Solved

Shoretel SBE Windows 2008 and Windows Updates...

Posted on 2013-12-17
10
736 Views
Last Modified: 2014-02-24
My Shoretel engineer said no windows updates are to be installed on the 2008 x64 server (physical box), is this correct (i suspect not)?

Thanks
0
Comment
Question by:CHI-LTD
  • 5
  • 2
  • 2
  • +1
10 Comments
 
LVL 22

Assisted Solution

by:Nick Rhode
Nick Rhode earned 125 total points
Comment Utility
I was told the same thing back in the past but after the server got to out of date I cloned the server and did the updates anyways.  All went great.  From what I read up on it is that the .Net Framework updates could possibly break shoretel.  Fix for it was to reinstall .Net Framework and check the configuration.
0
 
LVL 9

Accepted Solution

by:
tsaico earned 250 total points
Comment Utility
I never have been that fond of windows based telephony.  They do not save you that much over the traditional PBX, and can be broken by some updates, hd crashes, etc, though I haven't seen any that have had that happen in a while.  It used to be fairly common in the 2000/XP days.  Most comanies I worked with didn't install to Vista, and just jumped to win7/2k8, and updates are often run.  

While I do think it is mostly safe, since they are the ones to support the system, I would let them deal with it.  They just don't want to deal with the possibility of having to trouble shoot an update.  If you do run the updates, always keep track of what ones are applied, and when it was.  I also like to keep it less than 10, so if I need to back them out 1 at a time, I am not dealing with a ton of them.  

You can lock it down by closing up the other ports and only forward your SIP traffic.  Also keep your SIP traffic limited to whomever is your provider's IP pool at the firewall.  If that is the case, no other software will be ran on that machine and no other type of traffic will be processed, you should be fairly safe.

\
0
 
LVL 1

Author Comment

by:CHI-LTD
Comment Utility
guess ie10 is a no no too
0
 
LVL 22

Expert Comment

by:Nick Rhode
Comment Utility
Just to be safe I would leave IE10 and IE11 off for the time being.  Not sure where shortel stands yet on that.
0
 
LVL 1

Author Comment

by:CHI-LTD
Comment Utility
and .net & visual c++
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 15

Assisted Solution

by:getzjd
getzjd earned 125 total points
Comment Utility
What version of ShoreTel are you on?  That determines whether IE10 is supported or not.
See this PDF  
http://support.shoretel.com/alerts/downloads/PB10462.pdf


Typically though, the best  practice is to not update your ShoreTel server with the most current updates.  It also is best practice not to be a domain member server
0
 
LVL 1

Author Comment

by:CHI-LTD
Comment Utility
13.3.
Its on the domain using AD which seems to work ok..
0
 
LVL 9

Assisted Solution

by:tsaico
tsaico earned 250 total points
Comment Utility
I found being a domain member doesn't seem to be a problem, rather the familiarity of the installer with working in a domain vs local accounts.  They (the shortel installer) often have not clue on basic network/server administration like using using credentials like domain\username, or even why their external DNS address manually entered is not resolving to internal names, so they just use IP, the difference between the Everyone group and the Authenticated users group, etc.  That being said, I come across some system admins that don't know this either, so I am sure that doesn't help...
0
 
LVL 1

Author Comment

by:CHI-LTD
Comment Utility
Yes, got that idea too! :)
Been sent a document that shows 13.3 tested with updates up to Sept13..
0
 
LVL 1

Author Closing Comment

by:CHI-LTD
Comment Utility
I'm not applying the updates ,however still not sure if i should do as our system has been hacked (a shoretel bug/fix in the end).
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

There are no good configuration guides for HP-H3C router to LYNC on the web. :( Big statement, but we havent been able to find one yet. We did find the following document useful, but the information was not enough to use H3C router for use as a L…
Hey there Heard about jingle, the add on for XMPP that enables point to point audio between two XMPP clients. No server config necessary. Actually quite a cool feature. However, how good is it if you can not use those voice capabilities to do a P…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now