Security Certificates - 9.1

With the release of IP Office 9.1 there have been enhancements made to the way security is handled. When deploying an IP Office Server Edition or Select Server Edition for a customer it is best practice to have them provide a fully qualified domain name or a machine name to use for the security certificate. The IP Office can be configured with a valid host name and the certificate can be imported into the Trusted Root Certification Authority certificate store. When accessing the system by the proper host name with the certificate properly stored there will be no security warnings while accessing the page.

When defining the hostname for the IP Office you need to either enter the FQDN that will be used to access the system or the IP address that will be used to access the system. In the case of my example I used the IP address of 192.168.11.11 as the host name. If you are using a fully qualified domain name (FQDN) or a server name (NetBIOS) you will want to make sure it resolves with your DNS server or you will see a certificate mismatch error.

To use a self-signed certificate we will select “Generate New”:


After you click Next you will see the following warning:

The certificate will now be generated. 

Once the certificate has been created it is available for download. For a Windows Certificate Store you need to download the DER-Encoded certificate:


Once you have downloaded the certificate click Apply. The process will take several minutes, after which you will be logged out of the system.  Be sure to add the certificate you downloaded to your Trusted Root Certification Authority. If you're working with a domain this can be pushed to client systems using a group policy, or it can be added to machines individually using the Microsoft Management Console.

IP Office Registry Hacks

It has come to my attention that Avaya often hides functionality in a registry entry. I'm going to keep a list here. As I learn more I will add them. Feel free to comment any that you have tucked away under your cap!

Maximum UMS Users (166 by default):
Under HKEY_LOCAL_MACHINE/SYSTEM/CurentControlSet/Services/MSExchangeIS/ParametersSystem, add a new key MaxObjsPerMapiSesion. Under the new key, create a new DWORD Value objtMesageView, and set the value to three times the required users. For example, to support 500 users, set the value to 1500.

SIP Line Template:
In IP Office 9.1 the option for SIP Line Templates was included out of the box. In 7.0 and up the option is still there, but it's hidden. There is a two-part step to enable this:
Navigate to File --> Preferences on the IP Office Manager and select the Visual Preferences tab. Check the Enable Template Options box.
Under HKEY_CURRENT_USER/Software/Avaya/IP400/Manager and add a DWORD value TemplateProvisioning and set its value to 1. Reboot the server hosting the IP Office Manager.
You can now generate a SIP Trunk template

No Caller ID Alarms on the IP Office

So the IP Office screams every time a call comes in with no caller ID received. Avaya finally decided to put in a workaround, and it's super quick and easy to implement!

The workaround is only available in 9.1 (and up, I suppose).

Go to the NoUser user and click on the Source Numbers tab.

Add the source number SUPPRESS_ALARM=1

Merge your changes and that's it! The NoCallerID Notification will be suppressed for System Monitor, System Status, Sys Log, SNMP Traps, and e-mail notifications.

US Robotics Modem Configuration for CS1000

So my favourite way to connect to a CS1000 for maintenance programming is with a modem. This quick and easy method requires very little effort to connect. Unfortunately a modem will not work with the CS1000 out of the box. There is a bit of programming that needs to be done.

A standard external US Robotics modem comes with a power supply and a line cord. A DB25 cable will be required. For an Option 11 system a null modem will also be needed. It's always a good idea to head to the phone room with a handful of cables and adapters. Check to make sure the TTY is enabled and working. I usually hook up with my laptop to the TTY first to check connectivity and then proceed with hooking up the modem afterwards.

Programming the modem is straightforward and only takes a couple of minutes. Unbox the modem and check the dip switches first. You need to set it so that 1, 3, and 7, are down and the rest are up. Connect the modem to your PC using a serial cable and power it on. Using your favourite terminal program (I usually use Procomm for this but Putty would also work) set to 9600/N/8/1 check to see that the modem is responding. Enter AT and press enter, the modem should respond with OK. If you don't see OK try throwing a null modem adapter in the mix and test again. Once you have a response from the modem you can enter the configuration command:

AT&B1&N6&W&W1

The modem should once again respond with OK. Once this is done power down the modem and change the DIP switch settings again. At this point you need to have 1 and 4 down, the rest up. Plug the modem into the TTY port and test. The modem should answer. If you don't see and output on the TTY then you may need to either add or remove a null modem to get everything working.