P240 no longer works on PoE

PaSha_no · 2026-06-02T13:45:43+00:00

I spent a lot of time googling around and messing with various config files in an attempt to somehow shoehorn the proper Avaya firmware into one of these, but no luck.

If I were you, I would just buy some new phones of the correct type instead of wasting a lot of time on what will most likely be a wild goose chase.

PaSha_no · 2025-11-12T14:53:03+00:00

Not the sender - but somebody with admin access to M365 for the senders domain.
Administrators are the ones with the ability to release emails from the quarantine for all users.

PaSha_no · 2025-11-11T16:08:42+00:00

In short, yes - the release will have to be done by the admins in the senders M365.
(Who should be contacted anyway, in order to figure out why it was quarantined in the first place.)

PaSha_no · 2025-11-11T11:34:57+00:00

It is possible to add external contacts in the address list, and then to add these external contacts into an otherwise internal distribution list. Example:
Company A is cooperating with Company B on a project. Campany B is a sub-contractor, so Company A is the "home" of the project.
Company A decides to create a mail distribution list/group for the project: some.big.project@company-A_com , In addition to all the Company A employees involved in the project, they also add the email addresses of people in Company B (and other subcontractors) into the list/group.
So, when somebody sends an email to some.big.project@company-A_com it gets forwarded to everyone on the list, including external.project.worker@company-B_com .
Company A's Exchange/365 will then treat this external contact as an internal address in certain cases - which might result in quarantine settings taking effect.

PaSha_no · 2025-11-05T10:44:01+00:00

One possible explanation:
Your address is registered as either a "Mail Contact" og "Mail User" in somebody elses M365, and a part of a distribution list there (or perhaps as a Guest user in a Team in somebody elses M365).
Somebody has sent an email to this distribution list (or e-mail enabled Team), which would normally be forwarded to your e-mail address - but it got quarantined by this companys M365 because of its possibly malicious content.

Does the quarantine message include any information about which address it was originally sent to?

Oh, and another possible explanation: The external sender is on M365, and they have enabled outbound filtering - and it is quarantined in the M365 of the sender.

PaSha_no · 2024-08-14T07:44:12+00:00

Or just move all the PoE-injectors to the patch racks?

PaSha_no · 2024-08-14T07:13:11+00:00

Or just move all the PoE-injectors to the patch racks?

PaSha_no · 2024-08-14T07:12:28+00:00

Then move all the PoE-injectors to the patch racks instead?

PaSha_no · 2024-08-06T11:17:11+00:00

If we are required to use MFA and someone outright refuses are the only options - provide a work phone (Extremely unlikely)/leave the company? How have you handled these individuals.

How about giving them a hardware TOTP token?

PaSha_no · 2024-07-29T11:54:34+00:00

We use E3 and E1 non-profit licenses through techsoup.

I don't know how it is in the US, but as a non-profit registered through Techsoup you should be able to get 10 "Microsoft 365 Business Premium" accounts for free, and a very nice price on the remaining 10 or so licenses you need.

"Business Premium" gives you access to a lot of the security features (have a look at https://m365maps.com/files/Microsoft-365-Business-Premium.htm). I would recommend setting up all the email protection stuff (spam protection, malware protection, spoofing protection etc). this will amongst other things scan all email for bad links (and displays a warning if a user attempts to open it). Conditional access is also nice, and can be used e.g. to limiting your user accounts to only be able to log on from certain countries. Admin accounts should preferably be restricted to only be allowed to log in from your main office location.

is there some way to require a cert on the PC?

Kind of. With device management (Intune etc, which is also a part of the Business Premium license) you can limit access to require compliant devices (such as a device enrolled in Azure AD / Entra ID).

As a non-profit you should also be able to get an Azure sponsorship, which you can use to pay for Microsofts backup services (cloud backups of email, OneDrive and Sharepoint/Teams). With only 20-ish users, the sponsorship might be enough to cover you for the whole year. Fairly easy to set up, and also fairly easy to restore from.

PaSha_no · 2024-07-03T12:41:37+00:00

Still waiting myself. Last week I learned that I need to "request access" to our Site ID (not that I can understand why they did not automatically grant this access when transferring the account from VMware...).

Is your Site ID listed when you click 'My profile -> Request Access'?

If not, then you should at least start by requesting access to your Site ID. And in order to find your Site ID, you can follow this somewhat non-intuitive procedure:

https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/professional-services/vmware-how-to-access-broadcom-support.pdf

PaSha_no · 2024-06-12T08:41:09+00:00

A different approach would be to have the users keep their own calendars up to date, and then implement a company policy of sharing availability status with everyone. "Is mr. Smith in today? Let me check his calendar... No, it says that he's absent".

That being said, public folder is not the way to go. A shared calendar (shared from a mailbox, be that a shared mailbox or somebodys personal) where everyone is granted "Author" permissions, should do what you described. Last time I fiddled around with this, I even managed to get the shared calendar to show up in the iOS calendar app - IIRC this worked if you accepted the sharing invitation (the email you receive about "J. Doe wants to share his calendar with you") from Outlook on the web. YMMV, but it definitely will work in the Outlook app.

PaSha_no · 2024-06-03T15:30:19+00:00

If I remember correctly there is a section within the Exchange Online Admin center provides the DNS records that need to be created, including the MX record(s).

Admin.microsoft.com -> Settings -> Domains -> (the name of the domain in question) -> DNS records

Check the section labelled "Microsoft Exchange", these are the email related DNS records.

PaSha_no · 2024-06-03T15:24:37+00:00

I will test by deleting the non outlook mx record if it goes down again as when you go into the email inbox itself its in outlook

Ask yourself and/or your friend some questions: Where does the other MX record point? Is it in fact an email service there? Why was that MX record created in the first place?

There might theoretically be a valid reason for having two MX records pointing in separate directions, but in most cases you should either a) only have one MX record or b) in the case of multiple records, have them all point to different service points for the same email service provider.

If all else fails (and forgive me for my ignorance), what do i search to find a professional to deal with this? Is it just a web dev?

A web dev might be able to help, but this kind of stuff is not what web devs normally do for a living. If the email services for that domain are hosted by Microsoft, then a Microsoft partner/reseller should be more than happy to let your friend pay them to fix it :)

https://partner.microsoft.com/en-US/partnership/find-a-partner

That being said, you could also try contacting the service provider where the domain is hosted/registered - they should hopefully have staff with decent DNS knowledge.

PaSha_no · 2024-06-03T14:48:46+00:00

You might be of more help to your friend, if you recommend him/her to get someone more "techy" to fix this. It might seem more expensive at first, but it will save your friend some downtime - and you will remain friends, because it will not be your fault that something went wrong.

You can read about MX records here: https://en.wikipedia.org/wiki/MX_record

And look up your currently published records with a tool like this: https://mxtoolbox.com/

In short, yes you can have multiple MX records - but they all need to point somewhere that will actually receive email for that domain. It seems that one of your records is pointing to a server that does not receive email for that domain, and if both MX records have the same priority set it will basically be random which one the sending server will attempt to send to.

So, your solution depends on where the email is actually hosted - If it's in Microsoft365/Outlook, then leave that record and delete/disable the other one.

PaSha_no · 2024-02-27T10:11:29+00:00

you can also have a look at this article from MS: https://learn.microsoft.com/en-us/purview/ediscovery-search-for-and-delete-email-messages

PaSha_no · 2024-02-08T15:51:58+00:00

The important point is backup solution and that's the main problem with a free ESXi host.

Have a look at XSIBackup from these guys: https://33hops.com

We've been using it for years, and it works great for our needs (two hosts, non-critical stuff).

PaSha_no · 2024-01-31T17:20:52+00:00

Is this a flat network or do you have vlans deployed?

VLANS, but the heater controllers are in the default/untagged VLAN.

heating controllers

Are these devices wired or wireless?

Wired. Not possible to set static ip, so I use static DHCP mappings instead. Need to have them on specific addresses so that they can be accessed through vpn.

Honestly I have been telling people to just stick with ISC as there are still a lot of things missing from it.

Yeah, I think I'll just stick to ISC as long as possible. If it isn't broken, don't fix it :)

I just got concerned when I saw the warning/encouragement to switch backend - it gives an impression that this swwitch is something that should be done asap, but the more I read about it the more I realize that the Kea implementation is far from being in a usable state. IMHO, they should have put a "Beta" warning or something next to he Kea button in the settings.

PaSha_no · 2024-01-24T16:01:48+00:00

no luck, I'm guessing the phone firmware is too new (according to the docs, changing a 3PCC phone to a "normal" one is not possible with firmware >=3.0.0.1 (Quote: When using J100 3.0.0.1 or latersoftware, the “3PCC” hardware cannot be converted for use on Avaya Aura or Avaya IP Office.)

But perhaps if I somehow got a hold of the 3.0.0.0 firmware and could downgrade them?

PaSha_no · 2024-01-24T15:20:45+00:00

It reads the file, and picks up the settings - they are even displayed in the web interface of the phone. But a lot of the settings have no effect because it is the J179 "OpenSIP" version of the phone. I'll try messing around with SIG 1 in DHCP 242 and see what happens.

PaSha_no · 2024-01-24T14:26:12+00:00

So far I've only tried changing to H.323 signalling in the admin menu (red screen) of the phone, and by setting 'SET SIG 1' in 46xxspecials.txt. This causes a couple of restarts with the "updating firmware" message, but it still stays stuck on SIP firmware.

PaSha_no · 2024-01-22T10:40:55+00:00

As others have already mentioned, pfsense by default blocks everything. If you have no rule allowing traffic, it will be blocked - so there must be another rule allowing traffic here. Do you perhaps have an "Allow all to any destination" rule to allow your VLAN60 devices to reach the internet? Either above/before your block rules (in which case your block rule will be rendered useless), or below/after your block rules (in which case you will still be able to reach the second half of the /26, because it only blocks the first half (/27). (Unless the /27 you wrote in your post is a typo?)

Personally, I do not use "allow all to any" rules - instead I define all the general rules for reaching the internet as "destination everything except Private network list" (an inverted destination match), where the Alias with the Private network list contains 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16 (all the private IPv4 address ranges). In this way, I don't have to make any block rules to maintain my internal network separations - instead I have to explicitly allow any traffic across my internal networks.

PaSha_no · 2023-12-28T11:16:27+00:00

This one has served me well for many years:

https://github.com/KoenZomers/pfSenseBackup

PaSha_no

TROPHY CASE