP you may or may not be able to use your normal Windows login credentials here. I typically don’t send the Domain if I set up Cyberoam specific usernames for this. Click Next.
  6. It will attempt to connect, but you want to skip that because you need to enter a pre-shared key into the Windows settings.
  7. Go back into Network and Sharing Center and click on “Change Adapter Settings”.
  8. You’ll see the VPN connection you just set up here. Right click on it and hit properties.
  9. Everything on the General Tab should be fine. Click on the Options tab. I typically uncheck “Send Windows Domain” since you are logging in with a Cyberoam account. Click on PPP Settings and make sure the bottom two boxes are unchecked.
  10. Click on the Security Tab. Change “Type of VPN” at the top to “L2TP”, this will save a LOT of login wait time. Click the Advanced button under the drop down and select “Use preshared key for authentication”. Enter the same key you put into the Cyberoam in step 5.
  11. Under Data encryption I will select “Optional Encryption” for testing purposes. Required encryption works fine though.
  12. Select “Unencrypted password (PAP)” under the allowed protocols. I usually just do this to test the connection, I take it off for production.
  13. Click the Networking tab. It’s a good idea to manually enter the DNS servers under the IP4 properties. For some reason the DNS servers aren’t always transmitted to the client.
  14. Click OK.

You should be able to connect just fine. Remember you’ll need to test this outside your own LAN. The only problem I’ve had with this method is that the connection occasionally needs to be reset by de-activating and re-activating it under the L2TP connections tab in the Cyberoam. I wouldn’t use this for more than a few users.

The main reason you won’t be able to connect is if you typed the pre-shared key incorrectly. The second reason is usually an incorrect user/password combination. The third biggest reason is the connection needs to be reset as mentioned above. Also I’ve never been able to get more than one remote user per site to be able to connect successfully. So don’t do this and send teams of people to one place on a shared internet connection and expect them all to be able to connect.

 

 

ShoreTel Communicator Not Installing Properly – Fixes

If you’ve got a new ShoreTel system install, there are a few things that can go wrong with installing Communicator on people’s machines. Several problems I’ve run into are the following:

  • ShoreTel Communicator install isn’t writing the registry key. It seems to install fine otherwise.
  • Communicator fails midway through the installation.
  • Communicator demands to have .NET Framework 3.5 installed, but can’t download it.
  • Some other dependency won’t install.
  • Pushing Communicator out through Group Policy doesn’t work.
  • Pushing Communicator out through Desktop Authority (or similar software) doesn’t work.
  • Communicator asks for a password to install.

Most of these problems are not actually problems with ShoreTel Communicator, they’re security policy conflicts. Here’s how to remedy these 99% of the time.

  • Turn off UAC in Vista if you can. This is a big one, it screws up some older versions of the install package. Most of the stuff UAC controls, you can control with group policy. This assumes you have a domain.
  • Try to install Communicator from a local administrator account. Sometimes running it as Administrator won’t cut it, especially if you’ve got roaming profiles and such.
  • Do a Full Uninstall of Communicator. You must be logged in as an Administrator account. I use the local Administrator account when I do this for speed reasons. Here are the steps:

Step 1– Uninstall Communicator the normal way. If this fails, just skip to the next step. If it succeeds, well you need to do the following steps anyway.

Step 2 – Delete the following folder: “C:Program FilesShoreline Communications”. Delete all of it. Use one of those disk wipe utilities if you have to. If ANYTHING is in here, this can cause the install to fail. If you see a Shoreline Teleworks folder here too, get rid of it.

Step 3 – Delete the following registry key: “HKEY_CURRENT_USERSoftwareShoreline Teleworks”. Usually you’ll find one under HKEY_LOCAL_MACHINESOFTWAREShoreline Teleworks. You may also see a “Shoreware Communications” or similar key. This is usually because of an older install on the computer. Shouldn’t see this with a brand new install.

Step 4 – Go into Control Panel and click on Phone and Modem. You may have to set this up, just entire an area code, the number 1, and the number 9 in the blanks.

Step 5 – Once you have the Phone and Modem thing set up, click on the Advanced tab and make sure to delete any entry here with “ShoreTel” in the name. Normally you will see one entry: “ShoreTel Remote TAPI Service Provider”. If you see two like this, that’s why ShoreTel isn’t installing right, or isn’t working right once installed.

Step 6 – Click OK and Reboot your computer.

Step 7 – Once you’ve done this, log back into the computer under the same local administrator account and re-install Communicator. It should install just fine.

Step 8 – Log into the user’s account, run ShoreTel again and let it finish setting up.

  • Sometimes it’s not Communicator or any security policies but a corrupt user profile. Remove the user profile and many times that will fix the problem as well.

I’ve found that if you get to step 8 of the “Full Uninstall” and it isn’t remembering settings, meaning it won’t write the registry values, that you need to turn UAC off if at all possible.You may need to delete the ShoreTel registry keys from the current user as well. You might have to log in back as an administrator and load that user’s hive if your permissions don’t allow you to do this from their account.

A tool that can help is Privilege Authority from ScriptLogic. That’s cleared up a lot of problems for us. They have a free version that will help you solve this.  There is a ShoreTel Communicator rule in the Community. If you have a 64 bit version of Windows you’ll need to alter the path of where it looks for the program (just add (x86) to the Program Files part of the path).

If you’re upgrading your ShoreTel installation you’ll get some similar problems to above. The Full Uninstall method will clear these up too. One odd problem I’ve found when pushing Communicator through Group Policy or Desktop Authority is that it doesn’t always uninstall the old version correctly. You’ll know this happens when you see two entries for ShoreTel Communicator, and one may or may not have the icon filled in. This requires you to do a Full Uninstall and then delete all the registry keys. After you’ve done this you’ll need a tool like CCleaner to remove any entries in Programs and Features.

 

PRI Trace on ShoreTel Switch

This post is about how to do a PRI trace on a ShoreTel T1 switch. I couldn’t find good text instructions on how to do this on the internet. Dr Voip has instructions on how to debug caller ID but if you need a trace log, it won’t help much. It’s probably in the ShoreTel knowledge base, but I’ve been a little disappointed with this in the past. I won’t go into how to interpret the output either, this is just instructions on how to get a log easily for sending to your ShoreTel partner for analysis.

ShoreTel Partners: Feel free to send this page to your customers for instructions. I feel this is a thorough explanation of how to do this.

First things first, you’ll need some special software for this one. You’ll need a telnet client with logging ability, what comes with Windows is difficult get to log easily. Personally I like PuTTy. It’s a nice standalone application, and doesn’t need you to install it anywhere, just copy the putty.exe file wherever you want it, it’ll run from there. I keep it on my desktop at work, and on a shared folder.

The second thing you need to know is that you MUST do this from the ShoreTel server itself. This can be accomplished with a Remote Desktop session, you can not do this from a session on another computer.

  1. Remote into the ShoreTel server (or log in from the console), and fire up PuTTy. I keep a copy of PuTTy on my ShoreTel server, on the desktop of whatever admin account I’m logging in with.
  2. You’ll want to make a saved session for your T1 switch. So open ShoreTel Director and open the Quick Look page if it doesn’t go there by default. Click on whichever site has the T1 switch you need to get the log from. Make note of the IP address of that T1 switch. You’ll need it a lot.
  3. In PuTTy select “Telnet” and type (or paste) in the IP address of the switch up top under “Host Name (or IP address). One trick you can do is add an entry in your DNS server called “priswitch” and connect it to that IP address. Makes things a lot easier, just never change the IP. Go ahead and give it a label in the “Saved Sessions”  and click save. If you need to, select what you just saved and click “Load” to make sure it’s the session that is now active. You’ll know if you need to if the IP address field is blank.

    PuTTy settings for connecting to a ShoreTel switch.
    Yes, I censor IP addresses.
  4. Click the Logging item under “Session” and make the options look like below (click on the image for a better look). The file will be saved wherever the PuTTy.exe file is located.
    PuTTy Logging capture settings.
  5. Click on the Connection Item, and set the Seconds between keepalives box to 30. The ShoreTel switch will kick you out after about 60 seconds, so having it send a null packet every 30 seconds is handy.
    PuTTy settings for insuring connection stays up.
  6. Go back to the Session screen and click save. Now you have a session that’s automatically configured to keep whatever output comes from your PRI switch telnet session. Don’t open the session just yet, you have to allow access to the PRI switch.
  7. Open a command prompt and type this in and hit enter: “cd pro*sho**ser*”. This will take you to the ShoreTel server directory under Program Files.
  8. Type this in the command prompt: “ipbxctl -telneton [IP address of T1 Switch] ” and hit enter.
  9. It will ask you for a password. You can google this or get it from your partner. It’s not a hard password to figure out. If it was correct it will say something like “Telnet enabled”
  10. Open the session you saved in PuTTy. It will ask you for a username and password. This item is documented in your ShoreTel administration guide under how to set up a switch.
  11. In an old switch it will probably dump you right into the VMX shell. Most newer switches will give you an ASCII ShoreTel logo and a numbered menu. If this is the case, type “gotoShell”.
  12. This will give you a prompt that looks like this ->.
  13. You’ll probably get some random output at this point so you just need to type the following commands and hit enter and keep in mind you may not be able to see what you are typing. My advice is to just type slow and not worry about it. Most switches won’t allow the use of a backspace. So just be careful.
  14. Type in the following commands one right after another.trunk_debug_level=5
    pri_trace=10
    pri_log=10
  15. You’ll get a LOT of stuff just scrolling up the screen if you did this right. Now all you need to do is run it for however long you need the log for, or whatever your partner tells you to do. PuTTy will constantly dump the output in this window to a log file.

 

One thing I have found out is that it’s a good idea to have 7zip installed on your ShoreTel server as the log files you have to send to ShoreTel are huge. These log files will compress down very small since they are just text files and allow you to simply e-mail them to TAC or your partner.

 

How To Look Up Phone Service Providers By Area Code and Extension

Sometimes you need to not only know where a phone number is dialing from (area codes tell you this) but who provides the phone number, and whether it’s a cell phone or not. Typically you can get all this information from one website. Here’s how to do it and how to interpret what comes back. This works for the United States, Canada, and Caribbean countries.

This particular site gives a lot of information. It’s main use is for finding out whether a call is local or not. This can help with assigning local prefixes to your ShoreTel system. I have a script that’ll clean the site’s output up and allow you to import it into your ShoreTel system. If anyone wants it please comment and I’ll post it!

  1. Go to Local Calling Guide
  2. Click on the Area Code/Prefix link under the search section to the right.
  3. Type in the area code in the NPA box, and the prefix into the NXX box. If you know the first digit of the last four digits of the phone number you can put it in the block box but that isn’t needed.
  4. Click on Submit

 

You’ll get a table of items back. This is how you tell what kind of phone number this is.

The NPA-NXX-X block is the area code/prefix blocks. In the case above Pathwayz has the entire 806-350 block. If multiple carriers own a block it will look something like 806-350-1, 806-350-2, and it would have who owns each block listed next to it. If your phone number was 806-350-1xxx it would be in the 1 block.

The Rate Centre box will tell you what city the phone number is located in.  The Region box will show a state. The Switch is what switch the phone number is on. If the Switch is blank, many times this is a cell phone but that’s not always a good indicator.

The OCN will give you the carrier of the phone. This is how you tell whether it’s a cell phone or a land line. If it says something like “Southwestern Bell” it’s usually a landline, if it’s a cell phone it will give a wireless company’s name, and will usually have “wireless” or “cell” in the name. Verizon wireless will show up as “Verizon Wireless” but their land lines will show up as just “Verizon” most of the time. The example above is a land line block from a local phone company.

The LATA code is used to figure long distance rates. I have no idea what this means in Canada, but in the US that’s what it means on a basic level. This isn’t always exact either so click on the block link for local vs. long distance calls, not trying to match the LATA.

The other fields aren’t very important but can tell  you when a block of numbers was discontinued. I haven’t ever seen these filled in, but in bigger cities they might be.

The map link will give you a Google Map of where the rate center is. Not terribly useful but convenient.