Announcement

Collapse
No announcement yet.
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Communicator for iPhone (ST 11)

    I initially posted this in the "official Shoretel forums" but I wanted everyone to be aware lest you find yourself in my position. I'm including more information than probably required as digging up information on this issue has been difficult and I wanted to save all of you some trouble and put everything in one place.

    My issue: Communicator for iPhone won't authenticate/can't connect to the server.

    Shoretel ver 11.0 CR build 16.5.8506.0 upgraded from 16.5.3xxx.0. On both releases I couldn't get Communicator for iPhone working (aka MCM/Mobile Call Manager for iPhone). I confirmed my reverse proxy was working with blackberry's utilizing the same user, user obviously has "Allow Mobile Access" checked, but couldn't get the iPhone to authenticate (in admin guide it refers to using username and communicator/call manager password for authentication rather then extension number/voicemail password like on blackberries, FYI) Thought the issue was with iPhone OS 4.x since that is all I can find to test and still haven't found an iPhone with OS 3.x which is all the admin guide says is supported. I posted the issue on the other forum and emailed CR (Controlled Release @ Shoretel). Immediately after posting i received a reply email from CR stating that yes, there is an internal document related to some additional configuration required for the reverse proxy server and that they would hunt that down and send it to me. If anyone has that document or knowledge of the reverse proxy changes, please send that to me. If Shoretel send it to me beforehand then I will do my best to post it as soon as I get it in hopes that you will not loose as much hair as i have.

    Happy hunting!

  • #2
    Do you know what firewall ports are being used?

    400

    Comment


    • #3
      We haven't been able to get our reverse proxy working with ST11 (works fine w/ anything <11) - it looks like there may be a code change in one of the .asp files for the web client that rewrites the login URL to the ST server's internal IP address after you click submit. i.e. i can bring up the web client login page at <myproxy_public ip>/shorewarewebclient (which opens as <myproxy_public_ip>/login/options/), then enter username/password and click submit, the page then refreshes to the URL <ST_server_private_ip/login/options -- which of course is no longer accessible to the client on the outside.

      Comment


      • #4
        400--

        either http (80) or https (443) depending on how you set it up

        bluepointe--

        i tried to recreate what you were talking about, but couldn't. everything i tried kept the external proxy ip. No logs nor IE references to the internal IP. I am also not using Tomcat for reverse proxy which is what Shoretel provides most of it's documentation for and what I'd guess you may be using. So that could be the difference too.

        Comment


        • #5
          Yes, we are using apache's mod_proxy on ubuntu as a reverse proxy (basically what ST outlines in appendix D of the planning/install guide). It works fine with every previous release.

          Comment


          • #6
            Actually, if you take the reverse proxy totally out of the picture and go straight at the ST box it still redirects to the ST server's internal IP - it's in the validate.asp file.

            Comment


            • #7
              There is an internal draft Shoretel App note on configuring the iPhone with reverse proxy but it is incomplete and doesn't work.

              Shoretel introduced a new server role called CAS in ST 11.0 that handles functionality previously addressed by CSIS. The new web communicator and the iphone app actually use CAS and iPhone users will connect to the CAS server they are a member of (HQ or a DVS).

              The ports are actually different as well, using 5500 on the outside and mapping to 80, 5449 and 5447 on the inside.

              We haven't fussed with trying to get reverse proxy to work yet (we can use Juniper's VPN client on the iphone to connector) but we will fiddle around with it a bit more.

              Comment


              • #8
                Looks like using apache mod_proxy_html to rewrite the html markup is the ticket - a few tweaks to workout the new ports and we're there...

                Comment


                • #9
                  There are some instructions on configuring the reverse proxy where there are multiple shoretel servers in the Planning Guide. (Page 291)
                  I have not tested them myself yet but it might be helpful.

                  Comment


                  • #10
                    Has any body got to the bottom of what actual ports are used..?

                    I rang TAC and after the engineer consulted with colleagues he said he and others didn't know of any documentation around Communicator for iPhone and Rev Proxy config, other than what was already out there.
                    In the middle of an install and other than this all is well with the system. Would be good to get this one cracked as well.
                    Any help appreciated.

                    Cheers,
                    Kev

                    Comment


                    • #11
                      Well finally got to the bottom of it, after a qquick email to Jerome @ Shoretel and a reply from Laurent. If you have the latest build of v11 16.5.8506.0, the info is in the install guide that is on the server (get it through director is easiest). Appendix G now has detailed info on ports and data path flow along with the sample Apache config.

                      Its also been updated on shoretel.com through KB 15515 and the install guide link off that.

                      Hope this helps guys.

                      Cheers Kev

                      Comment


                      • #12
                        We manged to get it working by using our Juniper SA4500 SSL VPN. Juniper just released Junos Pulse for the iPhone. I can confirm that ShoreTel Communicator for the iPhone works with Junos Pulse.

                        Now if I could just make Web Communicator work through UAG DirectAccess. I'm not sure why ShoreTel decided to have it redirect to the internal IP address. Rather than putting in a reverse proxy why not just add the option of using SSL on the web services?

                        Comment


                        • #13
                          Damn - I've spent days at this and cannot get it to work!! Anyone got a working httpd.conf and httpd-vhosts.conf I could look at???

                          Cheers

                          Comment


                          • #14
                            Originally posted by bluepointe View Post
                            We haven't been able to get our reverse proxy working with ST11 (works fine w/ anything <11) - it looks like there may be a code change in one of the .asp files for the web client that rewrites the login URL to the ST server's internal IP address after you click submit. i.e. i can bring up the web client login page at <myproxy_public ip>/shorewarewebclient (which opens as <myproxy_public_ip>/login/options/), then enter username/password and click submit, the page then refreshes to the URL <ST_server_private_ip/login/options -- which of course is no longer accessible to the client on the outside.
                            Just installed 11.1.
                            I am having this trouble. I am using Apache on CentOS 5.5. When you reverse proxy /ShoreWareWebClient then the ST server gives back /login/options, it doesn't work. I get nothing at all when I test http://<ReverseProxyAddress>/ShoreWareWebClient except the address in my browser changes to http://<ReverseProxyAddress>/login/options and no page.

                            Seems like we should RP http://<ShoretelIPAddress>/login

                            However, if I Reverse Proxy /shorewaredirector, it works. I think it works because the address path comes back unchanged.
                            It would be nice to open up the firewall ports and get this going...

                            Anyone have a solution?
                            Thanks,
                            Chris
                            Last edited by chrisknight; 12-19-2010, 02:51 PM.

                            Comment


                            • #15
                              The proxy config is now available in the 11.1 documentation (Installation and Planning Guide) however, it is a bit complex and I am not sure if it will mess with the setup for my Blackberry's that are working. I tried to enter some of the information provided but when I test Apache, it fails.

                              Comment

                              Working...
                              X