ShoreTel/MiTel: How to Migrate MiVoice Connect to a new Server

I have tried to move a few Connect systems from one piece of hardware/OS to another by doing a backup/restore  and it has always ended in disaster. There were always issues with CAS, or certs, or the client not connecting, that I ended up just telling customers it was better to build the system all over again on the new hardware and then cut over to it. Yes users would loose call history, voice mail, client settings extra but as I was not able to do it any other way and TAC was no help this was the best way to go.

With that being said, I did have a customer that had a UC 20 server running Server 2012 that had a bad HDD and needed to be replace. So we replaced with a UC 30 running Server 2016. I decided that this was a good time to try and see if I could make the migration work doing a export of the old server and the import of the new server. I was pleasantly surprised when i was able to get the import and everything working. So here are the steps that I took to make this happen.

The steps below assume that you have already installed all the server roles needed, and made the OS changes that Connect requires.

Also:

• This will change the server certificate for web services (Director,CAS)
• If you are using "Require secure client access" make sure to turn it off from Administration=>System=>Additional Parameters
• If you are using a 3rd party certificate, make sure you have the certificate and private key
• Make sure to install all pre-requisites and prep the server according to the Build notes and the Planning and Install guide
• Use the TACTOOLS power shell script to verify all roles and features are installed

On the Old Server

1. Back up System
1. Navigate to C:\Program Files (x86)\Shoreline Communications\Shoreware Server\MySQL\MySQL Server 5.0\Examples and run the following file
1. BackupCDR.bat -> Will output an .sql file to the root of C:
2. BackupConfig.bat -> Will output an .sql file to the root of C:
3. BackupWebridge.bat -> Will output an .sql file to the root of C:
1. Only required if there is an SA-100/SA-400 in use.
4. BackupMonitoring.bat-> Will output an .sql file to the root of C:
1. Only required for ShoreTel 14.x
5. Copy the resulting .sql files folder to a safe location (Network Share, Thumb drive, etc...)
2. Stop all ST services from script at C:\Program Files (x86)\Shoreline Communications\ShoreWare Server\Script\ hq_shoretel-stop-svcs (make sure to run as administrator)
3. Reboot the server
4. Copy the Shoreline Data folder to a safe location (Network Share, Thumb drive, etc...)
2. If the server is added to the active directory domain, delete the computer account from active director (Roll back from this is hard)
3. Shutdown the server or Disconnect it from the network

On the New Server

1. Make sure the new server has the same Name as the old server
2. Make sure the new server has the same IP address as the old server
3. Make sure the new server does not have any Anti-Virus
4. Add it to the domain if it is needed
1. Make sure there are not Group policies assigned to the server
5. Create a BLANK Shoreline Data folder and copy the keystore directory from the back up of the old server into the folder
6. Re-install the same EXACT version and build that was installed on the old server
7. Copy the database back up files to the root of the C drive
8. Restore all the databases with the restore.bat files located in the \Program Files\Shoreline Communications\Shoreware Server\My SQL\MySQL Server 5.0\Examples  or \Program Files (x86)\Shoreline Communications\Shoreware Server\My SQL\MySQL Server 5.0\Examples
9. Reboot the server
10. After the reboot, log into the server to verify that switches and phones are connected to the new server
11. Stop all ShoreTel services
1. C:\Program Files (x86)\Shoreline Communications\ShoreWare Server\Script\ hq_shoretel-stop-svcs (make sure to run as administrator)
12. Copy the UserData, Prompts, IMArchives and VMS folders from the back up of the old server to the new server
13. Re import your 3rd party certificate through Director (if you have one)
14. Test the system thoroughly to ensure all system functionality is working properly
1. Workgroups
2. Route Points
3. Connect Client
4. Voicemail
5. Auto Attendants
6. Call Handling Mode Changes
7. Extension to extension dialing
8. External dialing
9. Dialing in to Workgroups, hunt groups, auto attendants
10. Phone time
11. Conferencing
12. Instant messaging
13. Call history
14. Mobility
15.  ECT
15. Request new system key

ShoreTel/MiTel: Auto Attendant at remote site with ShoreTel SG90V Switch not playing greeting

I ran into a issue just recently where I migrated a customer from a 2008 R2 server to a 2016 server and instead of doing a back up restore I configured the system from scratch. So it essentially is a new system running but with the same hardware and all the hardware had download the new configurations. The issue we ran into is that a remote site with a singe SG90V switch with external analog trunks would not play the auto attendant recording when some one would call in. It would just play the default ShoreTel back up auto attendant recording, no matter how we tried to route the call to the correct auto attendant.

We tried routing the call to a user and forwarding to the AA, we tried sending it to a route point and then the AA, we tried all sorts of things to try and make this work. The auto attendant was reachable if you called it internally, it was reachable if you called it externally at the HQ site, but the site it was supposed to work at could not get the AA to play. There were no communications issues, TMS was connected, LSP worked between the equipment everything seemed to be configured correctly.

It turns out that the customer uses Office 365 for voice mail to email, and the ShoreTel SMTP relay was configured to use port 587, it was using TLS, and had a smart-host configured as well as a user account to authenticate to Office 365 with. ShoreTel uses SMTP port 25 to transfer AA greetings to V switches, and because the customer  was using SMTP on 587 for Office 365 the recording could not be transferred to the V switch.

So to test we set the SMTP port to 25, removed TLS, and the user account, re-imported the greeting to the AA and tested. We were able to get the AA to play once this took place, but it broke their voice mail to email. This aspect is very important to them so we reverted the changes, but because the V switch already had the AA greeting saved the AA continued to work. The issue is going to be when they want to change the greeting we will have to either find a different work around or we will have to record the greeting, break voice mail to email re-import the greeting and then reconfigure voice mail to email.

As soon as i have more information about a possible work around or resolution to this i will update this post.

ShoreTel: How to configure a ShoreTel IP400 series VPN phone and EGW user

Here are some step by step instructions on how to configure a ShoreTel IP 400 Series phone to use with an Edge Gateway. When setting up a VPN phone for a user I always connect the phone to the network at HQ or a remote site first so that the phone can register with the server, download any firmware and config files, ect, before configuring as a VPN phone. I know you are supposed to be able to just configure it and it should just work but I have not had much success with that working.

1. Connect the ShoreTel phone (IP400) that the user will be using to the local phone network to make sure it gets the latest config and firmware update
2. On the back of the ShoreTel phone write down the MAC address
3. Log in to ShoreWare Director
4. Go to Administration => Users => Users
5. Find the user you would like to configure to use a Remote phone
6. Click on the telephony tab
7. Place a check mark next to Enable remote phone authentication
8. Click Save
9. Navigate to Administration => Appliance/Servers => Platform Equipment
10. Find the Edge Gateway under the name column and click on it (The name should have a line under it making it a hyperlink)
11. The Edge Gateway web page should open
12. The default login is admin and ShoreTel
13. Click Configuration from the top of the page
14. Click on Phones from the left navigation panel
15. Click the Allowed List link
16. At the bottom of the page click the Add button
17. In the MAC address box put the MAC address of the phone you are going to use
1. i.e. 00:10:49:00:00:00
18. In the Phone Name box enter a name ( A description, I usually enter the phone model)
19. In the User ID box enter the Extension number of the user that will be using that phone
20. Click apply
21. With the phone on hook, press the MUTE button followed by 4636# (INFO#)
22. Enter the Admin password 1234# (If asked)
23. Press the down arrow key until you reach Diagnostic and then press Open button (Button under screen on left side)
24. Press the down arrow key until you reach clear configuration and then press Open
25. Press the Clear button
26. The phone will reboot
27. Watch the phone screen and when you see the phone ask you to press any key for set up press the # key
28. You will be asked for a password enter 1234#
29. Press the down arrow key until you reach the VPN and then press Open
30. Set Use VPN to “ON” by pressing the Toggle soft key
31. Press the down arrow to select VPN Gateway
32. Set the VPN Gateway value to the public IP or FQDN of your Edge Gateway (By using the keypad numbers and the * key )
33. Press the Back button (Button under the screen on the right side)
34. Press the Apply button (Button under the screen on the right side)
35. The phone will reboot
1. User experience may very a little bit after this point as not all systems act the same
36. The phone will say Connecting to VPN (sits here for a bit) 
37. The phone will say Unable to connect to VPN (sits here for a bit)
38. The phone will say Server certificate could not be verified press the OK button (Button under the screen on the right side)
39. The phone will say Connecting (sits for bit)
40. The phone will say Requesting Service (for a bit)
41. The phone will say Available or your user info

This is a licensed based usage so make sure you have Remote Phone licenses available to use or get some if you do not. If you don't have the license you can still configure this but if you don't remove it within the 45 day trial period your ShoreTel system will be locked and you wont be able to make any changes to it. You will need to buy the licenses you are over and apply them to the system to unlock it or have ShoreTel unlock you system and this comes with a fee.

 

SIP: P-Asserted-Identity SIP Header mondification

ShoreTel/Mitel allows users to move their extension from one location to another as long as they are configured on the ShoreTel/Mitel system. This not only gives the users the ability to travel between sites with the same extension but also the same DID and Caller ID. This is a really cool feature but it also can create a issue with making cretin calls.

For example you have two sites, we will call them Site A and Site B, and each site has their own external SIP trunks for outbound dialing. We have a user name Jeremy, Jeremy usually works from Site B, and that is also where his DID resides on Sites B SIP trunks. Today Jeremy needs to go to Site A for the day to work. Once there he logs in to a phone and is able to make local and long distance calls like normal going out the Site A SIP trunks with his caller ID even though it does not belong to the Site A SIP trunks. He needs to dial a 800 number to join conference bridge but the call is unable to connect.

This issue is something I have run into a lot. This call is being blocked by the carrier because the caller ID does not match any of the caller ID's that resides on those external trunks. There are a lot of hacks out there that allow people to spoof calls to dial 800 numbers and this is know as toll fraud. One way the carriers combat this is only allowing caller IDs that reside on that circuit to make 800 number calls. There are a number of ways to resolve this by modifying the SIP header to include the Billing Telephone Number (BTN) of that circuit. The way I have resolved it is by configuring P-Asserted-Identity (PAI) on the Ingate SIParator.

The way to do this is, on the SIP Trunk group page in the SIParator, you need to modify the User Name in the Outgoing Calls under the PBX Lines. It normally just has a $1 in the User Name field to pass through the caller ID that it is being presented with from the PBX.

We need to modify it so that it adds the sites BTN to it also. So to do that you would enter in something like this in to the User Name field.

$1?P-Asserted-Identity=%3csip%3a2625555555%401.1.2.1%3e

The green highlight of the line above enables PAI in the SIP header, the blue highlight is the BTN to use and the purple highlight is the IP address of the carrier device. Below is what it looks like when it is in the SIParator.

Now, when Jeremy makes a 800 number call from Site A the carrier accepts the call as he is presenting them with the BTN for authentication that he is allowed to use the circuit, as well as his caller ID even though it does not belong to that circuit.


There are a lot of ways to do this, but this is the way that I have found that works best for most of the deployments I am involved in

Cisco: Track default route when Outside IP address is assigned VIA DHCP

Sometimes you need to to apply a tracking statement to a route so that if a cretin condition is met that route gets removed. In this case I needed to have the default route fail over to a second internet connection if the primary internet went down. Except, we receive a DHCP IP address on the primary connection so I can not just track reach ability to the next hop as that IP address changes. So here is a way to do tracking statements with a DHCP default route. We just set the default route to the interface instead of a IP address.


track 1 ip sla 10 reachability
 delay down 30 up 30 (This makes it so that when there is a failure on the IP SLA it waits 30 seconds to make the change, this is so that it doesn't flap up/down)

ip sla auto discovery
ip sla 10
 icmp-echo 8.8.4.4 source-interface GigabitEthernet0/1
 tag Ping Google
 threshold 1000
 timeout 2000
 frequency 3
ip sla schedule 10 life forever start-time now

(The above section is where you configure an IP address that you want to monitor, the router will send out a ping packet to that IP address to determine readability up/down)

interface GigabitEthernet0/1
ip dhcp client default-router distance 1
ip dhcp client route track 1

ip route 8.8.8.8 255.255.255.255 GigabitEthernet0/1 (Always forces this traffic out this interface so we dont end up sending over the backup)

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 track 1 (Primary internet connection default route with a tracking statement)

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/2 200 (Back up internet connection default route)

Cisco: DMVPN commands and configuration

DMVPN debugs

Debugs on both sides at the same time:
Debug crypto condition peer ipv4 (public ip of peer)
Debug crypto isakmp
Debug crypto ipsec

Clear DMVPN session and Crypto
Interface tunnel0
Shut
Clear dmvpn sesssion interface tunnel0
Clear crypto isa

DMVPN Sample Scripts

These scripts assume that you have the router base configuration already done. They just give you some of the base info to create a DMVPN configuration and are not anything more than base. For the ACL on the inbound interface the script has "any any" on it but should be locked down to the remote IP address of the other spokes and hub.

DMVPN HUB Sample Script

crypto keyring dmvpnspokes
  description For DMVPN Tunnel
  pre-shared-key address 0.0.0.0 0.0.0.0 key "PRE_SHARED_KEY" (This should be a strong key)

crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 2
 hash md5

crypto isakmp profile DMVPNIsakmpProfile
   keyring dmvpnspokes
   match identity address 0.0.0.0

crypto ipsec transform-set ESP-AES-MD5 esp-aes 256 esp-md5-hmac
 mode transport

crypto ipsec profile DMVPNIpsecProfile
 set transform-set dmvpn-aes-sha
 set isakmp-profile DMVPNIsakmpProfile

interface Tunnel0
 description DMVPN_HUB
 ip address "IP_ADDRESS" 255.255.255.255
 ip mtu 1400
 ip nhrp authentication "NHRP_PASSWORD"(This password is configured all Tunnel interfaces i.e.)
 ip nhrp map multicast dynamic
 ip nhrp network-id "NETWORK_ID"(i.e. 10010100)
 ip nhrp holdtime 600
 ip nhrp shortcut
 ip nhrp redirect
 ip tcp adjust-mss 1360
 load-interval 30
 no shutdown
 qos pre-classify
 tunnel source "INTERFACE"(Interface that will be making the DMVPN Connection)
 tunnel mode gre multipoint
 tunnel key "KEY"(i.e 10010100)
 tunnel protection ipsec profile DMVPNIpsecProfile

ip access-list extended inbound
 permit gre any any
 permit icmp any any
 permit udp any any eq isakmp
 permit udp any eq isakmp any
 permit udp any any eq non500-isakmp
 permit esp any any
 permit tcp any any established

DMVPN Spoke Script

crypto keyring dmvpnspokes
  description For DMVPN Tunnel
  pre-shared-key address 0.0.0.0 0.0.0.0 key "PRE_SHARED_KEY" (This should be a strong key)

crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 2
 hash md5

crypto isakmp profile DMVPNIsakmpProfile
   keyring dmvpnspokes
   match identity address 0.0.0.0

crypto ipsec transform-set ESP-AES-MD5 esp-aes 256 esp-md5-hmac
 mode transport

crypto ipsec profile DMVPNIpsecProfile
 set transform-set dmvpn-aes-sha
 set isakmp-profile DMVPNIsakmpProfile

interface Tunnel0

 description DMVPN_SPOKE

 ip address "IP_ADDRESS" 255.255.255.255

 ip mtu 1400

 ip nhrp authentication "NHRP_PASSWORD"(This password is configured all Tunnel interfaces i.e.)

 ip nhrp map multicast "HUB_EXTERNAL_IP"

 ip nhrp map "HUB_TUNNEL_IP" "HUB_EXTERNAL_IP"(i.e. 10.10.10.10 8.8.8.8)

 ip nhrp network-id "NETWORK_ID"(i.e. 10010100)

 ip nhrp holdtime 600

 ip nhrp shortcut

 ip nhrp redirect

 ip tcp adjust-mss 1360

 load-interval 30

 no shutdown

 qos pre-classify

 tunnel source "INTERFACE"(Interface that will be making the DMVPN Connection)

 tunnel mode gre multipoint

 tunnel key "KEY"(i.e 10010100)

 tunnel protection ipsec profile DMVPNIpsecProfile

ip access-list extended inbound

 permit gre any any

 permit icmp any any

 permit udp any any eq isakmp

 permit udp any eq isakmp any

 permit udp any any eq non500-isakmp

 permit esp any any

 permit tcp any any established

SIP: SIP Response Codes

Here is a list of Sip Response Codes very useful with trouble shooting sip in Wire Shark.

1xx - Informational Responses

• 100 Trying Extended search being performed may take a significant time so a forking proxy must send a 100 Trying response
• 180 Ringing
• 181 Call Is Being Forwarded
• 182 Queued
• 183 Session Progress

2xx - Successful Responses

• 200 OK
• 202 accepted: It Indicates that the request has been understood but actually can't be processed

3xx - Redirection Responses

• 300 Multiple Choices
• 301 Moved Permanently
• 302 Moved Temporarily
• 305 Use Proxy
• 380 Alternative Service

4xx - Client Failure Responses

• 400 Bad Request
• 401 Unauthorized (Used only by registrars or user agents. Proxies should use proxy authorization 407)
• 402 Payment Required (Reserved for future use)
• 403 Forbidden
• 404 Not Found (User not found)
• 405 Method Not Allowed
• 406 Not Acceptable
• 407 Proxy Authentication Required
• 408 Request Timeout (Couldn't find the user in time)
• 410 Gone (The user existed once, but is not available here any more.)
• 412 Conditional Request Failed
• 413 Request Entity Too Large
• 414 Request-URI Too Long
• 415 Unsupported Media Type
• 416 Unsupported URI Scheme
• 417 Unknown Resource-Priority
• 420 Bad Extension (Bad SIP Protocol Extension used, not understood by the server)
• 421 Extension Required
• 422 Session Interval Too Small
• 423 Interval Too Brief
• 428 Use Identity Header
• 429 Provide Referrer Identity
• 433 Anonymity Disallowed
• 436 Bad Identity-Info
• 437 Unsupported Certificate
• 438 Invalid Identity Header
• 480 Temporarily Unavailable
• 481 Call/Transaction Does Not Exist
• 482 Loop Detected
• 483 Too Many Hops
• 484 Address Incomplete
• 485 Ambiguous
• 486 Busy Here
• 487 Request Terminated
• 488 Not Acceptable Here
• 489 Bad Event
• 491 Request Pending
• 493 Undecipherable (Could not decrypt S/MIME body part)
• 494 Security Agreement Required 

5xx - Server Failure Responses

• 500 Server Internal Error
• 501 Not Implemented: The SIP request method is not implemented here
• 502 Bad Gateway
• 503 Service Unavailable
• 504 Server Time-out
• 505 Version Not Supported: The server does not support this version of the SIP protocol
• 513 Message Too Large
• 580 Precondition Failure

6xx - Global Failure Responses

• 600 Busy Everywhere
• 603 Decline
• 604 Does Not Exist Anywhere
• 606 Not Acceptable

SIP: SIP Profile Parameters and their usage

DontFwdRefer Usage: DontFwdRefer=[0|1]
When this parameter is set to 1, it inhibits the use of REFER for transfer on the trunk.  It also inhibits sending INVITE with Replaces header.  Peer must support INVITE without SDP for certain transfer call- flows

SendMacIn911CallSetup Usage: SendMacIn911CallSetup=[0|1] 
This parameter is used in conjunction with SIP based emergency gateways, such as those provided by 911 Enable.  It appends the MAC address of the IP phone in the From tag of an outgoing emergency call. From: "Dizzy Gillespie ;tag=shorUA_1077733456- 103455277-EPID-001049042E4A  
This only applies to ShoreTel IP Phones, excluding the IP-8000 conference room phone

StripVideoCodec Usage: StripVideoCodec=[0|1]
This parameter should be set to 1 if the trunk does not support video properly.  When set to 1, it strips video codecs from SDP in INVITE’s being sent to the trunk and properly restores and rejects the video media lines in the 200 response from the trunk.  It also strips video codecs from INVITE’s coming from the trunk and properly restores and rejects the video media lines in the 200 response to the trunk

AddG729AnnexB_NO Usage: AddG729AnnexB_NO=[0|1] 
This parameter should be set to 1 if the trunk does not support G729 Annex B properly.  When this is set, any outgoing INVITE with G729 in the SDP will have the attribute "a=fmtp:18 annexb=no" added to the SDP.

HistoryInfo Usage: HistoryInfo=[none|diversion|history] 
This parameter controls how information is presented when an external incoming call is forwarded out this trunk.  In this case, the "From" header will indicate the actual caller, which may not be a valid number to present to the trunk.  The Diversion or History-Info header will be used to indicate the DID number of the user on who’s behalf the call was forwarded.
If set to 'none' or omitted, then no indication of the forwarding number is presented.  If set to 'diversion', the SIP Diversion header is supplied, as dictated by RFC 5806.  If set to 'history', the SIP History-Info header is supplied, as dictated by RFC 4244.

EnableP-AssertedIdentity Usage: EnableP-AssertedIdentity=[0|1]
This profile parameter controls how Caller-ID is presented on outbound calls.  If it is set to 0 or not pre- sent, then the old style or presenting caller-ID in From header is used when sending outgoing calls.  Note that the style of presenting blocked caller-ID has changed in ShoreTel 12.
When set to 1, the Caller-ID is placed in the P-Asserted-Identity header.  If privacy is indicated for the call (User dials *67, or trunk group is configured to not send Caller-ID), then a Privacy header is inserted with value “id”, and the From header is anonymous

Port Usage: Port=[5060|1-65535]
This profile parameter changes the remote port used for the SIP trunk.  Currently, there is no way to con- figure the port number for SIP trunks in ShoreWare Director.  Only port 5060 is supported.  This profile parameter allows the port number for a trunk group to be configured

HairPin Usage: HairPin=[0|1] 
This profile parameter controls if hairpin is allowed on SIP trunk calls, when enabled and available, features like Barge-in, silent monitoring, whisper-page, whisper-coach, call-record will be supported on the SIP trunks.

OptionsPing Usage: OptionsPing=[0|1] 
This profile parameter controls if OPTIONS message should be sent to remote party for detecting connectivity

OptionsPeriod Usage: OptionsPeriod=[180|60-3600] 
This profile parameter is used to control the time interval between SIP OPTIONS messages

OverWriteFromUser Usage: OverWriteFromUser=[none|UserID|BTN] 
This profile parameter is used to choose either user’s id or billing phone number in the FROM header when making calls

DontAdvertiseUpdate Usage: DontAdvertiseUpdate=[0|1]
This profile parameter is used to decide if UPDATE should be sent in the SUPPORTED header

RFC2543Hold Usage: RFC2543Hold=[0|1]
This profile parameter is used to decide if connection field should be set to 0.0.0.0 in case of sending out- going INVITE for hold

AlwaysSend180 Usage: alwaysSend180=[0|1]
This profile parameter is used to decide if a 180 will be sent out right away after receiving an incoming INVITE

IgnoreEarlyMedia Usage: IgnoreEarlyMedia=[0|1]
This profile parameter is used to decide if early media should be forwarded to the caller, when a SIP de- vice doesn’t wish to accept early media, this parameter should be set to be 1

Register Usage: Register=[0|1]
This profile parameter is used to decide if outgoing REGISTER messages should be sent

RegisterUser Usage: RegisterUser=[BTN|UserID|DID] 
This profile parameter is used to decide in what to use in FROM header in the outgoing REGISTER messages

RegisterExpiration Usage: RegisterExpiration=[3600|60-86400]
This profile parameter is used to decide the time interval between outgoing REGISTER messages

1CodecAnswer Usage: 1CodecAnswer=[0|1]
This profile parameter is used to decide if the SDP should contain only 1 codec for an outgoing answer.

SIP Extension Profile Parameters:

1CodecAnswer Usage: 1CodecAnswer=[0|1]
Some devices do not honor the codec order specified in a 200 OK response to an INVITE.  This causes several problems.  First, some endpoints in the system do not support asymmetric codecs during a session.  Second, any bandwidth calculations based on observing the offer/answer exchange will likely be wrong.  When set to 1, only 1 audio codec is sent in a 200 OK response.

AddGracePeriod Usage: AddGracePeriod=[0-1800] 
Some SIP devices re-register too close to the expiration time, introducing a race condition where the sys- tem is in the process of deleting the record from the system when the re-register is received.  This parameter adds a grace period to the expiration received in the REGISTER request.

AllowedCodecs Usage: AllowedCodecs=[any|[codec[,codec]*] 
Valid values are ‘any’ (default) or a comma separated list of codec names.  The codec name must be for- matted as shown on the Supported Codecs page (Administration, Call Control, Supported Codecs).  For example: 'PCMU/8000'.  This should be used if the SIP device cannot follow the normal rules of codec negotiation for all codecs supported in the installation.  For example, one particular implementation would rejected requests containing some codecs it didn’t understand.
This only applies to audio codecs.  Video codecs and RFC 2833 'telephony-event' is not affected by this parameter.

DelayUnregister Usage: DelayUnregister=[0-20]
Some devices, under certain circumstances, un-register, then immediately register again.  This introduces a race condition similar to the one discussed in section 0.  Usage of this parameter mitigates this problem.

FakeDeclineAsRedirect Usage: FakeDeclineAsRedirect=[0|1|400-606]
Some SIP devices present an option to decline a call.  When invoked, various different response codes have been used by various implementations.  If set to 0, only a 3xx class response will cause the call to be diverted to the busy destination.  If set to 1, 603 will be sent to busy destination as well.  If set to a value from 400 to 606, the selected response code will be used to send the call to the busy destination.

MWI Usage: MWI=[none|subscribe|notify] 
This parameter defines how RFC 3842 Message Waiting Indication is handled.  When set to "subscribe", an explicit subscription is required.  If set to "notify", the NOTIFY messages are sent without requiring a SUBSCRIBE.  If set to "none", then MWI is not supported.

OptionsPing Usage: OptionsPing=[0|1] 
ShoreGear switches can send a periodic OPTIONS message to SIP devices, and mark them Out-Of- Service if they don’t respond.  There are 2 benefits to this: Calls are diverted immediately to the busy destination, and there is logging of the event on the server.
The OPTIONS ping occurs periodically between 3 and 4.5 minutes.

OptionsResponse Usage: OptionsResponse=[200-699]
Some devices reject OPTIONS requests, such as with a 405 "Not Supported" response.  This can still be used to determine if the device is alive and on the network by using this parameter.  Otherwise, a 405 response would put the device Out-Of-Service.

SendEarlyMedia Usage: SendEarlyMedia=[0|1] 
When set to 1, the device will be sent 183 response with SDP for certain call-flows.  Currently, this is only used in error conditions when an announcement is played.

StripVideoCodec Usage: StripVideoCodec=[0|1] 
This parameter should be set to 1 if the device does not support video properly.  When set to 1, it strips video codecs from SDP in INVITE’s being sent to the device and properly restores and rejects the video media lines in the 200 response from the device.  It also strips video codecs from INVITE’s coming from the device and properly restores and rejects the video media lines in the 200 response to the device.

XferFailureNotSupported Usage: XferFailureNotSupported=[0|1]
For scalability reasons, there are a few call-flows that use REFER as a means for the caller to hear ringback tone.  These call-flows rely on the device’s capability to recover from a transfer failure and keep the original call alive.  If the device cannot do this, then this parameter should be set to 1, and an alternative means of providing ringback is used.

Routing: Administrative Distance Values

I don't always remember even though I should, what the AD values are of the different routing protocols.

• Connected Interface = 0
• Static route = 1
• Summary route (EIGRP) = 5
• External Border Gateway Protocol (BGP) = 20
• Internal EIGRP = 90
• IGRP = 100
• OSPF = 110
• Intermediate System to Intermediate System (IS-IS) = 11
• Routing Information Protocol (RIP = 120
• Exterior Gateway Protocol (EGP) = 140
• On Demand Routing (ODR) = 160
• External EIGRP = 170
• Internal BGP = 200
• Unknown = 255

General IT: Crossover, Straight through and Loopback cables

When ever I am installing a new PRI or connecting two PBX's together I always need to make a cross over cable and I always end up having to look up the pin out. So I thought I would just add it here and make it easy on myself for future reference.

Straight Through patch cable

T1 Crossover Cable

T1 Loop-back

General IT: Common TCP/UDP Port Numbers

General IT: IP Network Subnets

ShoreTel: Konftel 300IP and ShoreTel/Mitel Configuration

This will provide you with some detail on how to intergrate a Konftel 300IP conference phone in to a ShoreTel/Mitel phone system.

Call Control Settings

In SWD navigate to Administration=> Features=>Call Control=>Options and make sure that the parameters (default values) are configured in the SIP section.

Switch Settings

In SWD navigate to Administration=>Appliances/Servers=>Platform Equipment. ShoreTel Voice switches can support IP phones and SIP phones in a various methods, either as a physical port, DSP resource or built in capacity. From this page you can look to see if you have any switches that are already configured with SIP Proxy resources, by looking under the SIP proxy column.

If you do not have a switch at a site that has any SIP Proxy resources enabled you will need to find a switch at that site that has an available resource and set it to SIP Proxy.

Navigate to Administration=>Sites=> then the site you are looking to add the phone to. Scroll down to the SIP proxy switch for that site and under Proxy Switch 1 click the drop down and select the phone switch that you would like to use that already has the SIP Proxy resource enabled on it. If you are using more than one switch for SIP Proxy resources then you can add the 2nd switch in the Proxy Switch 2 field and then enter in a IP address into the Virtual IP address box.

SIP Profile

To be able to optimize the Konftel phone interoperability a new SIP profile must be created. Navigate to Administration=>Telephones=>SIP Profiles and click new. Name the new SIP profile Konftel 300IP and set the User Agent to "Konftel300IP.*" Then in the Custom Parameter add "XferFailureNotSupported=1" Make sure the Enable check box is checked and click Save.

User Setup

Navigate to Administration=>Users=>Users and then find the user you wish to set up for the Konftel phone. Scroll down to the SIP password and enter a SIP password for this users. Also make not of the users Client Username, and Extension number.

Konftel 300IP Configuration

The best way to configure the Konftel phone is from the web interface. Find the IP address of the phone Menu=>Status=>Network in Konftel User interface on the phone. Navigate to that address using a web browser and log in as ADMIN and the default password of 1234

Navigate to Settings=>SIP to configure the user account that was created on the ShoreTel/Mitel system.

1. Account name is displayed on the idle screen of the phone
2. Users is the Users extension number
3. Registrar is the IP address of the SIP Proxy 
4. Authentication name is the ShoreTel Client Username
5. Password is the ShoreTel SIP password

In SWD navigate to Maintenance=>Status and Maintenance=>IP Phones, then click the Name column to sort by phone names. You should see the Konftel phone in the list, which means the phone has resisted with the ShoreTel/Mitel system and is ready to be used.

ShoreTel: Migrate a ShoreTel 14.2 system to a new Server

Here are the steps that I follow when I need to migrate a ShoreTel 14.2 and below system to a new server. This could be to upgrade the server OS or moving from a physical server to a virtual server.

There are a few things to note:

1. You will need to install the SAME version of ShoreTel on the new server that you are using on the current server
2. The new server will have to have the same IP address as the current server at the time you install ShoreTel on it
3. The new server will have to have the same computer name as the current server at the time you install ShoreTel on it
4. After the server is migrated you will need to request a new system key from ShoreTel 

Prep new Server:

1. Prep the new server as per the Build Notes and Install Guide
2. Change IP address to the same IP as the old server
3. Change the name to the same name as the old server
4. Install the ShoreTel Software (EXACT same build as old server)
1. Right click on Setup and click "Run as Administrator
5. Reboot when Prompted
6. Log in to Director using the default credentials
1. Username: admin
2. Password: changeme
7. Verify all services are running by click on the Headquaters link to the right of the Quick Look page
8. Log out of Director

Back up the old server:

1. Databases .sql files
1. Navigate to C:\Program Files (x86)\Shoreline Communications\Shoreware Server\MySQL\MySQL Server 5.0\Examples and run the following files
1. BackupCDR.bat -> Will output an .sql file to the root of C:
2. BackupConfig.bat -> Will output an .sql file to the root of C:
3. BackupWebridge.bat -> Will output an .sql file to the root of C:
1. Only required if there is an SA-100/SA-400 in use.
4. BackupMonitoring.bat-> Will output an .sql file to the root of C:
1. Only required for ShoreTel 14.x
5. Copy the resulting .sql files folder to a safe location (Network Share, Thumb drive, etc...)
2. Shoreline Data folder
1. Stop all ST services from script at C:\Program Files (x86)\Shoreline Communications\ShoreWare Server\Script\ hq_shoretel-stop-svcs (make sure to run as administrator)
3. Copy the VMS, User Data, & Prompts folder from Shoreline Data, to a safe location (Network Share, Thumb drive, etc...)
1. Start all ST services from script at C:\Program Files (x86)\Shoreline Communications\ShoreWare Server\Script\ hq_shoretel-start-svcs (make sure to run as administrator)
4. Reboot the ShoreTel server
5. Copy the back up files to the new server
6. Shut down the Old server

Restore data to new server

1. Place the backed up configuration and CDR SQL files at the root of the C: drive and run the "Restore" batch files at C:\Program Files (x86)\Shoreline Communications\ShoreWare
1. Server\MySQL\MySQL Server 5.0\Example
1. RestoreConfig.bat
2. RestoreCDR.bat
1. Only required if the site has an SA-100/SA-400
3. RestoreMonitoring.bat
2. Stop all ST services from script at C:\Program Files (x86)\Shoreline Communications\ShoreWare Server\Script\ hq_shoretel-stop-svcs (make sure to run as administrator)
3. Copy the back up version of VMS, Promps, and User Data folders to the Shoreline Data folder (write over the new folders)
4. Delete all .dat files in the VMS folder
5. Start all ST services from script at C:\Program Files (x86)\Shoreline Communications\ShoreWare Server\Script\ hq_shoretel-start-svcs (make sure to run as administrator)
6. Reboot the server

Verify the old data is restored

1. Log into Director with your existing credentials
1. Check for your users, AA menus, switches, etc
2. Request a new license key for the new server

ShoreTel: How to check your Voice mail from outside the ShoreTel/Mitel system

There are sometimes where you need to call into the ShoreTel\Mitel phone system to check your voice mails. This usually happens when you are not doing voice mail to email, don't have access to the system remotely or many other reasons. To access your voice mails just follow the instructions below.

1. Dial your direct number or another phone number that belongs to the system
2. When you hear the voice mail greeting press the * and then #
3. The System will ask you to enter you extension number
4. Then the system will ask you to enter your voice mail password followed by a #
5. After you have completed the above, all operations are the same as the regular office voice mail 

ShoreTel: How to log into a ShoreTel/Mitel phone

Here are the steps that you can use to log into a ShoreTel/Mitel phone that is in a Available state or if someone else is logged into it.

Sometimes (depends on the system configuration) on the ShoreTel/Mitel IP 400 series phones there will be a soft key that you can use to assign your extention to that phone. To do this you would:

1. Press the Assign soft key
2. Enter your extension number
3. Press the Next soft key
4. Enter you voice mail password
5. Press OK
6. If you need to unassign your extension from a phone there is a unassign soft key you can press or you can follow the steps below to unassign you extension from the phone

If your phone does not have the Assign soft key you can still assign your extension to that phone. To do this you would:

1. Pick up the handset to go Off-hook
2. Press the # to access the Voice Mail system
3. Enter your extension number
4. Enter you voice mail password
5. Enter 7, 3, 1, to assign your extension to that phone
6. If you need to unassign your extension from a phone, you would follow the steps above except you would enter 7, 3, 2

ShoreTel: How to find a call GUID from the Connect Client

How to pull a GUID for a ShoreTel/Mitel Call or Voice Mail from the Connect Client.

1. In the connect client Click on the Recent Navigation link
   
2. In the right pain select the drop down and select Calls or Voice Mail
   
3. Find the Call or Voice Mail that you need the GUID for
4. Right click that Call or Voice Mail and select Copy Call ID to Clipboard
   
5. Now you can past the GUID into a email or text document

ShoreTel: Installing Connect Windows components fail

A few times when I started installing Mitel Connect on a Windows Server 2016 I have gotten issues where some of the Microsoft windows components fail to install. Things like Web Framework, external cache, ect.

This is because there is a bug where the Connect install has a issue reading the framework version. So in order to fix this you have to edit the registry. In order to do this open regedit and navigate to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\InetStp

Once there edit the "MajorVersion" entry, and set the "DECIMAL" value to 9 and then reboot the server. Now you can go back and install the Connect software and you should be good to go.

Cisco: Useful Cisco commands

There are a ton of useful Cisco commands that I do not use everyday but I still use often. This post is probably going to be one that gets updated frequently with new commands that I come across that I want to hold on to. So I am apologizing in advance in case this one gets a little messy. The actual Cisco command will be in bold lettering and in quotations.



Display Cisco stateful packet inspection session created becasue a policy map is applied on a specified zone pair - "show policy-map type inspect zone-pair sessions"


To show AnyConnect connected VPN users and their session info - "show vpn-sessiondb anyconnect"


To show that detailed status for active crypto sessions (i.e. VPN) - "show crypto session detail"

To delete a router config enter in the following command and reboot the router with out saving - "delete nvram:startup-config"


Here is how to create a LACP trunk on a Cisco switch:
"interface GigabitEthernet1/0/48
 switchport mode trunk
 channel-protocol lacp
 channel-group 2 mode active"


Cisco 4K routers NAT ACL's can not use a Permit IP  any any for the NAT overload statement. It has some issues with it, so you need to be more specific with the networks that it will be NAT'ing. For security reasons you should be specific anyways. By using a Permit IP any any NAT statement it will cause irregular behavior on the router, it very well may work but it also may just stop working.

"ip nat inside source list NAT interface GigabitEthernet0/0/0 overload
IP access-list extended NAT
 10 permit ip 10.1.1.0 0.0.0.255 any
 20 permit ip 10.1.2.0 0.0.0.255 any"

ShoreTel: Recording Audio from a Physical ShoreTel Voice Switch Port

You can capture audio output from a ShoreTel Voice Switch physical port using VxWorks commands. The audio output is save the the HQ or DVS server that controls the switch. This is great when you are trying to trouble shoot voice corruption or audio issues

1. From the Start menu, navigate to the Control Panel-->Administrative Tools and locate the IIS Manager
2. Right click on the IIS Manage and select Properties. Then enable the ability to write to the FTP server by selecting the Write checkbox and clicking OK
1. This enables the ability to write to the following director C:/inetpub/ftproot
2. You may also need to edit the permission fo the C:/inetpub/ftproot directory and give the users group write access
3. At the command prompt on the voice switch you would like to record from enter
1. Record2file2 (23, 45, "test") i.e I want to record a call on a T1 on port 23 for 45 seconds and save the file with the name of test.
2. The moment you press enter is when the recording will start
4. Go the the C:/inetpub/ftproot directory and pull the two files <NAME>rx.pcm and <NAME>tx.pcm to your desktop.
5. Using an audio editor (like Audacity or Cooledit) you will be able to listen and analyze the call
1. Import the PCM file to Audacity using the following options
1. File -> Import -> Raw Data
2. Signed 16-bit PCM
3. Big-endian
4. 1 Channel (Mono)
5. Sample Rate 8000 (8k)

Cisco: Copy a routers running config to a text file or flash drive

A lot of customers ask how they can pull a back up running configuration of their Cisco router. So here are the steps to do so.

1. Open Putty
2. On the left side select Logging under Session
3. Select the ratio button next to All Session Output
4. Press the Browse button and navigate to the location you wish to save the file and enter a file name in the file name field and click Save
   
5. Click on Session
6. In the Host name box enter the IP address of the device you want to connect to
7. Select Telnet, SSH or Serial ratio button under the Connection type
8. Click Open
   
9. If you are using SSH and this is the first time you are connecting to this device on this computer you maybe asked to save the RSA key. Click Yes
10. Enter your log in info to log into the router
11. Depending on your privilege level you may need to type in Enable to get into enable mode
12. Type Show run and press enter
13. Some of the configuration will be shown, press the Space bar to show more
    
14. Once all the configuration has been displayed type Exit and press enter
15. The Putty session should close
16. Browse to the location where you saved your file and change the extension to .txt
17. Open the file and verify that you see the device configuration.

To copy config to a flash drive

1. Insert flash drive into the router
2. At an enable prompt (shown by a # instead of a >)
3. enter the following command copy running-config usb0:running-config
4. remove the flash drive and close the putty session

Cisco: How to install Cisco AnyConnect

Here are some instructions on how to download and install the Cisco AnyConnect client to a PC.

1. Open a web browser and go to the IP address or URL for your VPN and make sure you use https to access it (i.e. https://vpn.anycompany.com)
2. If the ASA is using a self-signed certificate you will see a page that says this site is not secure. This is OK, just click on the Details link if your are using Edge or IE and if you are using Chrome click the advance button
   
3. Then click on the Go on to the webpage link if you are using Edge or IE and if you are using Chrome click on Proceed to
   
4. Select the correct group you belong to from the drop down (if there is one)
5. Enter the Username and Password that you should use to connect to the VPN
6. Click Login
   
7. Click the blue download bar for your OS version
   
8. Click on the Details link if your are using Edge or IE and if you are using chrome click the advance button
   
9. Click on the Go on to the webpage link if you are using Edge or IE and if you are using Chrome click on Proceed to
   
10. A download box will appear at the bottom of your screen and you can run the file or save it to your computer. I usually tell end users just to run it, so click Run
    
11. When prompted, install the AnyConnect Application
    
    
    
    
    
    
    
    
    
    
12. Start the Cisco AnyConnect client
1. Start=>All Programs=>Cisco=>Cisco AnyConnect Secure Mobile Client=>Cisco AnyConnect Secure Mobile Client
13. The AnyConnect connection box will appear
    
14. If on step 1 when you entered the URL in the web browser you saw that this is not a secure site please skip the section labeled Untrusted Servers
15. In the AnyConnect connection box enter in the IP address or URL that you typed into your browser in step one and Click Connect 
1. If you skipped down to the Untrusted server section you will see a security warning box once you click Connect that says this is an Untrusted server Click Connect Anyway
   
16. A box will appear; select the group that you belong to from the drop down if there is one
17. Enter in your username and password and click OK
    
18. When it is finished, you will see a box in the bottom right corner of your screen saying Connected
19. You can now close the web page as you have installed the AnyConnect VPN client and you are connected to the VPN
20. To disconnect from the VPN, right click on the AnyConnect icon that is in your system tray and choose VPN disconnect
    

Untrusted servers

1. Click the Gear in the bottom left corner
2. Click on the Preferences tab
3. Uncheck Block connections to untrusted servers
   
4. Click the X in the top right corner to close the window
5. Go back to step 15

Cisco: Right to use Licensing

Cisco Right to use licensing allows you activate a specific license type and level for cretin types of equipment. A lot of times when we order a Cisco AppX or SecK9 license for a router or do a RMA on a piece of equipment I do not always need to activate a license and just configure the license as Right to use. Here are some of the commands to configure a right to use license

Conf t
License accept end user agreement
Yes
License boot level <License_Level> (Enter in the license name, appx, securityk9, ect)
Write memory
License right-to-use move <License_Level>

Other useful licenses commands:

To see a list of licenses and to see what is currently in use you can use the "Show License" command
To disable the license from a device you can use the "No license feature <License_Level>" command

Polycom: Locate a Polycom phone's IP address (5000, 6000, 7000)

I work with Polycom phones on a regular basis but not regular enough to always remember how to find the IP address of the phone from the display. So here are the steps to find it.

1. From the Home/Menu, select Settings
2. Select Status
3. Select Network
4. Select TCP/IP Parameters

The screen should now show you the phones IP address, in addition to other info like the subnet mask and gateway.

ShoreTel: Configure Valcom PagePro VIP-201A with ShoreTel

So there is no documentation from ShoreTel that says the Valcom PagePro IP VIP-201A is supported. But I was able to get it to work by playing around with the settings. The VIP-201A is really just acting as a SIP extension. Now I do not have the exact steps to do this as I kinda lost track of them when I was working on this but here is a general outline of what I did.

1. Install the VIP-102B setup tool to access the device
2. You must first scan and find the device  (You should probably be on the same network as the device)
3. Statically assign an IP address to the device
4. Reboot the device
5.  Go to System -> Audio groups
6. Create the Audio Group you need and click OK
7. Go To System -> Audio Group Membership
8. Select the Audio Group in the Drop down that you want to use, Select what port it should be available to
9. Click Close
10. Go to the Channels tab
11. Select 1 through 4 and put in the dial code you want to use for it (leave the rest default)
12. Go to the SIP tab
13. Select you paging zones and fill out the info
1. Phone number - After you dial the ShoreTel SIP extension to access the Valcom box, you will hear a tone in the handset, Then dial this "Phone number" to select the paging zone you want to access.
14. Description
1. Authentication Name: Used for authentication with the ShoreTel SIP extension, you should use the ShoreTel extension Clientname
2. Secret: This is the SIP password on the SIP extension you are trying to use
3. SIP Server: Enter in the IP address of the ShoreTel switch that hosts the SIP proxy (this is not the ShoreWare Director Server)
15. Pre-Announce Tone: use this to know when to press the code for the paging zone
16. Audio Groups: Select the Audio Groups you want this dial code to access for paging
17. Configure each SIP tab as you need to, the authentication will be the same for each one
18. To save this config, go to File --> Save (This will save it to your PC)
19. Reboot the device
20. Check ShoreTel ShoreWare Director Telephones to see if the Valcom device is registered

Hopeful this will help you in your configuration!

ShoreTel: Mobility Trusted Admin APP Set-up

Here are the steps to create the certificates that are used between Mobility and Connect.

1. Run cd “C:\Program Files (x86)\Shoreline Communications\ShoreWare Director\App\bin” pki.bat -S SMRAdminApp in a Command Prompt window
2. To generate the certificate for the SMR they are located in the Shoreline Data\keystore\certs directory and copy the contents of the following cert and key files
1. SMRAdminApp.crt - located in cert folder within the above root directory
2. SMRAdminApp.key - located in private key folder within above root directory
3. Complete the following steps to set up trusted server applications for the SMR
1. Log in to Mitel Connect Director and navigate to System > Security >Trusted Server Application
2. Click New, and complete the following steps to create a new trusted server application for the
1. Mobility 9.0 SMR
2. Specify the Trusted account name. This should be a descriptive name that conveys the location and use of the SMR. This information is for reference only
3. Browse to Shoreline Data\keystore\certs, and select the SMRAdminApp file
4. Select Client Application Service in Application Type, and select Enabled
5. In Property Type, select admin-cas in Available, and then click to move it to Selected
6. Click Save
4. Navigate to Configuration > System > Authentication > Directory, and complete the following steps to configure the trusted application settings
1. Click Add
2. Select Mitel Directory in Server Type
3. Specify a Name
4. Click Apply
5. Specify the headquarters FQDN or IP address in Server Address
6. Select Trusted Admin App, and then click the Manage App Certificate link to launch the Directory Server Certificate page
7. Click Import, and paste the contents of the cert and key files you copied in step 1 of this section
8. Click Import again, and then cancel the prompt to reboot
9. Select tls in Security type
10. Click Apply, and then click Verify
5. Sync Authenticator Keys on the SMR
1. Open a browser and navigate to the SMR configuration page with administrator permissions
2. Navigate to Configuration > System > Authentication > Directory, and select the directory you defined in Configure Trusted Application Settings on the SMR on page 21
3. Click Sync ABC Keys to sync the authenticator public keys with the headquarters PBX. Mitel recommends you use the Query option to search for a known Mitel directory user name to verify that you can successfully access the Mitel directory
6. Specify the Authorization Directory Servers
1. Open a browser and navigate to the SMR configuration page with administrator permissions
2. Navigate to the Configuration > Groups and Users page
3. Select the appropriate group, and then select the appropriate directory type and directory in External User Authentication/Authorization
4. Click Next. Complete configuration as necessary, and then click Apply

ShoreTel: Installing Connect on Server 2016

I have run into a few issues when installing ShoreTel Connect on Server 2016, and the main one is you run into a issue where while installing Connect you get a popup that says  "A digitally signed driver is required" and the install fails. This is usually because driver signing and secure boot is enabled. So here is the check list I use when I install Connect on Server 2016.

1. Prep the new server as per the Build Notes and Install Guide (Check with TacTools Powershell script)
2. Disable secure boot (BIOS)
3. Disable Digital driver signing enforcement run ->gpedit.msc User configuration->Administrative Templates->System->Driver Installation->Code signing for drivers set to disable
4. From Admin CMD run the following command bcdedit.exe -set loadoptions DDISABLE_INTEGRITY_CHECKS
5. Change DEP to essential windows applications
6. Disable UAC
1.  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System EnableUA set to 0
7. Disable Windows firewall
8. Set Quality Audio experience service to automatic start
9. Set Simple mail transfer service to automatic start
10. Check to make sure NO group policies are applied
11. Check to make sure NO antivirus is installed (disable Defender)
12. Disable automatic Windows updates
13. Run ShoreTel compatibility checker

ShoreTel: Order to paste in Certificate keys for ShoreTel Mobility

When importing Certificates into a ShoreTel Mobility router, this is the order you use to paste in the keys, while making sure you do not have any spaces between them and you include the start here and end here line part of the keys.

Paste in Public key, then the Private key, then the Bundle key.

ShoreTel: SIP profile parameters and their usage

DontFwdRefer Usage: DontFwdRefer=[0|1] 

When this parameter is set to 1, it inhibits the use of REFER for transfer on the trunk.  It also inhibits sending INVITE with Replaces header.  Peer must support INVITE without SDP for certain transfer call- flows

SendMacIn911CallSetup Usage: SendMacIn911CallSetup=[0|1] 

This parameter is used in conjunction with SIP based emergency gateways, such as those provided by 911 Enable.  It appends the MAC address of the IP phone in the From tag of an outgoing emergency call.
From: "Dizzy Gillespie" <sip:+14085551111@10.1.3.55:5060;user=phone>;tag=shorUA_1077733456- 103455277-EPID-001049042E4A  

This only applies to ShoreTel IP Phones, excluding the IP-8000 conference room phone

StripVideoCodec Usage: StripVideoCodec=[0|1] 

This parameter should be set to 1 if the trunk does not support video properly.  When set to 1, it strips video codecs from SDP in INVITE’s being sent to the trunk and properly restores and rejects the video media lines in the 200 response from the trunk.  It also strips video codecs from INVITE’s coming from the trunk and properly restores and rejects the video media lines in the 200 response to the trunk

AddG729AnnexB_NO Usage: AddG729AnnexB_NO=[0|1] 

This parameter should be set to 1 if the trunk does not support G729 Annex B properly.  When this is set, any outgoing INVITE with G729 in the SDP will have the attribute "a=fmtp:18 annexb=no" added to the SDP.

HistoryInfo Usage: HistoryInfo=[none|diversion|history] 

This parameter controls how information is presented when an external incoming call is forwarded out this trunk.  In this case, the "From" header will indicate the actual caller, which may not be a valid number to present to the trunk.  The Diversion or History-Info header will be used to indicate the DID number of the user on who’s behalf the call was forwarded. 

If set to 'none' or omitted, then no indication of the forwarding number is presented.  If set to 'diversion', the SIP Diversion header is supplied, as dictated by RFC 5806.  If set to 'history', the SIP History-Info header is supplied, as dictated by RFC 4244.

EnableP-AssertedIdentity Usage: EnableP-AssertedIdentity=[0|1] 

This profile parameter controls how Caller-ID is presented on outbound calls.  If it is set to 0 or not pre- sent, then the old style or presenting caller-ID in From header is used when sending outgoing calls.  Note that the style of presenting blocked caller-ID has changed in ShoreTel 12. 

When set to 1, the Caller-ID is placed in the P-Asserted-Identity header.  If privacy is indicated for the call (User dials *67, or trunk group is configured to not send Caller-ID), then a Privacy header is inserted with value “id”, and the From header is anonymous

Port Usage: Port=[5060|1-65535]

This profile parameter changes the remote port used for the SIP trunk.  Currently, there is no way to con- figure the port number for SIP trunks in ShoreWare Director.  Only port 5060 is supported.  This profile parameter allows the port number for a trunk group to be configured

HairPin Usage: HairPin=[0|1]  

This profile parameter controls if hairpin is allowed on SIP trunk calls, when enabled and available, features like Barge-in, silent monitoring, whisper-page, whisper-coach, call-record will be supported on the SIP trunks.

OptionsPing Usage: OptionsPing=[0|1] 

This profile parameter controls if OPTIONS message should be sent to remote party for detecting connectivity

OptionsPeriod Usage: OptionsPeriod=[180|60-3600] 

This profile parameter is used to control the time interval between SIP OPTIONS messages

OverWriteFromUser Usage: OverWriteFromUser=[none|UserID|BTN] 

This profile parameter is used to choose either user’s id or billing phone number in the FROM header when making calls

DontAdvertiseUpdate Usage: DontAdvertiseUpdate=[0|1] 

This profile parameter is used to decide if UPDATE should be sent in the SUPPORTED header

RFC2543Hold Usage: RFC2543Hold=[0|1] 

This profile parameter is used to decide if connection field should be set to 0.0.0.0 in case of sending out- going INVITE for hold

AlwaysSend180 Usage: alwaysSend180=[0|1] 

This profile parameter is used to decide if a 180 will be sent out right away after receiving an incoming INVITE

IgnoreEarlyMedia Usage: IgnoreEarlyMedia=[0|1] 

This profile parameter is used to decide if early media should be forwarded to the caller, when a SIP de- vice doesn’t wish to accept early media, this parameter should be set to be 1

Register Usage: Register=[0|1] 

This profile parameter is used to decide if outgoing REGISTER messages should be sent

RegisterUser Usage: RegisterUser=[BTN|UserID|DID] 

This profile parameter is used to decide in what to use in FROM header in the outgoing REGISTER messages

RegisterExpiration Usage: RegisterExpiration=[3600|60-86400] 

This profile parameter is used to decide the time interval between outgoing REGISTER messages

1CodecAnswer Usage: 1CodecAnswer=[0|1] 

This profile parameter is used to decide if the SDP should contain only 1 codec for an outgoing answer.

SIP Extension Profile Parameters:

1CodecAnswer Usage: 1CodecAnswer=[0|1] 

Some devices do not honor the codec order specified in a 200 OK response to an INVITE.  This causes several problems.  First, some endpoints in the system do not support asymmetric codecs during a session.  Second, any bandwidth calculations based on observing the offer/answer exchange will likely be wrong.  When set to 1, only 1 audio codec is sent in a 200 OK response. 

AddGracePeriod Usage: AddGracePeriod=[0-1800] 

Some SIP devices re-register too close to the expiration time, introducing a race condition where the sys- tem is in the process of deleting the record from the system when the re-register is received.  This parameter adds a grace period to the expiration received in the REGISTER request.

AllowedCodecs Usage: AllowedCodecs=[any|[codec[,codec]*] 

Valid values are ‘any’ (default) or a comma separated list of codec names.  The codec name must be for- matted as shown on the Supported Codecs page (Administration, Call Control, Supported Codecs).  For example: 'PCMU/8000'.  This should be used if the SIP device cannot follow the normal rules of codec negotiation for all codecs supported in the installation.  For example, one particular implementation would rejected requests containing some codecs it didn’t understand.
This only applies to audio codecs.  Video codecs and RFC 2833 'telephony-event' is not affected by this parameter.

DelayUnregister Usage: DelayUnregister=[0-20] 

Some devices, under certain circumstances, un-register, then immediately register again.  This introduces a race condition similar to the one discussed in section 0.  Usage of this parameter mitigates this problem.

FakeDeclineAsRedirect Usage: FakeDeclineAsRedirect=[0|1|400-606] 

Some SIP devices present an option to decline a call.  When invoked, various different response codes have been used by various implementations.  If set to 0, only a 3xx class response will cause the call to be diverted to the busy destination.  If set to 1, 603 will be sent to busy destination as well.  If set to a value from 400 to 606, the selected response code will be used to send the call to the busy destination.

MWI Usage: MWI=[none|subscribe|notify] 

This parameter defines how RFC 3842 Message Waiting Indication is handled.  When set to "subscribe", an explicit subscription is required.  If set to "notify", the NOTIFY messages are sent without requiring a SUBSCRIBE.  If set to "none", then MWI is not supported.

OptionsPing Usage: OptionsPing=[0|1] 

ShoreGear switches can send a periodic OPTIONS message to SIP devices, and mark them Out-Of- Service if they don’t respond.  There are 2 benefits to this: Calls are diverted immediately to the busy destination, and there is logging of the event on the server.
The OPTIONS ping occurs periodically between 3 and 4.5 minutes.

OptionsResponse Usage: OptionsResponse=[200-699] 

Some devices reject OPTIONS requests, such as with a 405 "Not Supported" response.  This can still be used to determine if the device is alive and on the network by using this parameter.  Otherwise, a 405 response would put the device Out-Of-Service.

SendEarlyMedia Usage: SendEarlyMedia=[0|1] 

When set to 1, the device will be sent 183 response with SDP for certain call-flows.  Currently, this is only used in error conditions when an announcement is played.

StripVideoCodec Usage: StripVideoCodec=[0|1] 

This parameter should be set to 1 if the device does not support video properly.  When set to 1, it strips video codecs from SDP in INVITE’s being sent to the device and properly restores and rejects the video media lines in the 200 response from the device.  It also strips video codecs from INVITE’s coming from the device and properly restores and rejects the video media lines in the 200 response to the device.

XferFailureNotSupported Usage: XferFailureNotSupported=[0|1] 

For scalability reasons, there are a few call-flows that use REFER as a means for the caller to hear ringback tone.  These call-flows rely on the device’s capability to recover from a transfer failure and keep the original call alive.  If the device cannot do this, then this parameter should be set to 1, and an alternative means of providing ringback is used.