first step to UC platform.

[Avaya newbie]

i`m beginning to the Aura 8 UC platform from lab, Equinox window client working normally registered to session manager, the first problem coming up after login AADS, contact service changed to unavailabe. could anyone advise to figure out the problem is?

 

[kyle555]

There's a lot of integration points that need to align... Off the top of my head:

So, in AADS, you have your LDAP connection and attribute mappings

SMGRloginName must = something in AD - mail, userPrincipalName, whatever. I like mail. Mail isn't necessary "unique" but 99.9% of users won't share it. If you have helpdesk users and their email is all helpdesk@abc.com, well, use sAMAccountName or something.

This is where you want every SMGR account to be first.last@customer.com. Which is hard for SIP telephone deployments where you need a SMGRLoginName but you don't know user names, you just know that it's extension range 5000-5999 so your login names are 5000@customer.com which will never match anything in AD.

So your phone number and account in SMGR have to link to something in AD - hopefully you don't have X's in your phone numbers to use in signatures automatically and your phone number in AD is 212-555-1234 X 222.

Once you're that far, you can go to

https://mylabaads1.abc.com:8444/acs/resources/configurations

in this case. I'm doing stuff with a SBC, you can go in the CLI and "app configure" and check the front end port - its usually 8443. Do it from a private tab from your AADS config window otherwise it'll always see you coming from "admin". From a private window, it'll prompt you for authentication and when you enter your stuff, you'll get the dynamically configured settings file that looks something like this:

## File Generation Notes
## Avaya Dynamic Configuration Service does not recognize User-Agent - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36

SET SIP_CONTROLLER_LIST "mylabsm1-sm100.abc.com:5061;transport=TLS,mylabsm1-sm100.abc.com:5060;transport=TCP,mylabsm2-sm100.abc.com:5061;transport=TLS"
SET SIPPROXYSRVR mylabsm1-sm100.abc.com
SET SIPPORT 5061
SET SIPSECURE 1
SET SIPENABLED 1
SET SIPDOMAIN abc.com
SET SIPUSERNAME 5551110131
SET SIPHA1 46dd46223b98a58df8bdb5ea070f46ca
SET EWSSSO 0
SET ENABLE_DESKPHONE_SHARE_CONTROL 1
SET ESMSSO 1
SET VIDEO_MAX_BANDWIDTH_CELLULAR_DATA 512
SET MEDIAENCRYPTION "1,2,9,10,11"
SET EWSENABLED 0
SET ACSSRVR mylabaads1.abc.com
SET CONTACT_MATCHING_SEARCH_LOCATION 3
SET OPUS_PROFILE OPUS_WIDEBAND_18kbps
SET ENABLE_OPUS 1
SET SIMULTANEOUS_REGISTRATIONS 2
SET ESMSECURE 1
SET VIDEO_MAX_BANDWIDTH_ANY_NETWORK 1280
SET ACSSSO 1
SET ENABLE_VIDEO 1
SET PROVIDE_EXCHANGE_CALENDAR 0
SET TELEPHONY_PUSH_NOTIFICATION_ENABLED 1
SET ENABLE_LOCAL_CONTACT 0
SET ACSSECURE 1
SET DIR_CONTACT_RESOLUTION_ENABLED 0
SET ENABLE_G722 1
SET SIPREGPROXYPOLICY simultaneous
SET ESMSRVR mylabeqbrz.abc.com
SET AAM_PORTAL_URI [URL unfurl="true"]https://mylabaads1.abc.com:10100[/URL]
SET ESMPORT 443
SET PINHOLE_KEEPALIVE_INTERVAL 15
SET ACSPORT 8444
SET ESMENABLED 1
SET AUTOCONFIG_USESSO 1
SET ACSENABLED 1
SET ESM_PUSH_NOTIFICATION_ENABLED 1
SET PROVIDE_EXCHANGE_CONTACTS 0
SET LOCKED_PREFERENCES ""
SET OBSCURE_PREFERENCES ""

Consider - ACSSRVR is the contacts service - that happens to be provided by AADS. The autoconfig service - either by entering your email or weblink

https://mylabaads1.abc.com:8444/acs/resources/configurations

is independent of the contact service.

The reason for that is AADS can provide your dynamic configuration - which can include "global" options - which is strictly contingent on your LDAP login being passed along by AADS to AD and giving you global options. The attribute mapping to your SMGRLoginID isn't established yet. It is established when you try logging into the ACSSRVR part.

In the Group settings, you can set the handle type and extension length and when you do that right, and when you@abc.com login to AADS AND that's associated to your SMGRLoginName, then, AADS will provide your your extension and password hash - SET SIPHA1 in my example - and that's what IX Workplace uses to login your extension to SM without needing to provide it.

That is all dependent on setting up AADS right with symmetricDS postgres replication to SMGR and setting up the nosql cassandra database replication to a SM. This is all in the install guide and a just a refresher because if you're going to be looking through every config setting, may as well check that too. Remember - not all settings are available as "global" settings. Some exist only under "group" and you'd need to "save" your config named "myfirstconfig" and "publish" the global settings for ALL users and "publish" the "group" settings for AD group "AADSUSers" or whatever you picked when you started installing. Once you type 5 characters into the group field it'll auto-populate available choices - like AADSU... gets AADSUsersEast and AADSUsersWest

Under the hood on the SMGR side it's where you add something called a "data center" in SMGR and put SM1 in it. And you add your AADS to your Inventory in SMGR and point it to port 8445 /admin with the admin password. And then in the app configure terminal menu in AADS you point to the SM mgmt and SM100 IP address and it initializes the cassandra replication. Cassandra is a nosql database that contains all the PPM, so it's critical for AADS to have.

If you want email autoconfig, you can follow the DNS SRV record stuff or make an account on spaces.zang.io, go in your profile, click "manage companies" and add abc.com. It'll give you a TXT record to put in your public DNS for abc.com and if it can read it, it'll presume you're allowed to control the autoconfig settings for Spaces/Zang services on their website. In the company ABC.com, you'd go to "apps" and add Equinox Cloud Client and in the public settings part just paste this as is. Remember, you're probably on port 8443.

{"Client_Settings_File_Address":[{"Profile_Name":"Lab","Client_Settings_File_Url":"[URL unfurl="true"]https://mylabaads1.abc.com:8444/acs/resources/configurations"}[/URL]]}

When someone opens IX Workplace for the first time and punches in their email address, IX Workplace will do some DNS stuff and if it doesn't find anything, as a last choice it'll ask Zang if it knows where autoconfig exists for the abc.com domain.

 

[Avaya newbie]

kyle555...Thanks for your kindly clear explanation

Both AADS & SMGR LDAP sync ldap from my lab Window AD and map attribute with mail. i can login DS in EQX with my email address and get my extension return. once logged the DS service, contact services going unavailabe.

 

[kyle555]

what ACS settings are you getting if you go

https://aads.com:8443/acs/resources/configurations

what are all the ACS parameters

 

[Avaya newbie]

 

[kyle555]

First rule of UC - use FQDNs for everything. If you're testing for the first time and you don't have DNS, bang it in the hosts file if you have to.

I know Apple got stricter in iOS 13, but I couldn't get even older macOS's like El Capitan to hook up to AADS even if they trusted the SMGR cert until I used FQDNs for everything.

If ever you're not sure, fire up Wireshark - it's easy to see a failed TLS handshake. filter tcp.port == 8443 and you'll see Client Hello, Server Hello, bla bla bla, FATAL Unknown CA or Can't validate identity or something.

If it's not that, then you can download the logs from the AADS webpage and while they're not intuitive to you and me, you can ctrl+f yourself in there and maybe get some hints.

You can add your own parameters to AADS too. Try turning off hostname validation. Maybe you'll get lucky.

## TLSSRVRID specifies whether a certificate will be trusted only if the
##  identity of the device from which it is received matches the certificate,
##  per Section 3.1 of RFC 2818.
##  Value  Operation
##    0    Identity matching is not performed
##    1    Identity matching is performed (default)
##  This parameter is supported by:
##       J129  SIP  R1.0.0.0 (or R1.1.0.0), J169/J179 SIP R1.5.0, J100 SIP R2.0.0.0 and later, J139 SIP R3.0.0.0 and later
##       Avaya Equinox 3.1.2 and later
##       Avaya Vantage Devices SIP R1.0.0.0 and later; Not used by Avaya Vantage Open application. 
##       Avaya Vantage Basic Application SIP R1.0.0.0 and later
##       96x1  SIP  R6.0 and later
##       H1xx  SIP  R1.0 and later; Supported by SIP/PPM and file downloads.
##       B189 H.323 R1.0 and later
##       96x0 H.323 R2.0 and later
##       96x0  SIP  R2.0 and later
## 	 TLSSRVRID is not supported by 96x1 H.323 phones and instead 
##       TLSSRVRVERIFYID is supported (see below)
## SET TLSSRVRID 0

 

[Avaya newbie]

Contact services working fine after added record to DNS for my window client, next step going to Presence IM...

 

[kyle555]

If it's a single server, it's pretty simple. If its 2+, read the parts about DNS and "breeze cluster fqdn" and "presence cluster fqdn" and the reverse lookups and stuff VERY carefully

 

[Avaya newbie]

Hi kyle555,

Any idea why can`t login Devices Services on Equinox, but i can use the same account login over AADS web admin "8445/admin". sip call , IM is work fine now. except contact services. Thanks

 

[kyle555]

:8445/admin requires that the LDAP account be a member of whatever group you defined for admins.

try :8443/acs/resources/configurations - if you get your autoconfig file from that, you know LDAP works for "you" as a part of the AADSUsers group.

Then the LDAP mappings for SMGRLoginName-->userPrincipalName or mail or whatever and the thing you use for phone number need to line up.

So, if you can get your autoconfig from 8443 but not login to the service on the same port, I'd reckon it's your LDAP mappings. You can download logs from it and check. You shouldn't need to set the logging levels finer, but you can do that too. Happy to help you look through them.