Firmware 1.0.19.21 for UCM6202/6204/6208/6510 officially released

firmware-release

#41

I apologize. The equivalent options for that on GXV324 and GXP2170 are Validate Certificate Chain and Validate Hostname in Certificate respectively.


#42

21 days since this post, are you close to a firmware release? Several of my clients are eagerly awaiting this firmware update to resolve the freezing issue.


#43

I apologize for the delay. However, some problems were discovered during Q&A for the build with the fix, and more time is needed for testing. Unfortunately, I cannot provide the ETA for it at this time.


#44

Hi Team.
Firmware 1.0.19.21 not recording queue when making incoming calls…
Pls fix it.
Thanks


#45

My issue turned out being with my switch config. I reconfigured adding an ip helper-address pointing to the DHCP (my firewall) and also used both options 66 and 43, now all seems well. Only issue was that I had to offset the time zone by 1 hour on the NTP as the time kept being an hour behind.


#46

you could kindly let others who read the forum understand, what exactly did you do to solve?


#47

Hi, was just editing to give some more detail.


#48

Okay, thank you, then just tune it in.


#49

So…

I just finished deploying 2 additional servers to try my best to transparently integrate directory users into the system. Since I’d be dealing with 3 servers a lot of crazy-complicated routing and overkill security on the endpoints and network because there’s no authentication to speak of in order to achieve this. It’s blindly trusted peering all over.

Also, as a result I had to remap all extensions and make extensions aliases so the old numbers are reachable while they transition into the new ones that match user and number correctly in Active Directory.

I read big headlines about the new firmware supporting new, possibly-unheard-before, exotic characters so I decided to give it a go, it was that or deciphering how on earth that XML phonebook works to which there is no documentation. Same as what are the email and storage sections for in the Zero Config section, BTW, if it’s for the users, it shouldn’t be batch-configured, if it’s for the admin shouldn’t the system the data from the system itself?–Oh well.

Anyway, so I’m configuring the LDAP phonebook and I went straight to where the problem has always been, the username. It asks for the full DN, which if filled correctly, it will include spaces, a character not accepted in the box. I’ve used the DN in other servers, and it’s always accepted with spaces. Not here.

I didn’t have my hopes up so I wasn’t expecting anything, therefore no biggie. Then I remember, LDAP uses a similar address scheme to HTTP, so what if I URL-encode it? I looked it up and my the first hits I got were straight from Oracle with tons of examples. Now, I had my hopes up and:

Are you kidding me? You found the time to add another piece of bloat, some CRM thing–I read on the release notes, but not to have directory support?

Well…Active Directory, my LDAP backend accepts credentials formatted in at least 5 different ways, like sAMAccountName:

NetBIOSDomainName\sAMAccountName, FQDN\sAMAccountName:

userPrincipalName and sAMAccountName@NetBIOSDomainName:

What about the mysterious new characters that are now accepted?:


The offending character is a . (period) by the way.

Lastly, I didn’t need to as the CA is already imported system-wide, but I was being thorough:

How do you expect for users to use all this? Extension numbers for everyone with yet more credentials to lose on Post-Its? And why must the certificate use a special extension? Or any extension at all. Isn’t this running Linux in the background?

Do you have some high ranking in-house executive/engineer whose job is to make everyone’s life convoluted and pointless? He/she should get a raise. Top notch. :face_with_symbols_over_mouth:

Are you following any set of standards, RFCs, anything? Microsoft breaks a lot of things for many nefarious reasons, sure. But when it comes to AD there’s not much else. Freshly installed RHEL/Fedora systems bind in seconds to AD, without having to add certs, Red Hat is behind FreeIPA, which is about the best Linux-equivalent for the LDAPpy AD-like thing. Why must the UCM care how credentials are sent as the supplicant? That’s for AD, OpenLDAP or what-have-you to interpret. Plus, for over 20 years servers have been accepting requests with spaces on them, they just escape them, URL-encode them or pull some trick from somewhere. :pensive:This isn’t even binding, just trying to get a phonebook.

“X Client CA Cert” is extremely ambiguous by the way. It sounds like a subordinate CA. If it’s not an authority-meant certificate, that uppercase A should be nowhere near. Asking for a key right below sort of confirm it’s not a root CA but also makes room to believe maybe it’s a subordinate instead.


#50

I installed this firmware last night and now am locked out again. I do have a backup, so I can factory reset if needed, but I definitely don’t want to do that and be locked out again when it comes up with my other settings. Is there a fix for this?


#51

depends on what the problem is, the new firmware does not create that problem


#52

Well, it definitely did.