Announcement

Collapse
No announcement yet.
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • IP480G Mute+CLEAR, Static IP, No Service

    Hi All,

    I'm working with Mitel TAC on this but from reading forums, see conflicting information. Some people state static assignment works fine for 400 series phones, others have trouble. Here's the situation.

    Client is a financial organization.
    All IP addressing is static
    Phone is at the HQ site on the same subnet. Even tried the same switch.
    IP230 MGCP phones work fine. Before migrating 14.2 to Connect this March, IP400 phones seemed to work fine.
    Post migration, phones cannot connect to server but work with their cached certificate. Newly cleared phone never work.
    Captured packets, examined phone logs, looked through IIS logs, the SSL cert is never downloaded.


    I took a phone back to my office and captured packets with DHCP on, then cleared and captured with static IP assignment.

    Watching Wireshark during a DHCP boot, after the three-way handshake, the first thing downloaded is the SSL cert.
    DHCPCapture.PNG

    With static IP assignment after a Mute+CLEAR#, it does not download the SSL cert.
    StaticCapture.PNG

    As such, when the phone tries to connect to the voice switches, it fails to connect as the root CA is invalid (phone doesn't have one).
    SSLCertFail.PNG

    TAC noted that in the phone log, there is no FTPServer set. Without DHCP, there is no way to set an FTP server, But...The SSL cert is downloaded via HTTP, so I don't see how they are trying to tie those together.

    Any ideas, other than standing up a DHCP server, to get the SSL cert to the phones?

    Please note, I've discussed DHCP with the organization's IT management, however they refuse to use DHCP because of "security" concerns. I've explained that I can grab enough network info with a 30 second WireShark capture that I could likely plug a computer in and gain network access, but they don't understand how easy it is after I've explained.

    Thanks!
    David

  • #2
    Are you sure you can't set the FTP server statically? The SSL cert is downloaded via HTTP, sure, but without knowing the server, where is it supposed to download it from?
    I'm pretty sure you can set the FTP server statically.

    Comment


    • #3
      I have only had luck with the manual assignment if I 1st let the phone get a DHCP address then clear the phone and then input the values in by hand without DHCP. Then it works but going straight to manual ip was a challenge.
      Lance Paddock
      BTX | Business Telephone eXchange
      1(800) 289-0299

      Comment


      • #4
        Originally posted by B08bydigital View Post
        I'm pretty sure you can set the FTP server statically.
        There is no setting on the IP400 SIP phones, however the MGCP phones can set.

        TAC case is being escalated to L3 as of today. I'm thinking Lance's solution is the best but this client won't have it. It's pretty clear that the phone is attempting to download the SSL cert when set to static IP settings. So a firmware solution would be probably be in order.

        Comment


        • #5
          That is so weird and stupid. I apologize, I haven't tried it, I just saw that "Config Server" under "Services" and assumed that could be set statically... I'd definitely say this is a bug that needs to be fixed. Surprising that it has gone on for this many years.
          Last edited by B08bydigital; 07-23-2020, 03:11 AM.

          Comment


          • #6
            Yeah, I'm still confused. I am able to change the "Config Server" on my IP485g (it is actually statically assigned, because I'm not able to do option 156 on my DHCP server).
            But now I'm using the method Lance wrote above, as my phone has already been on the network with DHCP. I don't have a brand new phone to try it on.
            I'll try to factory reset mine and see.
            Last edited by B08bydigital; 07-23-2020, 02:59 AM.

            Comment


            • #7
              OK, I just did it.
              Factory reset my phone.
              When it came back up, I aborted the startup process, gave it it's IP, subnet mask and gateway, then hit apply...
              It came back up, obviously couldn't go into service, I hit the Details button,
              went down to Services, hit Edit
              Entered the Config Server IP, hit back, hit apply, then it came back up and went into service.

              Comment


              • #8
                Hmm, I've got the config server set along with the static IP settings on this phone at my desk. Did you do a mute+clear or a mute+reset? Maybe it was fixed in a firmware release at some point. One weird thing, I let the phone sit disconnected overnight and plugged it in. And it downloaded the SSL cert and would register. That's so weird. Mute+Clear, could not get it to repeat the behavior for days. Unplugged the phone 2 days ago. Now today, I plug the phone in and it downloads the cert. This is so weird...

                Phone info.
                Software 804.2002.1100.0
                Model No IP480G
                HW version E
                Language en-us
                Country US
                Kernel version 804.1908.1800.0
                Boot1 loader ver 803.0.0001.0
                Boot2 loader ver 803.0.0002.0

                I'm going to link TAC to this convo.

                Comment


                • #9
                  I did a Mute+Clear to reset everything.

                  Comment


                  • #10
                    TAC wants me to RMA the specific phone...Cannot tell me if it's a firmware issue. The RMA site doesn't have the phone's serial number so I can't do it via the new MiAccess site. They don't seem to understand that I'm not the only one that has seen this issue. Phone probably isn't under warranty. I mute cleared an IP485 in the office and set it static. Same - No Service. Doubt it's the specific phone. Bet $$ there is a bug in the firmware.

                    Comment


                    • #11
                      Originally posted by Lance View Post
                      I have only had luck with the manual assignment if I 1st let the phone get a DHCP address then clear the phone and then input the values in by hand without DHCP. Then it works but going straight to manual ip was a challenge.
                      Lance, when you clear the phone after getting a DHCP address, why does this not clear the SSL cert?

                      Comment


                      • #12
                        it caches all know good values and likely only clears once a valid response occurs.
                        Lance Paddock
                        BTX | Business Telephone eXchange
                        1(800) 289-0299

                        Comment

                        Working...
                        X