How to use Multi-device licenses on Mitel MCD.

Users and Devices form.
Change the Service Level to Multi-device



Multi-device User Groups form.
Add a group with one member.


Now it works like a normal phone.

Mitel TA7102 SIP setup with MCD.

Do not use the wan port. It has a DHCP server that caused havoc on my network.

Use the lan port and find the IP address on your router. The MAC address usually begins with 00:90:f8.

Login with the default user of "public" and no password.

These three screens are the minimum configuration I needed to receive a fax with the device.







I can not get one of these to make calls on the Mitel 3300 yet!!!

If anyone knows how, let me know.

VPN setup between Fortinet and Meraki

I have this working with several Fortigate models and Meraki MX.

Fortigate setup on 5.2. It also worked on 4.0 but the screens are different.

Ipsec Tunnels
Create New
Custom VPN Tunnel
Name xxx
IP Address from Meraki dashboard
select Interface
Uncheck Nat Traveral and Dead Peer
Enter Pre-Shared key
Remove all Phase 1 Proposals except "3DES SHA1"
Check only DH group 2
Change key life to 28800
Enter name for Phase 2
Enter local and remote subnets for Phase 2
Click Advanced
Remove all Phase 2 proposals except "3DES SHA1"
Uncheck PFS
Add static route for remote subnet
Add two firewall policies two allow traffic to and from tunnel.

The Meraki side is simple.
Site-to-site VPN.
Add non-peer.

Cable modem setup
(This was required on one Meraki unit but I have several working with no change to the cable modem.)
Forward ports 500 and 4500 to Meraki.

Update: VPN setup between Fortinet and Meraki - Part 2

How to verify the telecom carrier for a phone number or 800 number.

I frequently need to verify the telco carrier of a phone number. Here are two useful sites.


freecarrierlookup.com





This one is for 800 or toll free numbers.

https://legacy.800forall.com

How to get ping and telnet on MacOS High Sierra.

I know these are not secure apps but I still use them all the time. Download inetutils and get ping and telnet.

https://www.gnu.org/software/inetutils/

open terminal

cd Downloads

cd inet*

./configure

Install command line tools

./configure

make

sudo make install

I have trouble with the inetutils ping because it ignores lost packets. This is my fix to stick with macos ping.

cd /usr/local/bin

sudo mv ping ping.bk

How to change Mitel 3300 system telnet password.

I recently found out you can telnet into Mitel systems with a default password. Https and telnet have different system passwords. Even if you change the password in the browser, telnet is still open.

Here is the way to change the telnet password.

telnet 1.2.3.4

Welcome to the SX-2000 (vxTarget)

login: sytem

Password:       

ESC 6 for maintenance.

Reset Password System, New Password       , Verify New Password

High Sierra hiding lost pings.

I just noticed that lost pings are hidden. It was irritating enough that ping now requires elevation.

jamsignal$ ping 10.133.1.1ping: Lacking privilege for raw socket.jamsignal$ 

jamsignal$ sudo ping 10.133.1.1PING 10.133.1.1 (10.133.1.1): 56 data bytes64 bytes from 10.133.1.1: icmp_seq=0 ttl=254 time=69.707 ms64 bytes from 10.133.1.1: icmp_seq=1 ttl=254 time=68.789 ms64 bytes from 10.133.1.1: icmp_seq=4 ttl=254 time=79.188 ms64 bytes from 10.133.1.1: icmp_seq=6 ttl=254 time=48.910 ms64 bytes from 10.133.1.1: icmp_seq=7 ttl=254 time=67.357 ms64 bytes from 10.133.1.1: icmp_seq=8 ttl=254 time=68.787 ms64 bytes from 10.133.1.1: icmp_seq=9 ttl=254 time=77.702 ms64 bytes from 10.133.1.1: icmp_seq=10 ttl=254 time=59.172 ms64 bytes from 10.133.1.1: icmp_seq=11 ttl=254 time=68.638 ms64 bytes from 10.133.1.1: icmp_seq=12 ttl=254 time=89.859 ms^C--- 10.133.1.1 ping statistics ---13 packets transmitted, 10 packets received, 23% packet lossround-trip min/avg/max/stddev = 48.910/69.811/89.859/10.544 msjamsignal$ 

Update: I had installed inetutils to get telnet and ftp on High Sierra. That is what broke my ping.

JetDirect printers on the Internet with no password.

This was my search on shodan.io. There are 700 JetDirect printers on the Internet with no telnet password. Why have the hackers not taken over these printers

"Jetdirect port:23 Password is not set"

Mitel 3300 phone systems with telnet port open!!!

I went to shodan.io and searched for "SX-2000 port:23"

There are some Mitel phone systems open to the Internet with telnet. The default password has probably been changed so you can not login with HTTPS. But telnet is available with a default login.

WARNING

If you change the system login, this does not change the telnet login.

Someone could access these systems and view all programming.

Update: You can use maintenance commands like "busy extension 1234" to busy out an extension. The phone is then unusable.

Port 1752 is also available to view SMDR call records.

Don't connect Mitel systems directly to the Internet!

Fortigate units get "Input value is invalid" in the GUI.

I get this message on some Fortinet routers when editing the network interface. Even if I do not make any changes. Now we have to use the command line to make any changes

It takes too many steps to change the secondary IP from the CLI.

test # config sys int

test (interface) # edit internal

test (internal) # config secondaryip 

test (secondaryip) # edit 1

test (1) # show

config secondaryip

    edit 1

        set ip 10.122.1.11 255.255.255.0

    next

end

test (1) # set ip 10.122.1.1 255.255.0.0

test (1) # end

end

First time using shodan.io today.

I searched for "bizhub C364e" and found multiple units. Some had the default administrator password. The Konica 364 is a large unit at $6000 or more new and they are open to the Internet. Even if the admin password has been changed the Public login may be available. Public has access to print and view job history. Public can also view the scan-to-email address list.

What if a fraudster targeted these users with malicious email that appeared to originate from the bizhub?

How to view devices and sessions on Aruba remote access point VPN.

I have used Aruba access points with two ethernet ports as VPN devices. It was okay for a home office or small office. When troubleshooting a problem, there was not much visibility. These command helped.

sh ap database
(Find the IP address of target AP)

sh datapath tunnel | include x.x.x.x
(Find the tunnel number with R=wired)

sh datapath bridge | include 'tunnel xx'
(List of mac addresses on remote LAN)

sh datapath session | include 'tunnel xx'
(List of current connection from LAN with IP addresses)

How to copy file association from an individual to all users on a server.

I dont know why this application install will not do this automatically but I found a way.


reg copy HKEY_CURRENT_USER\Software\Classes\.upop HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.upop /s

reg copy HKEY_CURRENT_USER\Software\Classes\upopfile HKEY_LOCAL_MACHINE\SOFTWARE\Classes\upopfile /s

Of course it will be different for your app.

Business phone with bird poop!

I have worked on a lot of telephones but this was a first. Most of the buttons quit working so I had to replace it.

Mitel SMDR call records with telnet port 1752.

telnet 10.1.2.3 1752

 07/03 09:37A 0000:00:00 T104     *** 4372                      E
 07/03 09:37A 0000:00:49 T103     005 3225                        3225
 07/03 09:38A 0000:00:22 T101     004 3225                        3225
 07/03 09:53A 0000:00:01 T101     *** 1808                      E
 07/03 10:21A 0000:00:57 T101     008 3235                      T 3236
-07/03 10:24A 0000:06:33 T101     008 3215                        3215
 07/03 10:31A 0000:00:31 T102     009 3235                      T 3236
 07/03 11:00A 0000:01:06 T101     006 3225                        3225
 07/03 11:06A 0000:02:28 T101     006 3221                        3221
 07/03 11:29A 0000:02:04 T101     002 3223                        3223
 07/03 12:40P 0000:00:24 T101     *** 3216                        3216
 07/03 12:59P 0000:00:20 T103     002 3210                        501

The phone numbers are usually on the right side but I deleted that info. This is very quick and useful for troubleshooting phone issues.

Apple Mail 9,223,372,036,854,775,807 filtered messages.

I have seen this multiple times on my Mac. Click the filter off and the number goes back to normal.

Fortinet "diag vpn tunnel reset" command. Yikes!

While working on a Fortigate that is the central hub for a vpn network, I typed "diag vpn tunnel reset". I intended to type "diag vpn tunnel reset tunnel-name". Most of the vpns dropped and would not come back online. The equipment had to be rebooted at all the remote sites to bring up the vpn tunnels.

Dont do this!!!

How to get a list of ActiveSync users and devices from command line.

$mbx=get-mailbox

$mbx | foreach {$name = $_.name; $alias = $_.alias; $device = get-activesyncdevicestatistics -mailbox $_.identity; $device | foreach {write-output "$alias;$name;$($_.devicefriendlyname);$($_.deviceid);$($_.LastSuccessSync)"} } >list.txt

This is the output. One line for each mobile device.

smithb;Smith, Bob;iPad Air;Appl345SDFGDFG;06/06/2017 16:05:01

smithb;Smith, bob;iPhone 7;SDFGD987938798;06/05/2017 16:06:00

...

How to get list of ActiveSync users from the Exchange command line.

This will provide a simple list like below.

Get-ActiveSyncDevice | select UserDisplayName, devicetype

example.com/ou/Smith, Bob       iPhone

example.com/ou/Smith, John     Android

example.com/ou/Smith, Kelly     SAMSUNGMG955U

Citrix users cannot remove old shortcuts from the Start Menu

Users are not allowed to right click and remove shortcuts. I found the location in the registry but it is encrypted. If I remove all of UserAssist, the Start Menu is empty.

HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Explorer\UserAssist\

After a day of searching I found this this tool that worked for my setup.

http://www.nirsoft.net/utils/userassist_view.html

Now I am able to remove one outdated shortcut and leave the rest.

I can not view the Primary Stream on Pelco cameras.

This is the default setting when accessing this camera in a web browser.

  

Next I get this on Safari.

  

If I click that box, I get this info from Apple.

   

I have tried several computers with different browsers and none can view the primary stream. Why is new hardware using Quicktime 7?

How to view all the hidden fields in Active Directory Users and Computers.

Active Directory Users and Computers

View / advanced Features

Find User

Member Of / Open group

Close User

Open User again

Attribute Editor tab

More than 500 fields are now available in the GUI. Why are there so many Microsoft?

Citrix Start menu pinned shortcuts

Sometimes users get stuck with outdated shortcuts that no longer work and they are not allowed to delete them. I searched for a while to find this in the registry.

HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Explorer\UserAssist\

Remove items in this folder and logoff. Now I have an empty Start menu.

How to set Citrix default printer with a logon script.

powershell.exe -Command "$printer = get-wmiobject -class win32_printer | select -first 1 ; $printer.setdefaultprinter()"

This will get a list of printers from the user session and make the first one default. The first printer in the list is the default on the local computer outside of Citrix. I don't know why the local default is always first in the list but that appears to be the case.