HP Survivable Branch Communication zl Module powered by ... · The HP Survivable Branch...

HP Survivable Branch Communication zl Module powered by

Microsoft Lync™ Administrator’s Guide

HP Survivable Branch Communication zl Module powered by Microsoft Lync™

Administrator’s Guide

November 2010

Hewlett-Packard Company8000 Foothills BoulevardRoseville, California 95747http://www.hp.com/networking

© Copyright 2010 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. All Rights Reserved.

This document contains proprietary information, which is protected by copyright. No part of this document may be photocopied, reproduced, or translated into another language without the prior written consent of Hewlett-Packard.

Publication Number

5998-0588November 2010

Applicable Products

HP Survivable Branch Communication zl Module (SBM) powered by Microsoft LyncTM (J9485A)

Software Credits and Notices

SSL used in the HP ONE zl Module operating system is based on the OpenSSL software toolkit. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. For more information on OpenSSL, visit http://www.openssl.org.

Open Source Software Acknowledgment

This software incorporates open source components that are governed by the GNU General Public License (GPL). In accordance with this license, HP will make available a complete, machine readable copy of the source code components covered by the GNU GPL upon receipt of a written request. Send a request to:

Hewlett-Packard Company, L.P.HP AllianceONE Extended Services zl ModuleGNU GPL Source CodeAttn: HP Networking Support8000 Foothills BoulevardMS: 5551Roseville, CA 95747 USA

Disclaimer

HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material.

The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

Hewlett-Packard assumes no responsibility for the use or reliability of its software on equipment that is not furnished by Hewlett-Packard.

Warranty

See the Customer Support/Warranty booklet included with the product.

A copy of the specific warranty terms applicable to your Hewlett-Packard products and replacement parts can be obtained from your HP Sales and Service Office or authorized dealer.

i

Contents

1 IntroductionContents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1

Overview of the HP SBM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2Overview of This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3

Ensure that You are Ready to Complete the Setup Wizard . . . . . . . . . . . . . 1-3

2 Complete the Setup WizardContents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1

Access the Setup Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3

Using the Setup Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4General Troubleshooting Tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5

Access the SBM via Remote Desktop Protocol (RDP) . . . . . . . . . . . . 2-5View Details When a Step Fails . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5

Start the Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6

Configure IP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8Network Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8Advanced Network Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11

Configure the System Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-12HP zl Switch Commands for Setting the Time . . . . . . . . . . . . . . . . . . . . . 2-13

Synchronize the HP zl Switch Using SNTP . . . . . . . . . . . . . . . . . . . . 2-13Set the HP zl Switch Time Manually . . . . . . . . . . . . . . . . . . . . . . . . . 2-15

Join the SBM to the Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-16Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-19

Failed Domain Join . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-19Failed Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-20

Initiate the Installation Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-23Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-24

Troubleshooting Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-24Troubleshooting Installations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-29

ii

Troubleshooting Lync Server Replication . . . . . . . . . . . . . . . . . . . . . 2-29Troubleshooting Lync Server Activation . . . . . . . . . . . . . . . . . . . . . . 2-32

Install Server Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-32Import the Certificate Chain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-32Select the Option for Installing the Certificate . . . . . . . . . . . . . . . . . . . . . 2-33

Automatically Request a Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . 2-34Generate a Certificate Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-37Import Your Own Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-42Assign an Existing Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-44

PSTN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-47Complete the PSTN Setup Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-48

Background Information on PSTN Outward Number Masks . . . . . . 2-57Connect to the PSTN Carrier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-59Check Channel Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-59Advanced Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-60

Disable Echo Cancellation for Data Devices . . . . . . . . . . . . . . . . . . . 2-61Troubleshooting the PSTN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 2-64

Media Gateway Does Not Start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-64Interface is Connected But the Line Has Alarms . . . . . . . . . . . . . . . . 2-65

Place PSTN Call . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-65Troubleshoot Failed PSTN Calls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-67

Alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-67No Alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-68

Start the Lync Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-69Troubleshooting Starting the Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-70

Place Lync Test Call . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-70Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-72

Changing the PSTN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 2-73Changing the Routing Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-73

Installation and Configuration Complete . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-75

iii

3 Manage and Monitor the HP SBM LocallyContents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3

Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3Access the Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3Use the Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4Shut Down the SBM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5Reboot the SBM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5View System Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5Monitor the SBM’s Replication Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6View Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7Monitor, Stop, and Start Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7Update Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9Configure Telephony Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10

PSTN Setup Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10PSTN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-11PSTN Routing Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-11

Monitor and Troubleshoot PSTN Connections . . . . . . . . . . . . . . . . . . . . . 3-13View the Channel Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-14Activate Call Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-15Place PSTN Call . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-15Place Lync Test Call . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-15View Call Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-16

Remote Desktop Protocol (RDP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-17Enable and Disable the Remote Desktop . . . . . . . . . . . . . . . . . . . . . . . . . 3-17Use the Remote Desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-18

Event Viewer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-19Log Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-20Lync Server Management Shell . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22Media Gateway Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22Access the Setup Wizard or Dashboard . . . . . . . . . . . . . . . . . . . . . . . 3-22

Back Up and Restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-23

iv

Access with the services tech Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-24SAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-24HP SBM Recovery Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-27Safe Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-27

Restoring and Replacing HP SBMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-29Restore an HP SBM to Factory Default Settings . . . . . . . . . . . . . . . . . . . 3-29Replace an HP SBM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-32Change an HP SBM’s Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-33

4 Support Remote MonitoringContents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1

Supported Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2Ensuring Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3

SNMP MIBs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3Microsoft/Windows OS MIBs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3Intel NIC MIBs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3Media Gateway MIBs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4

5 Manage UpdatesContents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1

Install Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2

Patches and Hotfixes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4

Driver Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5

6 TroubleshootingContents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3

Basic Digital Line Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3Determine the Interface ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3View the Alarms on the Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-7

v

Implement a Loopback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-9Implement a Local Loopback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-9

Ensure the Gateway is Not Running . . . . . . . . . . . . . . . . . . . . . . . . . . 6-9Determine the Interface ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-9Connect the Port to be Tested . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-10Enable Master Clocking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-11Display Interface Driver Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-12Put the Line into Loopback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-12Run BERTs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-16Take the Interface out of Loopback Mode . . . . . . . . . . . . . . . . . . . . . 6-16Set the Interface Clocking to Normal . . . . . . . . . . . . . . . . . . . . . . . . . 6-17

Implement a Remote Loopback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-18Ensure the Gateway is Not Running . . . . . . . . . . . . . . . . . . . . . . . . . 6-18Determine the Interface ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-18Display Interface Driver Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-18Put the Line into Loopback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-19Take the Interface out of Remote Loopback Mode . . . . . . . . . . . . . . 6-22

View Detailed Status and Statistics for PSTN Connections . . . . . . . . . . . . 6-22

Regain Access to an SBM with Failed Network Functionality . . . . . . . . . . 6-24Reset TCP/IP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-24Disable the Firewall and Enable the Remote Desktop . . . . . . . . . . . . 6-26Enable the Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-27Configure the Interface’s IP Settings . . . . . . . . . . . . . . . . . . . . . . . . . 6-27

Restore Lost Management Connection between the Host Switch and SBM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-28

Prevent Loss of Services in a WAN Failure . . . . . . . . . . . . . . . . . . . . . . . . . 6-30

A Ready the Data Center for an SBM DeploymentContents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-1

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2

Domain Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-3Verify Your Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-3Add the SBM Computer Object to the Domain . . . . . . . . . . . . . . . . . . . . A-4Configure the SBM’s Service Principal Name . . . . . . . . . . . . . . . . . . . . . A-4

vi

Configure the SBM Administrator Account . . . . . . . . . . . . . . . . . . . . . . . A-4Add Test Users for the SBM’s Health Monitoring Pool (Recommended) A-4Create a DHCP Reservation for the SBM (Recommended) . . . . . . . . . . . A-5Create a DNS Entry for the SBM (Optional) . . . . . . . . . . . . . . . . . . . . . . A-5Example Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-5

Add the Survivable Branch to the Lync Server Topology . . . . . . . . . . . . A-19Example Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-21

Ready a Certificate for the SBM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-46SBM Administrator Installs a Certificate/Private Key File . . . . . . . . . . . A-46SBM Administrator Creates and Submits a Request . . . . . . . . . . . . . . . . A-47SBM Administrator Initiates an Automatic Request to Your CA . . . . . . A-48

Security Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-49

Communicate Information to the SBM Administrator . . . . . . . . . . . . . . . A-50

B HP SBM Security HardeningContents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-1

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-2

Security Hardening at the SBM Factory Default Settings . . . . . . . . . . . . . B-2

USGCB Recommendations That Must Not Be Implemented . . . . . . . . . . B-11

C Command-Line ReferenceContents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-1

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-4Command Syntax Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-5CLI Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-5

List Available Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-5List Options for a Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-6Command Completion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-6Displaying Help for a Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-6

vii

Operator Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-7SBM Index and Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-7exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-9page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-9show firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-9show interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-9show ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-10show remote-desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-10show tech . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-10show version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-11

Manager EXEC Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-11SBM Index and Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-11end . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-13exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-13page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-13ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-14reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-14reload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-14show firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-14show interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-14show ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-15show remote-desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-15show tech . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-15show version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-15shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-16windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-16

Windows Administration Context . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-17end . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-17exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-17firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-17hostname . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-17interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-18page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-18ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-18reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-18

viii

reload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-19remote-desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-19show firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-19show interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-19show ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-19show remote-desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-20show tech . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-20show version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-20shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-21

Interface Configuration Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-21disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-21enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-21ip address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-21ip default-gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-22ip dns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-22interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-22end . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-23exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-23page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-23reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-23reload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-23show firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-24show interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-24show ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-24show remote-desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-25show tech . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-25show version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-25shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-25

Services OS Operator Context Commands . . . . . . . . . . . . . . . . . . . . . . . . C-26exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-27page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-27ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-27show assigned-mac-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-27show chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-28show images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-28

ix

show ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-28show logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-28show temperature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-28show version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-29

Services OS Manager Context Commands . . . . . . . . . . . . . . . . . . . . . . . . C-30boot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-31device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-31exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-32ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-32page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-32ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-32show assigned-mac-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-33show chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-33show images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-33show ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-33show logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-33show temperature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-34show version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-34

1-1

1

Introduction

Contents

Overview of the HP SBM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2

Overview of This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-3

Ensure that You are Ready to Complete the Setup Wizard . . . . . . . . . . . . . 1-3

1-2

IntroductionOverview of the HP SBM

Overview of the HP SBM

The HP Survivable Branch Communication zl Module (SBM) powered by Microsoft LyncTM is a survivable branch appliance for the Microsoft Lync Server 2010 solution.

The SBM is installed in an HP 8200 zl Switch Series or HP 5400 zl Switch Series switch at the branch office. The SBM includes a Windows Server 2008 R2 that runs as the base OS. Running on this server, is a Lync Server 2010 Front-End Server that integrates with the main office Standard or Enterprise Lync Server Pool and handles communication services for up to 1000 users at a branch office.

The SBM also includes a Lync Server Mediation Server and an HP Media Gateway, which enable local Lync users to communicate with the public switched telephone network (PSTN). The SBM connects to the PSTN using T1, E1, or analog FXO cards that are installed in the module. The module also supports FXS cards for integrating analog phones or fax machines into the system.

Finally, the SBM provides survivability; if the WAN connection to the main office data center fails, the SBM routes all calls over its PSTN connection, so branch users can still contact both outside telephone numbers and Lync users at other site. The SBM automatically detects that the failover and the restora-tion of the WAN link without your completing any special configuration.

The SBM is managed through an easy to use Command Line Interface (CLI) and Web browser interface. The Windows Server 2008 R2 OS running on the module can also be accessed with Remote Desktop Protocol (RDP).

See the HP Survivable Branch Communication zl Module powered by

Microsoft LyncTM Planning and Design Guide for more details about all of these features. See the HP Survivable Branch Communication zl Module

powered by Microsoft LyncTM Installation and Getting Started Guide for details about the SBM hardware.

1-3

IntroductionEnsure that You are Ready to Complete the Setup Wizard

Overview of This Guide

It is assumed that the SBM has been installed and the initial tasks necessary for accessing the Setup Wizard completed. For those instructions, see the HP

Survivable Branch Communication zl Module powered by Microsoft LyncTM

Installation and Getting Started Guide.

This guide provides instructions for:

Ensuring that you are ready to complete the Setup Wizard

Completing the initial setup and testing the functionality

Managing and monitoring the SBM locally on an ongoing basis

Setting up remote management of the SBM

Managing software updates

Troubleshooting

Ensure that You are Ready to Complete the Setup Wizard

Before you complete the SBM’s Setup Wizard, the company’s Domain or Enterprise Admins and Lync Server designers must complete several initial tasks in the data center. It is recommended that they read the HP SBM

Planning and Design Guide. At the very least they must complete the tasks listed in Appendix A: “Ready the Data Center for an SBM Deployment.”

Do not move on until your data center contacts indicate that the tasks are complete and give you the following information:

Hostname (computer name) for the SBM

The SBM’s default hostname is its serial number, which you can see when you check its IP address through the CLI. (See Chapter 2 in the HP

Survivable Branch Communication zl Module powered by Microsoft

LyncTMInstallation and Getting Started Guide). You can also see the SBM’s serial number on the back left corner of the module’s physical hardware.

Default hostname: ______________________________

1-4


You will also need to know the SBM’s permanent hostname, which is the name in the SBM’s domain computer account.

Permanent hostname: __________________________

Permanent FQDN: _____________________________

N o t e In this guide, hostname or computer name will refer to the same name.

Fully Qualified Domain Name (FQDN) will refer to the fully-qualified name obtained by combining the hostname with the domain name. For example, the hostname (computer name) is set to HP-SBM. The domain name is hp.com. The FQDN is HP-SBM.hp.com.

The SBM’s IP address

Chapter 2: “Getting Started” of the Implementation and Getting Started

Guide explains how to find or set the SBM’s IP address yourself.

IP address: _______________________________

The new password that you should give to the SBM’s local administrator account

New local administrator password: ________________

N o t e For the sake of security, the SBM does not use Administrator for the local administrator account. Instead, the username is SBMAdmin. The default pass-word is P@ssw0rd.

Credentials of a domain user (typically in the RTCUniversalSBATechni-cians group) with sufficient privileges to:

• Join the SBM to the domain

• Log in to the SBM after it joins the domain and complete the Setup Wizard

Username: ___________________________________

Password: ___________________________________

1-5


Either:

• A .pfx certificate/private key file

Certificate filename: _______________________

Private key password: ______________________

C a u t i o n Whoever generates the .pfx file must mark the key as exportable. Otherwise, the Media Gateway cannot start and the installation will fail.

• Instructions on how you should request a certificate: – Generate a request manually– Request a certificate automatically (in which case you might need

another username and password)

Credentials for the user who requests the certificate only if you

have been told to use special credentials:

Username: ___________________________________

Password: ___________________________________

Optionally, CA certificate chain file

Your data center contact only needs to give you this file if the domain does not use group policy objects (GPOs) to push the CA certificate to domain computers. You also might be able to download the CA certificate your-self.

Filename: ___________________________________________

Transport protocol for the Media Gateway, either:

• TLS (recommended)

• TCP

This is the protocol that the gateway uses to listen for communications from the Lync solution.

Local listening port for the Media Gateway only if it is not standard

Non-standard listening port: ____________________________

This is the listening port that the CS Administrator defined for the PSTN gateway when adding the SBM as a survivable branch appliance. Figure 1-1 shows the default ports for TCP and TLS marked with 1.

1-6


Figure 1-1. SIP Ports

SIP transport protocol for communications from the Media Gateway to the Mediation Server:


• TCP

This is the protocol defined for the SBM’s Mediation Server in the topology.

Primary SIP server port only if it is not standard

Non-standard primary SIP server port: _______________________

This is the listening port defined for the SBM’s Mediation Server in the topology. Figure 1-1 shows the default ports for TCP and TLS marked with 2.

I m p o r t a n t Although all components are included within the SBM, you must specify the correct ports, or the SBM will not function correctly.

Obtain the settings for your T1 or E1 lines from your PSTN carrier. You can circle the correct setting in the table below.

1-7


Table 1-1. T1/E1 Digital Settings

Obtain the phone number for each line, including T1/E1, FXS, and FXO lines.

Table 1-2. Phone Numbers

Also verify that the standard ports used for Lync Server communications have been opened on all firewalls between the SBM and the data center Lync Server Pool.

The data center engineers have received instructions for readying the data center. Verify that these tasks are complete:

You have been assigned credentials for a user account with this member-ship: RTCUniversalSBATechnicians.

The SBM’s servicePrincipalName has been set to its FQDN.

The SBM has been added to the Lync Server topology as a survivable branch server (its FQDN is specified for the front-end server, Mediation Server, and PSTN gateway).

N o t e The PSTN gateway cannot be an IP address; it must be the SBM’s FQDN.

Parameter T1 Line 1 T1 Line 2 T1 Line 3 T1 Line 4 E1 Line 1 E1 Line 2 E1 Line 3 E1 Line 4

Line coding ESF D4

ESF D4

ESF D4

ESF D4

CRC4 Non-CRC4

CRC4 Non-CRC4

CRC4 Non-CRC4

CRC4 Non-CRC4

Frame format

B8ZSAMI

B8ZSAMI

B8ZSAMI

B8ZSAMI

HDB3AMI

HDB3AMI

HDB3AMI

HDB3AMI

Switch type 4ESS 5ESSDMS100National ISDN (NI2)

4ESS 5ESSDMS100National ISDN (NI2)

4ESS 5ESSDMS100National ISDN(NI2)


Net5 (ETSI, Euro ISDN)




Circuit ID Phone Number

1-8


Routing rules and normalization have been established for the SBM’s pool.

A CS Health Monitoring Configuration has been created for the SBM’s pool (so a Lync test call can be placed without specifying user information).

You are now ready to run the Setup Wizard.

I m p o r t a n t You must complete all initial setup tasks through the Setup Wizard. For example, do not join the SBM to the domain using the standard Windows method because the wizard performs several necessary tasks when it joins the SBM to the domain.

2-1

2

Complete the Setup Wizard

Contents

Access the Setup Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-3

Using the Setup Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-4

General Troubleshooting Tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5

Access the SBM via Remote Desktop Protocol (RDP) . . . . . . . . . 2-5

View Details When a Step Fails . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-5

Start the Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-6

Configure IP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8

Network Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-8

Advanced Network Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-11

Configure the System Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-12

HP zl Switch Commands for Setting the Time . . . . . . . . . . . . . . . . . . 2-13

Synchronize the HP zl Switch Using SNTP . . . . . . . . . . . . . . . . . . 2-13

Set the HP zl Switch Time Manually . . . . . . . . . . . . . . . . . . . . . . . 2-15

Join the SBM to the Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-16

Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-19

Failed Domain Join . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-19

Failed Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-20

Initiate the Installation Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-23


Troubleshooting Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-24

Troubleshooting Installations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-29

Troubleshooting Lync Server Replication . . . . . . . . . . . . . . . . . . 2-29

Troubleshooting Lync Server Activation . . . . . . . . . . . . . . . . . . . 2-32

Install Server Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-32

Import the Certificate Chain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-32

Select the Option for Installing the Certificate . . . . . . . . . . . . . . . . . . 2-33

2-2

Complete the Setup WizardContents

Automatically Request a Certificate . . . . . . . . . . . . . . . . . . . . . . . 2-34

Generate a Certificate Request . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-37

Import Your Own Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-42

Assign an Existing Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-44

PSTN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-47

Complete the PSTN Setup Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-48

Background Information on PSTN Outward Number Masks . . . 2-58

Connect to the PSTN Carrier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-60

Check Channel Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-60

Advanced Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-61

Disable Echo Cancellation for Data Devices . . . . . . . . . . . . . . . . 2-62

Troubleshooting the PSTN Configuration . . . . . . . . . . . . . . . . . . . . . . 2-65

Media Gateway Does Not Start . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-65

Interface is Connected But the Line Has Alarms . . . . . . . . . . . . . 2-66

Place PSTN Call . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-66

Troubleshoot Failed PSTN Calls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-68

Alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-68

No Alarms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-69

Start the Lync Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-70

Troubleshooting Starting the Services . . . . . . . . . . . . . . . . . . . . . . . . . 2-71

Place Lync Test Call . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-71


Changing the PSTN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 2-74

Changing the Routing Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-74

Installation and Configuration Complete . . . . . . . . . . . . . . . . . . . . . . . . . . 2-76

2-3

Complete the Setup WizardAccess the Setup Wizard

Access the Setup Wizard

You should be at the Welcome page of the SBM Setup Wizard. To access the wizard, open a Web browser and navigate to the SBM’s IP address.

Supported Web browsers include:

Windows Internet Explorer (IE) 7

Windows IE 8

Mozilla Firefox 3.6

N o t e You must complete all initial setup tasks through the Setup Wizard. For example, do not join the SBM to the domain using the standard Windows method because the wizard performs several necessary tasks when it joins the SBM to the domain.

If you have not accessed this wizard before, see Chapter 2 of the HP Surviv-

able Branch Communication zl Module powered by Microsoft LyncTMInstal-

lation and Getting Started Guide. This chapter provides guidelines for reaching the wizard and explains how ensure that your browser trusts content from the SBM.

2-4

Complete the Setup WizardUsing the Setup Wizard

Using the Setup Wizard

The figure below displays the Welcome page, which is the first page in the Setup Wizard.

Figure 2-1. Setup Wizard > Welcome Page

2-5


General Troubleshooting Tips

Keep these tips in mind for a smoother experience in setting up your SBM.

Access the SBM via Remote Desktop Protocol (RDP)

You must set up the SBM using the Setup Wizard because the wizard completes some setup in the background. However, you can access the SBM via RDP during the process if you want. You learned how in the HP Survivable Branch

Communication zl Module powered by Microsoft LyncTMInstallation and

Getting Started Guide. These steps are repeated for your reference:

1. Remote Desktop connections to the SBM are enabled by default. But if you need to reenable this feature, you do so from the SBM CLI. (See “Remote Desktop Protocol (RDP)” on page 3-17 of Chapter 3: “Manage and Monitor the HP SBM Locally.”)

2. From your management station’s Start menu, select Programs > Accesso-ries > Remote Desktop Connection. (The path might vary slightly based on your OS and settings.)

3. For Computer, type the SBM’s IP address (for initial configuration) or FQDN. Click Connect.

4. Log in with the SBMAdmin account until you join the SBM to the domain. After the SBM joins the domain, you should generally log in with your domain user credentials.

5. Whenever you run an application, right-click and select Run as administrator.

N o t e If you want to access the Setup Wizard via RDP, you should click the Manage HP SBM shortcut. If prompted to give your permission to continue, click Continue.

View Details When a Step Fails

For each step in the wizard, this chapter includes a subsection on trouble-shooting with specific tips for completing that step. In general, whenever a step fails, you can click show details:

You might see a more intuitive explanation for the failure in the last line of the details.

You might see the cmdlet that is executing; then you can follow standard Windows troubleshooting procedure for that cmdlet.

2-6


You might see the location for a log file. You can then access the SBM via RDP, navigate to the log file’s location, and read the log for detailed messages. You can also insert a USB storage device in the SBM’s USB slot (make sure to use the slot on the SBM’s front panel and not the USB slot on the HP zl switch chassis). Then you can copy the log file to the USB storage device and send the file to an expert for help.

Figure 2-2. Setup Wizard—Example Failed Details

Start the Wizard

You are now ready to start the wizard:

1. If you want, read through the product overview. Click Next.

2. The next page provides an overview of the setup process. The two tasks under Step 1 should already be completed. (If they are not, refer to the HP

Survivable Branch Communication zl Module powered by Microsoft

LyncTMInstallation and Getting Started Guide for instructions.) You have also completed the first two tasks under Step 2. You will now complete the other tasks.

Log file location

Cmdlet

2-7


Figure 2-3. Setup Wizard > Installation Process Overview Page

3. Click Next.

2-8

Complete the Setup WizardConfigure IP Settings

Configure IP Settings

Your SBM might already have the correct IP settings either assigned to it by the domain DHCP server or set during the initial installation. The SBM requires:

A valid IP address and default gateway address, which provide the SBM with connectivity to the data center

The domain DNS server IP address

The IP settings should typically be configured on the internal Ethernet inter-face 2.

If the SBM already has these settings, you can immediately click Next and move to “Configure the System Time” on page 2-12.

If you need to configure network settings, the sections below give guidelines; when you are finished, click Next.

C a u t i o n Do not disable Ethernet interface 2. The SBM requires this interface to communicate with the HP zl switch in which it is installed; disabling it causes a fault condition.

In addition, you typically should not enable Ethernet interface 1. Doing so without first ensuring that the data center has been properly configured can cause the SBM’s services to fail.

Network Interfaces

The SBM has three network interfaces:

Internal Ethernet Interface 1—The SBM's internal 10 Gigabit port 1, which is disabled by default. You can use this interface as a backup connection for Ethernet interface 2; however, data center engineers must complete special DNS setup. Therefore, you should typically leave this interface disabled.

Internal Ethernet Interface 2— The SBM's internal 10 Gigabit port 2, used to connect to the branch LAN (and from there to the data center over a WAN connection). Typically, this is the interface that has the IP address associ-ated with the SBM hostname.

2-9


Management Interface—The 1 Gigabit Management port on the front of the SBM, which you can connect directly to a management station. This interface is intended to provide backup management access to the SBM, typically for support purposes.

You configure the settings for each interface by clicking the corresponding tab. You can set the basic settings manually, or the SBM can receive them using DHCP. The basic settings include:

IP address

Subnet mask

Default gateway

DNS servers

C a u t i o n If you change the IP settings for the interface through which you are currently connected to the SBM, you will lose contact with the SBM. You must contact the SBM at the new IP address.

2-10


Figure 2-4. Setup Wizard—Configure IP Settings Page

If you need help configuring a field, click the help icon (?) in the Setup Wizard. Before you click Next, you must manually commit the changes made in each tab by clicking the Apply button at the bottom of the tab. (Before you commit changes, you can revert the settings to those that were last applied by clicking Discard Changes.)

2-11


N o t e When you configure an SBM Ethernet interface in the Setup Wizard, the interface must either receive all settings using DHCP or be configured with all settings manually.

However, these interfaces do support receiving a DHCP IP address and default gateway but using a manually-defined DNS server address. If your environ-ment requires such a setup, you must access the SBM via RDP and configure the Ethernet interfaces using the typical Windows procedure.

From the remote desktop, you can configure any settings on the Ethernet Interfaces that are typically supported by Windows Server 2008 R2 interfaces. (However, this does not mean that all configurations function in your environ-ment. Consult with a data center engineer before you make advanced config-urations.)

N o t e The SBM does not support IPv6.

Advanced Network Settings

Click Advanced Network Settings to configure some extra options for an interface (which are not typically required):

Specify the interface’s gateway metric (the interface with the lowest metric is preferred when the same route is known on more than one interface)

Specify WINS server IP addresses

Specifying WINS servers is optional, but if you specify one, you must specify both.

Figure 2-5. Setup Wizard—Configure IP Settings Page > Advanced Network Settings

2-12

Complete the Setup WizardConfigure the System Time

Configure the System Time

This page displays the SBM time. On this page, you can also set the SBM’s timezone and Daylight Saving Time settings.

The SBM takes its date and time from the HP zl switch chassis in which it is installed. Because the domain join and other functions will fail unless the SBM time matches the domain controller's, the HP zl switch should be synchronized to the same time as the domain controller.

Figure 2-6. Setup Wizard—Configure System Time

2-13


Although you cannot configure the time on the SBM, you can configure these settings:

Timezone

Remember to click Set Time Zone after you select the correct zone from the list.

Whether Daylight Saving Time is enabled

C a u t i o n If you set Daylight Saving Time on the SBM but not on the switch, the SBM will become unreliable until this setting is reconciled. If you experience this problem, first reconcile the setting on the HP zl switch and the SBM. Then power cycle the SBM at least twice.

If the SBM is not receiving the correct time from the HP zl switch (or if you need to set Daylight Saving Time on the switch), read the section below. Otherwise, move directly to “Join the SBM to the Domain” on page 2-16.

N o t e Changes to the HP zl switch time will not take effect on the SBM until the SBM reboots.

HP zl Switch Commands for Setting the Time

You or the HP zl switch administrator should set the switch time during the initial setup.

In case that did not occur, the following sections include the commands for either:

Synchronizing the HP zl switch and the domain controller time using SNTP (recommended for a permanent installation)

Setting the HP zl switch time manually

Synchronize the HP zl Switch Using SNTP

Follow these steps:

1. Open a CLI management session with the HP zl switch and access the global configuration context:

hostzlswitch# config

2. Enable SNTP:

hostzlswitch(config)# timesync sntp

2-14


3. Set the SNTP mode:

hostzlswitch(config)# sntp unicast

4. Configure the SNTP server IP address (either the domain controller or an SNTP server with the correct time):

5. Set the timezone:

6. If you are activating Daylight Saving Time on the SBM, you must activate it on the HP zl switch:

7. Check the switch time and verify that it is correct:

hostzlswitch(config)# clock

8. Save the changes:

hostzlswitch(config)# write memory

9. After the switch has the correct time, reboot the SBM to apply the new time:

hostzlswitch(config)# services <slot-ID> boot

Syntax: sntp server priority 1 <ip-address>

Replace <ip-address> with the reachable IP address of the

domain controller or SNTP server.

Syntax: time timezone <-780 - 840>

The switch calculates the time zone offset in minutes. For

example, type 60 for GMT +1.

Syntax: time daylight-time-rule < none | alaska | continental-us-and-canada |middle-europe-and-portugal | southern-hemisphere | western-europe |user-defined>

Select the region that applies to you.

2-15


Set the HP zl Switch Time Manually

Follow these steps:

1. Open a CLI management session with the HP zl switch and access the global configuration context:


2. Set the date:

3. Set the time:

4. Set the timezone:

5. If you plan to activate Daylight Saving Time on the SBM, you must activate it on the HP zl switch:

6. Check the switch time and verify that it is correct:

hostzlswitch(config)# clock

7. Save the changes:

hostzlswitch(config)# write memory

8. After the switch has the correct time, reboot the SBM to apply the new time:

hostzlswitch(config)# services <slot-ID> boot

Syntax: clock set <DD:MM:YYYY>

Replace <DD:MM:YYYY> with the two-digit date, two-digit

month number, and four-digit year. For example, 05:05:2010

Syntax: clock set <HH:MM:SS>

Replace <HH:MM:SS> with the two-digit hour in the 24-hour

clock, two-digit minute, and two digit seconds. For example,

10:09:35.

Syntax: time timezone <-780 - 840>

The switch calculates the time zone offset in minutes. For

example, type 60 for GMT +1.

Syntax: time daylight-time-rule < none | alaska | continental-us-and-canada |middle-europe-and-portugal | southern-hemisphere | western-europe |user-defined>

Select the region that applies to you.

2-16

Complete the Setup WizardJoin the SBM to the Domain

Join the SBM to the Domain

On this page, you join the SBM to the domain.

1. For Computer Name, type the SBM’s permanent name.

It is very important that you enter the correct name in order for the SBM to work with the other servers in the Lync Server topology. Note that the computer name is only the hostname portion of the SBM’s FQDN. For example, if the SBM’s designated FQDN is HP-SBM.example.hp.com, type HP-SBM.

2. Next, type the credentials for a domain user allowed to join the SBM to the domain. Again, your contact should have given you these credentials.

3. For Domain, type the entire domain name including the top-level domain (for example, example.hp.com).

Figure 2-7. Setup Wizard—Join the Domain

2-17


4. Click Join.

5. When the domain join is successful, the SBM reboots and a countdown is displayed on the window, indicating the time until the SBM will have completed the reboot.

Figure 2-8. Setup Wizard—Reboot Countdown

6. While the SBM reboots close the Web browser interface, which ensures that you are properly logged out.

N o t e If you have launched the Setup Wizard from the Remote Desktop, you will lose access. Wait until the SBM reboots (if you have physical access to it, verify that the Module Status LED glows solid green). Then you can log back in with RDP using the SBM’s FQDN and your domain user credentials.

7. After the SBM has rebooted, open the Web browser and navigate to the

SBM’s FQDN.

N o t e If you did not close and reopen the Web browser, you may be prompted to do so.

2-18


8. When prompted to log in, do not log in as the local Administrator. Instead, type the credentials of a domain user with sufficient privileges to finish configuring the SBM (typically, the credentials that you used to join the SBM to the domain). Remember to include the domain name in your username, either:

• <domain name>\<username>• <username>@<full domain name>

Figure 2-9. IE 7—Log in to the Setup Wizard

I m p o r t a n t If your domain credentials are rejected, do not log in as a local administrator. You will not be able to complete the Setup Wizard. Read “When you have succeeded in joining the domain, return to step 5 on page 2-17.” on page 2-19 for troubleshooting tips.

2-19


Troubleshooting

The sections below give troubleshooting tips for the section above:

“Failed Domain Join” on page 2-19

“When you have succeeded in joining the domain, return to step 5 on page 2-17.” on page 2-19

Failed Domain Join

If the domain join fails, check these settings (some will require you to ask administrators at the data center to check settings at their end):

You have the correct credentials to join the SBM to the domain:

• Username and password are correct.

• You are a member of the group that is allowed to join the SBM to the domain (RTCUniversalSBATechnicians).

The SBM has the correct IP settings, including connectivity to the domain controller. The domain DNS server is configured as the SBM’s DNS server.

You cannot move back to the Configure Network Connections page. If you need to change the settings, you can do so from the SBM CLI (see Appendix C: “Command-Line Reference”) or via RDP (see “Access the SBM via Remote Desktop Protocol (RDP)” on page 2-5).

The time on the SBM's HP zl switch is synchronized with the domain controller’s time. (See “HP zl Switch Commands for Setting the Time” on page 2-13.)

The proper ports for allowing a domain join are open on all firewalls between the SBM and the domain controller.

To check connectivity, you can ping the domain controller:

1. Connect to the SBM via RDP and log in with your new Administrator password.

2. Open a command prompt from the Start menu (always right-click and run as an administrator).

3. Enter this command:

When you have succeeded in joining the domain, return to step 5 on page 2-17.

Syntax: ping <address>

Replace <address> with the IP address or FQDN that you

want to ping.

2-20


Failed Login

Contact your Domain Administrator and verify you are a member of RTCUni-versalSBATechnicians. If not, ask the administrator to add you to this group.

If you are a member of the group, the RTCUniversalSBATechnicians group probably was not added to the SBM’s local Administrators group as it should have been. (Perhaps your company has a non-supported or a non-standard domain topology.) You must add the group manually. Follow these basic steps:

1. Access the SBM using RDP. Log in as SBMAdmin.

2. Launch the Local Users and Groups manager (lusrmgr). Remember to run the command as an administrator.

Figure 2-10. SBM Remote Desktop—Local Users and Groups Manager

3. Select Groups in the left pane.

4. In the right-pane, double-click Administrators.

2-21


5. In the Administrators Properties window, check for the RTCUniversalSBAT-echnicians group.

N o t e If the RTCUniversalSBATechnicians group is a member of the local Adminis-trators group already, and you are a member of the group, it is possible that you have joined the SBM to the domain with the wrong name. You must follow a specific procedure for changing the SBM’s name. See “Change an HP SBM’s Name” on page 3-33 of Chapter 3: “Manage and Monitor the HP SBM Locally.”

Figure 2-11. SBM Remote Desktop—Administrators Properties Window

6. To add the missing group, click Add.

Figure 2-12. SBM Remote Desktop—Select Users, Computers, Service Accounts, or Groups Window

2-22


7. Make sure that the correct location is selected. Click Locations if you need to select a new one. One reason that the group was not added automati-cally might be that the location is non-standard, so talk to your data center contacts to find the correct location for the RTCUniversalSBATechnicians group.

8. In the Enter the object name to select field, type RTCUniversalSBATechni-cians.

9. Click OK in all windows to apply the settings.

10. Log out of the remote desktop.

You should now be able to log in to the Setup Wizard with your domain credentials and move on to the next task.

2-23

Complete the Setup WizardInitiate the Installation Process

Initiate the Installation Process

In this page, the Setup Wizard verifies that all necessary prerequisites are complete and then installs SQL Express and Lync Server components. It also replicates the Lync Server topology from the data center and activates the Lync services. The process runs automatically; you only need to interact if a step fails.

Figure 2-13. Setup Wizard—Initiate Installation Process Page

2-24


As you see, each task has a status:

Pending indicates that the task has not yet started.

Running indicates that the tasks is in process.

Success indicates that the task has completed successfully.

Failed indicates that the task could not complete. refer to the troubleshoot-ing section below.

When all tasks have completed successfully (this might take about ten min-utes), click Next. Then move to “Install Server Certificates” on page 2-32.

Troubleshooting

Move to the section based on the task that fails:

If the prerequisites fail, see “Troubleshooting Prerequisites” on page 2-24.

If one of the installations fail, see “Troubleshooting Installations” on page 2-29.

If the Lync Server replication fails, see “Troubleshooting Lync Server Replication” on page 2-29.

If the Lync services activation fails, see “Troubleshooting Lync Server Activation” on page 2-32.

Troubleshooting Prerequisites

The Setup Wizard checks the following prerequisites, which indicate that the correct configurations have been completed at the data center and you will be able to complete the wizard:

RTCUniversalSBATechnicians is a member of the SBM’s local Administra-tors group

The SBM has a Service Principal Name (SPN) with this format: HOST/<SBM FQDN>

The SBM is a member of RTCSBAUniversalServices

Although you can select check box to ignore prerequisites and move on, it is not recommended that you do so. If the prerequisites are not met, the instal-lation will probably fail at a later point. Read the sections below to learn more about resolving problems with failed prerequisite checks.

After you resolve the problem, click Retry Installation to begin the installation again.

2-25


Verify that the prerequisite checks succeed and wait for the other tasks to complete. Then click Next and move to “Install Server Certificates” on page 2-32.

RTCUniversalSBATechnicians Member of the SBM’s Local

Administrators Prerequisite. The Setup Wizard automatically adds the RTCUniversalSBATechnicians group to the local Administrators group when you join the SBM to the domain. The prerequisite might fail because you did not use the Setup Wizard to join the SBM to the domain. It also might fail because your domain has a non-typical topology, which prevented the group from being added automatically.

This setting is necessary because it allows RTCUniversalSBATechnicians to manage the SBM and complete the Setup Wizard. (The DomainAdmin group is also allowed local administrator access.)

To resolve this issue, ask a Domain or Enterprise Admin to verify that the domain supports the RTCUniversalSBATechnicians group and to tell you its location. Then follow these steps to add the group to the SBM’s local Admin-istrators group manually:

1. Access the SBM using RDP. Log in as SBMAdmin.

2. Launch the Local Users and Groups manager (lusrmgr). Remember to run the command as an administrator.

2-26


Figure 2-14. SBM Remote Desktop—Local Users and Groups Manager

3. Select Groups in the left pane.

4. In the right-pane, double-click Administrators.

5. In the Administrators Properties window, check for the RTCUniversalSBAT-echnicians group.

2-27


Figure 2-15. SBM Remote Desktop—Administrators Properties Window

6. To add the missing group, click Add.

Figure 2-16. SBM Remote Desktop—Select Users, Computers, Service Accounts, or Groups Window

7. Make sure that the correct location is selected. Click Locations if you need to select a new one. One reason that the group was not added automati-cally might be that the location is non-standard, so talk to your data center contacts to find the correct location for the RTCUniversalSBATechnicians group.

8. In the Enter the object name to select field, type RTCUniversalSBATechni-cians.

9. Click OK in all windows to apply the settings.

10. Log out of the remote desktop.

2-28


SBM SPN Prerequisite. This prerequisite fails if the Domain or Enterprise Administrator has not configured this setting.

Without the proper SPN, the SBM does not receive the proper group member-ships when it is added to the Lync topology. As far as you are concerned, you will not be able to complete the setup, and the SBM will not be able to provide the communication services.

To resolve this issue:

1. Contact the Domain or Enterprise Administrator and ask him or her to configure the SPN for the SBM’s computer object. The SPN must use this format:

HOST/<SBM FQDN>

For example:

HOST/HP-SBM.example.hp.com

2. A CS Administrator must enable the Lync topology:

a. Log in to a server that has the Lync Server Management Shell. Open the shell.

b. Enter Enable-CSTopology.

Before proceeding, wait for the topology to replicate. The replication time depends on the size of the deployment and on your environment.

SBM Member of RTCSBAUniversalServices Prerequisite. This check verifies that the SBM computer object has been correctly configured and added to the topology. If you do not resolve this issue, the SBM might not be able to replicate the Lync topology and provide communication services. You will not be able to complete the setup.

To resolve this issue, contact the data center engineers, including the CS Administrator and the Domain or Enterprise Administrator in charge of the SBM computer object, and tell them the problem.

Make sure that everyone is using the same FQDN:

SBM’s SPN (HOST/<SBM FQDN>)

Survivable branch server as defined in the Lync Server topology

If the SPN is wrong or not configured, the Domain or Enterprise Administrator must correct this problem first.

2-29


Next, the CS Administrator must check the topology and verify that the SBM has been added as a survivable branch server with the correct FQDN. (See Appendix A: “Ready the Data Center for an SBM Deployment” or Microsoft documentation for more details.)

If any changes were made to the topology, the CS Administrator must publish it. (The topology is automatically enabled when published.)

If only the SPN has changed, the CS Administrator must simply enable the topology:

1. Log in to a server that has the Lync Server Management Shell. Open the shell.

2. Enter Enable-CSTopology.

Before proceeding, wait for the topology to replicate. The replication time depends on the size of the deployment and on your environment.

Troubleshooting Installations

If an installation fails, try again. If it continues to fail, your software image might be corrupt, or your company’s security policies might be interfering with the installation. The SBM must be allowed to autorun applications. Refer your data center contact to Appendix B: “HP SBM Security Hardening,” which lists security policies that must not be implemented on the SBM.

After you resolve the problem, click Retry Installation to begin the installation again. Verify that all tasks complete. Then click Next and move to “Install Server Certificates” on page 2-32.

Troubleshooting Lync Server Replication

The replication might fail for several reasons. Read the sections below to find your problem.

After you resolve the problem, click Retry Installation to begin the installation again. Verify that all tasks complete. Then click Next and move to “Install Server Certificates” on page 2-32.

2-30


SBM Not Added to the Topology. For the replication to complete success-fully, the data center engineers must have:

Added your branch to the topology:

• Defined the branch site within a site with an existing Lync server pool

• Defined a survivable branch server for the branch site, specifying the SBM’s FQDN for the survivable branch server and PSTN gateway

Published and enabled the new topology

In addition, the domain administrator must have specified the SBM’s SPN as its FQDN, or the topology does not publish successfully.

If you see an error message such as “export failed” or “specified part does not exist,” verify that the data center engineers have completed these tasks. If not, wait until they have before proceeding with the installation.

Also verify that the SBM’s name matches the FQDN that the data center engineers have specified for the SBM in the branch site of the Lync Server topology. You can check the hostname by accessing the system properties in the Remote Desktop. If the name is wrong, you must follow a precise proce-dure for changing it. See “Change an HP SBM’s Name” on page 3-33 of Chapter 3: “Manage and Monitor the HP SBM Locally.”

When you are ready, you can click Restart Automated Replication Process.

Insufficient Privileges. This step might have failed because you do not have permission to complete all of the necessary tasks.

N o t e Typically, you should be a member of the RTCUniversalSBATechnicians group. (By default, when the SBM joins the domain, this group and the Domain Admins group are added to the SBM local Administrators.)

If you need to log in as a different user or as a user with refreshed rights, you must close the browser, reopen it, and then navigate back to the SBM’s FQDN. If you launched the browser from the Remote Desktop, you must log out of the desktop and log back in with the correct domain user credentials.

When you are ready, you can click Restart Automated Replication Process.

Failed Network Connection. If you see a “network related or instance-specific” error, the SBM’s link to the server at the data center that stores the topology might have failed. Test this theory by pinging that server from a command prompt via RDP or from the SBM OS CLI. If the link has failed, you can either:

2-31


Wait until the link is restored and then click Restart Automated Replication Process.

Attempt a manual replication (see the section below)

Manual Replication. Manual replication allows you to continue with the setup process while the link is being restored. (You will not be able to complete the entire Setup Wizard, however, until the link is back up.)

Figure 2-17. Setup Wizard—Perform Lync Server Replication Failed > Next Steps

For a manual replication, you must have your domain’s updated Lync Server topology file saved as a .zip file.

N o t e If you are completing the Setup Wizard via RDP, save the .zip file to a USB. Then insert the USB device in the slot on the SBM front panel.

In the Setup Wizard, click Manual Replication under Next Steps. Click the Browse button that is displayed below and browse to the topology file. Click IMPORT.

Figure 2-18. Setup Wizard—Perform Lync Server Replication Failed > Next Steps Continued

2-32

Complete the Setup WizardInstall Server Certificates

If the topology imports successfully, you can move on with the wizard. However, you will need to regain access to the data center before you start the Lync Server services and finish the wizard.

Troubleshooting Lync Server Activation

The services that are enabled in this step are:

Registrar for this pool

Mediation server for this pool

Media Gateway (PSTN gateway) for this pool

All of these services run locally on the SBM.

If this step fails, the SBM might not have finished processing the replication of the Lync server topology. Wait several minutes. Then click Retry Installation.

Install Server Certificates

Before you install the certificate, you need to determine whether the SBM has the correct CA certificate chain installed. Many domains use group policy objects (GPOs) to automatically push this chain to devices when they join the domain. Therefore, the SBM might have received the chain already; ask your data center contact.

If a GPO did not push the CA certificate chain to the SBM, or if you do not know whether it did, follow the steps in “Import the Certificate Chain” on page 2-32. Otherwise, move directly to “Select the Option for Installing the Certifi-cate” on page 2-33.

Import the Certificate Chain

To install the certificate chain, follow these steps:

1. Obtain the CA certificate or CA certificate chain file from the data center administrators and copy it to your management station.

2. In the Install Server Certificates page, click Import Certificate Chain.

2-33


Figure 2-19. Setup Wizard—Install Server Certificates > Import Certificate Chain

3. Click Browse and browse to the file on your management station.

4. Click IMPORT.

5. Verify that the certificate installs successfully.

Figure 2-20. Setup Wizard—Install Server Certificates > Import Certificate Chain

6. You might be prompted to log back in to the Setup Wizard after the certificate is updated. Do so. Then move on to the section below.

Select the Option for Installing the Certificate

Once you know that the CA certificate chain is installed, you can install the SBM’s Lync Server certificate. You have three options, one of which you will select based on what your data center contact has told you:

If you were given a .pfx certificate/private key file, select Import Your Own Certificate. See “Import Your Own Certificate” on page 2-42.

If you were told that the SBM already has a certificate that you can use, select Import your own Certificate and then Assign certificate. See “Assign an Existing Certificate” on page 2-44.

2-34


If you were told to create a certificate request and then submit that request to your data center contact offline, select Generate Certificate Request. See “Generate a Certificate Request” on page 2-37.

If you were told to automatically request a certificate (online request) from a Windows domain Certificate Authority, select Automatically Request Certificate from Microsoft Domain Authority. See “Automatically Request a Certificate” on page 2-34.

Automatically Request a Certificate

For this option to work, the SBM requires network connectivity to your domain Certificate Authority (CA). In addition, you must have permission to request a Web Server certificate in this way.

Follow these steps:

1. In the Install Lync Server Certificates page, select Automatically Request Certificate from Microsoft Certificate Authority.

Figure 2-21. Setup Wizard—Install Server Certificates Page > Automatically Request Certificate From Microsoft Certificate Authority

2. For Certificate Authority, type the name of the Microsoft Certificate Authority.

Use this format: MachineName\FriendlyName. For example:

ca.example.hp.com\certificateAuthority

2-35


3. Only fill out the next two fields if your domain center contact has told you that you need to use special credentials to request the certificate. If you leave the fields blank, the SBM requests the certificate using the creden-tials that you used to log in to the Setup Wizard.

4. The Subject Alternate Name(s) field is automatically populated with the SBM’s FQDN. If the SBM can be contacted at more than one FQDN, add these FQDNs to the field, separating each with a comma. Wildcards are not allowed. But leave the autopopulated FQDN at the beginning of

the list.

N o t e The FQDN is obtained from the settings when you joined the SBM to the domain. For example, you set the hostname to HP-SBM and joined the module to the example.hp.com domain; the FQDN is HP-SBM.example.hp.com.

N o t e Both a subject name and a subject alternate name (or names) are required for proper functioning of the gateway. The subject name itself is set to CN=<FQDN>; you cannot alter this setting although you can add values to the subject name by configuring the fields below as described in the next step.

5. Entering values in the remaining fields is optional.

These fields further identify the SBM in an LDAP hierarchy and are added to the subject name.

You select the country from a list, but you must type values in other fields. Valid values include alphanumeric characters, spaces, and all special characters except double quotation marks (“ ”).

Table 2-1. Certificate Information Fields

6. When you are satisfied with the values, click Request Certificate. The SBM sends the certificate request to the domain CA, which will return the signed certificate. The SBM automatically installs it.

Field Format in Subject Name Example Name with All Fields Specified

Organizational unit OU=<value in field> CN=hp-sbm.example.hp.com,OU=Branch,C=AR,S=Buenos Aires D.F.,L=Buenos AiresCountry C=<selected country>

State/Province S=<value in field>

City/Location L=<value in field>

2-36


7. When the certificate installs, the SBM’s Web server refreshes to use that certificate as well. As long as your management station trusts the CA that signed the certificate, you will no longer see certificate error messages when you access the Setup Wizard.

Figure 2-22. SBM Web Server Certificate Updating

8. You may need to log in again.

After you log in, you should see a message indicating your success. Move to “PSTN Configuration” on page 2-47.

Troubleshooting. If you see an error message that mentions a lack of a “Trusted Root Certificate,” follow the steps in “Import the Certificate Chain” on page 2-32.

2-37


If you see an error message that indicates that the SBM cannot reach the CA, you should double-check the name. The first part must be the CA’s FQDN and the second part the CA’s friendly name. Verify both with your domain CA administrator.

If you see other error messages, contact the domain CA administrator and verify that you have permission to enroll for Web Server certificates. You might need to use different account credentials.

You should also check the SBM’s connectivity to the Windows domain CA:

1. Access the SBM Remote Desktop.

2. Open the command line from the Start menu (run as an administrator).


Generate a Certificate Request

Follow these steps:

1. In the Install Lync Server Certificates page, select Generate Certificate Request.

Figure 2-23. Setup Wizard—Install Server Certificates > Generate Certificate Request

Syntax: ping <address>

Replace <address> with the FQDN or IP address of the CA

server that hosts the Web enrollment page.

2-38


2. The Subject Alternate Name field is automatically populated with the SBM’s FQDN. If the SBM can be contacted at more than one FQDN, add these FQDNs to the field, separating each with a comma. Wildcards are not allowed. But make sure to leave the autopopulated FQDN at the begin-

ning of the list.

N o t e The FQDN is obtained from the settings when you joined the SBM to the domain. For example, if you set the Computer Name to HP-SBM and joined the module to the example.hp.com domain, the FQDN is HP-SBM.exam-ple.hp.com.

N o t e Both a subject name and a subject alternate name (or names) are required for proper functioning of the gateway. The subject name itself is set to CN=<FQDN>; you cannot alter the CN part of the name although you can add values to the subject name by configuring the fields below as described in the next step.

3. Entering values in the remaining fields is optional.

These fields append values to the subject name, further identifying the SBM in an LDAP hierarchy.

You select the country from a list, but you must type values in other fields. Valid values include alphanumeric characters, spaces, and all special characters except double quotation marks (“ ”).

Table 2-2. Certificate Information Fields

4. When you are satisfied with the values, click Generate Certificate Request. The certificate request is displayed as PEM encoded Base 64 data in the box below.

Field Format in Subject Name Example Name with All Fields Specified




2-39



5. Copy all of the text in the box into a file on your management station. (You can use a simple text editor such as Notepad.)

2-40


Figure 2-25. Certificate Request Save in Notepad

6. Save the file and submit it to your data center contact. (Some CAs might require you to submit the file with a .req extension. Windows CAs can accept .txt files.)

7. You must wait for your data center contact to return a certificate file to you before you complete step 4 (Import Certificate to System Store). When you receive the file, transfer it to your management station. Or, if you are accessing the Setup Wizard from the SBM Remote Desktop, transfer it to a USB drive and insert the device in the SBM.

8. In the Setup Wizard, you are at 4. Import Certificate to System Store. Browse to the file.


9. Click IMPORT.

10. When the certificate installs, the SBM’s Web server refreshes to use that certificate as well. You will no longer see error messages about an untrusted certificate when you access the Setup Wizard.

2-41





Troubleshooting. If you see an error message that mentions a lack of a “Trusted Root Certificate,” follow the steps in “Import the Certificate Chain” on page 2-32. After you install the CA certificate, click Cancel Current Certificate Request and repeat the entire process. Otherwise, you might receive an error message that the certificate has already been installed.

You can also check the format of your certificate and make sure that it is correct (PEM encoded Base 64).

2-42


Import Your Own Certificate

Before completing this task, you must obtain the certificate/private key file for the SBM.

C a u t i o n The certificate must meet these requirements:

It includes a private key—If it does not, you will not receive an error message, but your phone calls will fail.

The private key is marked as exportable—Otherwise, the Media Gateway will not be able to use the certificate and will fail to start.

The SBM’s FQDN is the CN portion of the certificate’s subject name and an alternate subject name—Otherwise, the Lync Server Front-End Server will fail to start or start and stop immediately.

The certificate is signed by a CA that is trusted in your domain.

Follow these steps:

1. Transfer the .pfx file to your management station. Or, if you are accessing the Setup Wizard from the SBM Remote Desktop, transfer the file to a USB drive and insert the device in the SBM USB slot.

2. In the Install Server Certificates page, select Import Your Own Certificate.

3. Make sure that Upload your own certificate is selected.

Figure 2-28. Setup Wizard—Install Lync Server Certificates > Import Your Own Certificate

2-43


4. For Password, type the password that you were told for the private key.

5. If the private key is not protected with a password, you do not need to complete this field.

6. Browse to the .pfx file for the SBM certificate.

7. Click IMPORT.





2-44



You can also talk to your data center contact and verify that the password for the private key is correct.

Assign an Existing Certificate

If the SBM already has a certificate installed on it, you can use it.

C a u t i o n Do not use the self-signed installed at factory default. The certificate must meet these requirements:

It includes a private key—If it does not, you will not receive an error message, but your phone calls will fail.

The private key is marked as exportable—Otherwise, the Media Gateway will not be able to use the certificate and will fail to start.

The SBM’s FQDN is the CN portion of the certificate’s subject name and an alternate subject name—Otherwise, the Lync Server Front-End Server will fail to start or start and stop immediately.

The certificate is signed by a CA that is trusted in your domain.

1. In the Install Lync Certificates page, select Import Your Own Certificate.

2. Select the Select Certificate from SBM Local Store option.

2-45


Figure 2-30. Setup Wizard—Install Server Certificates > Import Your Own Certificate > Select Certificate from SBM Local Store

3. Select the certificate from the drop-down menu, which includes the certificates that are installed on the SBM. The Certificate Details section provides information about the certificate, which can help to verify that this certificate meets the requirements listed at the beginning of this section.

4. Click Select Local Certificate.


2-46





2-47

Complete the Setup WizardPSTN Configuration

PSTN Configuration

You have now successfully completed the initial Lync server setup. As a survivable branch solution, the SBM includes other components. In this page, you configure the built-in Media Gateway and establish a connection to your PSTN carrier.

Do not move on until you have completed the PSTN Setup Wizard and checked the Media Gateway status and channel status to verify that the PSTN connec-tion is up. (Completing advanced configuration is optional.)

Figure 2-32. Setup Wizard—PSTN Configuration Page

2-48


Complete the PSTN Setup Wizard

This section explains how to complete the wizard.

I m p o r t a n t You should take screen shots as you complete the wizard to document the configuration so that another user can reconfigure the system if the configu-ration should be corrupted or when the configuration is erased by a Media Gateway software update.

Below are basic guidelines for completing the wizard:

1. Click PSTN Setup Wizard.

Figure 2-33. Setup Wizard—Quick Setup Start Page

2. In the window that is displayed, click Next.

3. The Boards section is automatically populated with the telephony cards that you have installed. Select the check box for a board that you want to use.

2-49


4. The Interfaces section is automatically populated with an interface for each interface on the card. Select the check boxes for the interfaces that you want to use.

Make a note of the wanpipe ID for each interface; you might need this information later for troubleshooting.

5. If you have multiple telephony cards, you can select others and then select their interfaces.

N o t e When you select a second check box in the Select Boards section, you no longer see the interfaces for the first board in the Select Interfaces for Board section. However, the interfaces on the first board are still selected.

6. If you have only T1/E1 interfaces, move directly to the next step.

If you have FXS interfaces, you must fill in the Caller Name and Phone Number for each. (Refer to your PSTN carrier for the correct phone numbers.) Enter the full phone number, but not the E.164 number. For example, if the E.164 number is +19165555555, you must enter 19165555555.

Figure 2-34. Setup Wizard—Hardware Configuration Page

7. Click Next.

2-50


8. Select your country, which automatically configures the SBM to use the correct tones to detect dial tone, busy, and so forth.

Figure 2-35. Setup Wizard—Country Selection Page

9. Click Next.

Figure 2-36. Setup Wizard—PSTN Digital Configuration Page

10. You should have obtained the correct settings for your PSTN connections from your carrier. Select these values and click Next.

2-51


Table 2-3. Options for T1/E1 Digital Settings

11. For Transport, select the protocols that your data center contact told you to use for the Media Gateway’s (PSTN gateway’s) listening protocol. In Figure 2-37, the communications in question are marked with a 1. Valid options for a Lync solution include:

• TLS

This is the recommended setting for the sake of security because it encrypts communication. (It is also the default setting for survivable branch sites in the Lync Server topology builder.)

• TCP

12. The default ports for the protocol are displayed next to the check boxes. Only change these ports if your data center contact has told you to use special listening ports. The setting must match the PSTN server’s listening port as defined in the Lync topology.

Parameter T1 Line 1 T1 Line 2 T1 Line 3 T1 Line 4 E1 Line 1 E1 Line 2 E1 Line 3 E1 Line 4

Line coding ESF D4

ESF D4

ESF D4

ESF D4

CRC4 Non-CRC4

CRC4 Non-CRC4

CRC4 Non-CRC4

CRC4 Non-CRC4

Frame format

B8ZSAMI

B8ZSAMI

B8ZSAMI

B8ZSAMI

HDB3AMI

HDB3AMI

HDB3AMI

HDB3AMI

Switch type 4ESS 5ESSDMS100National ISDN (NI2)


4ESS 5ESSDMS100National ISDN(NI2)






2-52


Figure 2-37. Setup Wizard—SIP Configuration Page

13. You should typically leave the other settings at their defaults.

I m p o r t a n t The Media encryption level setting determines whether encryption is prohib-ited, allowed but not required (Support encryption), or required. The default setting, Support encryption, is recommended.

You can choose to require encryption if you want. However, you should be aware that this will prevent the PSTN test call, later in the wizard, from succeeding. You would need to skip that call and use the PSTN status messages and the Lync test call to verify that the PSTN connection is functioning correctly.

14. Click Next.

15. The protocol or protocols available in SIP Transport for outgoing calls depend on your selection on the previous page. If you selected one protocol only, you have only one choice. If you selected both UDP and TCP, you must now choose TCP (which is the transport protocol sup-ported by Lync).

16. For Primary SIP Server Address, type the SBM’s FQDN.

2-53


17. The Primary SIP Server Port has a default value based on the SIP protocol that you selected. Do not alter this automatic port setting unless explicitly told to do so by your data center contact. The setting must match the Mediation Server’s listening port as defined in the Lync topology.

18. If you want to enable failover to another Lync Server Mediation Server, select the Failover check box and follow these steps:

a. For Backup SIP Server Address, type the FQDN of the backup server.

b. For Backup SIP Server Port, type the port on which the Media Gateway sends traffic to the backup server.

c. For Failover timeout (seconds), type the number of seconds without a response from the Mediation Server before the Media Gateway con-siders it down.

Figure 2-38. Setup Wizard—Call Routing Configuration Page

19. The PSTN Outbound Number Mask is a regular expression that selects incoming phone numbers and maps all or part of the number to the dialed number in the outbound PSTN call.

2-54


The table displays the correct mask for two use cases. For more informa-tion about outbound masks, see “Background Information on PSTN Out-ward Number Masks” on page 2-57 at the end of this section.

Table 2-4. PSTN Outbound Number Mask

20. If your PSTN carrier has told you that it requires a prefix to be appended to dialed numbers, type that prefix in the PSTN Outbound Number Prefix field. Otherwise, leave the field empty.

21. For Country Code, type the correct code for your location.

22. Click Next.

Figure 2-39. Setup Wizard—Services Configuration Page

23. It is recommended that you leave both check boxes selected:

• Automatically start gateway at startup—The Media Gateway starts auto-matically when the SBM boots up. If you clear this check box, you must manually start the gateway through the Dashboard when the SBM reboots.

• Automatically restart gateway in case of failure

In other words, the Media Gateway automatically restarts if the Media Gateway (not one of its lines) undergoes an abnormal failure.

Use case Mask Examples of Incoming Numbers

Examples of Mapped Outbound Numbers

Select E.164 numbers and leave them as they are*Default setting

([\+]?[-\*\#\d]+) 123-456-7890+123-456-789012-34-5678#12-34-5678*

123-456-7890+123-456-789012-34-5678#12-34-5678*

Select E.164 numbers and remove the leading + (if any)

[\+]?([-\*\#\d]+) 123-456-7890+123-456-789012-34-5678#12-34-5678*

123-456-7890123-456-789012-34-5678#12-34-5678*

2-55


24. Click Save.

Figure 2-40. Setup Wizard—Post Quick Setup Script Window

25. After a moment, you will see the output for the execution of the settings that you configured. You should not see any errors.

Figure 2-41. Setup Wizard—Post Quick Setup Script Window

26. Click Next.

2-56


Figure 2-42. Setup Wizard—Quick Setup Complete Window

27. You have completed the configuration, but it does not apply until you restart the gateway. Click Restart Gateway to do so now.

If you click Finish, the configuration is saved, but you must restart the Media Gateway before you move on.

28. If you selected Restart Gateway, you will see messages about the status of the restart. In either case, you are moved to a window where you can check the gateway’s status.

2-57


Figure 2-43. Setup Wizard—Gateway Controls and Gateway Status Window

29. The gateway status is displayed in the lower pane. You can start, stop, and restart the gateway using the buttons in the Gateway Controls section.

The status automatically refreshes every five seconds. Refresh the status with the Refresh Gateway Status button.

30. To finish the PSTN Wizard, close the window using the X in the top right corner of the window. Move to “Connect to the PSTN Carrier” on page 2-59.

If the gateway will not start, see “Media Gateway Does Not Start” on page 2-64.

Background Information on PSTN Outward Number Masks

The outbound number mask is a regular expression that:

Selects incoming phone numbers based on specific criteria

Outputs all or part of the phone number as the dialed number in the outbound PSTN call

The mask as a whole selects incoming phone numbers. But the Media Gateway outputs only the portion of the mask that is within parentheses.

For example, examine the default PSTN outbound number mask:

([\+]?[-\*\#\d]+)

2-58


The first part of the expression, [\+]?, specifies that the incoming number may either begin with + or not. The next part of the expression, [-\*\#\d]+, specifies that the incoming number can include one or more of any of the following values in any order:

-

*

#

A digit (0 to 9)

For example, all of these incoming phone numbers match this regular expres-sion:

123-456-7890

+123-456-7890

12-34-5678

#12-34-5678

*

Because the parentheses surround the entire expression, the Media Gateway outputs the phone number exactly as it receives the number.

If you want select all incoming phone numbers, but remove a leading + when present, you would move the parentheses as follows:

[\+]?([-\*\#\d]+)

This mask selects the same phone numbers as the default mask (including both those with a leading + and those without). However, because the paren-theses exclude the part of the expression that selects the +, the Media Gateway removes the + in the outgoing number.

Next, examine another use case. You want to select numbers with a particular leading string, +123 or 123, and then to strip that string. You could use a mask such as this:

[\+]?123(([-\*\#\d]{7}+))

Note that this mask specifies the minimum number of digits that must be matched by [-\*\#\d] in the curly brackets. Thus it prevents the Media Gateway from mapping phone numbers that happen to match leading string within the phone number itself. The table below explains in more detail.

2-59


Table 2-5. PSTN Outbound Number Mask

Connect to the PSTN Carrier

Once the Media Gateway is running, connect your PSTN interface or interfaces to the carrier equipment. Use the standard cables specified for your card (refer to the installation guide for that card).

I m p o r t a n t On a T1/E1 card with multiple interfaces, the card uses the clock signal from the first interface (Port 1) to support echo cancellation. If this interface does not have an active T1/E1 circuit, the echo canceller uses a free-run clock that is not synchronized with the other T1/E1 interfaces. The echo canceller might not work properly, degrading the audio quality.

The interfaces on the cards are numbered from left to right. Therefore, to ensure high audio quality, always connect the left interface first. If you want multiple connections, you can then select any other interfaces.

Check Channel Status

Next check the channel status to verify that the PSTN circuits are up and ready for calls. In the PSTN Configuration page, click Channel Status.

Figure 2-44. Setup Wizard—PSTN Line Status Page

In the PSTN Line Status page, you see the status for each channel on each of your lines. The page is automatically refreshed every 30 seconds.

Click Legend to see the status indicated by various colors and letters.

Use case Mask Examples of Incoming Numbers

Examples of Mapped Outbound Numbers

Strip a leading string

[\+]?123(([-\*\#\d]{7}+)) 123456-78901234567890123-4567+123456-7890

456-78904567890Not matched456-7890

2-60


Because you have connected your interfaces to the PSTN, the channels for your lines should be blue and marked I (for Idle).

Alarms are indicated by orange channels and A. If you see alarms and the line is connected, read “Interface is Connected But the Line Has Alarms” on page 2-65.

N o t e The PSTN Line Status page provides some other options for managing the channels, which will be discussed in a later chapter.

Click the X in the top right corner to return to the Gateway Configuration page. If you do not need to troubleshoot or configure advanced settings, click Next and move to “Start the Lync Services” on page 2-69.

Advanced Configuration

You only need to click PSTN Configuration under Additional Configurations when you need to alter your PSTN settings or configure advanced settings.

Figure 2-45. Setup Wizard—Gateway Configuration Page > Additional Configurations Section

Advanced settings (which should generally only be configured by experienced technicians) include:

Physical configurations for each line (Physical Configuration > <line name>)

• Digital settings (established in the wizard)

• D channel settings for T1/E1 interfaces

• Analog settings for FXS\FXO interfaces

2-61


• Audio settings for FXS\FXO interfaces

• Echo cancellation settings

• Level control

• Background noise attenuation

• DTMF configuration

Call control settings:

• Hunt settings (Call Control > Channel Groups > <group name>)

• ISDN settings (Call Control > ISDN Configurations)

• Analog configurations (Call Control > Analog Configurations)

To configure settings for an interface, you must first add the board for its hardware card. Click the Boards folder and add the board. You must then assign a physical configuration to the interface:

1. Click the Physical Configurations folder and either select an existing con-figuration or create a new one.

2. Then click Add Board(s) and select the board.

Disable Echo Cancellation for Data Devices

If you are connecting a data device (such as a fax machine or modem) to an FXS port, you should follow these steps to disable echo cancellation:

1. Under Advanced, click PSTN Configuration.

Figure 2-46. Setup Wizard—PSTN Config Window

2. Click Physical Configurations and expand the folder.

2-62


3. You can either modify an existing analog configuration or create a new one specific for this interface. To create a new configuration:

a. Click Add Physical Config.

b. Select Analog.

c. Click Add.


4. Under Physical Configurations, select the analog configuration in which you want to disable echo cancellation.

5. In the right pane, select Echo Cancelation Configuration.

6. For Mode, select Disabled.

2-63



7. Click Assigned board(s) and, if necessary, move the interface that connects to the data device into the list of assigned interfaces. Click Save.

8. Click Save and close the PSTN Config window (click the X in the top right corner).

9. To apply your changes, you must restart the gateway. Click Stop under Media Gateway Status in the PSTN Configuration page. After the status indicates that the gateways has stopped, click Start.

When you have finished your configuration, move to “Place PSTN Call” on page 2-65.

2-64


Troubleshooting the PSTN Configuration

Read the appropriate section for the problem that you are experiencing:

“Media Gateway Does Not Start” on page 2-64

“Interface is Connected But the Line Has Alarms” on page 2-65

Media Gateway Does Not Start

The Media Gateway should start after you complete the PSTN Setup Wizard. If it fails to start, or starts and then immediately restarts, the configuration created in the wizard might not be valid. Run through the wizard again, verifying in particular that the phone numbers on your FXS interfaces and your outbound routing mask are valid.

To narrow down the problem, you can view the Media Gateway logs. Access the SBM via RDP. In the Start menu, expand Netborder Gateway. Click the link for the logs.

The sections below give more tips for troubleshooting the gateway. When the gateway is running, move to “Connect to the PSTN Carrier” on page 2-59.

Drivers. The incorrect drivers for your hardware can prevent the Media Gateway from starting or cause it to start and stop again. To check the driver code version, access the SBM via RDP, open a command prompt as an administrator, and enter this command:

wanpipemon -i <interface ID> -c xcv

N o t e See “Determine the Interface ID” on page 6-3 of Chapter 6: “Troubleshooting” if you do not know what ID to enter for the command.

I m p o r t a n t If you determine that you must update your drivers, make sure that the Media Gateway is stopped before you do so.

Certificate. If the private key in the Lync server certificate is not exportable, the Media Gateway will fail to start. You must obtain a certificate with an exportable key. To access the SBM certificate installation pages in the Setup Wizard, you click Next and Next again, but this requires you to skip the PSTN test call. The Lync test call later in the wizard tests both PSTN functionality and the Lync routing rules.

2-65

Complete the Setup WizardPlace PSTN Call

Interface is Connected But the Line Has Alarms

If you have connected an interface to your PSTN carrier, and it is displaying alarms, you must recheck your cables and settings, looking for errors. (Click Refresh after changing a cable to see the new status.)

You can obtain more information about the specific type of alarm or put the line in loopback by accessing the SBM via RDP and issuing wanpipemon commands. See Chapter 6: “Troubleshooting.”

If you determine that you need to change your PSTN settings, you can re-run the PSTN Setup wizard, which erases all current settings and requires you to configure them again. (See “Complete the PSTN Setup Wizard” on page 2-48.) Or you can click PSTN Configuration and alter the settings that you choose. (See “Advanced Configuration” on page 2-60.)

Place PSTN Call

You will now verify that the SBM can place calls to your PSTN carrier. In this test, the SBM places the call itself, testing only the PSTN line. For the test to be successful, someone must answer the phone call, so plan in advance who will be waiting for the call.

N o t e If, in the PSTN configuration, you chose to require encryption for SIP, you cannot place a PSTN test call. You have two choices:

Run the PSTN Setup Wizard and choose to support but not require encryption. Then complete the test call. After the call is successful, you can run the wizard again and choose to require encryption.

Skip the PSTN test call and only perform the Lync test call, which tests both the PSTN connection and the Lync routing rules. Click Next and move to “Start the Lync Services” on page 2-69.

1. Ensure that the Media Gateway is running by checking the Media Gateway Status section.

2. For the purposes of troubleshooting, you might want to log your test calls. If so, in the Troubleshoot PSTN Configuration section, click the Start button.

2-66


You can view the logs by clicking Call Logs link. In addition to viewing the logs in this window, you can download them. The logs are XPS files. Windows Vista, Windows 7, and Windows Server 2008 devices include a native XPS reader. When you click a file, it will open in Windows Explorer.

C a u t i o n Logging calls is processor intensive and will affect your SBM’s performance. Only use call logging for troubleshooting.

In addition, the HP SBM is capable of logging information that is considered private in some countries. Local privacy restrictions must be considered whenever logging is enabled. Access to log files should be carefully controlled. Additionally, captured log files should be modified to comply with local laws and your company’s privacy policy (for example, to remove private phone numbers and DTMF digits) before log files are transmitted to HP, Microsoft or any other external entity.

3. If you have multiple PSTN connections, disconnect all but one. You will test each line one at a time.

4. For Enter a Telephone Number, type a valid phone number. The field accepts digits and other symbols such as +, but the correct format of the number depends on your routing rules and your PSTN carrier.

5. Click Place Call beneath the number pad.

Figure 2-49. Setup Wizard—Place PSTN Call Page

2-67


6. If the call is successful, you will see the message in the figure below.

Figure 2-50. Setup Wizard—Place PSTN Call Page (Success)

7. You might want to place test calls to different numbers or to the same number entered in a different format to test your routing rules.

8. If you have multiple PSTN connections, disconnect the one that is currently connection and connect another one. Repeat step 4 on page 2-66 to step 7.

9. When you are done testing, click Stop next to Call Logging. Then click Next.

Troubleshoot Failed PSTN Calls

If any of your calls fail, use the links in the Troubleshoot PSTN Configuration. First click Channel Status and look for alarms.

Alarms

If you see an alarm, the PSTN line is experiencing a problem. The cable might be faulty or the interface’s settings incorrect.

You can find out the precise type of alarm by accessing the SBM via RDP and using wanpipemon commands. See Chapter 6: “Troubleshooting.” Based on the type of alarm, you can discover the probable misconfiguration (again, the appendix provides guidelines). To fix this problem, either:

Click PSTN Setup Wizard and run through the complete setup again. (See “Complete the PSTN Setup Wizard” on page 2-48.)

Click PSTN Configuration and alter just the misconfigured setting. (See “Advanced Configuration” on page 2-60.)

You might also try to use a different cable.

2-68


No Alarms

If the channel status is idle (or ringing during the call) as it should be, the problem might lie with the routing rules. Perhaps the call is not being selected for forwarding, or perhaps the Media Gateway is forwarding it with a format that your PSTN rejects.

To alter routing rules, click PSTN Routing Rules.

Figure 2-51. Setup Wizard—PSTN Routing Rules Page

You must enter the rules in the xml file that is displayed. You can use your browser’s find feature to move to the correct line for the rule that you want to edit. (See “Background Information on PSTN Outward Number Masks” on page 2-57 for information.)

Click the Validate button to check whether the xml data is valid. (This button is only available when the Media Gateway is running.) Note that the validation only checks whether the format is valid, not whether it will work in your environment. When you have finished changing the rules, click Submit Changes and close the window.

To clear all changes made since the changes were last submitted, click Clear Changes.

2-69

Complete the Setup WizardStart the Lync Services

Start the Lync Services

You will now start the Lync Server services. Click Start Lync Services.

Figure 2-52. Setup Wizard—Start Lync Services Page

This step might take a minute or so. Figure 2-53 displays the page after the process has completed successfully.

Figure 2-53. Setup Wizard—Start Lync Services Page (Success)

2-70

Complete the Setup WizardPlace Lync Test Call

Troubleshooting Starting the Services

The services that are starting are:

Lync Server Replica Replicator Agent (Replica)

Lync Server Front-End Server (RtcSrv)

Lync Server Mediation Server (RTCMEDSRV)

World Wide Web Publishing Service

If the services take too long to start, the Web server might time out. Close the browser, open it again, and navigate back to the SBM Setup Wizard. Log in as a domain user. You will be at this page; attempt to start the services again.

If this does not work, you can access the Services window through RDP (Start > Administrative Tools > Services). Then start the services listed above from there.

If the front-end server continues to fail to start, or starts and then stops, you might have a problem with the certificate. Verify that the certificate’s subject name has the SBM FQDN as the CN or that an alternate subject name specifies the FQDN, You can use the links at the bottom of the page to install a new certificate. See “Install Server Certificates” on page 2-32 for instructions.

Place Lync Test Call

In this page, you verify that the Lync server rules properly route calls through the SBM by making test calls as a Lync Server user. This test requires that:

A CS Health Monitoring configuration, which specifies the users that the SBM uses for the test calls, has been created for the SBM.

Routing and normalization have been configured for this SBM at the data center.

Follow these steps to place the test call:

1. For the purposes of troubleshooting, you might want to log your test calls. If so, in the Troubleshoot PSTN Configuration section, click the Start button next to Call Logging.

You can view the logs by clicking Call Logs link. In addition to viewing the logs in this window, you can download them. The logs are XPS files. Windows Vista, Windows 7, and Windows Server 2008 devices include a native XPS reader. When you click a file, it will open in Windows Explorer.

2-71


C a u t i o n Logging calls is processor intensive and will affect your SBM’s performance. Only use call logging for troubleshooting.

In addition, the HP SBM is capable of logging information that is considered private in some countries. Local privacy restrictions must be considered whenever logging is enabled. Access to log files should be carefully controlled. Additionally, captured log files should be modified to comply with local laws and your company’s privacy policy (for example, to remove private phone numbers and DTMF digits) before log files are transmitted to HP, Microsoft or any other external entity.

Figure 2-54. Setup Wizard—Place Lync Test Call

2. In the Phone Number field, type the phone number, keeping these guide-lines in mind:

• You should attempt to call numbers in your local area code to ensure that these calls are routed out the local PSTN connection.

• The format of the phone number depends on the Lync Server dial plans and routing configuration.

Your data center contact should tell you the format.

• You might need to use a fully qualified phone number, which consists of:

+[country code][area code][phone number]

For example: +15551234567

2-72


An actual phone call will be attempted. The target phone will ring and must be answered for the test to succeed. Therefore, you should select a number where someone is waiting to answer the call. Do not move on until a call succeeds.

Figure 2-55. Setup Wizard—Place Lync Test Call (Success)

3. After the call succeeds, click Stop next to Call Logging if you have enabled this feature.

4. Click Next and move to “Installation and Configuration Complete” on page 2-75.

Troubleshooting

If you see a message about no test user being available, a CS Administrator probably needs to run the New-CSHealthMonitoringConfiguration cmdlet. This cmdlet specifies the test user account that the SBM uses to place the call.

If you see a message about voice routing not being available for the test user, the data center engineer probably needs to set up the routing and normaliza-tion rules for the SBM.

If the call initiates, but the number is busy, you might have entered the wrong number.

Other problems might occur due to problems with your PSTN connection or routing rules.

2-73


Changing the PSTN Configuration

There are three links in Place Lync Test Call page that help you fine-tune your PSTN settings:

PSTN Setup Wizard

You can run the wizard again to reconfigure all of your settings.

PSTN Configuration

You can click this link to configure advanced settings. After you change the settings, restart the Media Gateway using the buttons in the Media Gateway section of the Place Lync Test Call page.

Channel Status

You can click this link to verify that your line is up.

Changing the Routing Rules

Sometimes the call fails because the topology does not provide the proper rules to route the test number through the SBM’s Media Gateway. Typically, the routing rules should be established at the data center and replicated on the SBM.

However, sometimes you must alter the rules on the SBM itself. For example, if your PSTN does not accept a leading + in the received calls, you must change the outbound number mask in your routing rules to remove that character.

To alter the rules, click the PSTN Routing Rules link.

You must enter the rules in the xml file that is displayed. You can use your browser’s find feature to move to the correct line for the rule that you want to edit. (See “Background Information on PSTN Outward Number Masks” on page 2-57 for information.)



2-74



2-75

Complete the Setup WizardInstallation and Configuration Complete

Installation and Configuration Complete

You have finished the Setup Wizard.

Figure 2-57. Setup Wizard—Installation & Configuration Complete Page

The Installation and Configuration Complete page displays the status for each of the services running on the SBM. You can use the buttons to start and stop these services.

2-76

Complete the Setup WizardInstallation and Configuration Complete

Table 2-6. Services

Click Finish Installation Process to launch the SBM dashboard, from which you will monitor the SBM and perform any ongoing maintenance tasks. For documentation of the dashboard, refer to Chapter 3: “Manage and Monitor the HP SBM Locally.”

Status Description

Lync Server Replica Replication Agent

The Replication Agent is responsible for receiving information about the Lync Server topology from the data center and updating the SBM accordingly.

Lync Server Front-End

SBM's Lync Server Front-End Server provides communication services for users assigned to its pool. It manages user registration and communications routing.

Lync Server Mediation

The interface between the SBM's Lync Server Front-End Server and its Media Gateway, the Mediation Server translates signaling and media in order to present VoIP calls received from the Lync server infrastructure in the proper format for the Media Gateway, and vice versa.

HP Extended Services Platform

The HP Extended Services Platform daemon (ESPd) manages communications between the SBM and the HP zl switch in which it is installed. It must always run because without it the SBM will fail.

HP SBM Product Application

This service manages the HP ONE-app OS for SBM. It should always be running (when it is stopped, you cannot access the SBM CLI).

HP Media Gateway The Media Gateway provides the connection to the PSTN carrier. It translates signaling and media in order to forward VoIP calls as PSTN calls and vice versa.

3-1

3

Manage and Monitor the HP SBM Locally

Contents

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3

Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3

Access the Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-3

Use the Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-4

Shut Down the SBM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5

Reboot the SBM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5

View System Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-5

Monitor the SBM’s Replication Status . . . . . . . . . . . . . . . . . . . . . . . . . . 3-6

View Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7

Monitor, Stop, and Start Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-7

Update Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-9

Configure Telephony Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10

PSTN Setup Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-10

PSTN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-11

PSTN Routing Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-11

Monitor and Troubleshoot PSTN Connections . . . . . . . . . . . . . . . . . . 3-13

View the Channel Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-14

Activate Call Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-15

Place PSTN Call . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-15

Place Lync Test Call . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-15

View Call Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-16

Remote Desktop Protocol (RDP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-17

Enable and Disable the Remote Desktop . . . . . . . . . . . . . . . . . . . . . . . 3-17

Use the Remote Desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-18

Event Viewer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-19

Log Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-20

Lync Server Management Shell . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22

3-2

Manage and Monitor the HP SBM LocallyContents

Media Gateway Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-22

Access the Setup Wizard or Dashboard . . . . . . . . . . . . . . . . . . . . 3-22

Back Up and Restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-23

Access with the services tech Command . . . . . . . . . . . . . . . . . . . . . . . . . . 3-24

SAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-24

HP SBM Recovery Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-27

Safe Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-27

Restoring and Replacing HP SBMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-29

Restore an HP SBM to Factory Default Settings . . . . . . . . . . . . . . . . . 3-29

Replace an HP SBM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-32

Change an HP SBM’s Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-33

3-3

Manage and Monitor the HP SBM LocallyOverview

Overview

You have several options for locally monitoring and maintaining the HP Surviv-able Branch Communication zl Module (SBM) powered by Microsoft LyncTM:

Dashboard—Provides a quick check on the SBM’s status and the status of its components; also allows you to reach configuration pages, start and stop services, install new certificates, and troubleshoot telephony.

Remote Desktop Protocol (RDP) to the SBM Windows Server 2008

R2 OS—Allows you to obtain more detailed information about the Lync Server and gateway services and to complete a wide array of tasks.

CLI access through the HP zl switch CLI—Provides access to CLI commands for the SBM ONE-App OS; typically, used for the initial setup.

Access through the HP zl switch services <slot ID> tech command—Gives pass-through access to the SBM; primarily intended for last-resort troubleshooting and resetting the SBM to factory default settings.

Dashboard

The SBM Dashboard provides a central location from which you can monitor the SBM and complete all normal ongoing maintenance tasks.

Access the Dashboard

After you complete the SBM Setup Wizard, you access the Dashboard in same way that you reached the Setup Wizard:,

In a Web browser on a management station, navigate to the SBM’s FQDN (or, less preferred, IP address)

Access the SBM via RDP, right-click the Manage HP SBM link on the Desktop, and select Run as administrator.

You must log in using the same domain credentials that were valid for the Setup Wizard. Valid users are domain users in the SBM’s local administrator groups, which by default include:

Domain Admins

RTCUniversalSBATechnicians

3-4

Manage and Monitor the HP SBM LocallyDashboard

Use the Dashboard

As you see, the Survivable Branch Module Dashboard divides into several sections, which provide information about the SBM’s services and status, help you troubleshoot the SBM and its PSTN configuration, and enable you to maintain the module.

Figure 3-1. Survivable Branch Module Dashboard

You can click the Refresh link in a specific section to receive up-to-date information for the fields in that section. You can click the arrow next to the section name to expand or collapse that section.

The sections that follow explain how to use the dashboard for several common tasks.

3-5


Shut Down the SBM

To shut down the SBM entirely, click Shutdown SBM in the System section of the Dashboard.

Shutting down the SBM stops all services and gracefully shuts down the SBM OS. The SBM remains shut down until you manually reboot it from the HP zl switch CLI (services e reload). If you have physical access to the HP zl switch with the SBM, you will see that all LEDs on the module are off when the SBM is shut down.

W a r n i n g Shutting down the SBM interrupts all voice services for users in the SBM’s pool.

Reboot the SBM

To reboot the SBM, click Reboot SBM in the System section of the Dashboard.

Rebooting the SBM stops all services and gracefully shuts down the SBM OS. The SBM then reboots. All services restart after the reboot, but the process can take several minutes.

W a r n i n g Rebooting the SBM interrupts all voice services for users in the SBM’s pool.

View System Logs

You can view system logs to look for causes of problems such as a service outage. Click SBM Logs in the System section of the Dashboard.

A window opens, which displays the folders that contain the SBM logs. You can browse the file structure in the left pane. You can use the link at the top to refresh the display.

When you click a filename in the left pane, the contents of the file are displayed in the right pane (for log files smaller that 5 MB). Use the top pane to adjust the display. You can also click download to save the file to your management station.

3-6


Figure 3-2. SBM Logs

To close the window, click the X in the top right corner.

Monitor the SBM’s Replication Status

View the Replication section to determine whether the SBM has successfully replicated the latest Lync topology. Table 3-1 describes the fields.

If the status is not up-to-date, you can click Initiate Replication Process. You might also click this link if you know that the Lync topology has been altered, and you do not want to wait for the SBM’s Replica agent to automatically query for the new topology.

3-7


Table 3-1. Replication Status Fields

View Users

The Number of Registered Users in Lync Server Pool section displays the number of users who have registered to the SBM’s pool (not the number currently placing calls).

Monitor, Stop, and Start Services

The Services section displays the status for the services that run on the SBM. In normal operation, all services should be running.


Status Description

Up-to-Date True or False—Whether the SBM’s current topology (as stored on the Central Management store) is replicated to the SBM*Should typically be True

Last Creation Time The time and date when the SBM’s topology was last changed

Last Creation Report Time The time and date for the last creation report

3-8


Table 3-2. Services

The services can be stopped and started by clicking the buttons next to them. Note that it might appear as if the start or stop pending status remains for a long time because the Dashboard has not yet refreshed. To check the new status more quickly, click the Refresh link.

W a r n i n g Stopping the Lync Server Front-End, HP Media Gateway, and Mediation Gateway will interrupt voice services for branch office users.

Stopping the HP Extended Services Platform prevents the SBM from commu-nicating with the HP zl switch in which it is installed, causing it to fail.

It is also recommended that you always leave the HP SBM Product Application running. This service is required for the CLI, Setup Wizard, and Dashboard to function correctly. You should only stop and restart it for troubleshooting purposes.

Status Description

Lync Server Replica Replication Agent

The Replication Agent is responsible for receiving information about the Lync Server topology from the data center and updating the SBM accordingly.

Lync Server Front-End

SBM's Lync Server Front-End Server provides communication services for users assigned to its pool. It manages user registration and communications routing.

Lync Server Mediation

The interface between the SBM's Lync Server Front-End Server and its Media Gateway, the Mediation Server translates signaling and media in order to present VoIP calls received from the Lync server infrastructure in the proper format for the Media Gateway, and vice versa.

HP Extended Services Platform

The HP Extended Services Platform daemon (ESPd) manages communications between the SBM and the HP zl switch in which it is installed. It must always run because without it the SBM will fail.

HP SBM Product Application

This service manages the HP ONE-app OS for SBM. It should always be running (when it is stopped, you cannot access the SBM CLI).

HP Media Gateway The Media Gateway provides the connection to the PSTN carrier. It translates signaling and media in order to forward VoIP calls as PSTN calls and vice versa.

3-9


Update Certificates

Because the SBM requires a valid certificate to operate, you must update the certificate before it expires. Similarly, you must update its CA certificate before it expires. You can update the certificates from the Dashboard.

I m p o r t a n t After you update the certificate, the Media Gateway will automatically restart, which causes a temporary PSTN outage for the voice calls. Therefore, you must schedule an outage for the certificate installation.

The Dashboard provides the same options for installing certificates as the Setup Wizard. For guidelines on selecting and completing one of these options, see “Select the Option for Installing the Certificate” on page 2-33 Chapter 2: “Complete the Setup Wizard.”

For instructions on updating the CA certificate, see “Import the Certificate Chain” on page 2-32 on Chapter 2: “Complete the Setup Wizard.”

N o t e If you choose to create a certificate request to submit to a CA, you complete the first part of the process, creating the request, without disrupting the voice services. Schedule the outage for when you install the signed certificate.

3-10


Configure Telephony Settings

You can modify your PSTN configurations, redo your configurations after a software update, or create new configurations from the Dashboard.


PSTN Setup Wizard

The PSTN Setup Wizard helps you to set up a complete configuration, includ-ing country code, E1/T1 settings, SIP configuration, and routing rules, for an interface or interfaces. It erases all existing settings on all interfaces (not only

those that you select in the wizard); it then applies the new settings to the interfaces that you select. For instructions, see “Complete the PSTN Setup Wizard” on page 2-48 of Chapter 2: “Complete the Setup Wizard.”

3-11


PSTN Configuration

In the PSTN Configuration windows, you can configure any PSTN-related setting. You should select the PSTN Configuration link when you need to:

Modify just one PSTN setting without going through the complete wizard

Configure advanced PSTN and call control settings, including:

• Physical configurations for each line (Physical Configuration > <line name>)– Digital settings (established in the wizard)– D channel settings for T1/E1 interfaces– Analog settings for FXS\FXO interfaces– Audio settings for FXS\FXO interfaces– Echo cancellation settings– Level control– Background noise attenuation– DTMF configuration

• Call control settings:– Hunt settings (Call Control > Channel Groups > <group name>)– ISDN settings (Call Control > ISDN Configurations)– Analog configurations (Call Control > Analog Configurations)

PSTN Routing Rules

Ideally, the routing rules that are obtained from the replicated Lync topology will route traffic properly to the PSTN carrier. However, you must sometimes add rules to the Media Gateway—most commonly because Lync always adds a leading +, but some PSTN carriers do not accept this character. Other examples exist; whatever your reason for altering the rules, you can do so by clicking PSTN Routing Rules in the Telephony Configuration section of the Dash-board.

The complete routing rules configuration is displayed.

3-12



You must enter the rules in an xml file. You can use your browser’s find feature to move to the correct line for the rule that you want to edit. (See “Background Information on PSTN Outward Number Masks” on page 2-57 of Chapter 2: “Complete the Setup Wizard“ for information.)



3-13


Monitor and Troubleshoot PSTN Connections

The Telephony Diagnostics section helps you to troubleshoot your PSTN connections.


First, however, you should view the HP Media Gateway status in the Services section. If the gateway is stopped, certain diagnostics will not work; you cannot view the channel status nor enable call logging. Click the service’s Start button to bring the gateway back up. If this attempt fails, the gateway probably does not have a valid configuration. You can check the routing rules (see “PSTN Routing Rules” on page 3-11) or run the complete PSTN Setup wizard (“PSTN Setup Wizard” on page 3-10). The Media Gateway also requires a valid certifi-cate with an exportable private key (see “Update Certificates” on page 3-9).

Once the Media Gateway is up, you can use the links in the Telephony Diagnos-tics section to monitor and troubleshoot.

3-14


View the Channel Status

You can click Channel Status to view information about the current status of your PSTN connections.

Figure 3-7. Dashboard—PSTN Line Status Window

In the PSTN Line Status window, you see the status for each channel on each of your lines. The window is automatically refreshed every 30 seconds.

Click Legend to see the status indicated by various colors and letters.

If you have connected your interfaces to the PSTN, the channels for your lines should be blue and marked I (for Idle). Of course, if the channel is in use, you will see a status such as C for connected or R for ringing. You can monitor the number of channels in use at various times of the day and week to determine whether you might need more interfaces.

If you see orange channels and A for Alarmed (and the interface is connected), the line is experiencing a problem. You might try to swap out the cable. Click Refresh after changing a cable to see the new status.

You can find out the precise type of alarm by accessing the SBM via RDP and using wanpipemon commands. See Chapter 6: “Troubleshooting.” Based on the type of alarm, you can discover the probable misconfiguration (again, the appendix provides guidelines). Use the Telephony Configuration section of the Dashboard to correct the configuration.

You can click Quiesce to shut down a line gracefully (it stops accepting new calls and shuts down after the last call completes).

3-15


Activate Call Logging

If you are having trouble with PSTN calls, you might want to activate call logging to see where the problem occurs—whether the call is being routed correctly through the Media Gateway, whether the call is initiating, whether the call is being assigned a channel, and so forth.

C a u t i o n Activating call logging can negatively affect the Media Gateway’s perfor-mance. You should only enable it when necessary and disable it as soon as you are done troubleshooting.

In addition, the HP-SBM is capable of logging information that is considered private in some countries. Local privacy restrictions must be considered whenever logging is enabled. Access to log files should be carefully controlled. Additionally, captured log files should be modified to comply with local laws and your company’s privacy policy (for example, to remove private phone numbers and DTMF digits) before log files are transmitted to HP, Microsoft or any other external entity.

The box immediately to the right of Call Logging in the Telephony section reports whether this feature is on or off (green for off because this is the desired status during normal operation and red for on).

To enable call logging, click Start. Then place test calls (see the sections below). After placing the calls, you can view the call logs to look for the problem (see “View Call Logs” on page 3-16). Remember to click Stop next to Call Logging to disable this feature after you have finished troubleshooting.

Place PSTN Call

In a PSTN test call, the SBM itself makes a call to the PSTN. This tests verifies that the PSTN connection is up and functioning correctly. To run this test, click Place PSTN Call in the Telephony section of the Dashboard. For guidelines, see “Place PSTN Call” on page 2-65 of Chapter 2: “Complete the Setup Wizard.”

Place Lync Test Call

When you place a Lync Test Call, the SBM uses a test user account to place a call through the PSTN. This test verifies the Lync configuration as well as the PSTN configuration.

To run this test, click Place Lync Test Call in the Telephony section of the Dashboard. For guidelines, see “Place Lync Test Call” on page 2-70 of Chapter 2: “Complete the Setup Wizard.”

3-16


N o t e As in the test call issued by the Setup Wizard, the SBM requires a Lync Server Health Monitoring pool configured for it with two valid accounts for users in its pool.

View Call Logs

Click PSTN Call Logs in the Telephony section of the Dashboard to open a window that displays the logs generated for calls while the call logging feature was enabled.

Figure 3-8. PSTN Call Logs

A window opens, which displays the folders that contain the call logs. You can browse the file structure in the left pane. You can use the link at the top to refresh the display.

When you click a filename in the left pane, the contents of the file are displayed in the right pane (for log files smaller that 5 MB). Use the top pane to adjust the display. You can also click download to save the file to your management station.

3-17

Manage and Monitor the HP SBM LocallyRemote Desktop Protocol (RDP)

C a u t i o n The HP SBM is capable of logging information that is considered private in some countries. Although it does not do so by default, you might have enabled it so do so. Access to log files should be carefully controlled. Additionally, captured log files should be modified to comply with local laws and your company’s privacy policy (for example, to remove private phone numbers and DTMF digits) before log files are transmitted to HP, Microsoft or any other external entity.

Remote Desktop Protocol (RDP)

You can obtain more detailed information about the Lync services and the Media Gateway by accessing the remote desktop of the SBM Windows Server 2008 R2. You will be prompted to log in, which you should generally do as a domain user with administrative rights to the SBM. In some circumstances, you can log in as the local administrator.

Enable and Disable the Remote Desktop

Remote Desktop connections to the SBM are enabled by default. But if you need to reenable (or disable) this feature, follow these steps:

1. Open a CLI management session with the HP zl switch.

2. Access the SBM Product OS:

For example:

hostzlswitch# services c 2

Syntax: services <slot-ID> <index number>

Replace <slot-ID> with the letter of the lower chassis slot in

which the SBM is installed.

Replace <index number> with the index number for the

SBM. (If you do not know, enter the show services com-

mand and look for the Survivable Branch Module - Micro-

soft service.)

3-18


3. Log in to Windows:

hostzlswitch(hp-sbm-branch-C)# windows Administrator

When prompted for a password, enter the password that you set for the local Administrator.

Alternatively, you can log in as a domain user:

hostzlswitch(hp-sbm-branch-C)# windows <domain user>

When prompted, type the user’s password.

4. Activate the remote desktop:

hostzlswitch(hp-sbm-branch-C:win)# remote-desktop

To disable the remote desktop, enter this command:

hostzlswitch(hp-sbm-branch-C:win)# no remote-desktop

Use the Remote Desktop

All typical Windows tools are available from the Remote Desktop. A few of these tools are briefly discussed in the sections below. This information is intended to give you an idea of some of the tasks that you can complete and is in no way intended as comprehensive. Refer to Microsoft documentation for information about managing Windows Server 2008 R2.

Whatever task you perform, it is best practice to run all commands and programs as an administrator. For example, CS commands must be run as an administrator. Therefore, when you open the Lync Server Management Shell, right-click and select Run as administrator.

3-19


Figure 3-9. Remote Desktop—Run as Administrator

Event Viewer

One useful tool is the Event Viewer, which you can access from Start > Administrative Tools > Event Viewer. You can also open the Server Manager and expand Diagnostics.

3-20


Figure 3-10. Remote Desktop—Server Manager > Diagnostics > Event Viewer

As you see, you can expand several folders to view different messages. For example, you can find messages related to the following services by expanding the following folders:

Lync server—Applications and Services > Lync Server ONE—Applications and Services > HP SBM

Media Gateway—Windows Logs > System

The Windows Logs > Administration folder might also include useful messages.

Log Messages

The Setup Wizard will sometimes display an error message that indicate a log file in which more details are stored. You can navigate to the file indicated, view it, or copy it to a USB device. You can then troubleshoot the problem. Similarly, you can use log messages for ongoing troubleshooting and monitoring.

3-21


N o t e The HP SBM is capable of logging information that is considered private in some countries. No private information is logged by default, but local privacy restrictions must be considered whenever logging is enabled. Access to log files should be carefully controlled. Additionally, captured log files should be modified to comply with local laws and your company’s privacy policy (for example, to remove private phone numbers and DTMF digits) before log files are transmitted to HP, Microsoft or any other external entity.

The figure below shows the C:\Windows\Temp folder, where log files are saved as you complete the Setup Wizard.

Figure 3-11. Remote Desktop—C:\Windows\Temp Folder

3-22


Lync Server Management Shell

The Lync Server Management Shell, which you can use to manually enter CS cmdlets, is pinned to the Start menu. Remember to run the shell as an administrator.

To obtain a list of commands, use the get-command cmdlet. You can narrow your search by adding character strings and wildcards. For example, enter:

get-command *pstn*

To see the syntax, usage, and sometimes examples for a command, enter:

get-help <command>

Refer to Microsoft documentation for CS cmdlets. Note that you might not be able to use some cmdlets depending on your domain membership.

Media Gateway Commands

You can enter several commands to monitor and maintain the SBM’s Media Gateway. Chapter 6: “Troubleshooting” describes several useful ones.

Access the Setup Wizard or Dashboard

The Manage HP SBM shortcut on the desktop opens either the Setup Wizard, if you have not yet completed it, or the Dashboard. The first time that you click the shortcut, you might be prompted to add about:blank to your trusted sites; do so. (Also, if prompted that you are going to view pages over a secure connection, click OK.)

You should use the desktop shortcut to open the wizard or Dashboard rather than opening IE and accessing the SBM’s hostname. If you do use IE, follow these tips:

As with all applications, open IE by right-clicking and selecting Run as administrator.

Access the Setup Wizard or Dashboard at https://localhost rather than at the SBM’s hostname. If you do enter the hostname, you will have to add it to your trusted sites.

3-23


Back Up and Restore

You can backup and restore your system using the Windows Server Backup feature, which is installed on the SBM at the factory default settings and accessible from the Administrative Tools. This feature supports both local and remote backups.

Refer to Microsoft documentation for information on using this tool to backup and restore the system.

Figure 3-12. Remote Desktop—Windows Server Backup

3-24

Manage and Monitor the HP SBM LocallyAccess with the services tech Command

Access with the services tech Command

The following HP zl switch command gives you pass through access to the OS running on the SBM:

hostzlswitch(config)# services <slot ID> tech

Note that the command must be entered from the switch’s global configuration mode.

If you enter this command while the SBM is booting, you can monitor the bootup process.If the SBM was not shutdown before the reboot, you will have the option to boot it in Safe Mode.

After SBM is booted (whether or not in Safe Mode), you are placed in the Special Administration Console (SAC). However, if the boot fails, you will see the HP SBM Recovery Menu instead.

SAC

The SAC provides several commands to help you to recover the SBM and to manage it remotely in a situation in which typical means of access have failed.

To access the SAC, enter this command from the global configuration mode context of the HP zl switch CLI:

For example:

hostzlswitch(config)# services c tech

If the SBM is in the process of booting, the management session might hang. Wait. As the SBM reboots, messages will begin to be displayed. If the SBM is running, press [Enter] until you see the SAC prompt.

Enter help or ? to see a list of available commands.

Syntax: services <slot ID> tech

Replace <slot ID> with the ID for the lower slot in which the

SBM is installed.

3-25


Figure 3-13. SAC—help command

You can exit the SAC at any time and return to the HP zl switch CLI by pressing [Ctrl][Z].

If you want to access the Windows command prompt, follow these steps:

1. Activate the Windows Server 2008 R2 command prompt:

SAC> cmd

The command prompt is assigned to a channel, and the channel’s name and number are displayed.

2. Access the command prompt channel:

SAC> ch -si <channel number>

For example:

SAC> ch -si 1

You should see that you are entering the command prompt channel.

3-26


Figure 3-14. SAC—CMD Prompt Channel

3. Press [Spacebar].

4. When prompted, log in with your credentials.

5. To return to the SAC, press Press [Esc] + [Tab] + [0].

6. You should see that you are entering the SAC channel.

Figure 3-15. SAC—SAC Channel


3-27


HP SBM Recovery Menu

The SBM supports a Recovery Menu that enables you to revert to factory default settings.

The SBM automatically boots to the Recovery Menu if it fails to boot the OS. You can also force the SBM to boot to this menu by accessing the SBM’s command prompt via RDP, entering reagentc /boottore, and rebooting the SBM. After the SBM boots, enter the services <slot ID> tech command from the HP zl switch CLI; you will be placed in the Recovery Menu.

I m p o r t a n t You must follow a set procedure for setting the SBM to factory default settings, which involves actions at the data center. See “Restore an HP SBM to Factory Default Settings” on page 3-29.

Safe Mode

Like any Windows Server 2008 R2, when the SBM reloads without having been shut down, it presents the option to boot in Safe Mode. To see this option, you must monitor the bootup using the services <slot ID> tech command. Follow these steps:

1. Open a management session with in HP zl switch CLI.

2. Move to the global configuration mode.


3. If the SBM is not already rebooting, reboot it now:


For example:


Syntax: services <slot ID> reload


SBM is installed.



SBM is installed.

3-28


5. As the SBM reboots, messages will be displayed. You will see the Safe Mode options.

Figure 3-16. Safe Mode Options

6. Use the arrow keys to select an option and press [Enter] to confirm.

These options remain for 30 seconds. If you do nothing, the SBM boots normally.

After the SBM boots up, you will see the SAC prompt.

3-29

Manage and Monitor the HP SBM LocallyRestoring and Replacing HP SBMs

Restoring and Replacing HP SBMs

You must follow a set procedure to restore an SBM to factory default settings, install a replacement SBM, or change the SBM’s name. Each procedure requires Domain or Enterprise Admins and CS Administrators to complete some tasks, so you must share these instructions with them.

Restore an HP SBM to Factory Default Settings

Restoring an HP SBM to factory default settings returns it to the image and settings that it supported when it shipped from the factory. If you have applied any updates to the SBM, you must reapply the updates after you restore the SBM. Make sure that you have the update installer archived to a location off the SBM before you begin the factory reset process.

You must follow this procedure:

1. Stop all Lync Server 2010 services on the SBM:

a. Access the SBM Dashboard by browsing to its FQDN or by accessing the SBM via RDP and clicking Manage HP SBM on the Desktop.

b. In the Services section, click Stop next to Lync Server Front-End, Lync Server Mediation, and Lync Server Replica Replication Agent.

N o t e If you cannot access the SBM to complete this or the next steps, you can simply move to step 3.

2. Remove the SBM from the domain (recommended). Use the standard Windows procedure to complete this step:

a. Access the SBM via RDP.

b. Access the System Properties window (Control Panel > System > See this computer’s name > Advanced system settings > Computer Name).

c. Place the SBM in a workgroup.

d. Click OK in both windows and reboot the SBM.

3-30


3. Reset the SBM to factory default settings:

a. If you are resetting the SBM because its OS has failed to load, the Recovery Console is already active. Start at step i on page 3-30.

Otherwise, you can start the console manually. Access the SBM’s command prompt in one of two ways:– Use the services <slot ID> tech command from the host zl switch

CLI to access the SAC. Then create a command prompt channel and enter that channel. See “SAC” on page 3-24.

– Access the SBM via RDP (see “Remote Desktop Protocol (RDP)” on page 3-17). Then open a command prompt, running the com-mand as an administrator.

b. Enter this command to configure the SBM to boot to the recovery console:

reagentc /boottore

c. Enter this command to restart the SBM:

shutdown /r /d 4:1

d. Wait a few moments. The SBM will then shutdown. The next steps depend on how you accessed the command prompt:– From the SAC—You will be returned to the SAC and warned

that the system is about to shutdown. Wait. As the SBM reboots, messages will be displayed.

– Via RDP—You will lose your RDP connection. Follow these steps:

i. Open a CLI management session with the HP zl switch in which the SBM is installed.

ii. Move to the global configuration mode.

hostzlswitch# configiii. Enter this command:

For example:

hostzlswitch(config)# services c techiv. If the SBM has not yet rebooted, the management session will

hang. Wait. As the SBM reboots, messages will be displayed.



SBM is installed.

3-31


Figure 3-17. HP SBM Recovery Menu

e. When the Recovery Menu in displayed, enter R to restore the factory default settings.

f. Press [y] to confirm that you want to reimage the SBM, returning it to its factory state.

g. The restoration takes about twenty minutes. You can exit the Recov-ery Menu at any time by pressing [Ctrl][Z].

4. A Domain or Enterprise Admin must complete this and the next two steps. He or she must do so before you attempt to configure the SBM again.

First, delete the SBM’s computer account from Active Directory:

a. Log on to a controller member server as a member of the appropriate group.

b. Open the Active Directory Users and Computers window (click Start > Administrative Tools > Active Directory Users and Computers).

c. Expand your domain and select the Computers folder. Right-click the SBM object and select Delete.

5. Add the SBM computer object again using the same name. Also remember to set the SPN to HOST/<SBM FQDN>. (See Appendix A: “Ready the Data Center for an SBM Deployment.”)

6. Wait for Active Directory replication to take place.

3-32


7. An Enterprise Admin or CS Administrator must complete the next step, which is enabling the topology. Do not skip this important step, which adds the proper groups and properties to the SBM computer object:


b. Enter Enable-CsTopology.

8. By now, the SBM should be returned to factory default settings. If you have any updates that you applied to the SBM, you must reinstall these updates. See the HP Survivable Branch Communication zl Module

powered by Microsoft LyncTMInstallation and Getting Started Guide if you need help accessing the SBM initially. Then see Chapter 5: “Manage Updates.”

9. Complete the Setup Wizard. (See Chapter 1: “Introduction“ and Chapter 2: “Complete the Setup Wizard.”)

Replace an HP SBM

If you need to replace your HP SBM with another SBM, you must follow this procedure:




N o t e If you cannot access the SBM to complete this or the next step, you can simply move to step 3.

2. Remove the SBM from the domain (recommended). Use the standard procedure to complete this step:

a. Access the SBM via RDP.

b. Access the System Properties window (Control Panel > System > See this computer’s name > Advanced system settings > Computer Name).

c. Place the SBM in a workgroup.

d. Click OK in both windows and reboot the SBM.

3-33


3. A Domain or Enterprise Admin must complete this and the next two steps. First, delete the SBM’s computer account from Active Directory:

a. Log on to a controller member server as a member of the appropriate group.


c. Expand the domain and select the Computers folder. Right-click the SBM object and select Delete.

4. Add the SBM computer object again using the same name. Also remember to set the SPN to HOST/<SBM FQDN>.(See Appendix A: “Ready the Data Center for an SBM Deployment.”)

5. Wait for Active Directory replication to take place.

6. An Enterprise Admin or CS Administrator must complete the next step, which is enabling the topology. Do not skip this important step, which adds the proper groups and properties to the SBM computer object:


b. Enter Enable-CSTopology.

7. Install the new SBM and complete the Setup Wizard. (See the HP Surviv-

able Branch Communication zl Module powered by Microsoft LyncTM

Installation and Getting Started Guide and Chapter 1: “Introduction“ and Chapter 2: “Complete the Setup Wizard“ of this guide.)

Change an HP SBM’s Name

You cannot simply change the HP SBM’s name locally; the data center engi-neers must carefully remove the old name from the domain and Lync Server topology and add the new one.

In addition, you must reset the SBM to factory defaults. Restoring an HP SBM to factory default settings returns it to the image and settings that it supported when it shipped from the factory. If you have applied any updates to the SBM, you must reapply the updates after you restore the SBM. Make sure that you have the update installer archived to a location off the SBM before you begin the factory reset process.

3-34


Follow these steps:

1. First move the branch Lync Server users to the central site. This step must be completed by a CS User Administrator or CS Administrator.

This step can be completed from the Lync Server Control Panel or Lync Server Management Shell. See the Microsoft documentation for instructions.

2. A CS Administrator must also remove the SBM as the PSTN gateway for any voice routes.

Again see Microsoft documentation for instructions.




4. A user with the correct privileges (for example, RTCUniversalServerAd-mins) must remove the SBM from the topology by following these steps:

a. Open the Lync Topology Builder. (Click Start > All Program. > Microsoft Lync Server 2010 (Beta) > Lync Server Topology Builder.)

b. In the console tree, expand the Branch Office folder and the SBM’s site. Then expand Survivable Branch Servers. Click the SBM and then click Delete on the Action pane.

c. In the console tree, click Lync Server 2010 at the top level. Click Publish Topology on the Action pane. Follow the prompts in the Pub-lishing wizard.

5. A Domain or Enterprise Admin must complete this step, which is deleting the SBM’s computer account from Active Directory:

a. Log on to a controller member server as a member of the appropriate groups.


c. Expand your domain and select the Computers folder. Right-click the SBM object and select Delete.

d. Confirm the deletion.

3-35


6. Restore the SBM to factory defaults:

a. Access the SBM’s command prompt in one of two ways:– Use the services <slot ID> tech command from the host zl switch

CLI to access the SAC. Then create a command prompt channel and enter that channel. See “SAC” on page 3-24.

– Access the SBM via RDP (see “Remote Desktop Protocol (RDP)” on page 3-17). Then open a command prompt, running it as an administrator.

b. Enter this command to configure the SBM to boot to the recovery console:

reagentc /boottore

c. Enter this command to restart the SBM:

shutdown /r /d 4:1

d. Wait a few moments. The SBM will then shutdown. The next steps depend on how you accessed the command prompt:– From the SAC—You will be returned to the SAC and warned

that the system is about to shutdown. Wait. As the SBM reboots, messages will be displayed.

– Via RDP—Follow these steps:i. You will lose your RDP connection. Open a management session

with in HP zl switch CLI.ii. Move to the global configuration mode.

hostzlswitch# configiii. Enter this command:

For example:




SBM is installed.

3-36


iv. If the SBM has not yet rebooted, the management session will hang. Wait. As the SBM reboots, messages will be displayed.

Figure 3-18. HP SBM Recovery Menu

e. When the Recovery Menu is displayed, enter R to restore the factory default settings.

f. Press [y] to confirm that you want to reimage the SBM, returning it to its factory state.

g. The restoration takes about twenty minutes. You. can exit the Recov-ery Menu at any time by pressing [Ctrl][Z].

7. Before you set up the SBM again, the data center engineers must prepare the SBM deployment using the new name, including adding the SBM computer object, defining its SPN, adding the SBM to the Lync Server topology, publishing and enabling the topology, and assigning users, routing rules, and normalization rules to the SBM. They should refer to Appendix A: “Ready the Data Center for an SBM Deployment” and the appropriate Microsoft documentation.

8. By now, the SBM should be returned to factory default settings. If you have any updates that you applied to the SBM, you must reinstall these updates. See the HP Survivable Branch Communication zl Module

powered by Microsoft LyncTM Installation and Getting Started Guide if you need help accessing the SBM initially. Then see Chapter 5: “Manage Updates.”

9. Complete the Setup Wizard. (See Chapter 1: “Introduction“ and Chapter 2: “Complete the Setup Wizard.”)

4-1

4

Support Remote Monitoring

Contents

Supported Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2

Ensuring Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3

SNMP MIBs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3

Microsoft/Windows OS MIBs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3

Intel NIC MIBs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3

Media Gateway MIBs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-4

4-2

Support Remote MonitoringSupported Solutions

Supported Solutions

Many organizations have centralized solutions for monitoring and managing network assets such as the HP Survivable Branch Communication zl Module (SBM) powered by Microsoft LyncTM. You can monitor the SBM remotely using one or more of these supported remote monitoring tools:

■ OpenView Agent

■ SNMP server

■ Syslog server

■ Microsoft Operations Monitor Agent

You should refer to the documentation for your tool.

The data center engineers can also monitor and manage the SBM using the Microsoft Lync Server tools such as:

■ Lync Server Control Panel—A GUI in which various Lync administrators can complete tasks such as:

• Monitor Lync Servers and PSTN gateways

• Manage users

• Create voice policies, routing rules, and normalization rules

■ Lync Server Topology Builder—A GUI in which Lync administrators define sites and their resources, including the survivable branch sites. The SBM uses the published topology to determine which services it provides, where to contact other servers for other services, and so forth.

■ Lync Server Management Shell—This shell provides many cumulates to manage the Lync solution.

Lync Server 2010 features role based access control (RBAC), so the engineers must have the correct group assignment to complete various tasks. They should refer to Microsoft documentation for guidelines on RBAC as well as for instructions on using the tools.

4-3

Support Remote MonitoringSNMP MIBs

Ensuring Support

You do not need to complete any extra configuration on the SBM to enable it to work with the supported monitoring solutions. However, if your solution relies on SNMP, the SNMP server requires the proper MIBs (see “SNMP MIBs” on page 4-3).

In addition, someone must verify that any firewalls between the SBM and the remote solution permit the appropriate traffic.

Finally, the SBM has also had its security hardened in a number of ways. Your solution engineer should check the Appendix B: “HP SBM Security Hardening” for a list of the actions that have been taken and, if necessary, adjust settings to ensure that your company’s solution can monitor the SBM.

SNMP MIBs

Verify that your SNMP solution has the correct MIBs for your SBM. The SBM supports the following MIBs:

■ Microsoft/Windows OS MIBs

■ Intel NIC MIBs

■ Media Gateway MIBs

The sections below explain where you can obtain the appropriate MIBs.

Microsoft/Windows OS MIBs

You can find the Microsoft Windows OS MIBs on the SBM by accessing it using Remote Desktop Protocol (RDP). They are stored in the C:\Win-dows\System32 directory. You can identify them by the .mib file extension.

Microsoft might offer updates for these MIBs; refer to Microsoft for more information.

Intel NIC MIBs

The current version for these MIBs in 15.5 (14.7 or later is supported). You can obtain these MIBs (as well as updates for MIBs should the Intel driver be updated) from Intel’s website. Look for and download the Ethernet Connec-tions CD; the MIBs are typically contained in the APPS\SNMP\MIB folder of that download.

4-4

Support Remote MonitoringSNMP MIBs

Media Gateway MIBs

The SBM also has MIBs for its Media Gateway, which are stored in the SBM’s hard drive in the C:\Program Files\Hewlett-Packard\SIP-PSTN Gateway\con-fig\mibs directory. (You can access this directory using RDP.) These MIB files have a .txt extension.

The Media Gateway uses these MIBs:

■ SANGOMA-IF-MIB

■ GW-CALL-STATS-MIB

■ SANGOMA-IF-DECLARATION-MIB

The other files that you see are necessary for those MIBs to function.

If you update your Media Gateway software, check this directory for updates to the MIBs.

5-1

5

Manage Updates

Contents

Install Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2

Patches and Hotfixes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-4

Driver Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5

5-2

Manage UpdatesInstall Updates

Install Updates

To update the software of the HP Survivable Branch Communication zl Module (SBM) powered by Microsoft LyncTM, you will receive an installer file, which you run in a Remote Desktop Protocol (RDP) session with the SBM. Before you install the new software, however, you must run an uninstaller to uninstall existing software.

You should also be aware that updating the Media Gateway software writes over your existing Media Gateway configuration. Before you update the software, take screenshots to document your configuration. You can then recreate it after the update by clicking PSTN Setup Wizard or PSTN Configuration in the SBM Dashboard.

You should also save a copy of your PSTN configuration and any logs that you want to preserve. You can access these files by establishing an RDP session with the SBM and moving to C:\Program Files\Hewlett-Packard\SIP-PSTN Gateway.

Figure 5-1. C:\Program Files\Hewlett-Packard\SIP-PSTN Gateway

The config folder contains three files that you will want to preserve:

gw.properties pstn-config.xml routing-rules.xml

5-3

Manage UpdatesInstall Updates

These files store the configurations that you establish when you run the PSTN Setup Wizard (or when you alter the PSTN configuration with other links).

Finally, the HP SBM must reboot after the installation. Therefore you should schedule a network outage during the update procedure.

Follow these steps to install the update:

1. Log in to the SBM via RDP.

See “Remote Desktop Protocol (RDP)” on page 3-17 of Chapter 3: “Manage and Monitor the HP SBM Locally.”

2. Save any files that you want to preserve to a USB device inserted in the module’s USB slot or to a file share.

N o t e You must, of course, take appropriate measures to secure private information in these files.

3. Before you update the installation, you must remove some existing com-ponents. Run C:\HP\Installers\uninstall.exe as an administrator.

You can also find this program pinned to the Start menu.

You can confirm that the programs have been removed by viewing the Programs and Features window (Start > Control Panel > Uninstall a program).

4. Obtain the software update installer. Copy it to a USB device and place the device in the SBM module’s USB slot.

Alternatively, you can place the file in a shared network folder to which the SBM has access.

5. Copy the update installer to the SBM’s desktop and run it as an adminis-trator.

6. Follow the prompts until the installation is complete.

7. After completing the installation, you must restart the SBM. You can do so from the Start menu.

8. After the SBM restarts, reconfigure your PSTN connections. (Access the SBM Dashboard and click PSTN Setup Wizard or PSTN Configuration.)

5-4

Manage UpdatesPatches and Hotfixes

Patches and Hotfixes

The Windows Server 2008 R2 running on the SBM receives patches and hotfixes just as any licensed server does. It can interact with your own patch management solution; however, HP does not provide patch management for it.

5-5

Manage UpdatesDriver Updates

Driver Updates

If you need to update the drivers for your PSTN telephony boards, refer to the Sangoma website (wiki.sangoma.com/wanpipe-windows-drivers). You can download both the drivers and instructions for installing them from there.

Before you update the drivers, you must shut down the Media Gateway. Access the SBM Dashboard (contact the SBM at its FQDN) and click Stop next to HP Media Gateway. You can start the gateway after you have finished the compete driver installation process.


5-6

Manage UpdatesDriver Updates

6-1

6

Troubleshooting

Contents

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3

Basic Digital Line Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3

Determine the Interface ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3

View the Alarms on the Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-7

Implement a Loopback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-9

Implement a Local Loopback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-9

Ensure the Gateway is Not Running . . . . . . . . . . . . . . . . . . . . . . . . 6-9

Determine the Interface ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-9

Connect the Port to be Tested . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-10

Enable Master Clocking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-11

Display Interface Driver Events . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-12

Put the Line into Loopback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-12

Run BERTs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-16

Take the Interface out of Loopback Mode . . . . . . . . . . . . . . . . . . 6-16

Set the Interface Clocking to Normal . . . . . . . . . . . . . . . . . . . . . . 6-17

Implement a Remote Loopback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-18

Ensure the Gateway is Not Running . . . . . . . . . . . . . . . . . . . . . . . 6-18

Determine the Interface ID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-18

Display Interface Driver Events . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-18

Put the Line into Loopback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-19

Take the Interface out of Remote Loopback Mode . . . . . . . . . . . 6-22

View Detailed Status and Statistics for PSTN Connections . . . . . . . . . . . 6-22

6-2

TroubleshootingContents

Regain Access to an SBM with Failed Network Functionality . . . . . . . . . 6-24

Reset TCP/IP Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-24

Disable the Firewall and Enable the Remote Desktop . . . . . . . . 6-26

Enable the Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-27

Configure the Interface’s IP Settings . . . . . . . . . . . . . . . . . . . . . . . 6-27

Restore Lost Management Connection between the Host Switch and SBM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-28

Prevent Loss of Services in a WAN Failure . . . . . . . . . . . . . . . . . . . . . . . . . 6-30

6-3

TroubleshootingOverview

Overview

This chapter teaches you how to perform basic PSTN troubleshooting, how to put T1/E1 lines into loopback, and how to view the status and statistics for PSTN connections. Several sections at the end of the chapter provide infor-mation on fixing specific problems.

Basic Digital Line Troubleshooting

This section guides you through basic troubleshooting of your PSTN connec-tions:

1. Find your line’s interface ID.

2. View alarms on the line.

3. Place a line in loopback mode.

Determine the Interface ID

To troubleshoot a line or to put it into loopback, you must know the correct interface ID. Find this ID as follows:

1. Open a command prompt, right-clicking and running the application as an administrator.

6-4

TroubleshootingBasic Digital Line Troubleshooting

Figure 6-1. Remote Desktop—Open a Command Prompt as an Administrator

2. Enter wanrouter interfaces.

Figure 6-2. Remote Desktop Command Prompt—wanrouter interfaces command

6-5


3. The Interface Name column lists the interface ID for each of active interface.

Depending on the type of signaling for your E1/T1 line, you might see multiple interface IDs; one for the voice data channels and others for the data control channels (the D-channels).

If you have found your ID, move to “View the Alarms on the Line” on page 6-7.

If you have several interfaces on your SBM, you must determine the ID that matches the one that you want to test. Therefore, you might need to follow this alternate method for finding the ID:

1. Determine the port number for the interface in question. The leftmost interface is Port 1; the next interface to the right, Port 2; and so forth.

2. From your Remote Desktop Connection to the SBM, open the Device Manager from the Control Panel.

3. Expand Sangoma Communication Devices.

Figure 6-3. Remote Desktop—Device Manager

4. Double-click the hardware abstraction driver for your interface’s port number. For example, you have an A101 PCIe card, which has one port, so you double-click Sangoma Hardware Abstraction Driver (Port 1).

6-6


5. Click the Groups of channels tab and note the interface ID, which is listed as the Interface Name.

Figure 6-4. Remote Desktop—Sangoma Hardware Device Abstraction Driver (Port 1) Properties > Groups of channels tab

6-7


View the Alarms on the Line

To view the alarms on a line, follow these steps:

1. Access the SBM via Remote Desktop Protocol (RDP). (See “Remote Desktop Protocol (RDP)” on page 3-15 of Chapter 3: “Manage and Monitor the HP SBM Locally.”)

2. Open a command prompt by right-clicking and selecting Run as administrator.



wanpipemon -i <interface ID> -c Ta

For example, if you found out that the interface ID is wanpipe1_if1, you would enter:

wanpipemon -i wanpipe_if1 -c Ta

Table 6-1 lists possible reasons for alarms to occur.

6-8


Table 6-1. Possible Reasons for E1/T1 Alarms

If you need to change T1/E1 settings, you can follow these steps:

1. Access the SBM Dashboard.

2. Click PSTN Configuration.

3. Expand the Physical Configurations folder.

4. Click the configuration for this interface (identify it with the interface ID).

5. Select Digital T1 Configuration or Digital E1 Configuration.

6. Alter your settings as necessary.

7. Save the changes.

Alarm Definition Possible Problems

OOF Out of Frame The line coding or the framing format does not match the PSTN carrier’s settings.

LOF Loss of Framing The line is experiencing a clocking problem. Generally, the interface should take the clock from the line (default setting).

LOS Loss of Signal (continuity problem)

• The cable is disconnected or bad.• The pinouts for the connector are

incorrect.• The local or remote hardware is not

functioning.If you cannot resolve the problem, you can try putting your line into loopback. See “Implement a Loopback” on page 6-9.

AIS Alarm Indication Signal (upstream repeater alarm)

The PSTN carrier has an alarm on its end. Contact the carrier and determine whether your settings are compatible.

RAI Remote Alarm Indication Signal

The PSTN carrier has an alarm from its upstream device. Contact the carrier.

RED Telco Red Alarm Condition

The PSTN carrier is experiencing a LOS or LOF. Check that your interface is taking its clock from the PSTN and that other settings are compatible.

6-9

TroubleshootingImplement a Loopback

Implement a Loopback

When your PSTN connection has an LOS alarm, but you cannot determine the error, you might put the line into a local loopback to determine the problem. In addition, your PSTN carrier might ask you to put the circuit in a loopback mode for testing.

There are two general types of loopback:

Local—The SBM sends data to the CO, which loops it back to the SBM. In this case, you are responsible for initiating the BERT and analyzing the results.

See “Implement a Local Loopback” on page 6-9.

Remote—The PSTN carrier controls the testing. The CO sends data to the SBM, which loops the data back through the interface to the CO. The CO can then initiate Bit Error Rate Tests (BERTs), which are bit patterns that are designed to detect problems.

See “Implement a Remote Loopback” on page 6-18.

Implement a Local Loopback

Complete each section to place your SBM in local loopback.

Ensure the Gateway is Not Running

First shut down the Media Gateway:

1. Access the SBM Dashboard. (See “Access the Dashboard” on page 3-3 of Chapter 3: “Manage and Monitor the HP SBM Locally” if you do not know how.)

2. In the Services section, click the Stop button next to HP Media Gateway.

If you prefer, you can alternatively open a command line (remember to right-click and select Run as Administrator) and enter this command:

net stop netborder express gateway


See “Determine the Interface ID” on page 6-3 if you need help.

6-10


Connect the Port to be Tested

You have three options for connecting the port that you plan to put into local loopback:

Leave the port connected to the Telco.

Table 6-2. Pinout

Connect the port to a loopback connector. Use an RJ-45 cable in which you have tied the pins together as shown in the table below.

Table 6-3. Pinout for Loopback Connector

Connect the port to another E1/T1 port on your SBM. In this case, you must use a crossover cable.

Table 6-4. Pinout for Crossover Cable

Pin Signal

1 RRING

2 RTIP

4 TRING

5 TTIP

Pin Pin

1 4

2 5

Pin Pin

1 4

2 5

4 1

5 2

6-11


Enable Master Clocking

If you connected the port to a loopback connector or to another E1/T1 port, the port that you are testing must act as the master clock. If you are connecting the port to the Telco, talk to your carrier and ask whether your port should be the master clock.

Follow these steps to enable master clocking:

1. Open the Driver properties window:

a. Open the Device Manager from the Control Panel.b. Expand Sangoma Communication Devices.


c. Double-click the hardware abstraction driver for your interface’s port number. For example, you have an A101 PCIe card, which has one port, so you double-click Sangoma Hardware Abstraction Driver (Port 1).

2. Click the Line Configuration tab.

3. For Clocking, select Master.

4. Click OK.

6-12


Display Interface Driver Events

It is a best practice to open a command line window for monitoring activity on the tested interface.

1. Open a command prompt, running the command as an administrator.


stail.exe

Leave this window open throughout the rest of the process.

Put the Line into Loopback

Complete each task to put the line into loopback.

Open a Command Line. Open a different command prompt (again select-ing Run as administrator). This enables you to monitor the process at the same time that you implement it.

Check the Line. First, check the line status:

For example:

wanpipemon -i wanpipe1_if1 -c Ta

The display indicates alarms on the line. You cannot initiate a loopback or BERT when there is a loss of framing (LOF) alarm.

Syntax: wanpipemon -i <interface ID> -c Ta

Replace <interface ID> with the ID that you determined ear-

lier.

6-13


Table 6-5. Possible Reasons for E1/T1 Alarms

Next, check the line’s loopback mode:

The loopback mode should be disabled.

Alarm Possible Problems

OOF Out of Frame The line coding or the framing format does not match the PSTN carrier’s settings.

LOF Loss of Framing The line is experiencing a clocking problem. Generally, the interface should take the clock from the line (default setting).

LOS Loss of Signal (continuity problem)

• The cable is disconnected or bad.• The pinouts for the connector are

incorrect.• The local or remote hardware is not

functioning.If you cannot resolve the problem, you can try putting your line into loopback. See “Implement a Loopback” on page 6-9.

AIS Alarm Indication Signal (upstream repeater alarm)

The PSTN carrier has an alarm on its end. Contact the carrier and determine whether your settings are compatible.

RAI Remote Alarm Indication Signal

The PSTN carrier has an alarm from its upstream device. Contact the carrier.

RED Telco Red Alarm Condition

The PSTN carrier is experiencing a LOS or LOF. Check that your interface is taking its clock from the PSTN and that other settings are compatible.

Syntax: wanpipemon -i <interface ID> -c Tlb


lier.

6-14


Figure 6-7. Remote Desktop Command Prompt—wanpipemon Command for Checking the Status

Disable Echo Cancellation. Enter this command to start configuring echo cancellation:

Then disable echo cancellation:

Syntax: wanec_client <interface ID> config


lier.

Syntax: wanec_client <interface ID> disable all


lier.

6-15


Figure 6-8. Remote Desktop Command Prompt—wanec_client Commands (for Echo Cancellation)

Initiate the Local Loopback. You must now start the loopback. The pro-cess depends on how the port is connected.

Port Connected to the Telco. You can initiate the loopback in one of two ways:

Ask the carrier to enable remote loopback on its end.

Send a remote loopback command (this requires the interface to be the master clock):

Port Connected to Another E1/T1 Port. You can either:

Enable loopback on the second port (see “Implement a Remote Loop-back” on page 6-18).

Send the remote loopback command from the first port (the one being tested)

Port Connected to a Loopback Connector. You can move to the next task.

Syntax: wanpipemon -i <interface ID> -c Tsalb


lier.

6-16


Run BERTs

You are responsible for initiating and monitoring the BERT.

Enter this command to initiate a BERT:

Enter this command to check the results:

Enter this command to stop the BERT:

Take the Interface out of Loopback Mode

After you have finished testing the line, you must end the loopback.

Port Connected to Telco. You can either:

Ask the CO to end the loopback from its end.

Send a remote loopback end command:

For example:

wanpipemon -i wanpipe1_if1 -c Tsdlb

Port Connected to a Loopback Connector. Disconnect the port from the loopback connector.

Syntax: wanpipemon -i <interface ID> -c Tsw_bert [--random| --ascendant | --descendant]


lier.

Select a random, ascendant, or descendent test.

Syntax: wanpipemon -i <wanpipe ID>_if1 -c Tsw_bert --status

Replace <wanpipe ID> with the ID that you determined ear-

lier.

Syntax: wanpipemon -i <wanpipe ID>_if1 -c Tsw_bert --stop

Replace <wanpipe ID> with the ID that you determined ear-

lier.

Syntax: wanpipemon -i <interface ID> -c Tsdlb


lier.

6-17


Port Connected to Another E1/T1 Port. You can either:

End the remote loopback on the second port (see “Take the Interface out of Remote Loopback Mode” on page 6-22).

Send a remote loopback end command:

For example:

wanpipemon -i wanpipe1_if1 -c Tsdlb

Set the Interface Clocking to Normal

If you set the interface as the master clock, you must now set the interface back to the normal mode (taking the clock from the CO). Follow these steps:

1. Open the Device Manager from the Control Panel.

2. Expand Sangoma Communication Devices.


3. Double-click the hardware abstraction driver for your interface’s port number.

4. Click the Line Configuration tab.

5. For Clocking, select Normal.

6. Click OK.

Syntax: wanpipemon -i <interface ID> -c Tsdlb


lier.

6-18


Implement a Remote Loopback

When you cannot determine the cause of a problem using local loopback, you can try putting your PSTN line into remote loopback (contact your PSTN carrier first). Your carrier might also ask you to put your line into remote loopback so that it can run various tests.

Follow each section to place your SBM in remote loopback.

Ensure the Gateway is Not Running

First shut down the Media Gateway:

1. Access the SBM Dashboard. (See “Access the Dashboard” on page 3-3 of Chapter 3: “Manage and Monitor the HP SBM Locally” if you do not know how.)

2. In the Services section, click the Stop button next to HP Media Gateway.

If you prefer, you can alternatively open a command line (remember to right-click and select Run as Administrator) and enter this command:

net stop netborder express gateway


See “Determine the Interface ID” on page 6-3 if you need help.

Display Interface Driver Events

It is a best practice to open a command prompt for monitoring activity on the tested interface.

1. Open a command prompt, running the command as an administrator.


stail.exe

Leave this window open throughout the rest of the process.

6-19


Put the Line into Loopback

Complete each task to put the line into loopback.

Open a Command Line. Open a different command prompt (again select-ing Run as administrator). This enables you to monitor the process at the same time that you implement it.

Check the Line. First, check the line status:

For example:

wanpipemon -i wanpipe1_if1 -c Ta

The display indicates alarms on the line.

Next, check the line’s loopback mode:

The loopback mode should be disabled.

Syntax: wanpipemon -i <interface ID> -c Ta


lier.



lier.

6-20


Figure 6-10. Remote Desktop Command Prompt—wanpipemon Command for Checking the Status

Disable Echo Cancellation. Enter this command to start configuring echo cancellation:

Then disable echo cancellation:

Syntax: wanec_client <interface ID> config


lier.

Syntax: wanec_client <interface ID> disable all


lier.

6-21


Figure 6-11. Remote Desktop Command Prompt—wanec_client Commands (for Echo Cancellation)

Put the Interface into Remote Loopback Mode. You can now put the interface into remote loopback:

Remote loopback should now be enabled; check the loopback mode again:

At this point, you can inform the CO that the line is in loopback and BERTs can be initiated.

Figure 6-12. Remote Desktop Command Prompt—wanpipemon Commands for Putting the Line in Remote Loopback

Syntax: wanpipemon -i <interface ID> -c Tallb


lier.



lier.

6-22

TroubleshootingView Detailed Status and Statistics for PSTN Connections

Take the Interface out of Remote Loopback Mode

After the CO has completed testing the line, you must remove it from loopback mode. Access the command line window (running as Administrator) and enter this command:

For example:

wanpipemon -i wanpipe1_if1 -c Tdllb

Figure 6-13. Remote Desktop Command Prompt—wanpipemon Commands for Taking the Line out of Remote Loopback

View Detailed Status and Statistics for PSTN Connections

You can view the status of your PSTN connections from the Survivable Branch Module Dashboard and perform some troubleshooting (see “Monitor and Troubleshoot PSTN Connections” on page 3-10 of Chapter 3: “Manage and Monitor the HP SBM Locally“).

Sometimes, however, you will need more detailed information. You can obtain this information using the wanpipemon commands, which monitor and debug your E1/T1 or analog hardware, drivers, and lines.

To issue these commands, access the SBM via Remote Desktop Protocol (RDP). (See “Remote Desktop Protocol (RDP)” on page 3-15 of Chapter 3: “Manage and Monitor the HP SBM Locally.”)

Syntax: wanpipemon -i <interface ID> -c Tdllb


lier.

6-23

TroubleshootingView Detailed Status and Statistics for PSTN Connections

Open a command prompt, running the command as an Administrator.


The table displays useful commands. Note that you must specify the interface ID for the PSTN connection that you want to monitor. See “Determine the Interface ID” on page 6-3 if you do not know this ID.

Table 6-6. wanpipemon Commands

Command Description

wanpipemon -i <interface ID> -c xm Displays the modem status

wanpipemon -i <interface ID> -c xl Displays the line status

wanpipemon -i <interface ID> -c xcv Displays the driver code version

wanpipemon -i <interface ID> -c xru Displays how long the line has been up

wanpipemon -i <interface ID> -c sc Displays communications error statistics

wanpipemon -i <interface ID> -c so Displays operational statistics

wanpipemon -i <interface ID> -c Ta Displays alarms on the line

6-24

TroubleshootingRegain Access to an SBM with Failed Network Functionality

Regain Access to an SBM with Failed Network Functionality

This section explains how to regain access to the SBM if its network function-ality fails. You must reset the network connections to an enabled state. You can perform the reset for the Ethernet interfaces or the management interface. In either case, follow this general procedure:

1. Reset TCP/IP settings.

2. Disable the firewall and enable the Remote Desktop.

3. Enable the network interface that you want to use.

4. Configure an IP address on the interface.

If you are performing this procedure for the management interface, use this IP address: 192.168.2.10 255.255.255.252. After you set the IP address on the management interface, you can connect a management station directly to it. Set the station’s IP address to 192.168.2.9 255.255.255.252. You can then access the SBM at 192.168.2.10.

The sections below provide detailed steps.

Reset TCP/IP Settings

1. Access the CLI for the HP zl switch chassis in which the SBM is installed.

2. Move to global configuration mode:.hostzlswitch# config


For example:


4. Press [Enter] until you see this prompt:

SAC>

5. You are in the Special Administration Console (SAC).



SBM is installed.

6-25


6. Activate the Windows Server 2008 R2 command prompt:

SAC> cmd

7. Access the command prompt:

SAC> ch -si <channel number>

For example:

SAC> ch -si 1

8. You should see that you are entering the command prompt channel.

Figure 6-15. SAC—CMD Prompt Channel


10. When prompted, enter your local Administrator username and password. Press [Enter] for Domain.

N o t e If you have not yet changed the password, the default is P@ssw0rd. Note that a has been replaced with @ and o has been replaced with the numeral 0.

11. When you see the Windows command prompt, use the following com-mands to reset the TCP/IP settings:

powershell -executionpolicy unrestricted c:\hp\ scripts\ResetTcpIp.ps1

6-26


12. Return to the SAC:

a. Press [Esc] + [Tab] + [0].b. You should see that you are entering the SAC channel.

Figure 6-16. SAC—SAC Channel

c. Press [Spacebar].

13. Press [Ctrl][Z] to access the HP zl switch CLI.

Disable the Firewall and Enable the Remote Desktop

14. Access the SBM CLI:

For example:



hostswitch(hp-sbm-branch-C:win)# windows Administrator

Syntax: services <slot-ID> [<index number> | name hp-sbm-branch]

Replace <slot-ID> with the letter of the lower chassis slot in

which the SBM is installed.

Replace <index number> with the index number for the

SBM. (If you do not know, enter the show services com-

mand and look for the Survivable Branch Module service.)

6-27


16. Enter the password for the local Administrator.

17. The firewall helps to protect the SBM; however, you are disabling it for now to ensure that you can gain access to the SBM (you can enable it later):

hostswitch(hp-sbm-branch-C:win)# no firewall

18. Enable Remote Desktop:

hostswitch(hp-sbm-branch-C:win)# remote-desktop

Enable the Interface

19. Access the interface that you want to use and enable it. If you are resetting the Ethernet interfaces, this interface is generally Ethernet Interface 2. (You can also perform this procedure on the management interface.)

hostswitch(hp-sbm-branch-C:win:)# interface 2

hostswitch(hp-sbm-branch-C:win:eth-2)# enable

20. Check the status:

hostswitch(hp-sbm-branch-C:win:eth-2)# show interfaces

N o t e If the interface that you enabled is not up, it might be disabled on the switch. Follow these steps:

1. Enter exit until you return to the HP zl switch CLI.

2. Enter interface <slot ID>2 enable (for Ethernet Interface 2) or interface <slot ID>1 enable (for Ethernet Interface 1).

3. Return to the SBM OS CLI and check the interface status. The interface that you enabled should be up.

Configure the Interface’s IP Settings

4. Set the IP address on the interface that you enabled. First, if necessary, move to the interface configuration context. Then check the IP address:

hostswitch(hp-sbm-branch-C:eth-2)# show ip

6-28

TroubleshootingRestore Lost Management Connection between the Host Switch and SBM

5. If necessary, set the IP address to DHCP, or set a static address:

For example:

hostswitch(hp-sbm-branch-C:eth-2)# ip address 10.1.1.1 255.255.255.0

If you set a static IP address on an Ethernet interface, set the default gateway (the management interface does not require this setting):

6. Verify the IP settings again:

hostswitch(hp-sbm-branch-C:eth-2)# show ip

You can now access the SBM.

Restore Lost Management Connection between the Host Switch and SBM

In normal operation, the SBM communicates with the HP zl switch in which it is installed. This management connection allows you to access a CLI for the SBM as well as for the module’s Services OS. It also enables the module and switch LEDs to report on the SBM’s status. Finally, these communications are required for the Media Gateway software system integrity and licensing verification.

If your SBM loses the management connection with the switch, you will notice that these functions fail. The primary reason for this problem to occur is that the SBM’s WinPcap application, which it uses for the management connection, is not functioning correctly. This can occur when someone installs a different

Syntax: ip address [dhcp | <IP address> <mask>]

Replace <IP address> with the desired IPv4 dotted-notation

address. Replace <mask> with the mask for the SBM’s

subnet.

Syntax: ip default-gateway <gateway IP address>

Replace <gateway IP address> with the default gateway’s

IPv4 dotted-notation address.

6-29

TroubleshootingRestore Lost Management Connection between the Host Switch and SBM

version of WinPcap or an application that uses WinPcap on the SBM. Such installations are not supported. It also occurs if someone removes the appli-cation that uses WinPcap, causing WinPcap to be removed as well.

If you are experiencing problems and someone has installed or removed WinPcap from the SBM, you must restore the SBM’s WinPcap application. Follow these steps:

1. If WinPcap has been removed, you must restore it. The required WinPcap system file is backed up in the C:\HP\installers\espd\ directory. You must copy this file to the C:\Windows\System32\drivers directory:

a. In the SBM remote desktop, open a Windows command prompt window as an administrator.

b. Enter this command:

C:\>copy c:\HP\installers\espd\npf.sys c:\Windows\System32\drivers

2. You must reconfigure the HP Extended Services Platform, which handles the management connection to the HP zl switch, so that it recognizes the recovered WinPcap file. To do so, you must delete the DependOnService key from the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ser-vices\Extended Services Platform registry. Follow these steps:

a. Copy this text into a Notepad file:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Extended Services Platform]

"DependOnService"=-b. You must save the file with a .reg extension. Double-check that the

file type is Registration Entry and not Text Document.

c. Double-click the file to execute the registration change.

d. Accept any prompts.

e. When you see The keys and values … have been successfully added to the registry message, restart the SBM.

After the SBM reboots, the management connection should be restored and the SBM should function correctly. (If you check the registry entry, you will see that it has been recreated, which is the expected behavior. Do not remove it again or modify it.)

6-30

TroubleshootingPrevent Loss of Services in a WAN Failure

Prevent Loss of Services in a WAN Failure

The SBM provides survivable communication services in the event of a WAN failure. If you find that, when the WAN link fails, the SBM provides services for about fifteen minutes and then stops providing services, your site might not be properly configured for the SBM deployment. The branch site requires local DNS services. Your company’s solution designers should read the HP

SBM Planning and Design Guide and plan how they will provide these services.

A-1

A

Ready the Data Center for an SBM Deployment

Contents

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-2

Domain Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-3

Verify Your Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-3

Add the SBM Computer Object to the Domain . . . . . . . . . . . . . . . . . . . A-4

Configure the SBM’s Service Principal Name . . . . . . . . . . . . . . . . . . . . A-4

Configure the SBM Administrator Account . . . . . . . . . . . . . . . . . . . . . . A-4

Add Test Users for the SBM’s Health Monitoring Pool (Recommended) . . . . . . . . . . . . . . . . . . . . . . . A-4

Create a DHCP Reservation for the SBM (Recommended) . . . . . . . . . A-5

Create a DNS Entry for the SBM (Optional) . . . . . . . . . . . . . . . . . . . . . A-5

Example Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-5

Add the Survivable Branch to the Lync Server Topology . . . . . . . . . . . . . A-19

Example Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-21

Ready a Certificate for the SBM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-46

SBM Administrator Installs a Certificate/Private Key File . . . . . . . . . A-46

SBM Administrator Creates and Submits a Request . . . . . . . . . . . . . . A-47

SBM Administrator Initiates an Automatic Request to Your CA . . . . A-48

Security Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A-49

Communicate Information to the SBM Administrator . . . . . . . . . . . . . . . . A-50

A-2

Ready the Data Center for an SBM DeploymentOverview

Overview

The HP Survivable Branch Communication zl Module (SBM) powered by Microsoft LyncTM is designed to integrate with an existing Microsoft Unified Communications and Collaboration solution.

This appendix explains the tasks that must be performed to ready the data center for a successful SBM deployment. It will provide enough information for an experienced Windows administrators to create a checklist of what they need to do. For some tasks, it will provide the minimum steps required for an example deployment. However, detailed guidelines are beyond the scope of this document. You should refer to Microsoft documentation for all such purposes.

Table A-1 displays the tasks and the typical group for the user who completes them (your domain might be set up differently).

N o t e It is recommended that you read the HP Survivable Branch Communication

zl Module powered by Microsoft LyncTM Planning and Design Guide before you complete these tasks.

A-3

Ready the Data Center for an SBM DeploymentDomain Administration

Table A-1. Predeployment Tasks

Domain Administration

This section describes the tasks that a member of the Domain Admins group must complete to ready the domain for an SBM deployment. These steps must be completed before the CS Administrator adds the SBM to the Lync Server topology.

Verify Your Groups

First, ensure that your domain has the correct CS and RTC groups, which should have been added to the domain with the deployment of Microsoft Lync Server 2010.

Role Task

Enterprise Admin or Domain Admin

Verify that the domain has the proper groups

Add a computer object for the SBM

Set its service principal name (SPN)

Add or edit a user account for the technician who will deploy the SBM

Create two test user accounts for the SBM’s Health Monitoring pool (recommended)

Create a DHCP reservation for the SBM (optional)

Create a DNS entry for the SBM (optional)

CS Administrator Add the branch site and the SBM to the Lync Server topology

Set up voice routing and dial plans for the SBM site

Assign branch users to the SBM pool

Enable Media Bypass (recommended)

Create a Health Monitoring pool for the SBM

Certificate Administrator or person responsible for obtaining third-party certificates

Either obtain a private key/certificate for the SBM in advance or determine how the SBM will request a certificate

Person responsible for securing servers

Plan the appropriate security for the SBM

A-4


Add the SBM Computer Object to the Domain

Next, you must add the SBM computer account to the domain. Make sure that RTCUniversalSBATechnicians are allowed to join the SBM to the domain. Also communicate the SBM’s hostname to the CS Administrator, who will need to specify the SBM’s FQDN when adding it to the Lync Server topology.

Configure the SBM’s Service Principal Name

The SBM must use its FQDN for its service principal name (SPN). Without this SPN, the CS Administrators cannot properly join the SBM to the Lync Server topology.

Open an ASDI editor and connect to the default naming context. Navigate to the SBM in the Computers folder and edit its properties, specifying this value for servicePrincipalName: HOST/<SBM FQDN>.

Configure the SBM Administrator Account

Set up the account for the person who will perform the initial setup of the SBM, which can be an existing account or a new one. To give this user the right to join the SBM to the domain and to manage the device locally, make the user a member of the RTCUniversalSBATechnicians group.

Add Test Users for the SBM’s Health Monitoring Pool (Recommended)

The SBM Setup Wizard includes a test that verifies that branch Lync users can successfully place calls through the PSTN. To generate the test calls, the SBM draws on the user accounts within its Health Monitoring pool. Although the pool can use existing user accounts, it is best practice to create test users just for the pool.

Create two test user objects, setting them up as you would objects for typical users at the branch office.

A-5


Create a DHCP Reservation for the SBM (Recommended)

If you want to use a DHCP server to assign a fixed IP address to the SBM, create the reservation before the installation.

The SBM has two Ethernet interfaces, but it typically uses Ethernet Interface 2. (Interface 1 is disabled at the factory default settings.)

To find the MAC address for the reservation, view the MAC address listed on the label on the underside of the module. This is the MAC address of the Ethernet interface 1; the MAC address of the Ethernet interface 2 is this address incremented by one.

N o t e After the SBM is installed, the SBM administrator can find the MAC address by entering show ip in the SBM OS CLI, which is accessed through the host HP zl switch CLI. However, it is recommended that you create the DHCP reserva-tion before the SBM is installed.

Create a DNS Entry for the SBM (Optional)

You might want your SBM administrator to be able to initially access the SBM’s Setup Wizard from the SBM’s hostname rather than its IP address. If so, you must create a DNS entry that maps the SBM’s hostname to its fixed IP address. The SBM’s default hostname is its serial number, which you can find on the upper deck of the module. (See the HP Survivable Branch Communication

zl Module powered by Microsoft LyncTM Installation and Getting Started

Guide.)

Example Steps

The steps below explain how to complete these task in a simple deployment (using Windows Server 2008 servers). Refer the appropriate Microsoft docu-mentation for complete and up-to-date instructions:

1. Log in to a domain controller server as a Domain or Enterprise Admin. Access the Active Directory Users and Computers window (Start > Adminis-trative Tools > Active Directory Users and Computers).

2. Expand your domain. Right-click the Computers folder and select New > Computer.

A-6


Figure A-1. Active Directory Users and Computers > [domain] > Computers Window

3. For Computer Name, type the name that you have selected for the SBM.

A-7


Figure A-2. New Object - Computer Window

4. You must allow the SBM technician to add the SBM to the domain. Next to User or group, click Change.

5. Type RTCUniversalSBATechnicians.


6. Click OK.

7. Click Next and Next again in the next window.

A-8



8. Click Finish.

9. Select the Users folder. Either create a new user for the SBM technician or use an existing user. In this example, you are using an existing user. Right-click the name and select Add to a group.

A-9


Figure A-5. Active Directory Users and Computers—Add a User to a Group

10. Type RTCUniversalSBATechnicians.

11. Click OK.

12. Add the first test user account:

a. Right-click the Users folder and select New > User.b. Configure the user’s name and login name.

A-10


Figure A-6. New Object - User Window

c. Click Next.d. Configure the user’s password and password options.

Figure A-7. New Object - User Window

A-11


e. Click Finish.

f. Ask the CS Administrator if you need to configure any more informa-tion. For example, if the branch Lync users’ SIP addresses are formu-lated from email addresses, you must edit the user properties and configure an email address.

Figure A-8. User Properties

13. Follow the same steps to add the second test user account.

14. Open the ASDI editor (Start > Administrative Tools > ADSI Edit).

15. In the Action menu, select Connect to.

A-12


Figure A-9. ADSI Edit Window

16. For Select a well known Naming Context, select Default naming context.

17. Leave other settings at their defaults.

A-13


Figure A-10. Connection Settings Window

18. Click OK.

19. Expand Default naming context > [DC=<domainname>] > CN=Computers.

20. Right-click the folder labeled with the SBM’s CN and select Properties.

A-14


Figure A-11. ADSI Edit Window

21. Scroll down to and select servicePrincipalName.

A-15


Figure A-12. CN=<SBM Name> Properties

22. Click Edit.

23. Type HOST/<FQDN> and click Add. As shown in the figure, replace <FQDN> with the proper FQDN for the SBM.

A-16


Figure A-13. CN=<SBM Name> Properties

24. Click OK and Apply until you have closed all windows.

25. To add a DHCP reservation, follow these steps:

a. Access the DHCP window (Start > Administrative Tools > DHCP).

b. Expand the server and IPv4 folders. Expand the scope in which you want to assign the SBM an IP address.

N o t e The SBM does not support IPv6..

A-17


Figure A-14. DHCP Server > [server name] > IPv4 > [scope] > Reservations Window

c. Right-click Reservations and select Add New Reservation.

d. For Reservation name, type a unique, descriptive name.

e. For IP address, type the IP address that you want to assign to the SBM.

f. For MAC address, type the MAC address of the SBM’s Ethernet Inter-face 2 in hyphenated format (for example 0024a8-040507).

N o t e The MAC address associated with the SBM’s internal port 1 is the MAC address on the label on the underside of the SBM. The port 2 MAC address is this address incremented by one. For example, 0024a8-040506 and 0024a8-040507.

A-18


Figure A-15. DHCP Server > [server name] > IPv4 > [scope] > Reservations Window

g. Click Add.

26. If you want to add a DNS entry for the SBM now, follow these steps:

a. Access the DNS Manager window (Start > Administrative Tools > DNS).

b. Expand the server and Forward Lookup Zones folders.

c. Expand your domain. Right-click the domain and select New > Host.d. For Name, type the SBM’s serial number, which is its initial hostname.

e. For IP address, type the IP address that has been selected for the SBM.

f. Select the Create associated pointer check box.

g. Click Add Host.h. Click OK to confirm and then Done.

The SBM will later create another DNS entry for its permanent DNS name.

A-19

Ready the Data Center for an SBM DeploymentAdd the Survivable Branch to the Lync Server Topology

Add the Survivable Branch to the Lync Server Topology

As a CS Administrator, you must complete the following tasks before the SBM is installed:

1. Define a branch site for the SBM’s site within a parent central site in the Lync topology.

2. Add a Survivable Branch Appliance to the branch site, specifying the SBM’s FQDN for the server FQDN and the PSTN FQDN.

I m p o r t a n t You must specify the SBM’s FQDN for the PSTN gateway and not the SBM’s IP address.

When you add the Survivable Branch Appliance, you can choose either Transport Control Protocol (TCP) or Transport Layer Security (TLS) for the Session Initiation Protocol (SIP) protocol, but TLS is strongly recom-mended for security. You can specify any SIP port, but if you choose a non-default port, you must tell the person who configures the SBM that you have done so.

3. Publish the updated topology.

4. Set up voice routing policies and normalization rules for the branch site. If desired, set up voice routing policies for other sites that egress traffic through the SBM.

You can set up a variety of routing policies that egress PSTN calls through the SBM’s PSTN connections and through PSTN gateways at other sites. (The SBM automatically detects when a WAN failure prevents it from using the remote PSTN gateways and adjusts the routing accordingly.) Similarly, you can route calls from the central site through the SBM. In this way, you can optimize your system for the lowest-cost and most efficient communications. In addition, you can create backup routes that ensure that users can always reach who they need to when they need to.

Remember also to establish valid normalization rules for the branch site. You can use the global dial plan to dictate these rules, or you can create a new plan.

See the HP Survivable Branch Communication zl Module powered by

Microsoft LyncTM Planning and Design Guide for design considerations.

A-20


5. Assign branch Lync users to the SBM’s pool (these users might be existing users or new ones).

The SBM will be the primary Registrar for Lync users at the branch site.

If you are using special accounts for the Health Monitoring pool, remem-ber to add those accounts to the pool as well.

6. It is recommended that you configure Media Bypass for the SBM’s site. This feature enables Lync users to send their VoIP traffic directly to the SBM’s Media Gateway (PSTN gateway). The SBM’s Mediation Server still handles signaling traffic to establish the calls, but it does not have to process all of the media traffic—potentially eliminating some lag and dropped packets and increasing the SBM’s potential call load.

You can enable Media Bypass globally or for certain traffic only as determined by site and region configuration. With the latter option, Media Bypass automatically applies to calls assigned the same bypass ID as the PSTN gateway. All subnets associated with a site inherit the site’s bypass ID. Therefore, to ensure that all branch PSTN calls that are routed through the SBM use Media Bypass, associate all subnets in the branch LAN, including the one on which the SBM resides, with the same site.

Planning your regions and sites involves complexities that are beyond the scope of this guide. Refer to Microsoft planning and deployment guides.

7. Set up a Health Monitoring pool.

The SBM Setup Wizard includes a test that verifies that branch Lync users can successfully place calls through the PSTN. To generate the test calls, the SBM draws on the user accounts within its Health Monitoring pool.

You must create a pool for which the identify is the SBM’s FQDN. The pool also contains the SIP usernames (sip:<sip name>) for two valid Lync users within the SBM’s pool. Typically, you should specify user accounts specif-ically created for the test, but you can use any accounts assigned to the SBM pool.

N o t e You must use the Lync Server Management Shell to create the Health Moni-toring pool. The cmdlet is New-CsHealthMonitoringConfiguration.

A-21


Example Steps

This section provides minimal steps for a simplified deployment. It is included for your reference but is not guaranteed to match the exact steps for your version. Always refer to Microsoft documentation for complete guidelines for managing Lync Server 2010.

1. Open the Lync Server 2010 Topology Builder and download your current topology.

2. You must add the branch site to an existing central site. Expand the site.

Figure A-16. Lync Server 2010 Topology Builder

3. Right-click the Branch sites folder and select New Branch Site.

4. Type a name and other descriptive information for your branch site.

A-22


Figure A-17. Lync Server 2010 Topology Builder > Define New Branch Site Wizard—Identify the site Page

5. Click Next.

6. Type information about the site’s location.

A-23


Figure A-18. Lync Server 2010 Topology Builder > Define New Branch Site Wizard—Specify site details Page

7. Click Next.

A-24


Figure A-19. Lync Server 2010 Topology Builder > Define New Branch Site Wizard—New Branch site was successfully defined Page

8. Leave the check box selected and click Finish.

9. A new wizard is launched for defining the survivable branch appliance, which is the SBM. Type the SBM’s FQDN.

The hostname portion of the FQDN is the name configured in the SBM’s computer account. For example, the computer account name is HP-SBM, and the domain is example.hp.com. The FQDN is HP-SBM.example.hp.com.

This FQDN must match the one specified for the SBM’s SPN.

A-25


Figure A-20. Lync Server 2010 Topology Builder > Define New Survivable Branch Server—Define the Survivable Branch Appliance FQDN Page

10. Click Next.

A-26


11. Select the Front End pool at the central site that will provide services such as presence to the branch site. This pool will also automatically act as a backup (secondary registrar) for the SBM.

Figure A-21. Lync Server 2010 Topology Builder > Define New Survivable Branch Server—Select the Front End pool Page

12. Click Next.

A-27


Figure A-22. Lync Server 2010 Topology Builder > Define New Survivable Branch Server—Select an Edge Server Page

13. If your site provides remote access, select the Edge pool at the central site that the branch site will use, and click Next.

14. For Gateway FQDN or IP address, type the same SBM FQDN that you specified for the survivable branch appliance.

N o t e You must specify the SBM’s FQDN, not its IP address.

15. Select the SIP Transport Protocol. It is recommended that you select TLS, which provides encryption.

16. The Listening port for PSTN gateways field fills in automatically based on the selected protocol. You can change this setting if you want, but you must inform the technician installing the SBM, so he or she can specify the same port. The default port in this wizard matches the default port in the SBM Setup Wizard.

A-28


The transport protocol and listening port apply to calls as they move from the SBM’s internal Mediation Gateway to its internal Media, or PSTN, gateway (1 in Figure A-23).

Figure A-23. SIP Ports

Figure A-24. Lync Server 2010 Topology Builder > Define New Survivable Branch Server—Define the PSTN Gateway Page

A-29


17. Click Finish.

18. You should see your site within the Branch sites folder. Expand the site and then expand the Survivable Branch Appliances, Mediation pools, and PSTN gateways folders. The SBM’s FQDN should be listed under each.

Figure A-25. Lync Server 2010 Topology Builder (Branch Site Added)

19. If you want, you can click the SBM’s FQDN under Survivable Branch Appliances and select Edit Properties in the right pane. You can then associate the SBM with more services at the central site. In addition, you can edit the port that the Mediation Server uses to listen for traffic from the Media Gateway. This port is 5067 (TLS) or 5068 (TCP) by default, which is also the default setting for this parameter in the SBM Setup Wizard.

A-30


20. Click Lync Server 2010 at the top of the topology builder. On the Actions pane on the right, click Publish Topology.

21. In the window that is displayed, click Next.

Figure A-26. Lync Server 2010 Topology Builder > Publish Topology Wizard > Publishing wizard complete Page

22. After the wizard has successfully published the topology, click Finish.

N o t e If an error occurs, make sure that a Domain or Enterprise Admin has com-pleted the following tasks:

■ Added the SBM computer object with the same hostname that you are using for the FQDN

■ Specified the SBM’s SPN with the same FQDN that you are using (SPN=HOST/<FQDN>)

23. Access the Lync Server Control Panel.

A-31


24. Set up voice routing policies for the branch site.

a. Click Voice Routing in the left navigation bar.

b. Click the Voice Policy tab.

c. Click New > Site policy.

Figure A-27. Lync Server 2010 Control Panel > Voice Routing > Voice Policy Window

A-32


d. Select the branch office site with the SBM.

Figure A-28. Lync Server 2010 Control Panel—Select a Site Window

e. Click OK.

A-33


f. Configure a name for the policy and, under Calling Features, select the features that you want the site to support.

Figure A-29. Lync Server 2010 Control Panel > Voice Routing > Voice Policy > New Voice Policy Window

A-34


g. Create PSTN usage records that route traffic through the SBM:i. In the Associated PSTN Usages section, click New.ii. Name the PSTN usage record.

Figure A-30. Lync Server 2010 Control Panel > Voice Routing > Voice Policy > New PSTN Usage Record Window

h. In the Associated Routes section, click New (or you can select an existing route).

i. Name the route.

j. Configure the rules for selecting calls for this route. The interface allows you to specify the leading characters for selected calls, from which it automatically generates the correct regular expression. You can also edit the regular expression yourself.

For this simple example, all PSTN calls will be routed out the SBM. Of course, in your environment, you would probably set up more routes. Refer to Microsoft documentation for guidelines.

A-35


Figure A-31. Lync Server 2010 Control Panel > Voice Routing > Voice Policy > New Voice Policy > New PSTN Usage Record > New Route Window

k. In the Associated gateway section, click Add.

A-36


l. Select the SBM.

Figure A-32. Lync Server 2010 Control Panel—Select Gateway Window

m. Click OK.

n. When you are finished configuring the route, click OK.

o. If you want to add other routes, do so. When you are finished, click OK in the New PSTN Usage Records window.

p. If you want to add other PSTN usage records, do so. When you are finished, click OK in the New Voice Policy window.

A-37


q. Click Commit > Commit all.

Figure A-33. Lync Server 2010 Control Panel > Voice Routing > Voice Policy Window

r. A window displays the changes. Click Commit and then click Close.

s. You can use the global dial plan to define normalization rules for the SBM, or you can create a new plan. Refer to Microsoft documentation for guidelines and instructions.

25. Next assign users at the branch office to the SBM’s pool (remember to add the test accounts created for the SBM’s health monitoring pool as well):

A-38


a. Click the Users tab.

Figure A-34. Lync Server 2010 Control Panel > Users Window

b. If the users are already Lync users, follow these steps:

N o t e If the users have only been enabled for earlier versions of the Microsoft solution, you must search for legacy users and then enable the users for Lync. Refer to Microsoft documentation on the upgrade process.

i. Use the Search field to find the users.

A-39


ii. Select the users. Then click Action > Move selected users to pool.

Figure A-35. Lync Server 2010 Control Panel > Users Window

iii. For Destination registrar pool, select the SBM’s FQDN.iv. Select the Force check box.

Figure A-36. Lync Server 2010 Control Panel > Move Users Window

v. Click OK.

A-40


vi. If the users were not already Enterprise Voice enabled, you must select Action > Assign Policies. Scroll through the window and select Enterprise Voice for Telephony. Click OK.

vii. Move to step 28 on page A-44.

c. If the branch office users are not existing Lync users, add them now:i. To add new users, in the Users window, click Enable users > Enable

users.

Figure A-37. Lync Server 2010 Control Panel > Users > Users Window

ii. The New Lync Server User window is displayed.iii. In the Users section, click Add.

A-41


iv. Use the search field to find the branch users.

Figure A-38. Lync Server 2010 Control Panel > Users > Select from Active Directory Window

A-42


v. Select the users and click OK.vi. For Assign users to a pool, select the SBM’s FQDN. vii. Choose the how the user’s URL is formulated in the Generate user’s

SIP URL section.viii. For Telephony, select Enterprise Voice.

Figure A-39. Lync Server 2010 Control Panel > Users > New Lync Server User Window

ix. Configure other settings as appropriate for your environment. (In this simple example, the branch site policies apply to all users, so you leave the policies at the automatic setting.) Refer to Microsoft documentation for guidelines.

x. Click Enable.

A-43


26. Follow these steps to enable Media Bypass if it is not already enabled:

a. In the left navigation bar, click Network Configuration.

b. Click the Global tab.

Figure A-40. Lync Server 2010 Control Panel > Users > New Lync Server User Window

c. Click Edit > Show details.

d. Select the Enable Media Bypass check box.

e. Select Always bypass if you want to enable this feature for every PSTN call in your Lync Server 2010 solution. Typically, however, you should select Use sites and region configuration.

Refer to Microsoft planning guides for guidelines in designing Media Bypass for your solution.

A-44


Figure A-41. Lync Server 2010 Control Panel > Network Configuration > Global Window

f. Click Commit.

27. If Media Bypass uses the site and region configuration, you must define your regions, sites, and subnets appropriately (use the Region, Site, and Subnet tabs in the top navigation bar). For example, create a new site for the branch within the region associated with the SBM’s parent central site. You could then associate that site with all of the branch’s subnets, includ-ing the one on which the SBM resides.

Because the site and region configuration can take many forms based on your environment, this guide will not include steps. Refer to Microsoft documentation and the HP Survivable Branch Communication zl Mod-

ule powered by Microsoft LyncTM Planning and Design Guide.

28. You will now create the Health Monitoring pool. Open the Lync Server Management Shell. (Make sure to open this shell and not the Powershell for the Windows Server 2008; otherwise, you will receive an error stating that the command is not recognized.)

A-45



New-CsHealthMonitoringConfiguration

30. You will be prompted to enter information:

• For FirstTestUserSipUrl, type sip:<user URL>.

Replace <user URL> with the URL for the test user that you earlier added to the SBM pool. Make sure to use the format that you specified when you added this user. For example, sip:[email protected] is the correct entry for a Lync user for whom the SIP URL is an email address.

• For SecondTestUseSipUrl, follow the same guidelines for the other Lync Server test user.

• For Identity, type the SBM’s FQDN.

Figure A-42. Lync Server Management Shell (New-CSHealthMonitoringConfiguration)

A-46

Ready the Data Center for an SBM DeploymentReady a Certificate for the SBM

Ready a Certificate for the SBM

The person who performs the initial configuration of the SBM must install a Web Server certificate on it. He or she will have four options:

■ Install a certificate/private key already created for the SBM.

■ Create a request on the SBM and submit the request for signing.

■ Automatically request a certificate from your domain CA

N o t e Later, when the SBM has appropriate certificates installed on it, the SBM administrator will also have the option of assigning one of those certificates to the Lync Server.

The automatic request from a domain CA requires your company to have a Windows certificate authority (CA). For the other two options, the certificate can be created or signed by your own Windows CA or by a third-party CA.

You must inform the SBM administrator which option to choose, and based on your decision, you might need to perform some tasks in advance. The sections below provide guidelines.

Also note that, whichever option you choose, you might need to give the SBM administrator a file with the CA certificate chain. (This is only necessary if your domain does not use a group policy object [GPO] to push the CA certificate to computers when they join the domain.)

SBM Administrator Installs a Certificate/Private Key File

This option gives you the greatest control over the certificate generation. You generate or obtain the certificate and private key for the SBM in advance. The SBM administrator then quickly installs it and gets the SBM up and running. He or she does not require any special domain permissions.

A-47


Whether you generate the certificate/private key file on your own Windows CA or obtain it from a third-party CA, the certificate must meet these criteria:

■ Generated with the Web Server template or provides the same key and extended usages as this template:

• Key usages: digitalSignature, keyEncipherment

• Extended key usages: serverAuth

■ Follows these guidelines for the subject name:

• The subject name is a distinguished name (DN) in which the SBM’s FQDN is the common name (CN).

This FQDN must match the one that the Lync Server engineers are using for the SBM. The DN can include other components such as the organization, locality, and so forth.

Table A-2. Certificate Information Fields

• The subject alternate name (SAN) is the SBM’s FQDN. If the SBM can be contacted at more than one FQDN, those FQDNs are also listed as subject alternate names.

■ Includes an exportable private key (which should be protected with a strong password)

C a u t i o n If the private key is not explicitly marked as exportable, the installation will fail. The Media Gateway will not be able to start.

If the subject name does not meet the requirements listed, the installation will fail. The Lync services will fail to start.

SBM Administrator Creates and Submits a Request

This option has the security advantage that the private key is generated on the SBM and never leaves it. In addition, the SBM installer does not require any special domain permissions to generate the request. This option does, how-ever, leave it up to the SBM administrator to enter the correct information for

Components of the DN

Format in Subject Name Example Name




A-48


the request (guided by the Setup Wizard, which eliminates most errors). In addition, he or she cannot proceed in the installation until the request has been signed and returned.

When the SBM administrator submits the request, you can issue the certificate using a Windows CA or a third-party CA. If you are using a Windows CA, simply submit the request and save out the certificate. You do not need to append any special options to the request. The certificate request specifies the Web Server template and, given that the SBM administrator has completed the wizard correctly, includes the SBM’s subject name and SANs.

N o t e The SBM Setup Wizard always submits the SBM’s FQDN as the CN portion of the subject name. By default, it suggests the FQDN as the SAN. These settings are required for the certificate to function correctly.

If you are using a third-party CA, simply make sure that the signed certificate is returned as a PEM-encoded Base-64 file.

SBM Administrator Initiates an Automatic Request to Your CA

The SBM administrator can also initiate an autoenrollment request for the certificate. This option has the advantage that the private key is generated on the SBM and never leaves it. It also removes the delay involved in manually signing an offline request. However, the SBM administrator is in charge of entering the correct information in the request (guided by the Setup Wizard, which eliminates most errors).

N o t e The SBM Setup Wizard always submits the SBM’s FQDN as the CN portion of the subject name. By default, it suggests the FQDN as the SAN. These settings are required for the certificate to function correctly.

In addition, this option requires you to give the SBM administrator permission to enroll for Web Server certificates.

The SBM administrator is a member of the RTCUniversalSBATechnicians group. You could give this group permission to enroll for Web Server certifi-cates. Alternatively, you could have the domain administrator give the SBM administrator the credentials for an account that has this permission already.

A-49

Ready the Data Center for an SBM DeploymentSecurity Planning

Security Planning

HP has taken steps to secure the Windows Server 2008 R2 OS that runs on the HP SBM, whenever possible following the United States Government Config-uration Baseline (USGCB) recommendations. For example, the local Admin-istrator and Guest accounts have been renamed and firewall rules have been added to minimize vulnerabilities to SIP fuzzing.

However, implementing some USGCB recommendations would cause the SBM deployment to fail or raise issues. Refer to Appendix B: “HP SBM Security Hardening” for a list of the steps that HP has taken to harden the SBM OS and for a list of policies that must not be implemented. If any your domain pushes any of the prohibited policies to servers such as the SBM, you must exclude the SBM from those policies.

Also verify that the standard ports used for Lync Server communications have been opened on all firewalls between the SBM and the data center.

A-50

Ready the Data Center for an SBM DeploymentCommunicate Information to the SBM Administrator

Communicate Information to the SBM Administrator

The SBM administrator will require the following information:

■ Hostname (computer name) for the SBM

The SBM’s default hostname is its serial number, which the administrator can find on the back left corner of the module’s physical hardware.

Default hostname: ______________________________

Also give the administrator the SBM’s permanent hostname, which is the name in the SBM’s domain computer account.

Permanent hostname: __________________________

Permanent FQDN: _____________________________

N o t e In this guide, hostname and computer name will refer to the same name. Fully Qualified Domain Name (FQDN) will refer to the fully-qualified name obtained by combining the hostname with the domain name. For example, the host-name (computer name) is set to HP-SBM. The domain name is example.hp.com. The FQDN is HP-SBM.example.hp.com.

■ The default username and password for the SBM’s local Administrator account

• Username = SBMAdmin• Password = P@ssw0rd

N o t e As you see, the local Administrator username has been changed for security.

■ The new password that the technician should assign to the SBM’s local Administrator account

New local administrator password: ________________

■ The credentials of the domain user in the RTCUniversalSBATechnicians group:

Username: ___________________________________

Password: ___________________________________

A-51


■ Either:

• A .pfx certificate/private key file

Certificate filename: _______________________

Private key password: ______________________

• Instructions on how the certificate should be requested: – Generate a request manually– Request a certificate automatically

Credentials for the user who requests the certificate only the CA

administrator has decided that the SBM administrator will

generate the certificate in this way:

Username: ___________________________________

Password: ___________________________________

■ Optionally, CA certificate chain file

This file is required if your domain does not use group policy objects (GPOs) to push the CA certificate to domain computers.

Filename: ___________________________________________

■ Transport protocol for the Media Gateway, either:


• TCP

This is the protocol that the gateway uses to listen for communications from the Lync solution.

■ Local listening port for the Media Gateway only if it is not standard

Non-standard listening port: ____________________________

This is the listening port that the CS Administrator defined for the PSTN gateway when adding the SBM as a survivable branch appliance. Figure A-43 shows the default ports for TCP and TLS marked with 1.

A-52


Figure A-43. SIP Ports

■ SIP transport protocol for communications from the Media Gateway to the Mediation Server:


• TCP

This is the protocol defined for the SBM’s Mediation Server in the topol-ogy.

■ Primary SIP server port only if it is not standard

Non-standard primary SIP server port: _______________________

This is the listening port defined for the SBM’s Mediation Server in the topology. Figure A-43 shows the default ports for TCP and TLS marked with 2.

B-1

B

HP SBM Security Hardening

Contents

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B-2

Security Hardening at the SBM Factory Default Settings . . . . . . . . . . . . . . B-2

USGCB Recommendations That Must Not Be Implemented . . . . . . . . . . B-11

B-2

HP SBM Security HardeningOverview

Overview

Do not use the Security Configuration Wizard to alter the HP Survivable Branch Communication zl Module (SBM) powered by Microsoft LyncTM because certain of its actions can break the SBM functionality. To protect your system, HP has already hardened the appropriate features at the factory default settings.

This appendix provides a list of the security hardening actions that HP has taken as well as of the actions that you must not take because they cause the SBM implementation to fail.

Security Hardening at the SBM Factory Default Settings

Table B-1 displays the settings that HP has configured on the SBM in order to increase its security. The first column lists the registry path for the setting, and the second column lists the setting at factory defaults. A few settings are not registry settings, so the first column lists other identifying information.

Microsoft Windows Server 2008 R2 itself applies several security hardening settings. These settings are not included in the table. Refer to Microsoft for more information.

B-3

HP SBM Security HardeningSecurity Hardening at the SBM Factory Default Settings

Table B-1. Windows 7 USGCB Recommended Settings Implemented at Factory Default Settings

Setting’s Registry Path or Policy Path Implemented USGCB Setting

Services Disable:• EapHost• FCRegSvc• fdPHost• FontCache• hidserv• hkmsvc• idsvc• KtmRm• lltdsvc• MMCSS• MSDTC• MSiSCSI• napagent• PolicyAgent• RasAuto• RasMan• SCardSvr• SCPolicySvc• seclogon• SENS• Spooler• SstpSvc• TapiSrv• TBS• THREADORDER• TrkWks• UI0Detect• W32Time• WcsPlugInService• WdiServiceHost• WdiSystemHost• Wecsvc• wercplsupport• WerSvc• WinHttpAutoProxySvc• WinRM• wmiApSrv• wudfsvc

http://www.hp.com/go/procurve/manuals


B-4


HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop!ScreenSaveActive; should be in HKU\.DEFAULT\Control Panel\Desktop!ScreenSaveActive

1

HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop!ScreenSaverIsSecure; should be in HCU\.DEFAULT\Control Panel\Desktop!ScreenSaverIsSecure

1

HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop!ScreenSaveTimeOut; should be in HKU\.DEFAULT\Control Panel\Desktop!ScreenSaveTimeOut

900

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScreenSaverGracePeriod

5

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\CredUI!EnumerateAdministrators

0

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoDriveTypeAutoRun

255

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoInternetOpenWith

1

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoOnlinePrintsWizard

1

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoPublishingWizard

1

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoWebServices

1

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!PreXPSP2ShellProtocolBehavior

0

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\WAU!Disabled

1

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!LogonType

0

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System!ReportControllerMissing

"TRUE"

HKLM\Software\Policies\Microsoft\Messenger\Client!CEIP 2

HKLM\Software\policies\Microsoft\Peernet!Disabled 1

HKLM\Software\Policies\Microsoft\SearchCompanion!DisableContentFileUpdates

1

HKLM\Software\Policies\Microsoft\Windows NT\Printers!DisableHTTPPrinting

1

HKLM\Software\Policies\Microsoft\Windows NT\Printers!DisableWebPnPDownload

1

B-5


HKLM\Software\Policies\Microsoft\Windows NT\Printers!DoNotInstallCompatibleDriverFromWindowsUpdate

1

HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxDisconnectionTime; should be in HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp!MaxDisconnectionTime

60000

HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services!MaxIdleTime; should be in HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp!MaxIdleTime

900000

HKLM\Software\Policies\Microsoft\Windows\AppCompat!DisableInventory

1

HKLM\SOFTWARE\Policies\Microsoft\Windows\Device Metadata!PreventDeviceMetadataFromNetwork

1

HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Settings!DisableSendGenericDriverNotFoundToWER

1

HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Settings!DisableSystemRestore

0

HKLM\Software\Policies\Microsoft\Windows\DriverSearching!DontPromptForWindowsUpdate

1

HKLM\Software\Policies\Microsoft\Windows\DriverSearching!DontSearchWindowsUpdate

1

HKLM\Software\Policies\Microsoft\Windows\DriverSearching!SearchOrderConfig

0

HKLM\Software\Policies\Microsoft\Windows\EventLog\Setup!MaxSize

32768

HKLM\Software\Policies\Microsoft\Windows\Explorer!NoDataExecutionPrevention

0

HKLM\Software\Policies\Microsoft\Windows\Explorer!NoHeapTerminationOnCorruption

0

HKLM\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}!NoBackgroundPolicy, HKLM\Software\Policies\Microsoft\Windows\Group Policy\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}!NoGPOListChanges

0

HKLM\Software\Policies\Microsoft\Windows\Installer!SafeForScripting

0

HKLM\Software\Policies\Microsoft\Windows\Internet Connection Wizard!ExitOnMSICW

1

B-6


HKLM\Software\Policies\Microsoft\Windows\LLTD!EnableLLTDIO, HKLM\Software\Policies\Microsoft\Windows\LLTD!AllowLLTDIOOnDomain, HKLM\Software\Policies\Microsoft\Windows\LLTD!AllowLLTDIOOnPublicNet, HKLM\Software\Policies\Microsoft\Windows\LLTD!ProhibitLLTDIOOnPrivateNet

0

HKLM\Software\Policies\Microsoft\Windows\LLTD!EnableRspndr, HKLM\Software\Policies\Microsoft\Windows\LLTD!AllowRspndrOnDomain, HKLM\Software\Policies\Microsoft\Windows\LLTD!AllowRspndrOnPublicNet, HKLM\Software\Policies\Microsoft\Windows\LLTD!ProhibitRspndrOnPrivateNet

0

HKLM\Software\Policies\Microsoft\Windows\Network Connections!NC_AllowNetBridge_NLA

0

HKLM\Software\Policies\Microsoft\Windows\Network Connections!NC_PersonalFirewallConfig

1

HKLM\Software\Policies\Microsoft\Windows\Network Connections!NC_ShowSharedAccessUI

0

HKLM\SOFTWARE\Policies\Microsoft\Windows\ScriptedDiagnosticsProvider\Policy!DisableQueryRemoteServer

1

HKLM\SOFTWARE\Policies\Microsoft\Windows\WDI\{9c5a40da-b965-4fc3-8781-88dd50a6299d}!ScenarioExecutionEnabled

0

HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!Disabled

1

HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!DontSendAdditionalData

1

HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting!LoggingDisabled

0

HKLM\Software\Policies\Microsoft\WindowsFirewall\DomainProfile!LogDroppedPackets; set in HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging!LogDroppedPackets

1

HKLM\Software\Policies\Microsoft\WindowsFirewall\DomainProfile!LogFilePath; set in HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging!LogFilePath

%windir%\system32\logfiles\firewall\domainfirewall.log

HKLM\Software\Policies\Microsoft\WindowsFirewall\DomainProfile!LogFileSize; set in HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging!LogFileSize

16384

B-7


HKLM\Software\Policies\Microsoft\WindowsFirewall\DomainProfile!LogSuccessfulConnections; set in HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging!LogSuccessfulConnections

1

HKLM\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile!LogDroppedPackets; set in HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile!LogDroppedPackets

1

HKLM\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile!LogFilePath; set in HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile!LogFilePath

%windir%\system32\logfiles\firewall\standardfirewall.log

HKLM\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile!LogFileSize; set in HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile!LogFileSize

16384

HKLM\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile!LogSuccessfulConnections; set in HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile!LogSuccessfulConnections

1

HKLM\System\CurrentControlSet\Control\FileSystem\NtfsDisable8dot3NameCreation

1

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SafeDllSearchMode

1

HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\WarningLevel

90

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DisableIPSourceRouting

2

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\EnableICMPRedirect

0

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\KeepAliveTime

300000

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\PerformRouterDiscovery

0

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxDataRetransmissions

3

HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\DisableIPSourceRouting

2

HKLM\System\CurrentControlSet\Services\Tcpip6\Parameters\TcpMaxDataRetransmissions

3

B-8


Policy path (no registry setting):

Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policy

Account lockout duration = 15 minutesAccount lockout threshold = 5 invalid attempts

Reset lockout counter after = 15 minutes


Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy

Enforce password history = 24 passwords remembered

Maximum password age = 60 days


Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

Account• Rename administrator

account = SBMAdmin• Rename guest

account = Renamed_Guest

Policy path (no registry setting):Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

Network securityForce logoff when logon hours expire = Enabled


Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment

Deny access to this computer from the network = GuestsDeny log on as a batch job = GuestsDeny log on locally = GuestsDeny log on through Remote Desktop Services = Guests

Increase a process working set = Administrators, Local Services

The remaining settings have a related registry path but are generally configured in this local security policy: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options. In addition to the registry setting, the left column also displays the related parameter in this policy.

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateCDRoms

Policy setting: Devices: Restrict CD-ROM access to locally logged-on user only

Disabled

B-9


HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateDASDPolicy setting: Devices: Allowed to format and eject removable media

Administrators and Interactive Users (only Administrators for the SBM)

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AllocateFloppies

Policy setting: Devices: Restrict floppy access to locally logged-on user only

Disabled

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount

Policy setting: Interactive logon: Number of previous logons to cache (in case domain controller is not available)

2

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PasswordExpiryWarning

Policy setting: Interactive logon: Prompt user to change password before expiration

14 days

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ScRemoveOption

Policy setting: Interactive logon: Smart card removal behavior

Lock Workstation

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\DontDisplayLastUserName

Policy setting: Interactive logon: Do not display last user name

Enabled

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Kerberos\Parameters\SupportedEncryptionTypes

Policy setting: Network Security: Configure encryption types allowed for Kerberos

Enabled: RC4_HMAC_MD5 AES128_HMAC_SHA1 AES256_HMAC_SHA1 Future Encryption Types

HKLM\System\CurrentControlSet\Control\Lsa\LmCompatibilityLevel

Policy setting:

Network security: LAN Manager authentication level

Send NTLMv2 Response only. Refuse LM and NTLM

set as part of local security policy; HKLM\System\CurrentControlSet\Control\Lsa\MSV1_0\allownullsessionfallbackPolicy setting:

Network security: Allow LocalSystem NULL session fallback

Disabled

B-10


HKLM\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinClientSecPolicy setting:

Network security: Minimum session security for NTLM SSP based (including secure RPC) clients

Require NTLMv2 session security, Require 128 bit encryption

HKLM\System\CurrentControlSet\Control\Lsa\MSV1_0\NTLMMinServerSec

Policy setting: Network security: Minimum session security for NTLM SSP based (including secure RPC) servers

Require NTLMv2 session security, Require 128 bit encryption

HKLM\System\CurrentControlSet\Control\Lsa\pku2u\AllowOnlineID

Policy setting:

Network Security: Allow PKU2U authentication requests to the computer to use online identities

Disabled

HKLM\System\CurrentControlSet\Control\Lsa\RestrictAnonymousPolicy setting:

Network access: Do not allow anonymous enumeration of SAM accounts and shares

Enabled

HKLM\System\CurrentControlSet\Control\Lsa\UseMachineIdPolicy setting:

Network security: Allow Local System to use computer identity for NTLM

Enabled

HKLM\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature

Policy setting: Microsoft network server: Digitally sign communications (if client agrees)

Enabled

HKLM\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature

Policy setting:

Microsoft network server: Digitally sign communications (always)

Enabled

HKLM\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecuritySignature

Policy setting:

Microsoft network client: Digitally sign communications (always)

Enabled

B-11

HP SBM Security HardeningUSGCB Recommendations That Must Not Be Implemented

Table B-2 displays the rules that HP has added to the SBM’s firewall.

Table B-2. Firewall Rules Added by HP at Factory Default Settings

USGCB Recommendations That Must Not Be Implemented

There are several settings recommended by USGCB that you must not imple-ment because they will interfere with the installation process or cause the SBM to malfunction.

Table B-3 displays the recommended settings that must not be implemented. The correct setting is configured by default unless a domain policy changes it when the SBM joins the domain. Therefore, you should check your domain

Rule Name Rule

CS TCP444 dir=in,action=allow,localip=any,remoteip=any,protocol=any,profile=any,enable=yes

CS rtcmedsrv dir=in,action=allow,program="%PROGRAMFILES%\Microsoft Communications Server 2010\Mediation Server\MediationServerSvc.exe",service=RTCMEDSRV,localip=any,localport=any,remoteip=any,remoteport=any,protocol=TCP,profile=any,enable=yes

CS rtcsrv dir=in,action=allow,program="%PROGRAMFILES%\Microsoft Communications Server 2010\Server\Core\RTCSrv.exe",service=RTCSrv,localip=any,localport=any,remoteip=any,remoteport=any,protocol=TCP,profile=any,enable=yes

CS MSSQL dir=in,action=allow,program="%PROGRAMFILES%\Microsoft SQL Server\MSSQL10.RTCLOCAL\MSSQL\Binn\sqlservr.exe",service="MSSQL$RTCLOCAL",localip=any,localport=any,remoteip=any,remoteport=any,protocol=TCP,profile=any,enable=yes

Outbound444 dir=out,action=allow,localip=any,remoteip=any,protocol=any,profile=any,enable=yes

PSTN Gateway TCP dir=in,action=block,localip=any,localport=5081,remoteip=any,remoteport=any,protocol=TCP,profile=any,enable=yes

PSTN Gateway TLS dir=in,action=block,localip=any,localport=5082,remoteip=any,remoteport=any,protocol=TCP,profile=any,enable=yes


B-12


policies for the settings shown in the table, and disable those policies for the SBM.

The first column generally lists the registry path for the setting. A few settings are not registry settings, so the first column lists other identifying information.

Table B-3. Settings that Must Not be Implemented

Setting’s Registry Path or Policy Path Windows 7 USGCB Recommended Setting

Services Disable SQL Browser

Services Disable SQL Writer

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!DisableLocalMachineRunOnce

Enabled

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer!NoAutorun

Enabled: Do not execute any autorun commands

HKLM\Software\Policies\Microsoft\Windows NT\Rpc!EnableAuthEpResolution

1

HKLM\Software\Policies\Microsoft\Windows NT\Rpc!RestrictRemoteClients

1

HKLM\Software\Policies\Microsoft\Windows\DeviceInstall\Settings!AllowRemoteRPC

0

HKLM\Software\Policies\Microsoft\WindowsFirewall\DomainProfile!DisableUnicastResponsesToMulticastBroadcast; set in HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile!DisableUnicastResponsesToMulticastBroadcast

0

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

Accounts: Administrator account status = Disabled


Access this computer from the network = Administrators, Backup Operators


Impersonate a client after authentication = Administrators, SERVICE, Local Service, and Network Service


Replace a process level token = Network Service, Local Service

B-13


The remaining settings have a related registry path but are generally configured in this local security policy: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.

In addition to the registry setting, the left column also displays the related parameter in this policy.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeCaptionPolicy setting:Interactive logon: Message title for users attempting to logon

WARNING

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\LegalNoticeText

Policy setting:Interactive logon: Message text for users attempting to logon

This system is for the use of authorized users only. Individuals using this computer system without authority or in excess of their authority are subject to having all their activities on this system monitored and recorded by system personnel. Anyone using this system expressly consents to such monitoring and is advised that if such monitoring reveals possible evidence of criminal activity system personal may provide the evidence of such monitoring to law enforcement officials.

HKLM\System\CurrentControlSet\Control\Lsa\DisableDomainCreds

Policy setting:Network access: Do not allow storage of passwords and credentials for network authentication

Enabled

HKLM\System\CurrentControlSet\Control\Lsa\FIPSAlgorithmPolicy

Policy setting:System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing

Enabled

HKLM\System\CurrentControlSet\Control\Lsa\SCENoApplyLegacyAuditPolicy

Policy setting:Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings

Enabled

B-14


Table B-4 displays settings that might cause problems if they are implemented. You should carefully consider whether to implement these policies or not.

Table B-4. Settings that Might Cause Issues

HKLM\System\CurrentControlSet\Services\LanManServer\Parameters\SMBServerNameHardeningLevelPolicy setting:Microsoft network server: Server SPN target name validation level

Accept if provided by client

Setting’s Registry Path or Policy Path Windows 7 USGCB Recommended Setting

Possible Issue

Policy Path:


Profile system performance = Administrators,NT SERVICE\WdiServiceHost

A known Windows issue causes the WdiServiceHost to be written incorrectly. Refer to: http://support.microsoft.com/kb/2000705.

Policy Path:

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security OptionsRegistry Path:

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ShutdownWithoutLogon

Shutdown: Allow system to be shut down without having to log on = Enabled

This setting affects how you initiate a soft shutdown of the SBM using its front panel power button:• When this setting

is disabled, you must tap the module power button two or three times and then wait about one minute.

• When this setting is enabled, you can simply tap the power button once and wait about one minute.

C-1

C

Command-Line Reference

Contents

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-4

Command Syntax Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-5

CLI Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-5

List Available Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-5

List Options for a Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-6

Command Completion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-6

Displaying Help for a Command . . . . . . . . . . . . . . . . . . . . . . . . . . . C-6

Operator Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-7

SBM Index and Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-7

exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-9

page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-9

show firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-9

show interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-9

show ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-10

show remote-desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-10

show tech . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-10

show version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-11

Manager EXEC Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-11

SBM Index and Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-11

end . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-13

exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-13

page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-13

ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-14

reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-14

reload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-14

show firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-14

show interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-14

C-2

Command-Line ReferenceContents

show ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-15


show tech . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-15

show version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-15

shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-16

windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-16

Windows Administration Context . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-17

end . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-17

exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-17

firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-17

hostname . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-17

interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-18

page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-18

ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-18

reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-18

reload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-19

remote-desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-19

show firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-19


show ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-19


show tech . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-20

show version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-20

shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-21

Interface Configuration Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-21

disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-21

enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-21

ip address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-21

ip default-gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-22

ip dns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-22

interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-22

end . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-23

exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-23

page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-23

reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-23

C-3

Command-Line ReferenceContents

reload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-23

show firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-24


show ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-24


show tech . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-25

show version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-25

shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-25

Services OS Operator Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . C-26

exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-27

page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-27

ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-27

show assigned-mac-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-27

show chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-28

show images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-28

show ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-28

show logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-28

show temperature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-28

show version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-29

Services OS Manager Context Commands . . . . . . . . . . . . . . . . . . . . . . . . . C-30

boot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-31

device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-31

exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-32

ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-32

page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-32

ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-32

show assigned-mac-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-33

show chassis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-33

show images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-33

show ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-33

show logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-33

show temperature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-34

show version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-34

C-4

Command-Line ReferenceOverview

Overview

This chapter describes the commands provided by the command line interface (CLI) for the HP Survivable Branch Communication zl Module (SBM) powered by Microsoft LyncTM.

This CLI is intended for basic monitoring and initial IP configuration. Most management and configuration should be performed using the Setup Wizard, Dashboard, and Remote Desktop as described in previous chapters of the guide.

The SBM CLI is context-based; different commands are available from differ-ent contexts. When you are managing the SBM and you try to use a command that is not supported from the current context, you will receive an error message.

The following sections introduce groups of commands that are available from various CLI contexts.

Depending on your level of access in the host HP zl switch (operator or manager), you access the SBM operator or Manager EXEC context. From the Manager EXEC context, you can access the Windows administration context, and from the Window administration context, you can access interface con-texts.

Table C-1. CLI Context Command Groups

Note that the module includes a Services OS and a ONE-App OS, each of which has its own CLI. This commands for the Service OS are included at the end of this chapter.

Command Group Description Prompt (if module is in slots A and C) Page

Operator A limited number of read-only commands hostzlswitch(hp-sbm-branch-C)> page C-7

Manager EXEC The commands available before logging in to the Windows OS

hostzlswitch(hp-sbm-branch-C)# page C-11

Windows administration

The commands available after logging in to the Windows OS

hostzlswitch(hp-sbm-branch-C:win)# page C-17

Interface The commands available from the configuration context for a specific internal interface (Ethernet port)

hostzlswitch(hp-sbm-branch-C:eth-1)#hostzlswitch(hp-sbm-branch-C:eth-2)#hostzlswitch(hp-sbm-branch-C:mgmt)#

page C-21

C-5


Table C-2. ServicesOS CLI Context Command Groups

Command Syntax Statements

Syntax: ip <dhcp | <IP address> <subnet mask> >

Syntax: ip default-gateway <gateway IP address> [metric]

Syntax: services <slot ID> name <services name>

Vertical bars ( | ) separate alternative, mutually exclusive elements.

Square brackets ( [ ] ) indicate optional elements.

Braces ( < > ) enclose required elements.

Angle brackets within square brackets ( [ < > ] ) indicate a required element within an optional choice.

Angle brackets within angle brackets ( < < > > ) indicate a required element within a required choice.

All italics indicate variables for which you must supply a value when execut-ing the command.

Some commands also include keywords, which are indicated in the command type. For example, name is a keyword for the services command.

CLI Help

Like the CLI for HP switches, the SBM CLI provides help that displays command syntax, including explanations of commands and command options.

List Available Commands

The CLI help provides several ways to display the options available in a particular context.:

■ ?

Command Group Description Prompt (if module is in slots A and C) Page

Operator A limited number of read-only commands hostzlswitch(svcs-mod-C)> page C-26

Manager A few commands for troubleshooting the module and installing software

hostzlswitch(svcs-mod-C)# page C-30

C-6


■ Tab key

For example, to view the commands available at the SBM manager context, you could type one of the following:

hostzlswitch(hp-sbm-branch-<slot ID>)# ?

or

hostzlswitch(hp-sbm-branch-<slot ID>)# [tab]

A list of commands available in the manager context would be displayed.

List Options for a Command

You can also use the ? to view the options for a particular command. For example, you might enter:

hostzlswitch(hp-sbm-branch-<slot ID>)# show ?

Command Completion

You can also use the Tab key to complete the current word in a command. To do so, type one or more consecutive characters in a command and then press [Tab] (with no spaces allowed).

Displaying Help for a Command

You can display a list of help summaries for a particular command by typing:

hostzlswitch(hp-sbm-branch-<slot ID>)# <command> help

C-7

Command-Line ReferenceOperator Context Commands

Operator Context Commands

The Operator context features a limited number of commands that allow you to see information about the SBM.

To access the Operator context, access the operator context of the CLI of the HP zl switch in which the SBM is installed. Then enter the following command:

SBM Index and Name

To enter the CLI for the SBM’s ONE-App OS, you must either specify the module’s product name or index number. The product name for the SBM is always hp-sbm-branch.

The product index number is assigned to the SBM by the HP zl switch. This index number varies, depending on whether or not any HP ONE Services zl Modules are also installed in the host switch. The ONE Services zl Module is a hardware platform that supports multiple products. (For a list of other products that run on the ONE Services zl Module, visit the HP Web site at www.hp.com/go/procurve.)

If there are no other types of ONE Services zl Modules installed in the switch, the host switch assigns the SBM the index number 2.

If other types of ONE Services zl Modules are also installed in the switch, the host switch assigns the SBM and each ONE Services zl product a different index number, based on the order in which each one boots. For example, if you install the SBM and boot it first, the host HP zl switch assigns it the index number 2. However, if you install another ONE Services zl Module first and boot it, the host switch will assign the product running on that module the index number 2. If the SBM is installed next and booted, the HP zl switch will assign it the index number 3.

Syntax: services <slot ID> < <index> | name hp-sbm-branch >

Moves you to an OS context on the module.

Replace <slot ID> with the letter for the lower chassis slot

in which the module is installed.

Replace <index> with the index assigned to the SBM. If

you do not know this index, see the section below.

C-8


To view the index numbers, names, and their associated chassis slots, enter the following command from the HP zl switch’s CLI:

hostzlswitch> show services

Table C-3 shows an example output for this command. In this example, the host HP zl switch has assigned the SBM the index number 2.

Table C-3. CLI Display of Services

To access the manager context for the ONE-App OS on the SBM installed in slots A and C, you would one of the following commands:

hostzlswitch> services c 2

hostzlswitch> services c name hp-sbm-branch

Table C-4 provides an example of a host switch that is running:

■ DCM on a ONE Services zl Module

■ SBM

On this host switch, DCM was installed and booted first, so the host switch assigned it index number 2. It then assigned the SBM index number 3.


For example, if you want to enter the Manager EXEC context for the SBM’s ONE App OS, enter one of the following commands:

hostzlswitch> services c 3

hostzlswitch> services c name hp-sbm-branch

To verify your location in the CLI, check the prompt. It is hostzlswitch(hp-sbm-branch<slot ID>)>.

Slot Index Description Name

C 1. Services zl Module services-module

C 2. Survivable Branch Module—Microsoft hp-sbm-branch


C,D 1. Services zl Module services-module

D 2. Data Center Connection Manager dcm


C-9


The following sections describe commands that are available from the Oper-ator context of the SBM’s ONE-App OS.

exit

The exit command moves you back one context level. In the manager EXEC context level, this command returns you to the HP zl switch CLI.

Syntax: exit

This command is available from all contexts.

page

This command enables and disables page mode. In page mode, the terminal output will pause when it fills the screen and wait for a keystroke such as [Spacebar] or [Ctrl][C].


Syntax: [no] page

show firewall

This command displays the status of the Windows firewall, whether on or off.

Syntax: show firewall


show interfaces

This commands shows the three SBM interfaces and whether they are enabled or not:

■ Internal Ethernet Port 1


■ Management port

Syntax: show interfaces


C-10


show ip

This command shows IP information for the three SBM interfaces:



■ Management Port

The IP information includes the interface’s DHCP setting and status, as well as the interface’s IP address, subnet mask, default gateway, gateway metric, DNS servers, and WINS servers. The command also outputs the SBM’s host-name.

N o t e The Management port is not functional for beta implementations.

Syntax: show ip


show remote-desktop

This command displays the status of the Remote Desktop, whether enabled or disabled. When enabled, you can access the SBM via Remote Desktop Protocol (RDP) and manage the device much like any Windows Server 2008 R2.

Syntax: show remote-desktop


show tech

This command outputs all available system information, including the running configuration and logs. The command might take several minutes to execute. (You can cancel it by pressing [Ctrl][C].)

Syntax: show tech


C-11

Command-Line ReferenceManager EXEC Context Commands

show version

This command displays the version of the SBM’s ONE-App software. This will include a version identifier for the HP software, the media gateway version, and the Microsoft Lync Server version.

Syntax: show version


Manager EXEC Context Commands

The Manager EXEC context features a limited number of commands that allow you to see information about the SBM or to restart or shutdown the SBM.

To access the Manager EXEC context, enter the manager context of the CLI of the HP zl switch in which the SBM is installed. Then enter the following command:

SBM Index and Name

To enter the CLI for the SBM’s ONE-App OS, you must either specify the module’s product name or index number. The product name for the SBM is always hp-sbm-branch.

The product index number is assigned to the SBM by the HP zl switch. This index number varies, depending on whether or not any HP ONE Services zl Modules are also installed in the host switch. The ONE Services zl Module is a hardware platform that supports multiple products. (For a list of other products that run on the ONE Services zl Module, visit the HP Web site at www.hp.com/go/procurve.)

Syntax: services <slot ID> < <index> | name hp-sbm-branch >


Replace <slot ID> with the letter for the lower chassis slot

in which the module is installed.

Replace <index> with the index assigned to the SBM. If

you do not know this index, see the section below.

C-12


If there are no other types of ONE Services zl Modules installed in the switch, the host switch assigns the SBM the index number 2.

If other types of ONE Services zl Modules are also installed in the switch, the host switch assigns the SBM and each ONE Services zl product a different index number, based on the order in which each one boots. For example, if you install the SBM and boot it first, the host HP zl switch assigns it the index number 2. However, if you install another ONE Services zl Module first and boot it, the host switch will assign the product running on that module the index number 2. If the SBM is installed next and booted, the HP zl switch will assign it the index number 3.

To view the index numbers, names, and their associated chassis slots, enter the following command from the HP zl switch’s CLI:

hostzlswitch> show services

Table C-5 shows an example output for this command. In this example, the host HP zl switch has assigned the SBM the index number 2.


To access the manager context for the ONE-App OS on the SBM installed in slots A and C, you would one of the following commands:


hostzlswitch# services c name hp-sbm-branch

Table C-6 provides an example of a host switch that is running:

■ DCM on a ONE Services zl Module

■ SBM

On this host switch, DCM was installed and booted first, so the host switch assigned it index number 2. It then assigned the SBM index number 3.


C 1. Services zl Module services-module


C-13



For example, if you want to enter the Manager EXEC context for the SBM’s ONE App OS, enter one of the following commands:


hostzlswitch# services c name hp-sbm-branch

To verify your location in the CLI, check the prompt. It is hostzlswitch(hp-sbm-branch<slot ID>)#.

The following sections describe commands that are available from the Man-ager EXEC context of the SBM’s ONE-App OS.

end

To return to the manager context, enter end. The end command moves you back to the manager context, regardless of the context from which you enter the command.

Syntax: end


exit

The exit command moves you back one context level. In the manager EXEC context level, this command returns you to the HP zl switch CLI.

Syntax: exit


page



C,D 1. Services zl Module services-module

D 2. Data Center Connection Manager dcm


C-14



Syntax: [no] page

ping

This command sends an ICMP echo packet to the specified IP address. You can use it to test IP connectivity.

Syntax: ping <IP address>

reboot

This command powers down the SBM and reboots it.

Syntax: reboot

reload

This command reloads the SBM.

Syntax: reload

show firewall




show interfaces




■ Management port



C-15


show ip




■ Management Port


Syntax: show ip


show remote-desktop




show tech


Syntax: show tech


show version



C-16



shutdown

This command shuts down the SBM gracefully. You will be exited to the host HP zl switch CLI. (To restart the SBM, you can enter services <slot ID> reload.)

Syntax: shutdown

windows

This commands moves you to the Windows administration context, which enables you to modify a few settings on the Windows system.

Syntax: windows <username>

You must log in to the Windows OS to move to this context; replace username with the name of a local Administrator for the SBM. (Currently, you cannot authenticate a a domain user with administration access; you must use a local Administrator account.)

If this command is being entered for the first time, you are prompted to change the password. (The default password is P@ssw0rd; note that a is replaced by @ and o by the digit 0.)

C-17

Command-Line ReferenceWindows Administration Context

Windows Administration Context

From the Windows administration context, you can make configurations to set up the SBM to be accessed in other ways. The same commands available from the Manager EXEC mode are also available.

The following sections describe commands available from the Windows administration context.

end


Syntax: end


exit

The exit command moves you back one context level. In the Windows admin-istration context level, this command returns you to the Manager EXEC context.

Syntax: exit


firewall

This command enables and disables (no) the Windows firewall.

Syntax: [no] firewall

hostname

This command sets the hostname (computer name) for the SBM. You cannot enter this command after the SBM has been joined to the domain.

Syntax: hostname <string>

C-18


interface

This command moves you to an interface configuration context.

Syntax: interface <1 | 2 | management>

Type 1 to configure the Internal Ethernet Port 1 (corresponds with the <slot-ID>1 port in the HP zl switch CLI).


Type management to configure the Management port on the front panel of the SBM.

N o t e The Management port is not functional for beta implementations.

page

This command enables and disables page mode. In page mode, the terminal output will pause when it fills the screen and wait for a keystroke such as space or [Ctrl][C].


Syntax: [no] page

ping

This command sends an ICMP echo packet to the specified IP address. You can use it to test IP connectivity.

Syntax: ping <IP address>

reboot


Syntax: reboot

C-19


reload


Syntax: reload

remote-desktop

Enables or disables (no) access to the SBM via Remote Desktop Protocol (RDP).

Syntax: [no] remote-desktop

show firewall




show interfaces




■ Management port



show ip




■ Management Port

C-20



Syntax: show ip


show remote-desktop




show tech


Syntax: show tech


show version




C-21

Command-Line ReferenceInterface Configuration Mode

shutdown


Syntax: shutdown

Interface Configuration Mode

This section describes the commands that are available from the interface configuration mode. Several general commands are available, as well as commands specific to the interface, whether Internal Ethernet Port 1, Internal Ethernet Port 2, or the Management Port. The commands are the same for each interface.

disable

This command disables the interface.

Syntax: disable

enable

This command enables the interface.

Syntax: enable

ip address

This command sets the IP address for the interface.

Syntax: ip address <dhcp | <IP address> <subnet mask> >

You can either enter ip dhcp to have the interface obtain a dynamic IP address, or you can specify a static IP address such as 10.1.1.30 255.255.255.0.

C-22


ip default-gateway

This command sets the default gateway for an interface with a static IP address.

Syntax: ip default-gateway <gateway IP address> [metric]

Replace <gateway IP address> with the IP address of the router or routing switch on this interface’s subnet. You can optionally specify a value for the metric. The lower the metric, the higher the priority of the default route on this interface.

For example:

hostzlswitch(hp-sbm-branch:eth-2)# ip default-gateway 10.1.1.1 10

ip dns

This command speechifies the IP address of the DNS server for the interface.

Syntax: ip dns server-address priority [1 | 2] <DNS IP address>

Select 1 or 2, 1 being the primary DNS server and 2, the secondary DNS server. Replace <DNS IP address> with the IP address of the primary DNS server.

interface

This command moves you to an interface configuration context.

Syntax: interface <1 | 2 | management>



Type management to configure the Management port on the front panel of the SBM.

C-23


end


Syntax: end


exit

The exit command moves you back one context level. Here, it returns you to the Windows administration context.

Syntax: exit


page


Syntax: [no] page


reboot


Syntax: reboot

reload


Syntax: reload

C-24


show firewall




show interfaces




■ Management port



show ip




■ Management Port


Syntax: show ip


C-25


show remote-desktop




show tech


Syntax: show tech


show version




shutdown


Syntax: shutdown

C-26

Command-Line ReferenceServices OS Operator Context Commands

Services OS Operator Context Commands

The Services OS operator context allows restricted access to some trouble-shooting commands on the Services OS of the module.

To access this context, enter the following command from the host switch’s operator-level context:

For example, if you want to enter the Services OS for the SBM in slots A and C, enter one of the following commands:

hostswitch> services c 1

hostswitch> services c name svcs-mod

To verify your location in the CLI, check the prompt. In the Services OS operator context, the prompt is one of the following:

■ hostzlswitch(svcs-mod-<slot ID>:SvcOS)>

This is the prompt that is displayed if you have entered the Services OS CLI and the Services OS is booted.

■ hostzlswitch(svcs-mod-<slot ID>:App)>

This is the prompt that is displayed if you have entered the Services OS CLI and the ONE-App OS is booted.

The commands in this section are the Services OS operator CLI commands with the Services OS booted.

Syntax: services <slot ID> < 1 | name svcs-mod >


Replace <slot ID> with the letter for the lower chassis slot in

which the module is installed. The Services OS context is

always assigned index number 1.

C-27


exit

The exit command moves you back to the host HP zl switch CLI.

Syntax: exit


page


Syntax: [no] page

ping

Use this command to send an ICMP echo to a specified destination.

Syntax: ping < IP address >

Replace <IP address> with the IP address of the ping destination.

For example:

ProCurve(services-module-<slot ID>)> ping 10.1.1.1

When you send ICMP echoes, the module displays the ping statistics to describe the types of responses the router receives.

show assigned-mac-address

This command shows the MAC addresses assigned to the SBM’s two internal ports by the HP zl switch.

Syntax: show assigned-mac-address

You will primarily be interested in the MAC address for E2 (Internal Ethernet Port 2) because this is the interface that your SBM will use to communicate with rest of the network.

C-28


show chassis

This command shows the chassis slot in which the module resides.

Syntax: show chassis

show images

This command shows the images in the images repository.

Syntax: show images [details]

show ip

This command shows the IP settings of the module Services OS (IP address and default gateway).

Syntax: show ip

show logging

This command shows all of the logging information. You can view the follow-ing locally logged events.

To view the locally logged events, enter the following command:

Syntax: show logging [-a] [-r] [-d] [option string]

The log will be displayed with the most recent last, unless you specify otherwise. An explanation of the optional choices is listed below:

■ -a—show all log events (including events from previous boot cycles)

■ -r—show log events in reverse order (most recent first)

■ -d—show all log events of debug level or higher

■ option string—filters the log events

show temperature

This command shows the temperature of the blade in degrees Celsius.

Syntax: show temperature

C-29


show version

This command shows the software version for the ONE-App, the Services OS, and the Backup Services OS.

Syntax: show version [details]

C-30

Command-Line ReferenceServices OS Manager Context Commands

Services OS Manager Context Commands

The Services OS manager context allows restricted access to the Services OS of the module, providing only a limited number of commands. From this mode, you can download and install software. CLI access to the Services OS is designed primarily for blade maintenance, not for configuring the module.

The Services OS context is used to complete basic setup and maintenance tasks. To access this context, enter the following command from the switch’s manager-level or global configuration context:

For example, if you want to enter the Services OS for the SBM in slots A and C, enter one of the following commands:

hostswitch# services c 1

hostswitch# services c name scvs-mod

To verify your location in the CLI, check the prompt. In the Services OS manager context, the prompt is one of the following:

■ hostzlswitch(scvs-mod-<slot ID>:SvcOS)#

This is the prompt that is displayed if you have entered the Services OS CLI and the Services OS is booted.

■ hostzlswitch(scvs-mod-<slot ID>:App)#

This is the prompt that is displayed if you have entered the Services OS CLI and the ONE-App OS is booted.

The commands in this section are the Services OS CLI manager commands with the Services OS booted.

(Until the module is booted in the Services OS, you can access a limited set of commands, including boot, exit, and some show commands.)

Syntax: services <slot ID> < 1 | name scvs-mod>


Replace <slot ID> with the letter for the lower chassis slot in

which the module is installed.

The Services OS context is always assigned index number 1.

C-31


The sections below describe commands that you can use to view settings and boot to the ONE-app software.

The Services OS also provides the following commands, which you must not use unless so directed by an HP networking support agent:

■ delete

■ download

■ install

■ sdk

■ sync

■ uninstall

■ update

■ usb

boot

This command allows you to boot the module’s different operating systems. You can boot the Services OS or the ONE-App OS.

To boot an OS, enter the following command:

Syntax: boot [ ServiceOS | One-app]

The module will tell you that you are changing operating systems and that the module will reboot. You will be prompted to continue.

If you do not select an OS, the module will simple be rebooted in the current OS.

device

This command enables or disables the USB slot or the shutdown button on the front panel of the SBM.

Syntax: [no] device <USB | shutdown>

You can also enter the command without any options to see the current status of the USB slot and shutdown button.

Syntax: device

C-32


exit

The exit command moves you back to the host HP zl switch CLI.

Syntax: exit


ip

This is the only configuration command available from the Services OS manager context. It allows you to configure an IP address and default gateway on the Services OS so that the module can communicate with an FTP server.

To configure the module’s IP address, enter the following command:

Syntax: [no] ip < dhcp | address <module IP address/prefix length>>

Use the dhcp option to configure the module to receive a dynamic IP address.

Replace <module IP address/prefix length> with the module’s IP address and the prefix length for the subnet.

To configure the module’s default gateway, enter the following command:

Syntax: [no] ip default-gateway <gateway IP address> >

Replace <gateway IP address> with the IP address the module’s default gateway.

page


Syntax: [no] page

ping

Use this command to send an ICMP echo to a specified destination.

Syntax: ping < IP address >

Replace <IP address> with the IP address of the ping destination.

C-33


For example:

ProCurve(services-module-<slot ID>)> ping 10.1.1.1

When you send ICMP echoes, the module displays the ping statistics to describe the types of responses the router receives.

show assigned-mac-address

This command shows the MAC addresses assigned to the SBM’s two internal ports by the HP zl switch.

Syntax: show assigned-mac-address

You will primarily be interested in the MAC address for E2 (Internal Ethernet Port 2) because this is the interface that your SBM will use to communicate with rest of the network.

show chassis

This command shows the chassis slot in which the module resides.

Syntax: show chassis

show images

This command shows the images in the images repository.

Syntax: show images [details]

show ip

This command shows the IP settings of the module Services OS (IP address and default gateway).

Syntax: show ip

show logging

This command shows all of the logging information. You can view the follow-ing locally logged events.

To view the locally logged events, enter the following command:

Syntax: show logging [-a] [-r] [-d] [option string]

C-34


The log will be displayed with the most recent last, unless you specify otherwise. An explanation of the optional choices is listed below:

■ -a—show all log events (including events from previous boot cycles)

■ -r—show log events in reverse order (most recent first)

■ -d—show all log events of debug level or higher

■ option string—filters the log events

show temperature

This command shows the temperature of the blade in degrees Celsius.

Syntax: show temperature

show version

This command shows the software version for the ONE-App, the Services OS, and the Backup Services OS.

Syntax: show version [details]

Index – 1

IndexAalarms … 3-14, 6-7, 6-8

Bbackup and restore … 3-23branch site … A-21browsers (supported) … 2-3

Ccable

establish PSTN connection … 2-59pinout for loopback … 6-10

call logging … 2-70, 3-15certificates … 2-32

assign existing … 2-44import certificate chain … 2-32import existing … 2-42, A-46install from Dashboard … 3-9options … 2-33request automatically … 2-34request manually … 2-37requirements for certificate … A-47requirements for private key/certificate … 2-42requirements for request … 2-35update … 3-9

change SBM name … 3-33channel status … 2-59, 3-14CLI commands … C-1clock

HP zl switch … 2-13PSTN line … 2-59, 6-8, 6-11, 6-17

control panel (Lync server) … 4-2, A-30credentials

certificate installation … 1-5, 2-35, A-48default local administrator … 1-4domain join … 1-4, 2-16SBM management … 3-3

CS health monitoring pool … 2-72, A-20, A-45

Ddashboard … 3-3

access … 3-3

configure PSTN … 3-10, 3-11manage services … 3-7monitor replication status … 3-6reboot the SBM … 3-5refresh … 3-4shut down the SBM … 3-5update certificates … 3-9view system logs … 3-5view users … 3-7

digital certificatesSee certificates

digital line troubleshooting … 6-3determine interface ID … 6-3implement loopback … 6-9

local … 6-9remote … 6-18

view alarms … 6-7view line status … 6-22

DNS serverrequired for WAN failover … 6-30set … 2-9, 2-11

domainjoin … 2-16troubleshoot failed join … 2-19

domain groupadd the SBM to the Lync topology … 2-28join the SBM to the domain … 2-19manage the SBM … 2-25

drivers … 2-64update … 5-5

EE1

configure settings … 2-48, 3-10connect cables … 2-59find interface ID … 6-3troubleshoot … 6-3

echo cancellationconfigure … 2-61disable … 2-61, 6-14first port necessary for … 2-59

encryption (PSTN calls)configure … 2-52effect on PSTN test call … 2-52, 2-65

Ethernet interfaces (internal) … 2-8

2 – Index

Ffactory default settings restoration … 3-29failed login … 2-20failover

behavior in WAN failure … 1-2Media Gateway … 2-53services required for WAN link failover … 6-30

Firefox, supported versions … 2-3Front-End Server

definition … 2-76SBM … 1-2start and stop … 3-8troubleshoot … 2-42, 2-70

Fully Qualified Domain Name (FQDN) … 1-4certificate requirements for … 2-38PSTN gateway … 1-7

FXO/FXS … 2-48, 2-49, 3-10

Ggroup

See domain group

Hhealth monitoring pool … 3-16, A-3, A-4, A-20hostname … 1-4

SBM default … 1-3set … 2-16

hotfixes … 5-4

IIntel MIBs … 4-3interfaces

internal Ethernet interface 1 … 2-8internal Ethernet interface 2 … 2-8management interface … 2-9

Internet Explorer, supported versions … 2-3IP address

set manually … 2-9set with DHCP … 2-9

Jjoin domain … 2-16

Llocal administrator

default credentials … 1-4domain groups … 3-3

loopbackcabling for … 6-10local … 6-9overview … 6-9remote … 6-18

Lync ServerFront-End Server

definition … 2-76troubleshoot … 2-42, 2-70

Mediation Serverbackup … 2-53definition … 2-76troubleshoot … 2-70

Replica Agent … 2-70, 3-6Lync Server certificates

See certificates … 2-32Lync Server Control Panel … 4-2, A-30Lync Server Management Shell … 4-2

enable topology … 2-28run from Dashboard … 3-22

Lync Server toolsControl Panel … A-30Management Shell … 3-22Topology Builder … 3-34, 4-2, A-21

Lync Server Topology Builder … 4-2add SBM … A-21remove SBM … 3-34

Lync test callplace … 2-70requirements for … 2-71, 2-72

Lync usersadd to SBM pool … A-20, A-37maximum supported … 1-2

Mmanagement connection

restore … 6-28management port … 2-9Management Shell (Lync Server) … 3-22management users

default credentials … 1-4domain groups … 3-3

Media Bypass

Index – 3

recommendations … A-20setup … A-43

Media Gateway … 1-2configure … 2-47find MIBs … 4-4start and stop … 2-57, 3-8troubleshoot … 2-64view logs … 2-64view status … 2-57, 3-7

Mediation Serverbackup … 2-53definition … 2-76SBM … 1-2troubleshoot … 2-70

MIBs … 4-3Intel NIC … 4-3Media Gateway … 4-4Microsoft/Windows OS … 4-3

Microsoft Operations Monitor Agent … 4-2monitor and manage SBM … 3-3

dashboard … 3-3Remote Desktop Protocol (RDP) … 3-9services tech command … 3-9

Nname

change SBM name … 3-33default … 1-3set … 2-16

network settings … 2-8advanced … 2-11basic … 2-9RDP configuration … 2-11Setup Wizard configuration … 2-3

OOpenView agent … 4-2

Ppassword (default) … 1-4patches … 5-4pinout for loopback … 6-10pool

add users to SBM … A-4create Health Monitoring pool for test calls … 2-70

port See E1 See Ethernet interface See FXS/FXO See T1See management port

prerequisites … 2-24private key/certificate

import … 2-42, A-46requirements for … A-47update … 3-9

PSTN … 2-47advanced configuration … 2-60channel status … 2-59connect … 2-59disable echo cancellation … 2-61place call … 2-65settings … 1-6, 2-48, 3-10Setup Wizard … 2-48troubleshoot

configuration … 2-64digital line … 6-3

See also digital line troubleshootingfailed calls … 2-67

PSTN gatewaydefine for branch site … A-28See Media Gateway

PSTN outbound number maskguidelines … 2-57set … 2-53

Rreboot SBM … 3-5Remote Desktop Protocol (RDP)

access … 2-5disable … 3-17enable … 3-17overview … 3-17use … 3-18

remote monitoring tools … 4-2Lync Server Control Panel … 4-2, A-30Lync Server Management Shell … 3-22Lync Server Topology Builder … 3-34, 4-2, A-21Microsoft Operations Monitor Agent … 4-2OpenView Agent … 4-2SNMP server … 4-2Syslog server … 4-2

4 – Index

replace SBM … 3-32Replica service

start and stop … 3-8view status … 3-7

replicationinitiate automatic … 2-23, 2-30initiate manual … 2-31requirements for … 2-30view status … 3-6

request certificateautomatically … 2-34manually … 2-37

resiliency … 1-2restore SBM to factory defaults … 3-29routing rules

configure in Lync Server Control Panel … A-19, A-31

configure on the SBM … 2-68RTCUniversalSBATechnicians … 1-4, 2-20, 2-22, 2-30

SSAC … 3-24safe mode … 3-27security hardening

default settings … B-2prohibited settings … B-11

serial numberfind … 1-3use as default hostname … 1-3, A-18

service principal name (SPN)prerequisite … 2-24, 2-28set … A-4, A-11

servicesdisabled at factory default … B-3list of key services … 2-76start Lync … 2-69stop and start in Dashboard … 3-7

services tech command … 3-24recovery menu … 3-27SAC … 3-24safe mode … 3-27

Setup Wizardaccess … 2-3Configure IP Settings page … 2-8Configure System Time page … 2-12Initiate the Installation Process page … 2-23Install Lync Server Certificates page … 2-32

Installation and Configuration Complete page … 2-75

Place Lync Test Call page … 2-70Place PSTN Test Call page … 2-65PSTN Configuration page … 2-47Start Lync Services page … 2-69troubleshoot … 2-5use … 2-4

SNMP MIBs … 4-3Intel NIC … 4-3media gateway … 4-4Microsoft/Windows OS … 4-3

SNMP server … 4-2software

update drivers … 5-5update SBM … 5-2

Special Administration Console (SAC) … 3-24SPN

See service principal name (SPN)Survivable Branch Appliance

SBM … 1-2Survivable Branch Appliance (SBA)

defining SBM as … A-24switch

host HP zl … 1-2PSTN … 1-7, 2-50, 2-51

Syslog server … 4-2

TT1

configure settings … 2-48, 3-10connect cables … 2-59find interface ID … 6-3troubleshoot … 6-3

telephony cardsconfigure … 2-48, 3-10

test callLync … 2-70PSTN … 2-65

timerequired for installation … 2-12setting on the HP zl switch and SBM … 2-12

topologyadd SBM … A-19, A-21replicate on SBM … 2-23requirements for SBM … 2-30

Index – 5

Topology BuilderSee also Lync Server Topology Builder

troubleshootingdigital line … 6-3

See also digital line troubleshootingdomain join … 2-19failed login … 2-20failed network functionalty … 6-24Lync Server activation … 2-32Lync Server installation … 2-29Lync Server replication … 2-29Lync services startup … 2-70Lync test call … 2-72Media Gateway startup … 2-64prerequisites check … 2-24PSTN configuration … 2-64, 2-73

See also digital line troubleshootingPSTN test call … 2-67

Uupdate

certificates … 3-9drivers … 5-5SBM software … 5-2

USB slot (SBM) … 2-6, 2-42, 5-3username … 1-4

See also credentialsusers

See Lync users See management users

Vvoice services do not fail over … 6-30

WWAN failure

DNS services required … 6-30functionality … 1-2

wanpipemon commands … 6-14BERT commands … 6-16driver version … 2-64list … 6-23view alams … 6-7

warranty … 1-2

WinPcapprohibitions … 6-29recover from install or uninstall … 6-29

6 – Index

HP ProCurve Datacenter Connection Manager Controller Management and Configuration Guide

Technology for better business outcomes

To learn more, visit www.hp.com/networking

© Copyright 2010 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP will not be liable for technical or editorial errors or omissions contained herein.

November 2010

Manual Part Number 5998-0588

*5998-0588*

HP Survivable Branch Communication zl Module powered by ... · The HP Survivable Branch...

Documents

Transcript of HP Survivable Branch Communication zl Module powered by ... · The HP Survivable Branch...