Professional Documents
Culture Documents
TC3012en-Ed01 OXE Device Management Configuration Guide For SIP SoftPhone and Deskphone
TC3012en-Ed01 OXE Device Management Configuration Guide For SIP SoftPhone and Deskphone
TC3012en-Ed01 OXE Device Management Configuration Guide For SIP SoftPhone and Deskphone
This document provides the configuration details required to install the Device Management module embedded in the OXE
Call Server to serve SIP DeskPhone and SoftPhone for R100.1 (N2).
Revision History
Edition 1: January 5, 2023 creation of the document
Legal notice:
www.al-enterprise.com The Alcatel-Lucent name and logo are trademarks of Nokia used under license by ALE. To view other
trademarks used by affiliated companies of ALE Holding, visit: www.al-enterprise.com/en/legal/trademarks-copyright. All other
trademarks are the property of their respective owners. The information presented is subject to change without notice. Neither
ALE Holding nor any of its affiliates assumes any responsibility for inaccuracies contained herein.
© Copyright 2023 ALE International, ALE USA Inc. All rights reserved in all countries.
Table of contents
1 Feature Presentation ............................................................................................................................... 5
2 Compatibilities ........................................................................................................................................ 6
3 Migration from OmniVista 8770 DM to OXE DM ......................................................................................... 7
8 Troubleshooting .................................................................................................................................... 83
8.1 DM configuration file generation ...................................................................................................... 83
8.2 NGINX server log ............................................................................................................................ 83
8.2.1 DeskPhone logs ........................................................................................................................ 83
8.2.2 Activate the debug log level....................................................................................................... 84
8.3 ALES – LDAP authentication failure .................................................................................................. 84
In previous release from OXE, the Device Management module was hosted on the OmniVista 8770 server for
the mass deployment of SIP DeskPhones. Only alternative to deploy a SIP phone was to use the embedded
WBM from the phone itself, to deploy a limited number of phones.
The objective of this feature is to manage with OXE DM the supported SIP end points
- SIP DeskPhones: NOE3G-EE SIP R550, ALE-2 and new models ALE-3 and ALE-300
- SIP SoftPhones: new application ALE-S for PC and Android
- Support existing SIP phones: 8001, 8088 Hotel or Huddle Room, 8008/18/28s, new ALE-2/ALE-3.
Restriction: Support only phones NOE3GEE models 8008/18/28s, ALE-2, SoftPhone ALE-S for PC and Android
and new models ALE-3 and ALE-300 SIP.
2 Compatibilities
DeskPhone SIP ALE-2, NOE3GEE SIP R550 and ALE SoftPhone for PC and Android are supported with version
R100.1 TR, from patch N2.514.12.
New Client ALE-3 and ALE-300 SIP are supported from version R100.1 MD1, from patch N2.514.23.C.
After the upgrade of the OXE server into R100.0, the OmniVista 8770 DM configuration will remain
active and all the SIP DeskPhone already connected will remain in service:
- NOE3G-EE SIP R510
- 8088 in Hotel mode
- 8088 in Huddle room
- 8001 (Phase-Out devices)
For each device, define the corresponding Sub type in the SIP tab:
4. Check the phone are properly updated during after scheduled period of upgrade
Warning Disabling the DM in OmniVista 8770 will cause the OmniVista 8770 to remove the device configuration.
Connected phone will lose their configuration. A reset flash will be mandatory on all devices.
Once all the devices have been updated, you can Disable the DM on OmniVista 8770 servers from the
directory:
System / Other System Param. / System Parameters
Therefore, the configuration of the FQDN from OXE system in the tool netadmin becomes mandatory and a
new certificate must be generated to deploy the new DeskPhone ALE-300 SIP.
It is necessary to generate/renew the OXE certificate delivered from internal OXE PKI or external PKI and
generate/renew the associated CTL file for SIP DeskPhones.
4.1.1 Configure OXE FQDN in tool netadmin & activate DNS resolver from OXE
1. In root login, run command netadmin and enter menu 17. 'Node configuration' / 2. 'Update'
Warning: *** Change of OXE Domain name, requires regeneration of Call Server Certificates
(CA Update is not required ) followed by an OXE reboot***
Do you want to continue now (y/n default is 'n') ? y
Enter OXE Domain to be configured (default is company.com) ? company.com
4.1.2 Generate the new certificate based on OXE FQDN and renew CTL file
Note 1: this modification requires a restart of the system via reboot or double bascul
3. In root login, run command netadmin and enter menu 11. 'Security' / 11. 'PKI Management' / 1.
'Certificate'
The certificate will be created with the following CN & SAN fields
Common Name(CN)=oxe61.company.com
Subject Alternative Name(SAN)=DNS:oxe61.company.com DNS:*.company.com IP:10.13.0.6
IP:10.13.0.4 IP:10.13.0.5
Do you want to configure any additional Subject alternative Names (y/n, default is n) ?n
Please enter information that will be incorporated into your certificate request.
/C=FR/ST=HDS/L=Paris/O=ALE/OU=TS/
Are you sure you want to create Certificate/CSR with above details (y/n default is y)?y
Note : Perform Copy to Twin Operation to copy the Twin Certificates to Twin Server
b. For External certificate, create a new CSR for an external PKI : 2. 'Generate CSR' then
import the new certificate with 1. 'Create/Modify CS Certificate' / 2. 'Import
PKCS#12/PKCS#7' on the same Call Server
11.11.1.Certificate Management
==============================
1. 'Create/Modify CS Certificate'
2. 'Generate CSR'
3. 'Delete Certificate'
4. 'CSR Signing (Local)'
5. 'CSR Sign and Import (Network)'
0. 'Previous menu'
Please wait...
The certificate will be created with the following CN & SAN fields
Do you want to configure any additional Subject alternative Names (y/n, default is n) ?n
Please enter information that will be incorporated into your certificate request.
/C=FR/ST=HDS/L=Paris/O=ALE/OU=TS/
Are you sure you want to create Certificate/CSR with above details (y/n default is y)?y
Warning:
CA update requires
1.Immediate regeneration of lanpbx followed by an OXE reboot. Multiple CA updates without
lanpbx regeneration and endpoint trust store update could cause CTL inconsistency between
OXE & endpoints and may lead to communication issues.
2.PCS certificate(s) to be generated manually through PCS menu if PCS(s) configured.
Note : Perform 'Copy to twin CPU (all)' operation to copy the twin certificates to twin
server.
7. Perform the copy of the certificate to twin cpu with entry 10. 'Copy setup' / 2. 'Copy to twin
CPU (all)'
8. Exit from root login then launch command lanpbxbuild to renew the CTL file and select entry 6.
Apply changes
6. Apply changes
7. Copy lanpbx to lanpbx-mipt
0. Quit
==> 6
9. If you have External Encryption Gateway configured on the system, load the new certificate from the
call server on each VM of External Encryption Gateway.
10. Reset the system by a restart or double bascul from the Call Server
Note: If you have encrypted network link, it is necessary to remove and restore the encryption on the Direct
IP Link or Hybrid VPN Link to renew the IPSec tunnel between the nodes.
Tools WBM, MGR or OmniVista 8770 - OXE configuration can be used to configure the DM profiles. We will use
WBM in our example.
o General characteristics
It is recommended to declare LDAPs connection on port 636 and configure the LDAP server using the LDAP
Server FQDN. The DNS server must be configured on OXE in netadmin menu 14. 'DNS configuration'
o Device characteristics
Note If you leave those fields empty the role IP Addresses from the Call Server will be filled automatically on the
xml configuration file.
Set in section DIALING RULE, External access prefix and Minimal length to apply rule according to your
numbering plan:
Declare the OXE prefix Twin Set Get Call value (only for multi-devices config)
o Advanced characteristics
Default Admin password for is 123456, it is advised to replace it by complex password that will requested to
connect in Admin menu from the set.
However, there are not synchronized in OXE user details at Programmed Keys level.
o General characteristics
It is recommended to declare LDAPs connection on port 636 and configure the LDAP server using the LDAP
Server FQDN. The DNS server must be configured on OXE in netadmin menu 14. 'DNS configuration'
Warning During the TLS handshake, the ALE-S performs a control between the FQDN and the CN from the LDAP
server certificate. If the control is not correct the ALE-S will reject the TLS session and block LDAP request.
o Application characteristics
If Office 365 is used for ALE SoftPhone configure the associated settings
Set Office 365 Client ID : 12345678-abcd-1234-abcd-12345678910
Set Office 365 Tenant ID : abcdef78-abcd-1234-abcd-12345678910
Set Office 365 Integration : to Mandatory (to force activation), to Optional (requires user activation in
Contacts tab from ALE-S)
o Telephony characteristics
Set Dialing rule External access prefix to 0 and Minimal length to apply rule to 10
Declare the OXE prefix Twin Set Get Call value (only for multi-devices config)
For Business context, the Programmed Keys can be configured at the user level and will be pushed to the SIP
device:
For Hotel context, the admin can force some Programmed Key in each DM profile:
4.4.2 Multi-devices
- SIP DeskPhone as the Main Device of the OXE user as a SIP extension device with sub-type 8008 /
8018 / 8028s /ALE-2 / ALE-3 / ALE-300
- ALES PC or Android can be declared as the Secondary Device of the OXE user as a SIP extension device
with sub-type ALE-deskstop or ALE-mobile.
SIP SIP
Extension
Main Extension
Secondary
2. In SIP tab, pick correct the Sub type and set the DM profile 1 or 2:
Some telephony services, such like the supervision, require creating a dedicated programed key by
administrator on the device on OXE side.
The minimum version for the OmniVista 8770 to create an ALES or ALE-2 device is R5.0.22.0 with patch K.
Warning In case you use the OmniVista 8770 as LDAP authentication server, the User ID and External login must be
identical
3. Open the OXE tab and configure the SIP options to declare the Sub type and DM profile
▪ ALE-2 / ALE-3:
If you defined the OXE FQDN in option 66 configure the DNS Primary and DNS Secondary with the main IP
Addresses of the Call server in each range of IP address:
lqDHCP Configurationqqqqqqqqqqqqqqqqqqqqk
x x
x -> Go down hierarchy x
x Consult/Modify x
x Consult/Modify Overview of Object x
x Modify x
x Modify Overview of Object x
x Apply modifications x
x Facilities x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj
As an administrator, you can allocate statically the MAC address of the device in the WBM/MGR menu in the
new subfolder IP SIP extension:
- Go into the submenu User/ IP SIP extension and configure the MAC address with lower case letter
Note It currently mandatory to use lower case letter to fill the MAC address.
After registration of the device MAC address the configuration file is generated on-the-fly.
If the phone runs with NOE binary R150, an update of NOE and SIP binaries into R200 is required to switch the
device into SIP mode. This step is not required if you receive a new Phone with binaries NOE & SIP R200.
- ALEx00(ALE-300,ALE-400,ALE-500)
bootloader 1.20.14
application 1.20.11
sip 1.00.03
3. Upload of the SIP binary, can be performed per phone or generally for all ALE-300
a. If set to NO, only the NOE binary R200 will be uploaded on the DeskPhone Enterprise, when
the phone will be connected to the NOE user.
The SIP binary will be updated at the moment of the bascul from NOE to SIP as there will be
no SIP binary detected.
b. If set to YES, the Phone the NOE binary and SIP binary are upgraded automatically on the set
and SIP binary 1.00.03 is available on the set.
It requires 2 steps of upgrade on the phone. First the new NOE binary is downloaded and
installed, then the phone reset with the new NOE binary. Then the SIP binary is downloaded
and installed with a second reboot of the phone.
Note: if the phone is already deployed with the correct NOE binary, the SIP binary is not
update automatically. You need to force the update with downstat i.
4. Don’t forget to remove the MAC of the Phone from the NOE device / TSC IP user,
otherwise the phone will not be authorized to be registered on a SIP user
The next step is to switch the device into SIP binary according to the IP configuration
5. Trigger by MMI, recommended on production system where there are other device NOE3GEE and ALE
Deskphone declared in NOE mode
i. After device boots, press * and # keys simultaneously to enter MMI
ii. Enter password if requested
iii. Select Software Infos -> Run Mode, click on “Set Mode” to switch and press the
floppy disk icon to save.
6. Trigger by DHCP, only available when no other device are declared into NOE mode or if a dedicated
DHCP User Class can be configured on external DHCP server
In the Vendor Class from the NOE mode, alcatel.noe.0, must be updated with the
keyword sipconfig.txt
lqReview/Modify: Classesqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x x
x Node Number (reserved) : 101 x
x DHCP Configuration : 1 x
x Name : NOE x
x x
b. External DHCP: add the new DHCP option 67 with the keyword sipconfig.txt
1. Let the phone start with the default configuration in DHCP mode, it will start with the configuration
embedded in the flash.
2. Access the menu of Administration to enter the IP config:
- Enter tab Menu / Advanced setting fill the password 123456
- Enter Network / IP config / IPv4 settings select static mode and configure the
IP/Subnet/Gateway and if useful DNS1/DNS2
- After restart of the set, wait for one minute, then connect to the WBM from the set using
https://<phone_IP@>
- Enter the Tab Provision/Auto Provision and fill the DM URL with the url
https://<OXE_main_IP@>/dmictouch or https://<OXE_FQDN>/DM/dmictouch (with
DNS server entry)
Static configuration
- Move to right direction to display the settings menu and select Admin, then fill the default password
123456
- Enter IP param / IP Config / IPv4 settings select static mode and configure the
IP/Subnet/Gateway and if useful DNS1/DNS2
- After restart of the set, wait for one minute, then connect to the WBM from the set using
https://<phone_IP@>
- Enter the Tab Setting/Auto Provision and fill the Provision Server URL with the url
https://<OXE_main_IP@>/dmictouch or https://<OXE_FQDN>/DM/dmictouch (with
DNS server entry)
7. Enter the MMI in NOE mode to modify the Running mode into SIP
a. After device boots, press * and # keys simultaneously to enter MMI
b. Enter password if requested
At first initialization the set runs in Trust Of First Use (TOFU mode), meaning that it established the TLS
connection without authentication of the TLS server certificate.
1. Config file is downloaded to retrieve CTL settings with filename, hash and IP Address of signing
device, i.e. OXE IP address
2. CTL file is uploaded and installed => New TLS link established WITH check of the server certificate
base on CTL
3. Config file is reloaded to read the Audio / SIP parameter / binary path
4. Binary header to check the version of binary, and start background upload is necessary
5. Phone register to OXE in SIP
6. Phone send the NOTIFY for Identification
7. Phone SUBSCRIBE to SIP notification for voicemail-event (missed call/VM messages) /user-profile
(DND) / dialog (supervision/hunting group)
It is thus mandatory to deploy an external LDAP server for authentication. In most of the case it
should be the Active Directory or it can be an external LDAP server.
Note Despite the OmniVista 8770 provides an external LDAP, it has some limitations for customer site in term of
password management and notifications:
- Password must be managed in the directory by admin, and notified to end user
- There is no notification for password expiry to end user, it is the role of admin to inform the end
user
- Only admin can replace the password when it is already expired
It is recommended for lab systems.
Second aspect to configure is the source for the Directory Search which can be either:
- An external LDAP: i.e OmniVista 8770 or Active Directory
o It is only suitable for LAN deployment for R100.0.
o It requires to define a LDAP filed mapping file *.json. See section Internal LDAP: LDAP fields
mapping json file
o Then deploy it on the phone using the Phone Applications COS. See section Internal LDAP:
json file deployment and activation in the Phone applications COS
- Office 365 integration
o It is mandatory for Remote Worker deployment for R100.0
o It requires to register the ALE-S application in the Microsoft Azure admin page. See section
Office 365 Integration
Both clients can be deployed in local and remote worker with various environments. Check the deployments
guides for technical aspects:
- TC2954 Quick steps deployment with 8770 for ALE SoftPhone
- TC2955 Quick steps deployment with Active directory for ALE SoftPhone
- TC2956 Quick steps integration with Teams for ALE SoftPhone
- TC2957 Quick steps deployment in Remote worker for ALE SoftPhone
Hostname: LDAP FQDN is recommended in association with the OXE DNS configuration in netadmin menu
14. 'DNS configuration'. IP address can be used if OXE DNS is not configured in netadmin.
Login attribute: attribute in the LDAP for the login values
Bind DN: correspond to the user Distinguished Name
3. Enter again menu 5 ldap authentication, then activate the configuration with entry 3
Enable/Disable LDAP authentication
4. Check the configuration is correctly activated using the entry 1 View configured LDAP server
Authentication Realm =
Hostname = LDAPserver.company.com
Port = 636
Scheme = ldaps://
Search Base DN = ou=Users,ou=CORP,dc=company,dc=lcl
Login attribute = cn
Filter = (objectClass=Person)
Bind DN = CN=USER-01,ou=Accounts,dc=company,dc=lcl
Bind password = ***********
Press return
6.1.2 Configure source for Directory Search Internal LDAP or Office 365
For ALE SoftPhone, you need to choose between the LDAP or Office 365 for directory search:
➢ LDAP search or Office 365 integration can be used for LAN configuration only
➢ For Remote Worker configuration, it is recommended to use Office 365 integration, due to security issue
to expose the internal LDAP on public address
6.1.3 Internal LDAP: json file deployment and activation in the Phone applications COS
Modify the default .json file on OXE
(699)xa006099> ll /usr3/mao/DM/dmsoftphone/ales/
total 4
-r--r--r--. 1 mtcl tel 1221 Nov 14 23:45 ldapfm.json
5. Regenerate DM files with "SIP device management -> Generate all Configuration Files"
The integration of ALE SoftPhone in Microsoft Teams environment is provided with the ALES PowerApps:
This application can run in Teams client application or Teams web browser Edge and Chrome.
ALES PowerApps
The PowerApps is a Web application only available in Microsoft runtime (as Teams application is).
The PowerApps is not connect directly to OpenTouch and requires ALE SoftPhone installation on PC.
The new software is provided in MyPortal along with the ALE SoftPhone application.
Licensing
Microsoft PowerApps require a specific license, included in some Office 365 licenses or can be bought
in separate plans.
You are asked to upload the application and then share the application to a Teams user or group:
Application desktop is provided as an *.msi installation package. It is available in MyPortal in OmniPCX R100.0
software download version:
1. As an administrator from the PC, install the application by double click on the msi package to start the
installation
5. Provide the public and private FQDN or IP address of the OXE DM, then click Next
Standard deployment tools are available to install several clients simultaneously from a remote
computer on the network.
These tools rely on command lines. For an ALE SoftPhone installation with the msi package, the command
line used is: msiexec /i <access path>\AleSoftPhone-<version>.msi /qn where:
• /i specifies the msi package to run
• <access path> specifies where is located the msi package
• /qn requests installation to run silently
• INSTALLDIR
o Define the installation path.
o Default value : <program files>\Alcatel-Lucent Enterprise\ALE SoftPhone\
• OXEHOST / REVERSEPROXY
o Local access (OXE) and Remote access (RP) servers name
o There no default value.
• INSTALL_EXTENSION
o Install ALE Softphone extension for Microsoft Outlook.
o Available values are :
▪ 1: Install extension. (DEFAULT)
▪ 0: Do not install.
• LANGUAGE
o Used to define the user language in component that will need a special language parameter.
The following “Land code” or “Lang id” values are accepted:
• LOGIN
o Define the user’s login.
o No default value.
Example:
msiexec /i D:\soft\ALESoftphone-<version>.msi /qn INSTALLDIR=C:\Program\Alcatel-Lucent
\AleSoftPhone OXEHOST=oxe.company.com REVERSEPROXY=rp.mycompany.com
Upgrade
Upgrade installs a new version of binaries and set registry keys (it is performed with “msiexec /i AleSoftPhone-
<version>.msi /qr” option).
Upgrade process is started in the same way as first installation (ALE SoftPhone installer detects the already
installed version).
Repair
The goal of this mode is to repair binaries and registry keys according installed version.
Repair process is started in the same way as first installation (ALE SoftPhone installer detects the already
installed version).
There are no options. ALE SoftPhone must be stopped during maintenance in the same way as an upgrade.
6.2.3 Removal
Removal process starts the installer program for removal. This will delete the following folders
• Installation folder (a.k.a <Program Files>\ Alcatel-Lucent Enterprise\ALE SoftPhone)
• Configuration folders: %APPDATA%\ Alcatel-Lucent Enterprise\ALE Softphone
• Logs folders: %TEMP%\ Alcatel-Lucent Enterprise\ALE Softphone
In case of ALE SoftPhone running a warning is displayed. If user confirms uninstallation, ALE SoftPhone is
stopped and uninstalled.
Connection menu will open requiring the External login and password
Note In remote worker, authentication on reverse is only supported with external LDAP, client certificate is not
yet supported.
At first connection to the DM, the certificate will be authentication using the windows OS trust store. If the
OXE DM Certificate is not trusted, the user is prompted to accept the certificate from the DM to connect start
the authentication session.
Then the application will send an initial https request with login & password with the following sequence:
When the option is set as Mandatory in the OXE SIP DM profile, this option is automatically activated at the
ALE softphone application start and the following Office36 authentication windows are displayed to
authenticate:
ALES client provides 5 pages of 24 keys to define Programmed Keys by end user:
OXE Admin can only manage 10 keys from the server side, including Key 1 and Key 2 reserved for multi-Line:
The supervision key created by Admin will be positioned in the first 10 keys:
7.1 Using SBC to secure ALES conversations on corporate LAN and on WAN
(Internet)
If the system OXE is already deployed in OpenTouch ecosystem with OTC clients configured in remote worker
mode, the OT-SBC and reverse proxy components will already be configured following the documentation
8AL90065USAI OT-SBC Configuration Guide.
You can directly go to the section HTTP Proxy to declare the additional HTTP rules to access the OXE DM.
For a new deployment of OXE system, you need to follow the next steps to configure the SBC component and
embedded Reverse Proxy form OT-SBC R7.4.
The detailed deployment of ALES SoftPhone with OXE standalone is detailed in the documentation below:
TC2957 Quick steps deployment in Remote worker for ALE SoftPhone
1. Use tVMWare/Hyper-V console to connect to the Mediant Software SBC’s CLI management interface.
2. At the prompt, type the username (default is Admin - case sensitive), and then press ENTER:
Username: Admin
3. At the prompt, type the password (default is Admin - case sensitive), and then press ENTER:
Password: Admin
4. At the prompt, type enable and press ENTER:
Mediant SW> enable
5. At the prompt, type the password again and press ENTER:
Password: Admin
6. At the prompt, type the following commands to access the network interface configuration:
Mediant SW# configure voip
Mediant SW(config-voip)# interface network-if 0
Mediant SW(network-if-0)#
7. At the prompt, type the following commands to configure the corporate network used for LAN users and
SBC management (IP address, prefix length and default gateway):
Mediant SW(network-if-0)# set ip-address xxx.xxx.xxx.xxx
Mediant SW(network-if-0)# set prefix-length 24
Mediant SW(network-if-0)# set gateway xxx.xxx.xxx.xxx
At the prompt, type exit to complete the network-if-0 configuration:
Mediant SW(network-if-0)# exit
8. If Mediant Software SBC is connected to the IP network that uses a VLAN ID, type the following command
to configure it (otherwise skip to step 9):
Mediant SW(config-voip)# interface network-dev 0
Mediant SW(network-dev-0)# vlan-id x
Mediant SW(network-dev-0)# exit
9. At the prompt, type exit to complete the configuration:
Mediant SW(config-voip)# exit
10. At the prompt, type write to write the configuration and auxiliary files to NV memory:
7.4 Security
7.4.1 TLS contexts
SETUP > IP NETWORK > SECURITY > TLS Contexts
If you need to enable NAT Traversal for media, open the 'Media Settings' page (SETUP > SIGNALING &
MEDIA > MEDIA > Media Settings)
Broken Connection Mode: ‘Ignore’ (to keep the media active after a pause on stream)
SBC Media Security Mode: ‘Not secured’
Remote Replaces Mode: Keep as is
Name: Any
Manipulation Set ID: Selected for OXE
Row Role: Use Current Condition
No changes for Message Type and Condition to effect on all SIP messages
Action Subject: header.to.url.host
Name: Any
Manipulation Set ID: Selected for OXE
Row Role: Use Current Condition
No changes for Message Type and Condition to effect on all SIP messages
Action Subject: header.from.url.host
Action Type: Modify
Action Value: OXE Hostname and port
Name: Any
Manipulation Set ID: Selected for ALES RW
Name: Any
Manipulation Set ID: Selected for ALES RW
Row Role: Use Current Condition
Action Subject: header.from.url.host
Action Type: Modify
Action Value: SBC WAN Hostname and port
Name: Any
Manipulation Set ID: Selected for ALES RW
Row Role: Use Current Condition
Message Type: refer.request
Condition: header.Refer-To exists
Action Subject: header.Refer-To.url.host
Action Type: Modify
Action Value: SBC WAN Hostname and port
Name: Any
Manipulation Set ID: Selected for ALES RW
Row Role: Use Current Condition
Message Type: refer.request
Condition: header.Referred-By exists
Action Subject: header.Referred-By.url.host
Action Type: Modify
Action Value: SBC WAN Hostname and port
7.11.3 IP Group
IP Group ID 0 cannot be used: this IP Group is set to default values and is used by the device when IP
Groups are not implemented.
Filling the SIP group name with a value will push that value in ‘Request-URI’ and ‘To’ header for all outgoing
SIP message for servers declared in the IP Group.
Set the following parameters for OXE Remote workers (index ‘5’ here):
Type: ‘User’
Topology Location: Up
Media Realm: set the value configured for OXE ALES Remote workers
IP Profile ID: set the value configured for the OXE ALES Remote workers
Classify by proxy set: disable for any Remote workers
Outbound Message manipulation Set:: <Manipulation Set number> defined in the Message
Manipulations table for the headers contents of the SIP messages sent to ALES Remote workers
Media TLS Contexts: TLS Contexts for ALES RW Users
Go to (Setup > IP Network > HTTP Proxy > HTTP Directive Sets -> OXE Directive set -> HTTP
Directives)
Go to (Setup > IP Network > HTTP Proxy > HTTP Proxy Servers -> HTTP Locations)
o The DM generated file is based on login account (this login is mandatory for ALES)
o When login account is a mail address tree, filename is: <domain of mail>/<firstcharacter
of user of the mail address dump in hexa>/conf_<user of the mail address dump in
hexa>.xml
o When login account isn’t a mail address tree, filename is: __/<firstcharacter of user of the
mail address dump in hexa>/conf_<user of the mail address dump in hexa>.xml
o ALES-desktop
▪ Initial path of the file /DHS3data/mao/DM/dmsoftphone/ ALES-desktop
o ALES-mobile
▪ Initial path of the file /DHS3data/mao/DM/dmsoftphone/ ALES-mobile
To enable the log in debug mode, then modify the file: /etc/nginx/nginx.conf
And comment the line:
#error_log /var/log/nginx/error.log info;
And uncomment the line:
error_log /var/log/nginx/error.log debug;
after this to take into account the debug mode launch the command: nginx -s reload
If we have a bad entry in the LDAP authentication, we will see this info under: /var/log/nginx/error.log
2021/08/17 00:05:26 [error] 6167#6167: http_auth_ldap: Initial bind failed (49:
Invalid credentials [80090308: LdapErr: DSID-0C09044E, comment:
AcceptSecurityContext error, data 52e, v2580])
And under: /var/log/nginx/access.log
2021-08-17T14:40:04+02:00 [155.132.130.228 -] "-" "GET
/DM/dmsoftphone/conf_6c697070.xml HTTP/1.1" STATUS=401 SIZE=574 DURATION=0.000
- END OF DOCUMENT -