@black3dynamite said in Fedora install doesn't see SATA drives ...:

Try turning off SecureBoot.

Thanks. I checked and this was off.

I finally booted into gparted and it was throwing some errors that seemed to be because there was no partition table on any of the 4 drives. I added an unformatted partition on each and then then once I rebooted the drives were found by the fedora installer. I presume it would have also been found by the Centos installer at that point as well but I didn't actually try it.

We are planning a server upgrade and I find myself faced with the question of whether a SAN is necessary. I know there have been many posts both here and on other forums about SANs being oversold in situations where they are not needed. My gut instinct is that my situation is one that really doesn't require a SAN, yet I still find myself unsure that I understand the various questions that I should be considering when making this decision.

I bought a copy of Linux Administration Best Practices by @scottalanmiller and am reviewing the chapters on system storage, in particular the parts on SANs, local storage and replicated local storage.

Our needs are not sophisticated. We will have only a handful of VMs. A file server, sql server, freepbx, inventory management system server, security system server and an internal application server for a few internal tools. For most of these we can afford some downtime in the event of a host failure. The exception is really the SQL server. While it would not be catastrophic for some downtime it would be far superior from a continuity perspective if it could fail over to a secondary host if necessary.

With that in mind, I had planned for two hosts so we could survive a failure of one of them. My primary confusion though is how would I accomplish replicated local storage. Is this functionality that the hypervisor must provide? The best practices book mentions several technologies (DRBD, Gluster, CEPH) that can be used for RLS but I would think that these would have to run in the hypervisor itself and not as separate VMs on the host. Is that correct?

In general, for relatively small environments such as mine, is it feasible to even attempt local storage replication? Our MSP has quoted an EMC SAN device to the tune of $25k so that VMs could be migrated between hosts with storage being on the SAN. What would an implementation without the SAN look like if I wanted to maintain the replication and the ability for the VMs to be migrated between hosts?

We recently switched to freepbx with yealink phones and voip service and my users are saying that sometimes they hear a severe echo on incoming calls to the point that they can't understand the person on the far end. This is only happening very rarely, maybe 1 call every day or two but it has been reported by 3 different users so I don't think it is isolated to just one person or extension. I've got a 50M fiber circuit at this location that has no capacity issues at the moment so I don't expect bandwidth to be an issue

Is this likely coming just from the other party to the call? At first I thought maybe a cell phone caller with bad connection but I would think that symptoms in that case would be a garbled or stuttered type call but not necessarily echo.

Is there anything I can control related to echo when my piece of the call is all IP from phone to service provider? I thought echo was caused by impedance mismatches on copper lines and trunks but I don't have any such link in the call, at least not that I have any control over.

Does anyone have any recommendations on video conference equipment that integrates with MS Teams. We've got 1 big conference room (seats 15) and a few smaller ones that seat 5-8. I was starting to look at some equipment to handle the audio/video part but just wanted to see if anyone had any experience with a system such as this with MS Teams.

Thanks

@JasGot said in Email phishing attempt against one of our vendors was successful ...:

@BraswellJay said in Email phishing attempt against one of our vendors was successful ...:

Subsequently and on the same day, the vendor received another email that he thought was from one of our accountants directing him to ACH to a different (bogus) account.

What makes me also think it was a directed phish attack on your vendor, is that you say the vendor received an e-mail regarding another ACH account number on the same day, but you didn't say the message had any indication it was a follow up or correction to the earlier message.

Thanks everyone for the feedback. It does appear it was on the vendor end but it was a more sophisticated attack that did involve us being fooled as well even though the target was our vendor. From our investigation this is what we believe actually happened:

• Vendor owed us and was going to pay by ACH and requested details. These details were sent to him by our head of finance in an encrypted email which the vendor did receive.
• The attacker then spoofed our accounting team by sending us a phishing email that appeared to come from the vendor (the domain name used against us left an "s" off of the end of the domain name, thus appeared valid to our accounting team) stating that he had not received the ACH info (which the vendor had, this was the attacker phishing us). One of our accountants responded (to the wrong domain) once again giving the correct ACH details.
• At this point the attacker had all he needed to spoof an email that appeared to come from the accountant that had responded to him. The attacker used that info to send a phishing attack email to the vendor which appeared to come from our accountant but using the wrong domain name and contained the attackers ACH info.
• Vendor was fooled by this email and sent payment to the wrong account.
• Vendor ignored (for some reason, don't know why) the fact that when he went to ACH the money the company name appearing on his bank portal as the destination for the payment was not our company name.

One other detail is that both of the spoofed domains that were used in the attack were registered through google on the same day approximately 4 weeks ago which would suggest they were anticipating being able to use us and the vendor in a coordinated attack.

@JaredBusch said in Unable to mark NAS location trusted in Office:

Customer has a bunch of Access files with macros.

Macros cannot be run because I cannot mark the shared folder as a trusted location.

File location: \\192.168.1.11\Data Mapped as k:\.

Going into Microsoft Trust center, I cannot mark the location as trusted with either syntax.

I have a similar issue with a 3rd party developed application that uses an access database. The only way I could find to workaround was to add the trusted location through a registry edit. Here is the notes I have on what I did

3.	HKCU\Software\Microsoft\Office\12.0\Access\Security\Trusted Locations\
a.	From here add another Key called Location X where X can be any number (different for each trusted location to be added; so for example you could use Location 3; doesn’t really matter as long as it is unique)
b.	Under that Key add the following values:
i.	AllowNetworkLocations REG_DWORD = 1
ii.	AllowSubFolders REG_DWORD = 1
iii.	Description REG_SZ (string)  = “MS Access Trusted Location”
iv.	Path REG_SZ (string) = “C:\MSAccessTrustedLoc” (or whatever the path is to the trusted location.

In our case the version of access being used was 2007 and I have to install the access 2007 runtime on each machine that runs the application. That also is where the 12.0 comes from in the registry key path. That may be different if the access version is not 2007.

@BraswellJay

Turned out to be a SIP port issue. I remember when I set this particular site up I ended up using port 5160 instead of 5060 but when I configured the new IP group in the skyetel portal I didn't change to the correct port. Once I made that change the portal now shows the new interface as healthy.

@scottalanmiller said in If you are new drop in say hello and introduce yourself please!:

Welcome @BraswellJay

Thanks! I have lurked here for a while and learned a great deal from the posters here so thanks to all who have contributed.

https://www.zdnet.com/article/virginia-legislative-agencies-and-commissions-hit-with-ransomware-attack/

Re: 8 port FXO gateway needed

I have a site where I need an 8 port FXO gateway. I had been leaning toward the Grandstream gxw4108 but based on the linked thread above from a few years ago that seems maybe to be a low call quality device so I'm hesitant to try that now.

I see that Sangoma has an updated model, the Vega 60. Has anyone had any experience with this device with FreePBX? How was call quality?

This site currently has an old Nortel BCM but Centurylink just advised me that they are terminating our support agreement for that system at the end of April due to it's age.

This site is in a rural area and my only access is dual T1s so I don't think ditching the POTS lines and going SIP is an option.

Thanks!

One of our buildings is old and really pre-dates when network cabling was standard. As a result we have a hodge podge of cable strung around that is difficult to manage, exposed to anyone who walks by and just generally doesn't look very professional.

Our ownership is planning to renovate one part of this building that happens to be where our "server room" is. I use this term loosely because it is just an unused office with a wall rack where the network cabling comes together. I want to see if as part of the renovation I can pitch cleaning up this mess that we have in that building, though I know the expense of rerunning cable may not fly.

It got me to wondering though, is there any reason I shouldn't plan to just go entirely wireless in that building? I was thinking this may be a method to redo some without having to re cable the entire building. As long as I plan AP placement correctly (which shouldn't be hard, the building isn't that big) would this be viable for a production corporate manufacturing facility and office?

My thought would be to run a few cables for the AP's and maybe the printers but just plan for everything else to be wireless. Is there an issue that I'm not considering that would negate this idea?

Thanks for any feedback.

We want to add a small 5 port switch to the control cabinet of our primary manufacturing machine. The only power I have in the cabinet comes from a UPS with the following specs and connector. Does anyone know of a source for a small switch that would work in this scenario.

Thanks.

Our leadership is discussing possibly building a new facility over the next few years. What would be some things you would take into consideration for a new building design if you could start fresh with a blank slate.

The one's I initially think of are planning networking for WAN, LAN, wireless and phones. Also server, workstation and processing equipment planning. Access control and cameras.

I bought one of these phones to try for our receptionist as a secondary phone for roaming around the building when she needs to.

The only issue I am having is that occassionally the phone will not respond timely to the sip server. The most obvious way I see this is just with a continuous ping. As long as a call is active I get consistent sub 5ms ping times. However, if a call is not active then the ping response will vary but will range from 50ms to 3000ms. This is very repeatable.

When in this mode the phone will sometimes not respond to an incoming call before the sip server abandons trying to reach it. I've had several times where I will dial the extension and the calling phone will hear two rings and then a busy. However after the busy, the Grandstream will ring. I think this tells me that it did receive the SIP message to begin the call but didn't respond in time before the server abandoned it.

I thought maybe there would be a keep alive type setting on the phone that I could shorten to keep it connected but I haven't found it in the settings.

Has anyone ever used one of these and experienced similar?

@BraswellJay

I finally figured out what was causing my issue.

In FreePBX under Settings->Asterisk SIP Settings there is a parameter to set the External Address used. I had this still set to the public IP of the original interface. Once I changed that parameter to the public IP of the new interface then all started to work over the new interface as expected.

@BraswellJay

I did a asterisk message trace for each case, once with an incoming call using the original interface and then again using the new interface. The traces appear the same until I get to the following line in the asterisk dump:

ORIGINAL (working audio): (I replaced the actual IP address with w.x.y.z but the actual IP address shown is the same in both sampels)

    -- Executing [s@ivr-2:5] Answer("PJSIP/Skyetel_Outbound-000030f0", "") in new stack
       > 0x7f516013c880 -- Strict RTP learning after remote address set to: w.x.y.z:28586
       > 0x7f516013c880 -- Strict RTP switching to RTP target address w.x.y.z:28586 as source

NEW (no audio):

    -- Executing [s@ivr-2:5] Answer("PJSIP/Skyetel_Outbound-000030f1", "") in new stack
       > 0x7f515c07ba80 -- Strict RTP learning after remote address set to: w.x.y.z:25804

When using the original interface, I see that second message about switching to RTP target address ... as source message that is not present on the new interface. This appears to be repeatable results from the samples I have run.

I'm not sure what asterisk is trying to do but the fact that it appears related to RTP suggests to me that his is the source of my problem. Does anyone know what "Strict RTP learning" and "Strict RTP switching" is? Does this pertain to any configuration parameter on the trunks maybe??

@JasGot said in What determines the interface that SIP RTP streams over ...:

@BraswellJay
Do you mean which physical interface in your router?

Yes

Not exactly sure what you mean by "new WAN interfaces"

We have new external WAN service from a different provider. We had service and our public IP was w.x.y.z

We now have a new service on a different port on the router that has public IP of a.b.c.d

The SIP trunks work fine over the original interface (w.x.y.z) but have no audio when that interface is disabled.

The SIP traffic will use the interface assigned to the gateway address your are providing the phones, either static or DHCP.

The phones are all connected to a FreePBX instance. The SIP trunks are configured from the FreePBX machine.

No Audio is almost ALWAYS a NAT issue. Look at your NAT settings on the old interface and compare them to the new interface.

What make and model router are you using?

The router is a Meraki MX67-C. I have double checked the settings here and believe that all of the port rules that apply to the original interface (w.x.y.z) also apply to the new interface (a.b.c.d)

There is something I need to update on either the Meraki, FreePBX or Skyetel that is set for the old interface but not the new but I can't seem to find it.

We recently updated to new WAN interfaces at two of our locations. We use @Skyetel SIP trunks at both sites. From the Skyetel portal, I added the IP addresses of the new interfaces to the appropriate IP groups, and the health in the Skyetel portal is showing ok for both.

I disabled the old WAN port at location 1 and all SIP trunks continued to work as before with no issues.

I disabled the old WAN port at location 2 and SIP is not working. The calls are completing, both inbound and outbound, but there is no audio from either direction. I re-enabled the old WAN port and call audio immediately resumed.

My takeaway from that is that the SIP messages are correctly using the new interface, but the RTP streams are not. They seem to still be using the old interface. Is there a setting in either Skyetel or FreePBX that sets what interface the RTP streams use? I always thought that they would use the same interface that the SIP messages were using and I don't remember having to set anything specific for RTP when these sites were set up other than firewall rules for the associated port range.

@BraswellJay

Turned out to be a SIP port issue. I remember when I set this particular site up I ended up using port 5160 instead of 5060 but when I configured the new IP group in the skyetel portal I didn't change to the correct port. Once I made that change the portal now shows the new interface as healthy.

@BraswellJay

According to this link https://support.skyetel.com/hc/en-us/articles/360041178573-IP-Health it is a just a ping to determine if the interface is up. I'm able to ping the new WAN interface from other devices.