Handshake Error 336027900 between Cisco Expressway – SBA Lync 2013

Hi guys!

Sometimes when you integrate Videoconference Cisco Expressway with Skype for Business server 2015, and you have a Lync 2013 SBA (usually AC mediant 800) in the topology of Skype for Business, you receive the following handshake error: “handshake error 336027900 on incoming connection”

2019-04-19 18:50:38.789 Info handshake error 336027900 on incoming connection 2902 from 192.168.2.150:51993 to 192.168.1.162:5061
2019-04-19 18:50:39.404 Info handshake error 336027900 on incoming connection 2904 from 192.168.2.150:51996 to 192.168.1.162:5061
2019-04-19 18:50:39.965 Info handshake error 336027900 on incoming connection 2903 from 192.168.2.150:51998 to 192.168.1.162:5061

To solve this, you need to enable TLS 1.2 on Windows Server 2008 r2 OSN Module. By Default, this entry is disabled on WS 2008 and WS 2008 r2. To enable you can follow the next steps or visit official documentation from here.

Step 1

Connect to Lync 2013 SBA OSN module as you want, RDMAN or Terminal Server. Then go to regedit console:

09-05-2019 16-03-34
Step 2

Add keys to registry as the following:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
“DisabledByDefault”=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
“Enabled”=dword:00000001

To do this, go to the path:

HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Control > SecurityProviders > SCHANNEL >Protocols

Then, click with right button and select “New”, “Key”:

09-05-2019 16-05-03

…and create the key “TLS 1.2”:

09-05-2019 16-05-34
Now, you need to create the subkeys “server” and “client”:

09-05-2019 16-07-54

When you have this, you need to create a “Enabled” DWORD entry with value 1 on “server” path:

09-05-2019 16-12-16

Done this, create a “DisableByDefault” DWORD entry with value 0 on “Client” path

09-05-2019 16-31-10-2
Well, Now you need to reboot the server to apply changes. When the server restart, the handshake errors will desappeared

NOTE! Is very important that you have the security update than allow enable compatibility with TLS 1.1 and TLS 1.2

I hope this information was helpful for you.

Thanks & Regards

Advertisements

Optimize Network – Audiocodes Mediant OSN Module

Sometimes you use GE1 to configure enterprise Network, but you leave disconnected the GE2 losing Network High Availability. I’m sure that you want to give the best service to your client, so you can use GE2 to offer a very good service.

To apply a network high availability to Audiocodes OSN module you need an important thing. You need to have a more than two switch on stack. If you accomplish this requirement you can follow next steps to deploy:

Step One.

Reserve two ports to perform a port channel on switch, for instance:
Switch 1: Gi1/8/13
Switch 2: Gi2/8/13

When you have this, you can continue with step 2

Step two

Configure port channel between to ports reserved

First if you want (is not mandatory) leave by default both ports before you create port channel

SWUCMyc01#configure terminal
SWUCMyc01(config)#default int Gi1/8/13
SWUCMyc01(config)#default int Gi2/8/13

Now, configure port channel on both ports:

Port one:
SWUCMyc01#configure terminal
SWUCMyc01(config)#interface Gi1/8/13
SWUCMyc01(config-if)#channel group 1 mode active
SWUCMyc01(config-if)#description SBAmyc01GE1

Port two:
SWUCMyc01#configure terminal
SWUCMyc01(config)#interface Gi1/8/13
SWUCMyc01(config-if)#channel group 1 mode active
SWUCMyc01(config-if)#description SBAmyc01GE2

Okey, you have configured Port Channel on both ports. Now you can configure options on port channel to replicate to the both ports (except description):

SWUCMyc01(config)#interface po1
SWUCMyc01(config-if)#
SWUCMyc01(config-if)#description SBAmyc01Po1
SWUCMyc01(config-if)#switchport mode access
SWUCMyc01(config-if)#switchport access vlan 15

Note: vlan switchport configuration depend of your scenario, if your servers vlan is vlan 15 as me, you can use this command. if your servers vlan is other you need to adapt the command to your servers vlan.

So, you can see the running configuration of port channel:

SWUCMyc01#sh running-config interface po1
Building configuration…

Current configuration : 114 bytes
!
interface Port-channel1
description SBAmyc01Po1
switchport
switchport access vlan 15
switchport mode access
end

that’s ok. but you need now to configure Audiocodes SBA part. By default LACP protocol is configured when you active PortChannel. So you need to configure this on your Windows teaming

Step 3

To configure properly your teaming enter to Windows Machine as console.

Configure External Team IP parameters as you have determined

Then, access to server manager and press ‘Enabled’ on NIC teaming.

2

A new Window appear. Now you need to press right button on ‘external team’ and select ‘properties’

3

A new window appear one more time. press on ‘additional properties’

4

Now, you need to select LACP and press ‘apply’ button

5

After that, plug in both cables on Ports GE2 and GE1 and check that port channel is up, and you have connectivity to the machine.

Windows:6

Switch:
SWUCMyc01>sh int status | include SBAmyc01
Gi1/8/13 SBAmyc01GE1 connected 15 a-full a-1000 10/100/1000BaseT
Gi2/8/13 SBAmyc01GE2 connected 15 a-full a-1000 10/100/1000BaseT
Po1 SBAmyc01Po1 connected 15 a-full a-1000

If all is ok, well done! you have optimized your OSN module and expand your bandwidth.

I hope this article was useful to you

Thanks & regards

(Update) AUDIOCODES v7 (7.20A.202.203) – SOLVE ISSUES WITH ACCENTED DISPLAYNAMES

Hello guys

I have another “mushroom”. As you know, it exist much differences between v6 and v7 versions of Audiocodes Mediant.

So, one of this differences affect directly to commands on ssl connections.

Now, I update the solved issue with accented displayNames. You can to follow the previous version on this link

If you have the new version 7.X as 7.20A.202.203, you need to follow this steps:

To solve this problem you need to apply in your Audiocodes the ISO 8859 charset:

“iso8859-charset no-accented”

Please, follow next steps to apply the ISO 8859:

Connect to Audiocodes with SSH, and enable the appliance to configure with administrator password

iso8859_1

Next step, type “configure voip” to access to Voip configuration page.

iso8859_2

Then, type “gateway digital settings” to access to GW Configuration.

noaccentedv7_1

Next step, type “iso8859-charset no-accented” to enable this charset, and then type “activate” to activate new features.

noaccentedv7_2

And then, exit from configure page and restart the appliance.

I hope this information will be useful for you

Regards

Front End Crash After install December 2017 CU

Hello All

I have encountered a issue after install SFB Cumulative Update December 2017.

The issue was that Front End Server service didsn’t start.

FEServiceDOWN

I tried to uninstall all December updates and also May 2017 updates and install december CU again, but it didn’t works. In fact, a new message showed at the command prompt

InstallfailedBecause logs didsn’t show me much more information, I surfed internet searching for a solution, but I couldn’t find anything.

After review most of Microsoft Articles without success. I checked the machine again and I discover that Disc C: of my front end had less than 1Gb free. Then I asked myself… Could this be the cause?

I searched One more time on the installation logs. In one of them (Principal Log takes to another log, and then to another, and then to another…) I could find this:

An error occurred: “Microsoft.Rtc.Management.Deployment.DeploymentException” “Install-CsDatabase was unable to find suitable drives for storing the database files. This is often due to insufficient disk space; typically you should have at least 32 GB of free space before attempting to create databases. However, there are other possible reasons why this command could have failed. For more information, see http://go.microsoft.com/fwlink/?LinkId=511023”

So, I tryed expand disk for another 20 Gb and Try to install CU again.

InstallSuccess

Finally It worked and FE Service gone up correctly.

FEServiceUP

I hope this information will be usefull for you

Thanks & regards

CQD – Issue Version QoEMetrics

Hi all

I have encountered a little problem with the installation of CQD:

CQDissue

I was searching for the solution of this issue, I surfed in much web pages, much of Technet articules says what is the version that you need to have in your SFB QoEMetrics database. But I can’t find anything about the user that is needed to use for the installation process.

To detect if the problem is the version of QoEMetrics or the user privilege rights, try to execute a test-csdatabase with the affected user to get the database version. If you get a result like the image below, your user haven’t the appropiate permissions.

testDB

To solve this issue, use a user with the appropiate permissions or grant to the user administrative permissions in the database.

 

I hope this information will be useful for you

Regards

Audiocodes – Solve Issues with accented DisplayNames

Sometimes you have on a site some users with a display Name with special Characters. Well, if you have an audiocodes in the site you can have a problem. Audiocodes doesn’t accept calls with special characters in the display name by default. The ISO 8859 charset is the cause.

Syntoms:

Calls always fail. But if you change the number to another user without special characters, the call can be made.

Solution:

To solve this problem you need to apply in your Audiocodes the ISO 8859 charset:

“iso8859-charset no-accented”

Please, follow next steps to apply the ISO 8859:

Connect to Audiocodes with SSH, and enable the appliance to configure with administrator password

iso8859_1

Next step, type “configure voip” to access to Voip configuration page.

iso8859_2

Then, type “gw digital gw digital-gw-parameters” to access to GW Configuration.

iso8859_3.jpg

Next step, type “iso8859-charset not-accented” to enable this charset, and then type “activate” to activate new features.

iso8859_4

And then, exit from configure page and restart the appliance.

I hope this information will be useful for you

Regards

Enable Telnet on VVX Devices (Telnet Commands)

Hello all

My adventurous soul have discovered a new way to check stats, settings and more things without use web interface of Polycom VVX.

You can show more information using telnet (very useful for administrators and for troublesooting). However, Telnet is disabled by default on all Polycom device. If you want to use Telnet on VVX devices, you need to activate it, but the option doesn’t appear neither the phone menu or web interface. You need to create a cfg file to enable it.

To do that, open a notepad and type the following command:

<telnet diags.telnetd.enabled=”1″></telnet>

Then, you can rename it how you want, for examble “enableTelnet” but you need to ensure that the extension of this file is .cfg

After that, you must connect with VVX web interface and import this file using “import and export” configuration.

importexport

After that, you can connect by telnet to the device. By default, the user is “Polycom” but the password is the same that you configure in your Admin user (so if you didn’t change the default password, it will be “456“). (Note! If you have a mistake introducing username or pasword, it is probably that you need to restart the phone).

polycom

NOTE! Do not forget to create another cfg file to disable Telnet after you finish your configuration (If not, you will have a very high security hole). This file must have the following command:

<telnet diags.telnetd.enabled=”0″></telnet>

When you use “import and export” configuration to disable Telnet, phone will be restarted

How you have much possibilities availables to use commands. You can find below, a list of “Polycom Telnet commands” available to adapt to your needs (also you can obtain this list typing “help” on the command prompt):

addScheduledLogEntry  Adds a command to be run periodically that outputs to the phone’s log.
appPrt  Show UI’s call status.
arpShow  Display the contents of the ARP table.
auth  Change authentication level
BtoeHide  Send call hide request.
BtoeUnhide  Send call Unhide request.
certBackOffInfo  Show Cert Back off info
certBackOffSet  Show Cert Back off info
cfgParamName  Show cfg Param info by passing param name
cfgProvFileTemplateUpload  Uploads templates of the current non-default config to the boot server
cfgProvFlashTemplateUpload  Uploads templates of the current flash config to the boot server
changeRtpConfig  Change RTP/RTCP configuration for ongoing Incoming/Outgoing DECT call
changeRtpConfigForAll  Change RTP/RTCP configuration for all new Incoming/Outgoing DECT calls
checkStack  Checks the stack.
configSyslogSet  Set Syslog parameters in the flash.
                (Server Address, Server Type, Facility, Render level, Prepend MAC)
confShow  Show conference info.
coreAudio  Print core audio information.
coreDumpEncrypt  Set to enable core dump encryption.
cpuLoadShow  Display CPU load (period (s), number of iterations).
cpuUsageShow  Display CPU usage by running Linux top command. [pid]
date  Display the current date.
dbsinfo  Display the database service information
deferwatchdog  Defer All watchdog timers
DelAuthSvcDB  Delete authSvc folder in flash
dhcpcParamsShow  Show DHCP client parameters.
dnsCacheShow  Show DNS cache records.
ds  Debug Services
dspLoadGraphToggle  Toggle DSP load graph between DSP-core-only load and total DSP thread load.
dspLoadShow  Display DSP load (period (s), number of iterations).
dump  Dump file to terminal, including decompressing compressed files
endErrShow  Show END device error stats.
ethBufPoolShow  Display the state of the ethernet pool stack(no parameters)
ethFilterShow  Show Ethernet ingress filter stats.
flkChangeMaxUsers  Changes the max number of user customizations on phone. Usage : flkChangeMaxUsers <number>
flkInitBookKeeping  Initializes the book keeping for FLK. Usage : flkInitBookKeeping <filename(optional)>
fschk  Check phone’s file system
gcovflush  flushes gcov report, upload it to boot server and cleanup.
getBToEPairingCode  Show BToE Pairing Code.
getLyncStatusInfo  Display Lync Status Information
help  Shows basic help for all commands.
hostShow  Show host table.
i  Display status of the specified process, or all running processes (Process_name (optional))
icmpstatShow  Show ICMP statistics.
ifShow  Display ethernet interface statistics (no parameters)
inetstatShow  Show transport layer network status.
iosFdShow  Show file descriptors in use.
ipstatShow  Show IP layer network statistics.
keyPrt  Shows information about the key mapping.
la  List all files in the flash filesystem, including subdirectories.
lfu  Send the logfiles to the provisioning server(no parameters).
linkShow  Show link status.
ll  List files in the flash filesystem (long format).
logd  Dump the log, parameter is reverse order or not.
logda  Print all available log modules and their current level.
logFullSip  Enable:1 or Disable:0 full sip message logging. If enabled fragmented SIP packets are not logged but whole
SIP message is logged
logl  Set the lowest log level which will be displayed (0-6)
logr  Set the renderStdout parameter for the log.
logreg  Set the registration list for sip message log filtering
logs  Set the log level output for a given module ([module] [0-6])
logsa  Set the log level output for all modules. ([0-6])
logt  Set the log display type (0-2)
ls  List files in the flash filesystem.
medSess  Show detailed information on the current media session(s),
medSessStat  medSessStat- Show call statistics of the active media session(s)
memShow  Display heap memory statistics.
mRouteShow  Display IP routing table.
msCallPark  Show detailed information on the MS Call Park session(s),
ncasCb  Show detailed ncas information, related to either call services,
Non call services, or server information (1, 2, or 3)
ncasMisc  Show misc. Non-call information (no parameters)
neighborCacheShow  Display the contents of Neighbor Cache Table
netCCB  Display open RTP ports and their status (no parameters)
netRxShow  Show network receive stats summary.
nslookup  Find the IP for a given hostname
pcapUpload  Upload background packet capture file
ping  Ping a given host (IPv4 or DNS name) [,Data Len in Bytes]
ping6  Ping a given host (IPv6 or DNS name) [,Data Len in Bytes]
printCurrentLocation  GENBAND: Print the current Location Description.
printCurrentTimestamp  GENBAND: Print the current Location information timestamp.
printLocationtree  GENBAND: Print the Location Tree.
pwrsvStat  display power saving status and configuration.
removeScheduledLogEntry  Remove a scheduled log entry.
resPrt  Show information about the resource finder.
routeShow  Display the contents of the routing table(no parameters)
rpcapSecureConnect  Connect to secure packet capture SSH gateway server
rpcapSecureStop  Close connection to secure packet capture SSH gateway server
setLocationID  GENBAND: Set the new locationID.
setTimestamp  GENBAND: Set a new timestamp to force location tree download.
showBackupConfig  Display backup configuration as stored in flash (no parameters)
showChannel  Display Ptt Page Channels information
showDeviceUpdateInfo  Display the Device Update configurations.
showEcho  Show acoustic echo cancellation/suppression status.
showGains  Show acoustic termination gains.
showHdPcm  Show Headset PCM channel status.
showHfPcm  Show Hands-free (chassis) PCM channel status.
showHsPcm  Show Handset PCM channel status.
showPcmAll  Show all PCM channels status.
showPowerSource  Detect power source
showQoeConfig  Prints QoE Configuration
showRunningConfig  Display the current running configuration (no parameters)
showStoredConfig  Display configuration as stored in flash (no parameters)
showUCDInfo  Display the Device Update configurations.
sipOutageToggle  toggle : create or remove outage.
sipPrt  Show SIP stack status.
sipSetAdmSubExp  set Exp SipCallStateSubscribeRoamingSelfOnBehalfOfBoss.
sspsDspBuf  Request DSP buffer status.
sspsMsgShow  Show msg hdi buffers.
sspsShow  Show hdi buffers.
sspsShowMix  Show mixer bindings.
streams  Show detailed information on the active RTP streams
syslogl  Set the lowest syslog level which will be displayed (0-6)
syslogsr  Set the syslog server IP address or Hostname
syslogtr  Set the syslog transport method [udp|tcp|none]
tcpstatShow  Show TCP network statistics.
testNand  Test a NAND block (non-destructive): testNand <blocks> <iterations>
testRam  Allocates and tests a buffer in SDRAM: testRam <alloc_size> <iterations>
time  Show current time.
timerShow  Show rtos timer information.
top  Run Linux top command. [pid]
tpcpStatus  Show TPCP Conversation status.
traceroute  Display the route taken by packets across an IP network for a given host (IPv4 or DNS name)
traceroute6  Display the route taken by packets across an IP network for a given host (IPv6 or DNS name)
TSID  Push the Tech Support Information Dump to the log (Does not reboot).
udpstatShow  Show UDP network statictics.
uiXml  Returns the UIXML command output.
upbasedeferval  Update base defer value
uploadCSR  Upload Generated private key and CSR [ Common Name Org Country State EmailAddress ]
uptime  Show phone uptime.
usbShow  Display USB port name (Plugged in a USB device before running this.)
utilBufPoolStatus  Display RTP current memory usage.
version  Display software and hardware version numbers.
wtPrt  Show Web Ticket status.

I hope this information will be useful for you.

Thank you

Best Regards