Announcement

SCENARIO
When installing Connect PBX software on a Generation 2 VM hosted on Hyper-V with secure boot enabled the installation highlights an issue with the TDIMEDIA.SYS driver.

Subsequently, after the installation has completed and the server is rebooted, the Connect Services fail to start.


SYMPTOMS
During installation, the following error message appears:

A digitially signed driver is required

Shoreware Media Driver
ShoreTel Inc

Windows blocked the installation of a digitally unsigned driver. Uninstall the program or device that uses the driver and check the publishers website for a digitally unsigned version of the driver.

Upon rebooting the server,you are unable to launch Director due to the following error:
- Shoreware telephony software
- Shoreware voicemail message
- Shoreware voicemail port
- Shoreware workgroup server
- ShoreTel vmemsync
- ShoreTel TrunkTestService
- Shoreware CSIS VMserver



RESOLUTION
To resolve the issue after the installation is complete and the services fail to start, perform the following steps: DISABLE DIGITAL SIGNATURE ENFORCEMENT IN WINDOWS 2016

Note: Disable Secure Boot if running HyperV (do this in the Virtual Machine settings > Firmware from HyperV admin console)

1. From Windows 2016 Server, Run DOS in ADMIN mode:
2. cd <drive>:\Windwows\system32\
3. type bcdedit.exe /set nointegritychecks on
4. reboot server

Just came across this on a new build on Server 2019. In vCenter, in the VM settings, went to Advanced options tab, then expanded Boot Options, unchecked Secure Boot. Disabled Digital Signature Enforcement as described above. Still no joy. Called TAC.

It only took a few minutes - We looked at the two articles as this is a super common issue.

We just verified the output was correct.


Use quickinstall to:
stop all services
remove and add TDIMedia.SYS
Update registry path to point to c:\windows\system32.
start all services.

This is a well known issue in support with 2016 and 2019. Should be part of the install guide :-| Especially since 2016 is now well over 4 years old.

Per the last partner engineering call there is a signed driver coming out with 19.2 (supposedly) when it lands in roughly a month.

Restricted Content Area

There is certain content that is delivered in the MiAccess Portal Community based on a user's permissions.

Based on your access level, you will not be able to view content here.

Symptoms

All services will not start on the affected server and features will be impacted.

Cause

Unknown as various instances can result in this scenario.


Resolution

To recover the Media Driver navigate to your installation Directory. Below is from a system installed on the C: Drive.

C:\Program Files (x86)\Shoreline Communications\ShoreWare Server>

• Type quickinstall -stopall as this will stop all ShoreTel services.
• Type quickinstall -mediaout and this will remove entries of the existing TDI Media Driver.
• Type quickinstall -mediain and this will re-add the TDI Media Driver.

Next you will have to update the registry to the proper location of the Media Driver as the image path will now be incorrectly set to the directory from where you ran quickinstall.

Registry location is as follows:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\servic es\ShoreTel-Media

Update the image path from the current entry to the following:

\??\C:\Windows\System32\TDIMedia.sys

Proceed to start all services by running quickinstall -startall