I hate when customers do that, because they never bring their firewall with them.
On Wed, May 3, 2023 at 4:16 PM CBB - Jay Fuller <[email protected]> wrote: > > I would take one of their phones completely offsite, preferably to a > completely different provider (or if that isn't possible, another segment > of your network). If they work fine there, it is probably a problem there > in your network. Likely if it says forbidden again it's a problem with the > voip provider. We're a grandstream shop here but when i've seen forbidden > it is almost always a voip provider problem. > > Good luck! I usually don't give network advice, i'm by far not the > smartest guy here. :) > > > > ----- Original Message ----- > *From:* [email protected] > *To:* 'AnimalFarm Microwave Users Group' <[email protected]> > *Sent:* Wednesday, May 3, 2023 1:32 PM > *Subject:* Re: [AFMUG] Yealink "Forbidden" > > I was hoping somebody would know would triggers a “Forbidden” message on > the Yealink’s screen. I can assume, but I don’t know. > > > > “Do other devices have issues or are all issues isolated to Zoom phones?” > ß good question. The phones are in focus because having no phones is an > emergent issue. I can’t prove there *aren’t* any other related issues. > That’s part of why I want to understand what’s happening. It’s an > apartment building. If there are tenants having some weirdly specific > issue like this they might not have reported it yet. > > > > You see two subnets because I moved the phones to a different VLAN….that > was something their IT guy suggested. The one in 100.64.x.x is just > unplugged or something and that was the last known IP. > > > > I appreciate the suggestions regarding ALG and Firewall rules, but those > have been checked and re-checked. > > > > We do provide the Internet access, and for historical reasons we do also > control the router and switches. We’re moving away from managed systems > like that, but for the next 6 months or so it’s still in my purview. > > > > What we did change on Monday was layer2 topology. There were literally 10 > switches in between these phones and the router. Now there are 2. That > should be *better* if anything. They’re blaming their issues on that > change, but I don’t see *how*. It’s the same switches except I jumpered > up a different fiber path through the building to shorten that 10 switch > daisy chain. The only thing new is a couple of SFP transceivers on > previously unused ports. I did compare port settings and there’s no > difference between new and old. I might go swap transceivers, but that > would be an act of desperation because it would make no sense. > > > > I haven’t talked to Zoom directly, but if the customer’s IT guy is to be > believed they are remarkably unhelpful. > > > > Also exciting is the customer is part of a larger corporation and their IT > guy is in another state. The best we can do for remote hands is a > maintenance person. I can go there again and play around, but I don’t > wanna. Firstly, I got other stuff to do. Secondly, there’s the “post hoc > ergo propter hoc” issue. Any time people see you touch something they may > assume any problem they have for the next month is because you were there. > “I can’t print, car won’t start, and there’s a wasp nest in the attic…..I > bet it was that damn internet guy.” > > > > -Adam > > > > > > *From:* AF <[email protected]> *On Behalf Of *Josh Luthman > *Sent:* Wednesday, May 03, 2023 1:12 PM > *To:* AnimalFarm Microwave Users Group <[email protected]> > *Subject:* Re: [AFMUG] Yealink "Forbidden" > > > > Are the two private subnets in the screenshot the one network at the one > location? Are you providing the internet? Do you have SIP ALG enabled? > Do other devices have issues or are all issues isolated to Zoom phones? > > > > On Wed, May 3, 2023 at 12:47 PM <[email protected]> wrote: > > Apparently Zoom tier1 isn’t helping. “Check your firewall settings” and > other basic stuff. I don’t know if they’re just script readers or if this > IT guy doesn’t know what to ask. > > > > I don’t want to be the guy who just points fingers at the other guy, so > I’m trying. I just wish I could capture the SIP messages….friggin TLS so > super secure that I can’t friggin help you. If only the world had no bad > people, then we wouldn’t need security. > > I want to hear Steve Jones’s plan for eliminating all the bad people. I > bet he has one. > > > > > > > > *From:* AF <[email protected]> *On Behalf Of *Darin Steffl > *Sent:* Wednesday, May 03, 2023 10:49 AM > *To:* AnimalFarm Microwave Users Group <[email protected]> > *Subject:* Re: [AFMUG] Yealink "Forbidden" > > > > This is really simple. If they can ping the internet or do anything else > that requires internet at the same time the phones show offline, it's not > your problem. They should be contacting their phone provider. > > > > Their voip provider can provide them host names to ping or trace to in > order to troubleshoot. If you don't sell the voip, you shouldn't be > troubleshooting it aside from making sure your network ping, jitter, and > packetloss are normal. > > > > On Wed, May 3, 2023, 8:13 AM <[email protected]> wrote: > > I’m trying to help a customer with their Yealink phones. Their provider > is Zoom. > > I’m 99% sure this is not my problem, but I’m chronically too nice to > people so I’m helping anyway. > > > > So apparently when they go to dial out they’ll get a message on the screen > saying “Forbidden”. I’m not sure if there’s more to the message because I > only know what they’re telling me. When this starts happening their IT > guy says the phones show up as “offline” in whatever management portal > they’re using. They factory reset the phone, it reprovisions, shows up as > “online” in their portal and works again for some period of minutes or > hours and then does the same thing again. I asked if a simple reboot > works, but the IT guy says they factory reset instead of reboot because > it’s so easy to do 🙄. > > > > They point at me because the phone is “offline”, and they’re tying it to > network maintenance that was done on Monday morning, but their story is not > totally consistent about what day it started. May have been Monday, may > have been last week, depends who you ask. I’ve taken packet captures and I > can see the supposedly “offline” phone talking on port 443 to an AWS server > (I assume provisioning server) and talking to Zoom on port 5091. That’s > all TLS/SSL so I can’t see the messages, but they’re definitely still > talking to the mothership when they’re reported as “offline”. They also do > other normal stuff like DNS queries, NTP sync, and normal LAN chatter like > CDP, ARP, etc. I also checked for packet loss to the phones and there’s > none/negligible loss. So I’m telling these guys your phones are 100% > definitely *not* offline. I told them they need to check with Zoom to > see what application layer messages are happening, because due to the > encryption I don’t have a clue, but I’d wager the carrier is sending back a > 403 Forbidden for some reason. > > > > Below is a screenshot of his management tool (customer name blocked out). > I don’t recognize it, maybe one of you all does. > > In the meantime I’m wondering if the collective has seen something like > this with Yealink and/or Zoom. Any wild-ass guesses? > > > > -- > AF mailing list > [email protected] > http://af.afmug.com/mailman/listinfo/af_af.afmug.com > > -- > AF mailing list > [email protected] > http://af.afmug.com/mailman/listinfo/af_af.afmug.com > > ------------------------------ > > -- > AF mailing list > [email protected] > http://af.afmug.com/mailman/listinfo/af_af.afmug.com > > -- > AF mailing list > [email protected] > http://af.afmug.com/mailman/listinfo/af_af.afmug.com >
-- AF mailing list [email protected] http://af.afmug.com/mailman/listinfo/af_af.afmug.com
