INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

AES SW Only

AES SW Only

(OP)
I'm running the SW Only 6.3.1 AES, which apparently is not classified the same as vmware even though it is running on our vmware farm. Due to a recent bug we were instructed to upgraded to 6.3.3sp5 and were instructed to upgrade linux, 6.3.3, then another linux patch follwed by sp5. After copying the first linux patch and launching it I received a message saying: ‘Linux security updates cannot be applied to AES software-only system’. Does this mean that only the AES 6.3.3 and sp5 patches need to be applied?

RE: AES SW Only

Why not just go with the OVA?
SW only = you supply the OS, java, etc. Their security updates wouldn't be applicable to you because you aren't necessarily running the same versions/packages they are. They also don't care about OS security on a OS you bring. If you use the OVA, then they're security updates would work.

I can't find any requirements re: service packs requiring updated versions of packages, so presumably what was good for GA is good for the latest patch, but who knows - maybe a update to a package changes things that aren't backwards compatible and Avaya stayed away from the latest version of package X.

RE: AES SW Only

(OP)
To use their OVA, I'll have to have something done with licensing I take it?

And if I'm reading you right I should be able to just install the AES SW patches and not touch Linux? Hopefully, because I had run them on Friday and was contemplating restoring the snapshot of the server from before I did anything out of fear I didn't follow the process properly.

RE: AES SW Only

The "their ova" part is a penny line item and to be honest, I don't think any of their stuff checks the license for platform type

RE: AES SW Only

(OP)
I thought I'd be able to just rehost the existing license.

RE: AES SW Only

sure, you can do that too.

But even then, in swonly, you don't have a weblm on the AES, you point it to one.
So, you could in theory just install the ova and point it just the same at that weblm and it'd probably all work

RE: AES SW Only

Much better off if you can go VMware. Backup database on existing AES, shutodwn server, deploy OVA, restore database, back in service. Rehost licenses via PLDS to System Manager or deploy WebLM OVA.

RE: AES SW Only

(OP)
Thanks, will pursue that path of the .ova. Don't know why SWonly would have even been a consideration at any point.

Also, in addition to that if you ever come across this: the server certs were due to expire next week and our Server/AD team cut new SHA2 certs and included the private key generation. A full day of back and forth because the certs installed fine, but no Lync clients retained registration. The logs on either end didn't produce anything relevant. Attempted SHA1, with old SHA1 subCA.. nothing worked. Generating the .csr from AES and having it signed finally worked.

Essentially, it seemed as if the AES server can only sign the CSR with a 3DES algorithm. So when it was getting a cert with the private key, it was assuming that it was requested using 3DES hash, but did not throw an error when importing a new cert with a more complex algorithm (SHA2). So while it was a legitimate certificate from a Linux perspective, the AES software (I presume) was simply relying on the underlying OS validation to assert that the cert was legit.

It should have most definitely barked at the inbound cert when the private key was clearly something it could not use. Almost any little inconsistency would usually trigger an error somewhere when it comes to certs. Can't make this stuff up.

RE: AES SW Only

Get used to looking for TLS errors in wireshark. If you want to see a product that lets you administer certificates without errors but won't actually use them if you make one little mistake, look at Avaya's SBC.

RE: AES SW Only

Strongly agree with kyle555. Avaya does have an issue in general in processing (and documentation) of security protocols in general but no different than most other applications dependent on the underlying operating systems (Windows or Linux).

RE: AES SW Only

(OP)
Yea, definitely going .ova

RE: AES SW Only

(OP)
Circling back to this project.. does the backup of the current AES contain the certificates?

RE: AES SW Only

dunno. id like to think so, but i'd doubt it
it seems to be a little zip file of a database. dunno if it has IP/fqdn/cert stuff...only one way to find out :)

RE: AES SW Only

(OP)
In the midst of this restore of data process. It indicates the restart may take up to 5 mins to complete. After I confirmed the restart the buttons turned gray which I guess is a good thing, but it's been about 15 mins and nothing seems to be happening. Be more patient... reload the page... start a whole new web session ?

RE: AES SW Only

yeah, just try another browser/no cookies/recalled session info

if that's not working, console and see what's up? might need a OS restart though I see that being unlikely.

RE: AES SW Only

(OP)
Yea, I eventually got it and everything looks to be there fine, including the certificates. However, when I go to run the TR/87 Tests the TR/87 Service and Makecall tests fail. The switch connections and dialplans are all intact, as is the A/D config. Unless the A/D pwrd needs to be re-entered, but it looks to have come over with the restore.

RE: AES SW Only

I never did anything with TR87... You got MS clients controlling their Avaya phones through AES? I thought that's where TR87 came into play.

RE: AES SW Only

(OP)
Yea, click to dial with MS is what it's used for. Those TR/87 tests test the sip/tel uri of a user that it's part of A/D and in the dialplan. The other test actually uses the sip/tel uri to call another tel uri and it rings the user phone.

RE: AES SW Only

(OP)
I got passed it. movin' on

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close