PRI Trace on ShoreTel Switch

This post is about how to do a PRI trace on a ShoreTel T1 switch. I couldn’t find good text instructions on how to do this on the internet. Dr Voip has instructions on how to debug caller ID but if you need a trace log, it won’t help much. It’s probably in the ShoreTel knowledge base, but I’ve been a little disappointed with this in the past. I won’t go into how to interpret the output either, this is just instructions on how to get a log easily for sending to your ShoreTel partner for analysis.
ShoreTel Partners: Feel free to send this page to your customers for instructions. I feel this is a thorough explanation of how to do this.
First things first, you’ll need some special software for this one. You’ll need a telnet client with logging ability, what comes with Windows is difficult get to log easily. Personally I like PuTTy. It’s a nice standalone application, and doesn’t need you to install it anywhere, just copy the putty.exe file wherever you want it, it’ll run from there. I keep it on my desktop at work, and on a shared folder.
The second thing you need to know is that you MUST do this from the ShoreTel server itself. This can be accomplished with a Remote Desktop session, you can not do this from a session on another computer.

  1. Remote into the ShoreTel server (or log in from the console), and fire up PuTTy. I keep a copy of PuTTy on my ShoreTel server, on the desktop of whatever admin account I’m logging in with.
  2. You’ll want to make a saved session for your T1 switch. So open ShoreTel Director and open the Quick Look page if it doesn’t go there by default. Click on whichever site has the T1 switch you need to get the log from. Make note of the IP address of that T1 switch. You’ll need it a lot.
  3. In PuTTy select “Telnet” and type (or paste) in the IP address of the switch up top under “Host Name (or IP address). One trick you can do is add an entry in your DNS server called “priswitch” and connect it to that IP address. Makes things a lot easier, just never change the IP. Go ahead and give it a label in the “Saved Sessions”  and click save. If you need to, select what you just saved and click “Load” to make sure it’s the session that is now active. You’ll know if you need to if the IP address field is blank.
    PuTTy settings for connecting to a ShoreTel switch.
    Yes, I censor IP addresses.
  4. Click the Logging item under “Session” and make the options look like below (click on the image for a better look). The file will be saved wherever the PuTTy.exe file is located.
    PuTTy Logging capture settings.
  5. Click on the Connection Item, and set the Seconds between keepalives box to 30. The ShoreTel switch will kick you out after about 60 seconds, so having it send a null packet every 30 seconds is handy.
    PuTTy settings for insuring connection stays up.
  6. Go back to the Session screen and click save. Now you have a session that’s automatically configured to keep whatever output comes from your PRI switch telnet session. Don’t open the session just yet, you have to allow access to the PRI switch.
  7. Open a command prompt and type this in and hit enter: “cd pro*sho**ser*”. This will take you to the ShoreTel server directory under Program Files.
  8. Type this in the command prompt: “ipbxctl -telneton [IP address of T1 Switch] ” and hit enter.
  9. It will ask you for a password. You can google this or get it from your partner. It’s not a hard password to figure out. If it was correct it will say something like “Telnet enabled”
  10. Open the session you saved in PuTTy. It will ask you for a username and password. This item is documented in your ShoreTel administration guide under how to set up a switch.
  11. In an old switch it will probably dump you right into the VMX shell. Most newer switches will give you an ASCII ShoreTel logo and a numbered menu. If this is the case, type “gotoShell”.
  12. This will give you a prompt that looks like this ->.
  13. You’ll probably get some random output at this point so you just need to type the following commands and hit enter and keep in mind you may not be able to see what you are typing. My advice is to just type slow and not worry about it. Most switches won’t allow the use of a backspace. So just be careful.
  14. Type in the following commands one right after another.trunk_debug_level=5
  15. You’ll get a LOT of stuff just scrolling up the screen if you did this right. Now all you need to do is run it for however long you need the log for, or whatever your partner tells you to do. PuTTy will constantly dump the output in this window to a log file.

One thing I have found out is that it’s a good idea to have 7zip installed on your ShoreTel server as the log files you have to send to ShoreTel are huge. These log files will compress down very small since they are just text files and allow you to simply e-mail them to TAC or your partner.

How To Look Up Phone Service Providers By Area Code and Extension

Sometimes you need to not only know where a phone number is dialing from (area codes tell you this) but who provides the phone number, and whether it’s a cell phone or not. Typically you can get all this information from one website. Here’s how to do it and how to interpret what comes back. This works for the United States, Canada, and Caribbean countries.
This particular site gives a lot of information. It’s main use is for finding out whether a call is local or not. This can help with assigning local prefixes to your ShoreTel system. I have a script that’ll clean the site’s output up and allow you to import it into your ShoreTel system. If anyone wants it please comment and I’ll post it!

  1. Go to Local Calling Guide
  2. Click on the Area Code/Prefix link under the search section to the right.
  3. Type in the area code in the NPA box, and the prefix into the NXX box. If you know the first digit of the last four digits of the phone number you can put it in the block box but that isn’t needed.
  4. Click on Submit

You’ll get a table of items back. This is how you tell what kind of phone number this is.

The NPA-NXX-X block is the area code/prefix blocks. In the case above Pathwayz has the entire 806-350 block. If multiple carriers own a block it will look something like 806-350-1, 806-350-2, and it would have who owns each block listed next to it. If your phone number was 806-350-1xxx it would be in the 1 block.
The Rate Centre box will tell you what city the phone number is located in.  The Region box will show a state. The Switch is what switch the phone number is on. If the Switch is blank, many times this is a cell phone but that’s not always a good indicator.
The OCN will give you the carrier of the phone. This is how you tell whether it’s a cell phone or a land line. If it says something like “Southwestern Bell” it’s usually a landline, if it’s a cell phone it will give a wireless company’s name, and will usually have “wireless” or “cell” in the name. Verizon wireless will show up as “Verizon Wireless” but their land lines will show up as just “Verizon” most of the time. The example above is a land line block from a local phone company.
The LATA code is used to figure long distance rates. I have no idea what this means in Canada, but in the US that’s what it means on a basic level. This isn’t always exact either so click on the block link for local vs. long distance calls, not trying to match the LATA.
The other fields aren’t very important but can tell  you when a block of numbers was discontinued. I haven’t ever seen these filled in, but in bigger cities they might be.
The map link will give you a Google Map of where the rate center is. Not terribly useful but convenient.

Create Facebook Schedule With Cyberoam

I’ve noticed a lot of people asking about how to schedule when a user can or can’t use Facebook. This is pretty easy to do in Cyberoam, you can either do it globally, or on a per user basis. I’ll show you how to do this on a global basis. If you want to do this on a per user basis then you just need to make individual policies for your users. The steps below can apply to any website, not just Facebook.

Step 1 – Log into your Cyberoam and go to the web filter section and select categories. Add one called “ScheduledSafeSites”. This will be for anything you want to allow during a certain time, if you want to block them name the category “ScheduledBlockedSites”. Personally I think only one for safe sites is necessary but I can see blocking say, during the day and let the night guy watch it. I went ahead and added “” to mine as an example. You can add, or whatever you want here. Just like you would add sites to any other category.

Step 2 – Check policy you want this added to and change both settings to “allow”. This is just the HTTP or HTTPS allow/deny settings.

Step 3 – Go into the Policy setting under Web Filter and open up the policy you added the category to. Click the little wrench icon next to the new category.

Step 4 – You can then select an right schedule. This particular example uses work hours, which is by default 10am to 7pm. You can go into the objects menu on the Cyberoam and edit or create any sort of schedule you want.

Step 5 – Hit ok and save your changes, your users will now only be able to get to the site when you want.

Notes: For this to work properly you need to make sure your Cyberoam’s time is correct. I’ve had a couple of instances where the time was off due to someone picking the wrong time zone during the first setup. If you are getting people who can get to the blocked site earlier than normal, go to the system menu and click on configuration. Most of the time it’s the time zone that is wrong, just find the right one.
Sometimes during the initial setup the Cyberoam appliance will figure out what time zone it’s in based on the internet IP address, but if you have a weird ISP it might find the wrong one. It isn’t entirely human error that causes this and it’s really easy to miss.

Add Hyperlinked Pictures to Outlook 2007 Signatures

I had an interesting question come up yesterday about how to put a Facebook Like button in an Outlook signature. At first I thought the obvious answer was that it was not possible. What the user was really asking though was if we could put a Facebook link button/graphic in a signature or not. I figured that was obviously yes, just paste the HTML code in the signature and that was it right?
Apparently not, according to the Google search results I got back. All the message boards I got back seemed to be in agreement that Outlook 2007 did not support HTML signatures and had these complicated workarounds that wouldn’t be useful for anyone at my organization.
I found a simpler way to add hyperlinked pictures, and its painfully obvious.
Step 1: Open Outlook 2007 and go to Tools -> Options and click the Mail Format tab, then click the “Signatures” button.
Step 2:  Either select the signature you want to change or make a new one.
Step 3: Click wherever you want your picture or icon to go.
Step 4: Click the image icon next to the hyperlink icon on the editing toolbar.

Step 5: Select your picture and insert it into the signature.
Step 6: Click on the picture you just inserted so that it is the selected Object.
Step 7: Click the hyperlink button.
Step 8: Don’t change any of the settings that come up, just put your hyperlink into the  Address Box.

Step 9: Click OK and test your signature.
Of course there are methods to make a direct html signature in Outlook and potentially make a direct like button using the Facebook API. I think this would tend to be impractical if you could even include Facebook API calls in an e-mail. So I tend to think you’d be better off just linking to a page with the like button included.

Cleanly Removing a User Profile from Windows 7

One IT trick I learned a long time ago that seems to fix a lot of problems, especially with users who’ve been in a Windows system for years, is called “Rebuilding A Profile”. The most dramatic example of problems caused by a corrupted user profile that I’ve come across was from an old engineer at the power company. He was one of those guys who’d been with the power company since anyone could remember and had used the same user profile for over a decade at that point. It had become so corrupted that he would log in, then it would make him log in again. On top of that it made his computer run extremely slow and screwed up his Outlook functionality to the point he had to enter his password twice before it would connect to exchange.
It had gone on so long that he’d assumed it was because of his position and weird security settings he had. He’d been doing this for so long that he’d never bothered to report it to IT and only when I’d replaced his computer with a new one and noticed this issue did anyone take action. It took about 30 seconds to fix.
I’ve seen other less dramatic problems like this everywhere I’ve worked and the solution is usually the same. You delete the user’s current profile and then let them log back in and Windows will rebuild it.
CAUTION: This will pretty well wipe out any and all user customization, desktop backgrounds, Outlook data, practically everything. I really only suggest this for domained networks. If you have a network where every user is a local user name don’t attempt this or it WILL cause you some problems.
First thing you need to do is find where exactly the user profile is stored. You can do this by going into Active Directory Users and Computers, right clicking on the user and clicking on Properties. Under the profiles tab, you’ll see a Profile Path box. If it’s blank, that means it’s a ‘local profile’ and stored on their computer. If it’s got something like \\servername\profiles$\username that means it’s a roaming or server-side profile and that’s where it’s at. You’ll also want to take note of where their Home directory has been mapped to, again the same thing applies, if it’s blank it’s a normal local home folder, if it’s got a location mapped it’s in the place mentioned.
Once you’ve determined this follow these steps:

Step 1 – Log them out of Windows and log into a local administrator account.

Step 2 – Go into their Home Folder and make sure you back up their Desktop, Documents, and Favorites folders. You can just move these to a temporary directory. The default place for this is in “C:\Users\Username” . You’ll want to back up those basic folders on their local machine. If the home directory is on a network share, you’ll probably only see those folders that have been redirected there and typically the three I just mentioned are what get re-mapped to a network share. Go ahead and back those up. They might have other folders they’ve made here as well, you’ll want a copy of those too.

Step 3 – The next thing you want to do AFTER you’ve got a backup of their stuff is delete their profile folder on the local machine.  This will always be the C:\Users\Username folder mentioned in step one, whether that’s where their profile is located or not.

Step 4 – If they have a roaming or network profile go ahead and delete that profile folder too. If their home folder is separate you can just leave it in most cases.

Note: If when you complete these steps the problem still isn’t fixed, it’s a good idea to repeat all this again and delete their home folder too. Just make sure to make new backups for when anything has changed.

Step 5 – Next go into the Registry Editor on that machine. You can do this by clicking the start button and just typing “Regedit” into the search box. Older versions of windows you can do this by clicking Run and entering “regedit”

Step 6 – Go to the following Key:
HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList.
You’ll see a bunch of sub folders and keys that look something like S-1-5-1533239630-186…. Obviously yours will be slightly different from mine so I will only give a random example. Click through the folders with the longer names and you’ll see they contain a key called “ProfileImagePath”. Look for one where that key’s value is the folder you deleted before. When you find it; delete that containing folder on the left (the S-1-5-21-143152534-1231432-1222 one, not the ProfileList folder). This will avoid the “Temporary Profile” error that Windows 7 is prone to have when you just delete the folders.

Step 7 – Log out of your administrator account and reboot the computer.

Step 8 – Have the user log in again. They’ll notice their desktop is mostly blank, documents are gone and so forth. Just move the files you backed up back into their proper folders and the next time they log in they’ll see them.

Step 9 – Set them up on that computer as if they were new. Get Outlook setup, replace any printers that aren’t automatically deployed, etc.

Step 10 – Have them reboot the computer after you’re done and they should be good to go.

It seems complicated but all  you are really doing is basically the following:

  1. Backing  up their stuff.
  2. Deleting their Profile files.
  3. Having them log in as if for the first time.
  4. Putting their stuff back

It’s amazing the kind of weird problems this process fixed. Typically I use this as a last resort if I can’t actually fix whatever problem they are having. The reason for this is because the system thinks they have literally logged in to that computer for the first time. If you deleted all their network paths its just like they logged into the network for the first time. So they will have to set everything up like it used to be. That means desktop layout, background picture, and everything.
If you’re a home user and have odd problems that seem to defy explanation this will work for you too. Just do the steps and ignore the part about network folders.  Back up the stuff in your Documents, Videos, Photos, Downloads, Favorites, and whatever other folders (click on your name in the start menu to see these) by copying them to an external drive.  Delete the C:\users\yourname folder (log into a separate administrator account first). Then do step 6, and then log in as yourself and put all your stuff back into the right folders (don’t just drag the folders back, actually copy the contents from the backed up ones to the new ones). This is also a quick way to reorganize your stuff too.

How to Swap out a T1 Voice Switch Shoretel

Short one today. I’ve been having a few issues with phone calls here, so after getting a new circuit and all that the problem didn’t resolve, so i’m thinking it’s our T1 switch. I wanted to make a few notes on how to go about swapping them out.

 Step 1 – First set up the switch in ShoreTel Director. You don’t need a new set of trunk groups or anything, just the new switch.

Set your switch up however you normally do, personally I use static IP addresses for my switches and program them through the serial port. Honestly you could set up DHCP reservations in your DHCP server too. You might have to enter the server IP through the console, but when it boots into the server the first time the server actually changes this, so it might not be necessary (I’ve seen it do it on a packet sniffer and yes it kept changing it to the wrong IP).

Step 2 – Make sure the T1 settings are the same on both switches as you are setting up a replacement, and you’ll be hooking the existing T1 into the new switch, not adding any additional capacity. It’s also not a bad idea to check with your phone company on these settings if you can.

You can just set up the first Trunk in the T1 switch and use “Fill Down”. Make sure they are set up on the existing trunk group, again it’s best if you don’t make a new trunk group as you’ll have to re-enter everything.

Step 3 – When you’re ready all you should have to do now is move the T1 from one to the other. I always like to unplug the old switch just to make it show “offline” and not “D-Channel Down” as that can freak out other people getting into the Director.

I like to leave the old settings in place in Director for several days when I do this just to make sure everything is fine. Once you determine the new switch works fine, just delete the old one. That’s really all there is to it.

How to Set Up Blocked and Safe Site lists In Cyberoam 10

If  you have a Cyberoam appliance you know that you can actually manage content filtering for individuals, specific machines or just about any sort of granular criteria you can think of. So I went about unblocking Facebook for several people around the office so they can use it. When I did my boss told me that he was only able to see text in his Facebook page. I searched the internet for the problem and couldn’t find a decent answer for this. So I fired up the handy packet capture diagnostic tool and found that Facebook uses another domain name for its images in its CSS files. The Cyberoam will filter out the images from and let the text through from, just like it’s supposed to if you have DatingMatrimonials or whatever Facebook is categorized under now blocked.
So to unblock Facebook entirely you need to unblock both and 

How To Setup Blocked and Safe Site Lists In Cyberoam 10

Also just in addition to that bit of information on how I set up my white and black lists in Cyberoam. I’ve done this for the probably dozen of these appliances I’ve set up for people. It makes it much easier to manage. Please keep in mind this is not a default setup.

Step 1 – Determine and implement whatever method you use for individual Authentication. Personally I use the Clientless SSO method.
Step 2 – Open up the Web Filter Section and click on Policies.
Step 3 – Don’t use any of the Cyberoam pre-loaded Web Filtering Policies, make your own new one and use one of theirs as the template. Typically I’ll use the “General Corporate Policy” as the template because it covers most of the basic categories most companies want to filter out.
Step 4 – Hit OK to save the Policy, then click the little Manage icon to the right of it so you can edit the categories.
Step 5 – Add any other categories that are missing, and change any you want to implicitly allow to “Allow” instead of “Deny”. Anything not on the list is going to be allowed by default. For instance one company I set up for wanted Gambling specifically denied, and needed the Weapons category unblocked. My own company needed JobSearch unblocked. I typically will block Cricket just because I think it’s hilarious that Cricket is a category (yes one of my acquaintances at Cyberoam told me why, it’s doubly hilarious).
Step 6 – Go ahead and save your work now and move into the Categories section.
Step 7 – Typically here I will add two categories: “Safe Sites” and “Blocked Sites”. This is a very basic black and white list set up.
Step 8 – Go back and manage your new Policy and add SafeSites to your new Policy as “Allowed All the Time” and BlockedSites as “Denied All the Time”.
Step 9 – You could also add a few more categories like “BlockedUntilNoon” and add schedules to them obviously. For instance you might want Facebook only available from 11:00 until 1:00 or something.
Step 10 – Make sure this new policy is the policy for everyone in your organization that needs this type of content filtering.

Now all you need to do to block a specific site is add it to “BlockedSites” and if you want to explicitly unblock a site, add it to “SafeSites”. My favorite example of this is Budweiser, which is an employer here, needed to be unblocked, but Alcohol is a category blocked by Policy. I added the appropriate sites to the SafeSites category and it was unblocked, but is still blocked.
You could take this a step further and make a Global Safe Sites and a Global Blocked Sites and then say Accounting Safe Sites and Human Resources Blocked sites. This would get you a bit more control over things, like if HR needs Facebook but Accounting needs it blocked, but they everyone needs MySpace blocked. Then you’d have an “Accounting Policy” and an “HR Policy”.
One other thing I like to do is make a really locked down tight policy and add it to the Firewall Rule #1, which is the “#LAN_WAN_AnyTraffic” rule. The CIPA one is a pretty good one to use for this. Just select that as the default policy. That way anyone who’s not logged in uses that but still has some small amount of internet use.