Failed Login using Manager, SSA successful?

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • sconnell72376
    Member
    • Nov 2013
    • 7
    #1

    Failed Login using Manager, SSA successful?

    Trying to figure out why a customer is not able to remotely access one of their IP Office 500's (release 8.1.73) through Manager, from an off-site network. They can ping the unit, see it available to log into using Manager, and can log in using SSA. What's interesting is the failed login notification they get is not stating the reason for failure.

    Of course, the network people are stating that nothing about this site's LAN is different. I've asked them to verify if IP ports are being blocked, as well as if TFTP via UDP port 69 is blocked. More specifics the better.

    I've had them try the following
    - attempt using the 9.0 release of Manager, since they had 8.1.67
    - login credentials of Administrator, Manager and Operator to rule out a password error-all of them unsuccessful
    - set security preferences of secure communications to disabled, as well as set certificate checks to None.
    - purposely enter wrong password for the IP500 at a different site to see what the error notification looks like (it indicated it was due to wrong name or password)

    I don't know if we can rule out the IP500 being patched onto the wrong data switch or LAN port, but the fact they can see/ping/log in via SSA has me suspecting network-caused.
    Tags: None
  • walshn
    Member
    .
    • Oct 2013
    • 5
    #2
    RE: Failed Login using Manager, SSA successful?

    Blocking everything with my Windows firewall and was till able to get to Manger across LAN. Must be network device blocking it.

    If you need info for Networking team:

    Internet Security by Zscaler
    http://www.ipofficeinfo.com/docs/Ports%20IP%20Office.pdf
    Zscaler makes the internet safe for businesses by protecting their employees from malware, viruses, and other security threats.


    To open Windows Firewall:

    http://marketingtools.avaya.com/knowledgebase/tools/firewall/avayafw.zip

    Comment

    • furrerm
      Guru
      .
      • Nov 2010
      • 196
      #3
      Remember that the ethernet ports on the IP500 are layer 3, and as susch you will need to have an IP route in the IP Office to allow for traffic from another subnet.
      So, either make a new IP route with your other subnet, or do the less secure way, and make a default route for it...

      Comment

      • sconnell72376
        Member
        • Nov 2013
        • 7
        #4
        An update. A technician went out to the client's site the other day. Did the following

        Confirmed the data switch and the switch port the IP500 is patched into is the proper one.

        He patched his laptop into the LAN port on the IP500, and was able to log into the system without any trouble. Did so multiple times without incident.

        Security settings on the IP500 are default, no special credentials or changes to u/n and password.

        Oddly, customer was able to log in once out of every 4 or 5 tries.

        Of course, their network people are insisting this site is set up similar to their others that have an IP Office, and don't seem too willing to watch what happens with the traffic when my contact tries logging into this system. They want us to take the last step, and replace the control unit.

        Comment

        Previous template Next
        Loading