acano solution · shutdown command which powers off the acano solution. (this command applies to...

Acano Solution

Acano Server Release 1.1.10 Release Notes

Acano

August 2014

76-1005-14-Q

Contents

Acano Solution: Acano Server Release 1.1.10 Release Notes 76-1005-14-Q

Contents

1 Introduction 3

2 New Features/Changes in 1.1 3

2.1 Security Enhancement for Web Bridge Configuration ........................................................ 3 2.1.1 Single server example .............................................................................................. 3 2.1.2 Two server (Core/Edge) example: ............................................................................ 4

2.2 New Field for Lync Edge Settings ...................................................................................... 4 2.3 Unified MMP user accounts and Web Admin Interface Logins .......................................... 4 2.4 New and Changed MMP Commands ................................................................................ 5 2.5 Audit Logging .................................................................................................................... 6 2.6 Lync Updates .................................................................................................................... 6 2.7 Customized Image and Logo for WebRTC Login Page ..................................................... 6

2.7.1 New from R1.1.3 ...................................................................................................... 7 2.8 Dial Plan Changes............................................................................................................. 7

2.8.1 Incoming dial plan .................................................................................................... 7 2.8.2 Outbound dial plan ................................................................................................... 7

2.9 API Additions and Changes ............................................................................................... 8 2.10 Secondary Numeric URI for a coSpace ............................................................................. 9 2.11 CDR Changes ................................................................................................................... 9 2.12 IPv6 Support ..................................................................................................................... 9 2.13 Web Bridge on Multiple Interfaces ................................................................................... 10 2.14 IVR Improvements........................................................................................................... 10 2.15 User Interface Improvements .......................................................................................... 10 2.16 Supplying a User-Agent in SIP Signaling ......................................................................... 10

3 Notes on Upgrading to R1.1.10 11 3.1 Upgrading to Release R1.1.10 ........................................................................................ 11 3.2 Downgrading ................................................................................................................... 12

4 Resolved Issues 13 Resolved in R1.1.10 ......................................................................................................... 13 Resolved in R1.1.9 ........................................................................................................... 13 Resolved in R1.1.8 ........................................................................................................... 13 Resolved in R1.1.7 ........................................................................................................... 14 Resolved in R1.1.5 ........................................................................................................... 14 Resolved in R1.1.4 ........................................................................................................... 15 Resolved in R1.1.3 ........................................................................................................... 15 Resolved in R1.1.2 ........................................................................................................... 15 Resolved in R1.1.1 ........................................................................................................... 16 Resolved in R1.1.0 ........................................................................................................... 16

5 Known Limitations 17

Introduction


1 Introduction This release note describes the maintenance release for Release 1.1 of the Acano Server software (R1.1.10) which includes a fix for an issue reported as Security Alert 006.

Note: We recommend that if you are running a R1.1.x release of the Acano solution you upgrade to R1.1.10 as soon as possible.

2 New Features/Changes in 1.1

2.1 Security Enhancement for Web Bridge Configuration

The Web Bridge allows configuration of guest logins and image customizations to be pushed from a Call Bridge. For the security that configuration must only accepted from call bridges which are trusted. Therefore we have added a mandatory configuration feature in 1.1.0.

Trust between Call Bridge and Web Bridge is established by providing the Web Bridge with the public certificate of the Call Bridge. The Web Bridge can use this to challenge the Call Bridge to prove that it is the owner of the certificate by cryptographic means. Technically, client certificate authentication in TLS is used. If the Call Bridge cannot prove that it is the owner of one of the trusted certificates, the Web Bridge will not accept the configuration.

After upgrading to 1.1.0 do the following:

For a single server deployment, find out which certificate Call Bridge is using by issuing the

callbridge command; then add the certificate to the trust store using the new

webbridge trust <callbridge_cert> command.

For a two-box solution, the Call Bridge certificate needs to be copied from the Acano Core

server to the Acano Edge server before you use the webbridge trust

<callbridge_cert> command on the Acano Edge server.

2.1.1 Single server example

acano>callbridge

Listening interfaces : a

Key file : callbridge.key

Certificate file : callbridge.cer

acano>webbridge disable

acano>webbridge trust callbridge.cer

acano> webbridge enable

SUCCESS: Key and certificate pair match

SUCCESS: Webbridge enabled

New Features/Changes in 1.1


2.1.2 Two server (Core/Edge) example:

On the Acano Core server running Call Bridge server:

acano>callbridge

Listening interfaces : a

Key file : callbridge.key

Certificate file : callbridge.cer

Use your chosen sftp tool to copy (in this example) "callbridge.cer" from the Acano Core server to the Acano Edge running Web Bridge. Then on the Edge server running Web Bridge add the certificate to the Web Bridge trust store

acano>webbridge disable

acano>webbridge trust callbridge.cer

acano>webbridge enable

SUCCESS: Key and certificate pair match

SUCCESS: Webbridge enabled

2.2 New Field for Lync Edge Settings

There is a new field called Number of Registrations in the Lync Edge section of the Web Admin Interface Configuration > General page.

This field is to overcome a feature of the Lync Edge server that limits the number of simultaneous calls that one registered device can have running on the Lync Edge server. By entering a number greater than 1, the Call Bridge will make that number of registrations, consequently increasing the number of simultaneous calls that the Acano solution can make out through the Lync Edge Server. Registrations will be made by appending an increasing number to the user part of the username. (Leave the field blank as above to only make a single registration.)

e.g. If you enter [email protected] as the user name and if the number of registrations is left blank or set to 1 then a single username [email protected] will be registered. if you enter [email protected] as the user name and set the number of registrations to 5, it will register with users [email protected] through to [email protected] and not use the edge.test name at all.

2.3 Unified MMP user accounts and Web Admin Interface Logins

In R1.1 there is just one set of user accounts: they are configured in the MMP but allow you to sign in to the Web Admin Interface as well as into the MMP. Therefore there is no webadmin

mailto:[email protected]







user MMP command any longer (the other webadmin commands remain). The benefits of this approach include:

Allowing multiple users so that the Acano solution can audit which account was used to make a configuration change (see the next section)

Consistent password rules (for example strength and repetition) across the Acano solution

2.4 New and Changed MMP Commands

Note: For full details of commands in this section see the MMP Command Reference.

There are a number of new MMP commands:

model command. Possible values for the Acano Server are Acano X1, Acano X2, Acano X3,

and the virtualized deployment will show Acano VM. (X1, X2 and X3 refer to the number of modules in operation in the Acano Server)

factory_reset <full|app> command. The "full" option removes all user configuration:

any credentials installed on the system will be lost. Afterwards, you must deploy the Acano Server again. The "app" option removes Active Directory sync data and coSpace, Lync and SIP configuration; but MMP configuration remains. After the command completes, the system will reboot

dns <mmp|app> flush command allows you to flush the DNS cache of either the MMP or

the Acano solution application. (On a virtualized deployment, the command is dns flush.)

pcap <admin|a|b|c|d> command starts immediate packet capture on the specified

interface which stops when you press Ctrl+C. The name of the pcap file is then displayed.

shutdown command which powers off the Acano solution. (This command applies to both

Acano server and virtualized deployments: in the virtualized deployment this replaces the

previous poweroff command)

webbridge clickonce <url> command moves the clickonce link location. The url must

be prefixed by http://, https:// or ftp:// and be a valid url. If a user follows a call invite link or coSpace web link (e.g. https://www.join.acano.com/invited.sf?id=1234) using Internet Explorer (the only browser that we support for clickonce), then we will attempt to redirect the user to the configured clickonce location, rather than using the default. When this redirect occurs, the PC Client starts automatically (or is downloaded if it is not already installed) and

the call/coSpace will be dialed. Issuing webbridge clickonce default disables all

clickonce redirect behavior

There are a number of MMP commands whose use has changed:

The backup command is now available on both the Acano Server and virtualized

deployments

The upgrade command now performs a full system backup automatically before the

upgrade proceeds

The pki csr <key/cert basename> <Common name> command can now take

additional optional parameters and is pki csr <key/cert basename> <CN> [<OU>

<O> <L> <ST> <C>]: where OU is Organizational Unit, O is Organization, L is Locality,

ST is State and C is Country.

https://www.join.acano.com/invited.sf?id=1234



For the following services use the none parameter to stop listening: callbridge, webadmin,

webbridge, xmpp, turn For example, webadmin listen none

There is a new user type for MMP user accounts. Previously there was admin, crypto and audit; now there is also an appadmin type who can perform application level configuration through the Web Admin Interface

The webadmin user command no longer exists and you must use an MMP user account

to log into the Web Admin Interface

2.5 Audit Logging

There is a new audit log facility which records configuration changes and significant low-level events. For example, changes made to the dial plan or coSpace configuration via the Web Admin Interface or the API are tracked in this log file, and tagged with the name of the user that made the change. The file is available via SFTP. (In this release, operations such as coSpace creation made by users of Acano clients do not appear in the audit log.)

You can also specify an additional Syslog server to which just the audit logs will be sent with:

syslog audit add <servername>, for example syslog audit add audit-server.example.org

2.6 Lync Updates

The Acano solution now supports Lync content (presentations contributed over RDP) from external Lync clients whose media arrives via the Lync Edge server.

In addition, coSpace (URIs) now report back as busy or available based on how many participants are currently in the coSpace so that Lync clients that have Acano coSpaces in their favorites can see the coSpace status.

2.7 Customized Image and Logo for WebRTC Login Page

From Release 1.1 you can specify a remote HTTP or HTTPS URL for an image that the Web Bridge will use in place of the default Acano WebRTC login image (currently of a man in a boat). The image file must be stored on a web server that the Acano Call Bridge (not the Web Bridge) can reach without needing to supply a password.

Use the new Custom Background Image URI field in the Web Bridge section of the Configuration > General page to specify the image starting with http:// or https://.



The Call Bridge retrieves the image and pushes it to the Web Bridge to be served as the background image for the WebRTC login page. In the event of a failure (for example, if the configured URI can't be reached or the image retrieved) an alarm is displayed in the Web Admin Interface and on the API "/system/alarms" node, but users can still log in.

Similarly, the Custom Login Logo URI field in the same Web Admin Interface page (see above) allows you to replace the Acano logo in the WebRTC login page.

2.7.1 New from R1.1.3

From R1.1.3 if a customized logo is specified, then the Acano logo no longer appears the lower-left on the login screen, in the header on the debug information page, or when connecting a call.

2.8 Dial Plan Changes

This section describes the additions in the Web Admin Interface that affect dial plans. The Deployment Guide explains how to use these configuration pages.

Note that in R1.1 there are API methods for the dial plan; see the next section.

2.8.1 Incoming dial plan

There is a new Priority field in the Call Matching table in the Configuration > Incoming Calls page. The Priority is used when generating coSpaces' URIs - we use the highest priority rule that applies.

2.8.2 Outbound dial plan

There is a new Configuration > Outbound Calls page that replaces the Configuration > Dial plan page. The fields are similar but there are a number of changes.



In R1.1 you can configure more outbound domain-based rules (the previous limit was 10).

There is also a new Trunk Type of Avaya.

In addition to the previous outbound dial plan rule fields, there are two additional fields per rule:

The Priority field to determine the order in which rules are applied. It replaces the previous Promote / Demote mechanism

The Behaviour field which can be set to Stop or Continue. Post-matching, this setting determines whether a failure to connect to the remote party causes the call to be treated as "failed" (if configured to "Stop") or whether the next applicable rule should be tried (if there is one)

Note: It is important to enter Local Contact Domain for each rule: there is no default domain to add to calls when none is specified.

2.9 API Additions and Changes

Full details of all API functionality and changes are provided in the Acano solution API Reference Guide.

Using the API you can now:

Create, maintain and delete outgoing dial plan rules, incoming dial plan rules and call forwarding rules to match the features available in the Web Admin Interface and discussed in the previous section

Start and monitor the progress of LDAP sync operations

Delete all the messages in coSpace chat by coSpace ID. You must log out of your client and log in again for the messages to disappear

Customize additional coSpace access methods. These access methods define (additional) URI / passcode / Call ID combinations that can be used to access a coSpace. They can also have an associated call leg profile

Add new call leg profiles. A call leg profile defines a set of in-call behaviours. Optionally, each call leg profile can also have a tenant association. (Note that call leg profiles are only available via the API)



Filter the call list by coSpace ID for more selective searches

Automatically generate / re-generate coSpace call IDs. Prior to R1.1, all coSpaces created via the API would either have no Call Id set, or would need to have a Call Id value completely specified in the coSpace create or modify operation. You can now supply a "requireCallId" value in coSpace create and modify API operations. If this is supplied with a value of true, and no Call Id is currently present for the coSpace, a new auto-generated Call Id will be assigned

Set the presentationDisplayMode on a per callLeg basis. When creating a call leg or modifying an active call leg, you can now specify whether presentation should be restricted to "single screen mode" (i.e. combined main and presentation) or allowed to use separate streams if this is supported by the receiving party.

Add/generate a cdrTag for coSpaces and users which will be reported in CDRs (see the next section for details)

A new "cdrTime" field has been added to the "/system/status" node. You can now query the Acano solution for the current timestamp as would be written to a CDR generated at the time the request is received by the Acano server. This will be in the same format, according to RFC 3339, as "time" field in CDRs themselves (for instance "2014-02-11T12:10:47Z").

2.10 Secondary Numeric URI for a coSpace

You can configure a secondary numeric URI for a coSpace. This can be done manually on individual coSpaces or automatically during an LDAP import. Use either the Web Admin Interface or the API. (Note that the Acano clients do not show, and cannot set, a coSpace’s secondary URI.)

2.11 CDR Changes

Full details of all CDR functionality, changes and examples are provided in the Acano solution CDR Reference Guide.

Additional details are reported for calls and call legs in R1.1:

CDRs for callLegs now include the call direction and call type (SIP, Lync or Avaya)

CDRs now include the new freeform text cdrTag when appropriate to make analysis easier. cdrTags are created using the API:

when a "callStart" CDR is generated for a call associated with a coSpace, any cdrTag associated with that coSpace is written to the callStart record

when a "callLegStart" CDR is generated for a call leg that relates to a user (rather than being a SIP dial in) any cdrTag associated with that user is written to the callLegStart record

2.12 IPv6 Support

R1.1 supports IPv6 for all the Acano solution network traffic including SIP calls, web traffic, LDAP connections, CDR receivers, ICE and connections to associated web bridges.

Static configuration of addresses (http://tools.ietf.org/html/rfc4291)

http://tools.ietf.org/html/rfc3339




Automatic configuration of IPv6 addresses and routers using SLAAC and DHCPv6

Diagnostic tools: ping6, traceroute6, pcap, DNS AAAA lookup testing

Dual-stack (IPv4 and IPv6 coexisting) operation of all basic services: SSH, SFTP, HTTP(S), DNS

Signaling and media dual-stack operation

You must enable IPv6 with the ipv6 <interface> enable MMP command to start auto-

configuration of the specified interface. (It can be disabled at any time.) Interfaces A to D can now be set for IPv4, IPv6 or both, as described in the Deployment Guide and MMP Command Reference Guide.

Note: In this release we recommend that you do not use IPv6 together with IPv4, even though the MMP allows you to configure this.

2.13 Web Bridge on Multiple Interfaces

The Web Bridge can now listen on multiple interfaces. Use the webbridge listen

<interface[:port] whitelist> command. The port(s) are optional.

2.14 IVR Improvements

The IVR voice has changed and there are a few behavioral changes; for example, there are two possible voice prompts in a few places where previously there was just one, to distinguish between a coSpace call and a point-to-point call.

2.15 User Interface Improvements

The size of text in name labels displayed as pane overlays in multi-party SIP calls has been adjusted to better fit the pane size. (Pane overlays are not shown on Acano client panes because you can mouse-over to display the participant.)

In R1.1 you can turn these labels on or off across the Acano deployment via the SIP Call Participant Labels field in the Web Admin Interface Configuration > Call Settings page. Possible values are Enabled (displayed) or Disabled (not displayed).

2.16 Supplying a User-Agent in SIP Signaling

The Acano solution now puts "Acano CallBridge" in the SIP signaling as the User-Agent identification; previously this header field was not supplied.


http://tools.ietf.org/html/rfc3646,%20http:/tools.ietf.org/html/rfc3633,http:/tools.ietf.org/html/rfc3315



Notes on Upgrading to R1.1.10


3 Notes on Upgrading to R1.1.10 This section includes information about upgrading an Acano Server Release.

Note1: Before upgrading to R1.1.10 you must take a configuration backup using the backup

snapshot <filename> command. See the MMP Command Reference document for full

details.

3.1 Upgrading to Release R1.1.10

The instructions in this section apply to both Acano Server and virtualized deployments.

Upgrading the firmware is a two-stage process: first, upload the upgraded firmware image; then issue the upgrade command. (This restarts the Acano solution: the restart process interrupts all active calls running on the Acano solution; therefore, this stage should be done at a suitable time so as not to impact users − or users should be warned in advance.

To install the new firmware on the Acano Server follow these steps:

1. Obtain the upgrade image from the secure partner section of the Acano website. You should have obtained a file called upgrade.img. If this is not the case – rename the file to upgrade.img.

Note: If you are using WinSCP for the file transfer, ensure that the transfer setting is ‘binary’ not ‘text’. Using the incorrect setting results in the transferred file being slightly smaller than the original – and this prevents successful upgrade.

Note: If you are upgrading the virtualized deployment from an earlier R1.1 Beta build you must rename upgrade image to vm_upgrade.img. But if you are updating from R1.0.x use upgrade.img.

2. Using a SFTP client, log into the MMP using its IP address. The login credentials will be the ones set for the MMP admin account. If you are using Windows, we recommend using the winSCP tool.

Note1: You can find the IP address of the MMP’s interface with the ipv4 admin command or

the equivalent ipv6 command.

Note2: The SFTP server runs on the standard port, 22.

Note3: After copying the upgrade.img file, you will not be able to see it listed as being in the file system; this is normal.

3. Copy the software to the Acano Server/ virtualized server.

4. To apply the upgrade, issue the upgrade command.

a. Establish a SSH connection to the MMP and log in.

Notes on Upgrading to R1.1.10


b. Initiate the upgrade by executing the upgrade command.

upgrade

The Acano Server/ virtualized server restarts automatically: allow 10 minutes for the process to complete.

5. Verify that the Acano solution is running the upgraded image by re-establishing the SSH connection to the MMP and typing :

version

Remember to use the MMP user accounts to log into the Web Admin Interface in R1.1.

Refer to the MMP Command Reference document for more information.

6. If you are using Web Bridge see the important notes detailed in section 2.1.

7. We recommend that you change security keys and passwords in case credentials were obtained while the vulnerability existed.

3.2 Downgrading

To return to the older version, use the regular upgrade procedure to “upgrade” to the appropriate version, and then restore the configuration backup for that version.

Resolved Issues


4 Resolved Issues

Resolved in R1.1.10

Reference Issue Summary

5904 XMPP (authp) authentication succeeds with empty password if LDAP server allows 'unauthenticated authentication' method of simple bind

Active Directory allows unauthenticated authentication and therefore if the client supplied an empty password, but a valid, known JID, such client log-in requests succeeded. This was a security issue reported as Security alert 006 – this issue has been fixed in R1.1.10.

Resolved in R1.1.9


5821 Chrome WebRTC fails after Chrome update when using R1.1.7 or R1.1.8

After updating to Chrome v36 the WebRTC Client has issues with the Loading Media message shown continuously. This is due to a change in Chrome and is fixed in R1.1.9.

Resolved in R1.1.8


4163 Video freezing on Jabber 4.7 only when using a PIN on a coSpace

Received video freezing on Jabber 4.7 is a known issue with this version of Jabber and RE-INVITES. (Audio and TX audio/video were fine.) This issue is fixed in R1.1.8 with the addition of an RTCP > BYE message for the original SSRC.

4588 VM guest tools produce syslog warnings every 30s

Cosmetic warnings from VMWare guest tools which don't understand our Linux distribution could be seen. This is fixed in R1.1.8.

4649 Web Bridge instability This was due to a race condition between the WebRTC client and the Web Bridge. This is fixed in R1.1.8.

5139 Asserts firing seen as a Web Bridge crash

Seen only in R1.1.x builds, these could occur only if a 3rd party tool was trying to login and not setting the correct parameters. This is fixed in R1.1.8.

5191 Server does not fall back to UDP if TLS and TCP fail

While this worked in R1.0.x releases, in R1.1 there were issues if TLS and TCP failed in some circumstances. In R1.1.8 the server sends TLS SYN, TCP SYN and then if these fail, UDP Invite. The issue is fixed in R1.1.8.

5257 CVE-2007-6750 In previous releases there was no protection against slowloris denial of service attacks. This is fixed in R1.1.8.

5276/5184 InterfaceWhiteList crash in sip stress test

This shared library issue has been fixed in R1.1.8.

5287 Incomplete API response leading to invalid XML

coSpace data retrieved by the API could be truncated if a buffer was exceeded. This is fixed in R1.1.8.

Resolved Issues


5337 Calls drop due to TCP reset A bug has been fixed in the server to prevent calls being dropped due to a TCP reset after sending an info message.

5338 DNS Priority being interpreted incorrectly

In DNS lower numbers have higher priority. In previous releases this was interpreted incorrectly for example if you have two of the same DNS SRV records with 1 having a Priority of 10 and the other of 100, the Call Bridge always used the A record returned with the 100 Priority. This is fixed in R1.1.8.

5339 Call Bridge stops accepting calls but is still running

In R1.1.7 the Call Bridge could stop accepting calls both from VCS (standard endpoints and Jabber users), Lync and WebRTC however the Web Admin Interface was still accessible. This was due to an issue with unsupported SIP events, and had been fixed in R1.1.8.

5436 CVE-2014-0224 The openssl library has been updated and this release closes security alert 004. The issue is fixed in R1.1.8

5444 Calls fail with uppercase content-type

If the content-type header in SIP messages had SDP in uppercase then calls could fail with "ACK received with no session description late media call - ending call”. This is fixed in R1.1.8.

Resolved in R1.1.7


5089 Too many record route lines In certain circumstances the SIP log could show “unable to successfully parse all record-route lines”. In R1.1.7 the Acano solution now copes with a higher number.

5125 SIP calls stop working This can occur when you have Presence subscriptions from Lync clients and the Acano server doesn’t receive a response (200 OK or otherwise) back from Notify messages that it sends out. This is fixed in R1.1.7.

Resolved in R1.1.5


4983/4740 OPUS advertised but not fully supported

We advertised OPUS in our SIP Invite even though it was not fully supported. It caused an issue when the far end wanted to use it so the far end responded to our Invite with only OPUS listed for supported Audio Codecs. OPUS is fully supported for SIP calls from R1.1.5.

4967 CBC Mode Vulnerability To remove concerns around a client side issue as reported in CVE-2011-3389, we have removed some of the weaker CBC Mode ciphers from our TLS negotiation so only stronger mode ciphers will be used from R1.1.5 onwards.

4973 ACK is sent to incorrect VCS in a cluster

In a VCS cluster, the Acano solution sent the ACK message to the 200OK to the same VCS that it sent the Invite to, even if the record-route headers suggested that it should be sent to a different VCS in the cluster. This is fixed in R1.1.5.

5003 Server crash with 1.1.0 This was due to a call leg having a bad internal index. This is

Resolved Issues


fixed in R1.1.5.

Resolved in R1.1.4


4985 High level security alert in Open SSL

A serious vulnerability in the OpenSSL cryptographic software library has been reported: https://www.openssl.org/news/secadv_20140407.txt. By sending specially crafted TLS "heartbeat" messages to a server which uses OpenSSL, an attacker can gather up to 64KB of potentially confidential data for each such message. The Acano solution uses OpenSSL to provide TLS support and as such the solution was vulnerable. R1.0.19 uses OpenSSL 1.0.1g - upgrading to R1.0.19 fixes this issue

Resolved in R1.1.3


4886/4527/5007 Crash in ApplicationSharing A race condition was occurring but some ICE stack and other low level changes have now been made and the issue is fixed in R1.1.3.

Resolved in R1.1.2


4968 Acano Branding on customized WebRTC client landing page

R1.1.2 removed the Acano logo Branding on a customized WebRTC client landing page

4695 Inconsistent information between logs

Hostname was not set correctly in all logs and this is fixed in R1.1.2.

4785 IVR customization issue Apache wav files have a Media-Type: audio/x-wav, while IIS uses audio/wav, and this caused a problem internally. Changed the Mime Type in IIS to audio/x-wav and the issue is solved in R1.1.2.

4875 Record-Route not prioritized over configured proxy address

SIP messages in outgoing SIP calls are now sent to the proxy specified in received record-route headers where possible, rather than a DNS lookup of the dial plan configured proxy. This resolves an issue where by messages were sent to an incorrect VCS cluster peer, causing calls to drop. The issue is fixed in R1.1.2.

4849 CUCM to drop the call with an SDP parsing error

The Acano solution gad issues with IX capabilities in the SDP from Cisco endpoints running newer software. The issue is fixed in R1.1.2.

4935 Crash in Lync calls There could be 2 Lync calls with the same "participant ID" and this would cause a crash. This issue is fixed in R1.1.2.

https://www.openssl.org/news/secadv_20140407.txt

Resolved Issues


Resolved in R1.1.1


3444/4307 Acano Server crash on R1.1 beta 2

Call Bridge could crash with a mutex lockup. This is fixed in R1.1.1.

4408 WebRTC login results in audio only call or no connection

Connection failure could occur whenever the Acano solution was only offering an audio-only layout when the user was joining the call. This is fixed in R1.1.1.

4419 Sorenson nTouch client interop issues: pixelation with video compression

When the nTouch PC client used video compression to increase the video quality, it could cause heavy pixelation, as well as the call dropping after 30 to 60 seconds. This is fixed in R1.1.1.

4574 Crash running 1.1RC2 The interface whitelist code wasn't thread-safe and could be called via get_local_addresses from multiple threads. This is fixed in R1.1.1.

4586 CDR receivers don't work with https

Starting from release R1.1 RC2, the https: prefix was being treated as http: in the CDR receiver address. This is fixed in R1.1.1.

4593 Crash when out-of-dialogue TCP/TLS messages that are received

If the Acano solution received an OPTIONs message from the remote destination over TCP/TLS and the remote end closed the network connection before the Acano solution sent the 200OK response the thread could crash. The Acano solution now checks whether the call object exists before looking for any proxy configuration and the issue is fixed in R1.1.1.

4602, 3300 Lync Edge registrations not released

Those two bugs cover a change in Lync Edge server settings which sometimes resulted in Acano registrations with the previously configured Lync Edge server not being released. This is fixed in R1.1.1.

Resolved in R1.1.0


4477 SNMP not working on Acano servers running 1.1 RC2

1.1 RC2 has a bug which prevented SNMP TRAPs from working when deployed on Acano server hardware. This has been fixed in 1.1.0.

4510 SIP message incompatibility with Shoretel PBX.

1.1.0 fixes a SIP messaging bug with a Shoretel PBX which prevents calls from the Shoretel PBX from connecting.

Known Limitations


5 Known Limitations If you encounter any of the following issues, contact [email protected] because we are likely to have test builds to send you with fixes for many or all of them by the time you find them.


2449 Lync Edge clients lose audio/video after hold/resume

If you dial a Lync 2010 client into a coSpace and hold/resume the call a few times, it can end up with either no audio or no video or no media at all after a call resume. If you leave it in this state, Lync 2010 client eventually prints a message saying "Call failed due to network issues". This issue will be addressed in a future release.

2578 Escalation from audio to video not working over Lync Edge server

Escalation from audio to video is currently not working over Lync Edge server; this will be addressed in a future release.

3445 Lync 2010 calls to coSpace with PIN do not connect reliably

When dialing from a Lync client using the Lync 2010 server which has SupportEncryption or RequireEncryption set, then after you enter the coSpace PIN, the result can be unreliable. The call may connect perfectly, or audio and/or video may not be sent.

4132 Prevent logging in to the Web Admin Interface.

By going to the webadmin login page, clicking ok to login and then holding down F5 all the sessions will be “used” without even logging in. This prevents anyone else from logging in until those sessions expire. This issue will be addressed in R1.2.

4214 The webbridge

listen command doesn't

work for certain port numbers

Some port numbers do not work with the webbridge

listen command; for example Firefox considers port 1 as a

reserved port. The webbridge status returns “Running”

but the web page doesn't seem to load when you browse to the Acano server, e.g. join.tryacano.com.



© 2014 Acano (UK) Ltd. All rights reserved. This document is provided for information purposes only and its contents are subject to change without notice. This document may not be reproduced or transmitted in any form or by any means, for any purpose other than the recipient’s personal use, without our prior written permission.

Acano and coSpace are trademarks of Acano. Other names may be trademarks of their respective owners.

acano solution · shutdown command which powers off the acano solution. (this command applies to...

Documents