Avaya IP Office Server Edition - 10.0.0.5 build 3 4

[GeekBell]

I'm starting this thread to warn people of upgrading the IP Office SE to 10.0.0.5.

We had a horrible time troubleshooting SIP issues after the upgrade from 10.0.0.4. We thought it was a sip issue and were getting the following error:

481 Dialog/Transaction Does Not Exist

The SIP failures were occuring extremely random. We had checked into EVERYTHING and still could not get it to work. I finally connected another SIP provider to see if I would have the same issue. On a different SIP provider we would get the same results. One phone call would work, then the next 4-5 phone calls would produce a similar error depending on the provider. In my case, the second provider would give us a 404 error when dialing outbound.

Inbound phone calls would work without any issues.

SKIP THIS VERSION and upgrade to the 10.1 version which is a free upgrade instead of the previous versions where the .1 upgrade is a licensed version.

Let me know if you have any questions about this. I'll be glad to provide any additional symptoms / advice.

 

[joe2938]

did you report this to Avaya

 

[GeekBell]

No I did not report it to Avaya. The customer was down for several days while we are waiting for Avaya to "gather logs from the system." This has been my experience with Avaya and their support. They will "gather logs" and chew them for several days and make you wait. In the meantime, the customers are getting upset that they can't run their business. I have yet to have a successful support experience with them. Especially when it's a critical system down emergency.

 

[janni78]

The few times I reported a critical error I've had a tech connected within an hour collecting log.

In this case since your issues started after an update I would collect logs, downgrade to solve customers issues and send the logs to Avaya and wait for a CP.
Why would you wait days for Avaya in this case?
If it took more than 2 hours I would hit the escalate button which usually results in a manager calling you.

"Trying is the first step to failure..." - Homer

 

[IPGuru]

Another Question
What was your reason for upgrading from 10.0.4?

one odf the biggest rules in maintenance is "If it ain't broke don't fix it"

upgrade only when :-

1)

your customer is experiencing an issue that you cannot resolve (It will be the first thing avaya ask you to try anyway)​

2

the new software has an additional feature that your customer needs (& is willing to pay for )​

Do things on the cheap & it will cost you dear

 

[Westi]

Like a friend of mine always says
The enemy of good is perfect
Had that bite me a few times when I tried to perfect something and broken it instead.

Joe W.

FHandw, ACSS (SME)


"This is the end of the world, make sure to buy your T-shirt before it is too late"
Original expression of my daughter

 

[GeekBell]

The original reason we upgraded is because the Server Edition would suddenly not work at all and the only thing that would resolve it is rebooting. Again, Avaya support "gathered logs" and chewed on them for several days while the customer gets more and more upset with the situation.

As we have experienced in the past with the IP office nodes in the past, Avaya doesn't seem too concerned with security and has 0 measures in place to prevent attacks.

 

[janni78]

What are you saying?
You have IP Offices with public IPs or that are accessable from the internet?


"Trying is the first step to failure..." - Homer

 

[GeekBell]

What I am saying is that there is definitely a bug in the most recent 10.0 version for outbound SIP traffic. My intent is to make the community aware of the situation to avoid upgrading to that version.

 

[janni78]

So what do bugs have to do with security?

"Trying is the first step to failure..." - Homer

 

[rdoubrava]

My Server Edition has been running for 90 days, no issues.

 

[GeekBell]

My Server Edition has been running for 90 days, no issues.

Are you running 10.0.0.5 Build 3 using SIP trunks?

 

[Westi]

Seeing that 10.0.5 came out on September 11th (9 days ago) I would think that rdoubrava runs an older version.

I have some server editions with SIP trunks on 10.0.3 that were installed months ago without issues so it may be some other external reason why you have these issues

Joe W.

FHandw, ACSS (SME)


"This is the end of the world, make sure to buy your T-shirt before it is too late"
Original expression of my daughter

 

[janni78]

I'm still interested in what he means with this comment =)

As we have experienced in the past with the IP office nodes in the past, Avaya doesn't seem too concerned with security and has 0 measures in place to prevent attacks.

"Trying is the first step to failure..." - Homer

 

[Pepp77]

We run our hosted system on 10.0.0.3 which is SIP only and have had zero issues. Maybe there is a problem with SIP on 10.0.0.5, if so downgrade to .3 and all will be good

| ACSS SME |

 

[GeekBell]

We run our hosted system on 10.0.0.3 which is SIP only and have had zero issues. Maybe there is a problem with SIP on 10.0.0.5, if so downgrade to .3 and all will be good

They SIP functionality seemed to work good until we upgraded to .5. Have you been able to downgrade a Server Edition without reinstalling and restore? I couldn't find a reasonable method of downgrading.

I'm still interested in what he means with this comment =)

I don't want to get into a discussion about Avaya's security. Too easy to hack unless you completely finger pick the routes.

 

[janni78]

Downgrading is documented in the Knowledgebase

[URL unfurl="true"]http://marketingtools.avaya.com/knowledgebase/businesspartner/ipoffice/mergedProjects/SE_Deployment/_frame2.html?Downgrade_Policy.html?zoom_highlight=downgrade[/url]

Any PBX is easy to hack, that's why you have security appliances handling communication between them and the rest.
I've never finger picked a route and apparently managed to not get hacked, although I have cleaned up a lot of installations from other dists.

"Trying is the first step to failure..." - Homer

 

[GeekBell]

janni78

You obviously did not read the link you sent, nor are you following the thread. But, appear to just want to demonstrate your security expertise. The knowledgebase states:

6.You can perform a Minor Linux server downgrade by performing a complete reinstallation and re-ignition.

As my question states above:
"Have you been able to downgrade a Server Edition without reinstalling and restore? I couldn't find a reasonable method of downgrading."

complete reinstallation to me is NOT a reasonable method of downgrading.

 

[janni78]

I followed the thread, you first informed about issues you had after upgrading to 10.0.5.

Then you stated that you didn't report this as Avaya Support since you haven't had any success in the past, which means that the bug will stay unless someone else reports it.
Then suddenly you brought up their lack of interest of security which kinda made me curious.

Might not be reasonable to reinstall, but since you state your customer was down for days I would rather have reinstalled and restored from backup.

"Trying is the first step to failure..." - Homer

 

[IPGuru]

I don't want to get into a discussion about Avaya's security. Too easy to hack unless you completely finger pick the routes.

It is NOT easy to hack if you have installed it correctly, which is which Janni asked "You have IP Offices with public IPs or that are accessible from the internet?"

an IPO should always be behind a firewall & not directly accessible from the internet.
to secure sip if your ISP required ports forwarded to the IPO (Most don't) then the forwarding should be restricted to only known IP Addresses or use a SBC.

if you have IP Office systems fully visible on the internet then you are both incompetent & grossly negligent & should cease installing IPO's until you know better.





Do things on the cheap & it will cost you dear