No announcement yet.
  • Filter
  • Time
  • Show
Clear All
new posts

  • Call Manager on PC off the domain

    Running 9.2 Build 14.41.4603.0 with Active Directory integration turned on. Web client works using domain credentials. Several people need to use the softphone on home PCs coming through a SonicWall SSL VPN.

    The issue is with machines that are not joined to the domain. I cannot get the Call Manager to log on. I get the message "You have chosen a username that is unknown to ShoreTel 9.2. Please correct the username or see your system administrator if you are unsure what your username is"

    What I've tried in the 3 fields:

    1. domain\username - domain password - server FQDN
    2. username - domain password - server FQDN
    3. domain\username - domain password - server IP
    4. username - domain password - server IP

    I also tried using the username and password combination that was configured in Director but no luck. We don't have the option of taking off AD integration for all of these users.

    If I use the SonicWall VPN on a domain laptop, it works fine so I know the VPN is OK.

    Anyone have AD integration w/ non domain connected machines working?

  • #2
    What about removing the AD integration and just using a call manager password?


    • #3
      I can do that on a few people who work almost exclusively off site but there are many more where we can't. The problem is that a good number of these employees don't have domain-joined company laptops.


      • #4
        Did you find a resolution to your issue? I am having the same issue.


        • #5
          No resolution.


          • #6
            We recently had an AD authentication failure and in trying to resolve it, I've built up some information that might help explain your issue.

            From what I've observed and read, AD authentication through the username prompt isn't possible. My understanding of the AD feature is that it is through Single Sign On only. That is, when you pass credentials via the CM wizard, it's checked only against the ShoreTel user database and not AD. The AD integration is for SSO to Shoreware Director and CM and doesn't seem to apply to the wizard forms.

            ShoreTel hasn't confirmed this for me at all, so this is only a theory. You might try to open a case with them to ask if AD users can authenticate to CM without SSO. Your situation makes a lot of sense, so at the very least that should become a feature request on their roadmap. We would also like to see the ability to have a computer on the domain, but use a different AD account to sign in to CM (i.e. for our switchboard operators).

            Hope this somehow helps!


            • #7
              only way i could get it to work was w/o AD integration. I have it working on a XPe thin client


              • #8
                Same in 11.1

                I'm running 11.1 - with the same issue....

                Has this been confirmed? Or is there a workaround? (other than disabling AD integration for the user?)


                • #9
                  I tried AD integration for a few days, and decided that for this reason, as well as just really wasn't worth it. Using regular old shoretel authentication is just easier.

                  Here is why it stinks,

                  1. Your problem already posted.
                  2. Domain password change policies make you have to update call manager too much, and with rollout of iPhone app, now it's even one more change/update.
                  3. iPhone app works WITHOUT using apache reverse proxy garbage, but without any SSL, so passing domain credentials this way would be a no no.

                  Shoretel needs to make AD integration a per-user choice, not a global change. Then I may consider using it.

                  Just my 2 cents.


                  • #10
                    we are running the beta 12 release and it is doing the same thing.