How to Set Up an Active Directory Integrated ShoreTel System to Work With Hosted E-mail Solutions

A commenter named Justin pointed this out to me in the ShoreTel Active Directory Integration post. When you set up Active Directory Integration, one of the ‘problems’ is that ShoreTel will pull the e-mail address from the “User Principal Name” of your Active Directory System. It grays out the email field in the GUI so you can’t edit it either. Which, if you host your own Exchange Server, isn’t really a problem. Most Windows networks with hosted e-mail will have two e-mail addresses for each user. One is the ‘real e-mail address’ which will look a little weird. Say your domain is “testcorp.local”, your usernames are firstname.lastname and your outside e-mails are

My internal e-mail would be: aaron.evans@testcorp.local (UserPrincipalName)
My outside e-mail would be: (Email Field in AD)

ShoreTel will take the first one, and if you host your own e-mail it’ll just show up in the proper Inbox. The problem today is that a lot of businesses are moving to the cloud for their e-mail. Google Apps, Office360, Zoho and a lot of cloud based e-mail services are replacing expensive self hosted solutions. ShoreTel has helpfully put in an easy, if not obvious fix for this.

This should really be a check box.

Set ShoreTel Director To Pull E-mail Addresses From Active Directory E-Mail Field Instead of Primary User

Step 1 – I’m assuming you’ve already Integrated your Shoretel System with Active Directory (Seriously this is the best thing in the world and my most popular article).

Step 2 – Remote into your ShoreTel Director through Remote Desktop. You should now be able to just type “shoretel” into the box if you followed my directions in the article.

Step 3 – Open “regedit”. If you’re still on Server 2003, click the start menu and type “regedit” and hit enter. On Server 2008 it’s the same process. I assume Server 2012 it’s the same idea.

Step 4 – If you’re running a 32 bit server navigate to the following key: HKEY_LOCAL_MACHINE\SOFTWARE\Shoreline Teleworks\

If you’re running a 64 bit server (and we all should be by now) navigate here: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Shoreline Teleworks

I’m unfortuately running a 32 bit server a version or four behind so this is the best screen shot I’ve got:

Shoretel - Email From AD


Step 3 – Add a DWORD value UseADSMTPFieldForEMail and set it to 1. You do this by right clicking the right hand part of the window, clicking New and selecting “DWORD” and naming it properly (it tends to be case sensitive so you might want to copy/paste). Set the value to 1.

ShoreTel - Email From AD 2


NOTE: You MIGHT already see this value here. I didn’t want to over complicate this step with details, see the notes at the bottom of the post for more information on this step, it can a little more complicated than this depending on your version. 

Step 4 – Reboot your ShoreTel Server. I tried several things to get this to work without rebooting. Looks like rebooting the server is the only way to get it to work.

Step 5 – The Director will now pull whatever is in this field in AD:

AD Email


You may need to go in and Sync everyone again. Though when testing it on my server, it mostly did it without any help. If you’ve changed e-mail addresses a few times, it might pull old information, however.

Notes on Step 3:

So step three has some details I left out due to the complexity of the ShoreTel system and version differences. You may have to make a few decisions based on your version and what you see.

If you see the value mentioned in Step 3 you just need to set it to 1. This probably means you have version 13 of ShoreTel or higher.

The forum post Justin provided me with indicated any value named UseADSMTPFieldForEMail would work. Doesn’t matter if it’s a DWORD or not. The actual value of the DWORD doesn’t matter either for version 12 or lower as far as I can tell, just so long as it exists. I suggest making it a DWORD and setting it to a Hex value of 1 because if you upgrade it will need to be that value type for the higher versions. Leaving it at 0 will disable it when you upgrade.

Fixing ShoreTel No Messages May Be Taken For This Mailbox Voicemail Error

Another quick fix today. Occasionally you’ll get a voicemail error message from a user’s voice mail box that says, “No Messages My Be Taken For This Mailbox”. It’s vague and gives no indication why this is happening. The user’s voice mail box might not even be full when this happens.

Unfortunately I’ve seen this happen seemingly at random without the user changing anything and it’s not always obvious what is causing the issue when you look at their settings.

So here’s the Fix.


Server Side Fix

Step 1 – Open the user up in Director under Users -> Individual Users

Step 2 – Click on Personal Options

Step 3 – Edit their Standard Call Handling Mode and Uncheck the box labeled “Enable Voice Mail ‘Greeting Only’ Mode” and click save. You will probably need to check all the other call handling modes and make sure this isn’t checked there.

Server Side Call Handling Mode
Click to Enlarge


At Their Desk Fix

Here’s how to fix the same problem through Communicator at the user’s desk.

Step 1 – Go into the Options menu and select their current call handling mode.

Step 2 – Uncheck the “Enable Voice Mail ‘Greeting Only’ Mode” box and click Apply and OK buttons.

ShoreTel Voicemail - No Messages May Be Taken
Click to enlarge

Setup an On-Hours/Off-Hours Schedule in ShoreTel

Set Up An On-Hours Schedule

Before you start, this page in Director requires a special ActiveX control. I’ve posted an article here on how to install this control manually in case your PC security prevents you from installing it automatically on the site.  Just go ahead and install both controls mentioned as you’ll need them when you set up your auto-attendant scheduling.

Step 1 – Log in to Shoreware Director. If you still are entering a password to get into director, check out my article on Active Directory Integration. It will make your life as a ShoreTel admin so much better.

Step 2 – Click on Schedules on the left hand side of the page. You should see the entries for On-Hours, Holiday and Custom Schedules. Click on Add New next to the On-Hours Section. You should see this:

ShoreTel - On Hours Scheduling - Blank

If you don’t see this, you’ll probably get an error and the site asks to install an ActiveX control. If you don’t get the message, please refer to this article to install the control manually.

Step 3 – Give the schedule a name then Select the areas in the grid that represent the times your office or site is open. They will turn blue. You can only do this one day at a time, you can’t just make a big square over the grid to select multiple days at a time.

Say your hours are 8am to 5pm Monday through Friday, and you are closed Saturday and Sunday. What you can do is select 8-5 on Monday, then right click on the blue section and select “Fill Week”. It will fill up the entire week 8-5, then just right click on the Saturday column and select “Delete”, this will remove the selection from Saturday. Do the same thing on Sunday. Here’s how it will look:

ShoreTel - On Hours Scheduling

Of course if you have hours that aren’t the same every day. You’ll want to manually select each time range instead of clicking “Fill Week” if this is the case.

 Step 4 – Before you save, right click on each entry and select “Edit” and make sure the time is right. It’s sometimes hard to see what you’ve selected. You can just change the time on the dialog box and it will adjust it on the grid.

Step 5 – Click Save.

Your schedule is now set up. Anything in white on this schedule is automatically considered to be “Off-Hours” for that schedule. This means you do not need to set up a separate off-hours schedule.

If you found this information useful, please like us on Facebook or post a comment below!

Export a Wave File From ShoreTel’s Auto-Attendant Menu

If you’ve inherited a ShoreTel system from a previous Administrator you may run into the unfortunate situation where they recorded the menus directly into ShoreTel. While not a bad way to record menus, it doesn’t lend well to having a backup or master file to edit for your Auto-Attendants, or Workgroup Voice Mail prompts.

Note to ShoreTel Partners: When you set up a ShoreTel system for a company, for the love of all that is Holy please don’t record the auto attendant menus directly into the Director. This is lazy and if you do it this way you’ve probably also neglected to fix a backup strategy for their server too. Use the voice mail method, or better yet record GOOD menus into Audacity and convert them, that way you and their Administrator have a backup of this stuff. This can be the most tedious, time-consuming thing to recreate if God forbid their server dies. You can get a good headset for less than $50, or if you were so inclined a professional quality microphone you can hook up to your laptop, a pop filter , and a stand to go with it all for under $120. Put your voice talent in a quiet office or conference room and go to town.

There is a way to get those Wave Files from the ShoreTel system so you can make use of them assuming your system still works.

Export Wave File From ShoreTel Auto Attendant Menu

Step 1 – Go into your ShoreWare Director and click on Auto-Attendant Menus, then click on an Auto Attendant. Make sure you install the voice control.

Step 2 – Click the Play button under the Prompt Text. You’ll get something like this:

Step 3 – You’ll notice it has a path above the progress bar.This is on your local machine. It downloads the wave file to a temporary location. This is the folder you are looking for: “C:\Users\yourusername\AppData\Local\Temp“. In the picture above the “aevans-20” is the first part of the file name you want. Please note that if you have a long username portions of the path in the box will not be visible.

Step 4 – You’ll see a bunch of .WAV files starting with either your username or the username of whoever originally recorded the file in this folder. It may or may not be the Windows username, it could be the ShoreTel username. The file names are in this format in case other applications have dumped their sound files there: username-########-######.wav. The one you want will be the one with the date modified stamp of when you listened to it. Please also note that just going to an auto attendant menu page in the director will download the wav file to your PC, so you may have to listen to a few to figure out which one you need.

Step 5 – Copy the file somewhere else and now you have a backup or a wav file in the correct format in case you need to edit it. Also remember to name this something useful.

Bypass Stateful Inspection Between Networks Cyberoam

If you have a Cyberoam, multiple networks, and/or a ShoreTel system, you’ll run into problems where one network might not pass traffic to another for inexplicable reasons. You can also get one way voice traffic with ShoreTel because of this.

Typically this is due to something called “Asymmetric Routing”. Any number of things can cause this, and it’s not always problem with your network. What happens is a packet takes a different route from point A to point B than it does coming back from point B to point A. The Cyberoam will by default drop the return traffic as it didn’t come back the same way it went out. This is a good security measure.

Sometimes you can fix your network topology, sometimes you can’t but the Cyberoam will still drop that traffic. A firewall rule will not always fix the problem either. If you’re sure that what is getting dropped is not a security risk, here’s how to bypass it.

If there’s one major complaint about Cyberoam ‘not working’ it’s this problem right here. Fortunately their support will fix the problem for you but it can be a huge time waster if you have a bunch of units needing fixed.

There is one other thing they almost always do to resolve a problem with two networks talking to each other. I will go over that in another article.

Bypass Stateful Inspection

Step 1 – Log into your Cyberoam CLI. You can telnet/SSH into the Cyberoam, or click the “Console Link” at the top of your Web GUI. 

Step 2 – Put your username and password in. If you logged in through the Web GUI, just the console password will do.

Step 3 – Type 4 for “Cyberoam Console” in the CLI

Step 4 – To bypass the inspection from one network to another type the following:

set advanced-firewall bypass-stateful-firewall-config add source_network [source network IP] source_netmask [source subnet mask] dest_network [destination network IP] dest_netmask [destination subnet mask]

Note: You don’t have to type the command out. You can just start each parameter that is in bold and hit tab, the Cyberoam will fill it in for you.

Example: You want to bypass traffic inspection from to you’d type this: “set advanced-firewall bypass-stateful-firewall-config add source_network source_netmask dest_network dest_netmask”

Step 5 – If  you need to bypass traffic inspection both ways, type the above command again, only reverse the source and destination networks.

Caution: It is extremely easy to mistype IP addresses. I’ve transposed digits dozens of times, causing the problem to be worse in some cases. You can check your work by typing “show advanced-firewall” in the console. If you need to remove an entry use “del” instead of “add” after the “bypass-stateful-firewall-config” part of the command. You can usually use the up arrow on most telnet clients to cycle back through commands and replace just that word in the line.