Release Notes R1.2.18

Acano Solution
Acano Server Release 1.2.18
Release Notes
Acano
March 2015
76-1005-15-Al
Contents
Contents
1
Introduction
4
1.1 Before upgrading...................................................................................................... 4
1.2 After upgrading......................................................................................................... 4
2
New Features/Changes in 1.2
5
2.1 New Chrome Sharing Extension from R1.2.8 ........................................................... 5
2.2 New License File Replacing VM Activation Key........................................................ 5
2.3 Guest Access Support.............................................................................................. 5
2.4 Enhancements for WebRTC Support ....................................................................... 6
2.5 Lync Enhancements ................................................................................................. 6
2.5.1 H.264 UC ("SVC") video support
6
2.5.2 Presence enhancements
6
2.6 DNS Enhancement .................................................................................................. 6
2.7 Call Leg Profile Enhancements ................................................................................ 7
2.7.1 Call leg profile additions
7
2.7.2 Activation mode enhancements
8
2.7.3 Participants joining and leaving tones enhancements
8
2.8 Outbound Calls Page Updates ................................................................................. 8
2.8.1 Configurable control stream encryption for outbound calls
8
2.8.2 New Local From Domain field
9
2.9 External Directory Support in Searches .................................................................... 9
2.10 CDR Enhancements/Changes ................................................................................. 9
2.11 Main MMP Changes ............................................................................................... 10
2.12 Miscellaneous Enhancements ................................................................................ 11
2.12.1 OpenLDAP support
11
2.12.2 Logging/Diagnostic Enhancements
11
2.12.3 Audit Log Improvements
11
2.12.4 Configurable Outgoing Audio Packet Size
12
2.12.5 Media Encryption
12
2.12.6 Acano client presence enhancements
12
2.12.7 Resolution enhancements
12
2.12.8 Active Call List Enhancements
12
2.13 Summary of API Enhancement/Changes ............................................................... 12
3
Notes on Upgrading to R1.2
14
3.1 Upgrading to Release R1.2 .................................................................................... 14
3.2 Downgrading .......................................................................................................... 15
4
Resolved Issues
Resolved in R1.2.18
Resolved in R1.2.15
Resolved in R1.2.14
Resolved in R1.2.13
Resolved in R1.2.12
Resolved in R1.2.11
Resolved in R1.2.9
Resolved in R1.2.8
Acano Solution: Acano Server R1.2.18 Release Notes 76-1005-15-Al
16
16
16
16
17
17
17
18
18
Page 2
Contents
Resolved in R1.2.7
Resolved in R1.2.6
Resolved in R1.2.5
Resolved in R1.2 (previously called R1.2 RC2)
5
Known Limitations
Acano Solution: Acano Server R1.2.18 Release Notes 76-1005-15-Al
18
19
19
20
21
Page 3
Introduction
1 Introduction
This release note describes the new features, improvements and changes in Release 1.2 of the
Acano solution software for both Acano Server and virtualized deployments.
Release 1.2.15 is a maintenance release with bug fixes, as described later in this release note.
Also see section 2.12, Ability to add SAN names to the MMP command PKI CSR.
1.1 Before upgrading
If you are upgrading from a release before 1.2.12 and you have an Acano hardware server with
serial number less than 00072 then you need to check your license.dat file, you may need to
obtain a replacement license. Follow these steps:
1. SFTP the license.dat file off the Acano server and open license.dat in a text editor
2. Check line 7 of license.dat, if it reads
licensed product name=M-Link version=16.0 expires=unlimited options="0”
then contact support before the upgrade to obtain a replacement licence.dat file.
If line 7 reads:
licensed product name=M-Link version=16.9 expires=unlimited options="0”
you do not need to replace license.dat, proceed with the upgrade.
CAUTION VM ONLY: Before you upgrade a virtualized deployment to Release 1.2 you must
ask support@acano.com for a new license file if you have not already done so. This file
replaces the activation key on a virtualized deployment – the activation key is no longer
required. If the license is missing, the Call Bridge is limited to 4 call legs as before.
1.2 After upgrading
CAUTION Acano Server & VM: After upgrading either an Acano Server or a Virtualized
deployment you must check your Outbound Calls dial plan rules; the Local Contact Name field
usage has changed and there is a new Local From Domain with the functionality of the old
Local Contact Name field. This provides better interworking with Lync. See below.
Acano Solution: Acano Server R1.2.18 Release Notes 76-1005-15-Al
Page 4
New Features/Changes in 1.2
2 New Features/Changes in 1.2
2.1 New Chrome Sharing Extension from R1.2.8
In Chrome v.37 the way content sharing is supported was changed and this broke our support
for this feature. Therefore as a temporary measure we removed the Chrome content sharing
button in maintenance release 1.2.7; but the Acano Chrome extension for content sharing
restored this feature in 1.2.8.
2.2 New License File Replacing VM Activation Key
In releases after R1.2 Beta 4 there is a new license manager for virtualized deployments. This
replaces the VM activation key used in previous releases. (The license is not used on the Acano
Server at present.) The license is a JSON file with a digital signature appended.
Acano support will provide this acano.lic file to you. Upload the file to your VM host using SFTP:
do not rename the file. Then restart your Call Bridge.
You can check the licensed features and their status by issuing the MMP command license.
You will also see an entry in the syslog.
2.3 Guest Access Support
In R1.2 there is increased support for users to join a call using a guest user web link via a "Web
Bridge" URL which displays a "guest" login page. After they enter their name, the following
action is taken based on the platform and/or browser:

on a Windows PC, the administrator can configure a ClickOnce installer. (An additional click
is required after installation in order to launch the PC Client.)

Google Chrome and Firefox (see note later on Firefox support) uses WebRTC natively

Internet Explorer (IE9 or later), the Acano PC client launches (if it was installed
previously) or is downloaded automatically. (Internet Explorer does not support
WebRTC)

on an iOS device, the Acano iOS client launches if it is installed. If the client is not installed
then a page is displayed with a link to the App Store

on a Mac:

Chrome uses WebRTC natively

with Safari, a dialog box will open. If the Acano Mac client is installed, click on the Join
call in app button. If the client is not installed, click on the Install Acano for OSX
button. Note: You will need to click on the downloaded .dmg file to install the Acano
client. Then click on the Join call in app button.
Note: Specific versions (or later) of these clients are required for this feature, and some of these
are work-in-progress. See the Acano Client FAQs on the web site for the latest status.
Acano Solution: Acano Server R1.2.18 Release Notes 76-1005-15-Al
Page 5
New Features/Changes in 1.2
2.4 Enhancements for WebRTC Support
Additions have been made to WebRTC client operation in R1.2:

Firefox support for WebRTC in Release 1.2 is in Beta – users can test this functionality and
give us feedback, but no customer should rely on using it in production and the support we
offer is limited.

DTLS (encryption) support to allow you to use WebRTC on recent versions of Firefox to log
in to the Acano solution. This functionality is in Beta; no customer should rely on using it in
production and the support we offer is limited

Application sharing via Google Chrome – see the Acano Client FAQs document on the
Acano web site for details of how to enable application sharing in Chrome
Note: Due to the way Chrome handles key frames for multiple simultaneous video streams
currently, sharing an application with Chrome means that the main video stream from that
browser session stops, and only restarts when sharing stops.
2.5 Lync Enhancements
2.5.1 H.264 UC ("SVC") video support
Previously, video support for Lync was restricted to RTVideo. From R1.2, the Acano solution can
also send and receive H.264 UC. This is the default mode of operation with Lync 2013 and
provides a much improved video experience.
Note: With Lync 2010, RTVideo is still used; this is the highest quality codec that Lync 2010
supports.
2.5.2 Presence enhancements
The Acano solution now returns presence information to Lync for domains that can be reached
through a Lync > SIP rule configured in the Call Forwarding section of the Incoming Calls page.
Such destinations show up as "Available" normally. (If no rules are configured, the Acano
solution only provides presence for coSpaces.)
A status of Available tells Lync that the outbound SIP call is possible (because the Call Bridge
can route this call as a gatewayed call). Most SIP codecs do not support presence so there is no
way to get a true status from them to determine if they are actually available or not.
When the Acano Call Bridge knows that this destination is in a call – that is, if the Call Bridge
has placed a call to that destination (as a gatewayed or conferencing call leg) presence then
changes to "In a call".
2.6 DNS Enhancement
From R1.2 you can now configure the DNS resolver(s) to return values which are not configured
in external DNS servers or which need to be overridden, custom Resource Records (RRs) can
be configured which will be returned instead of querying external DNS servers. Use the new
Acano Solution: Acano Server R1.2.18 Release Notes 76-1005-15-Al
Page 6
New Features/Changes in 1.2
command: dns (mmp|app) add rr <DNS RR> and see the MMP Command Reference for
details.
2.7 Call Leg Profile Enhancements
2.7.1 Call leg profile additions
R1.1 introduced the concept of "profiles", allowing individual coSpaces or coSpace access
methods to use different call leg profiles which could enforce varying in-call behaviors. A number
of additions have been made to the mechanism for R1.2:

Call leg profiles can be attached to specific tenants: behavioral defaults can be applied for
all call and coSpace interactions for that tenant

Call leg profiles can be attached to individual "coSpaceUser" entries in the hierarchy; the call
leg profile then applies to that user's participation in the coSpace

A top-level call leg profile can be set, via a new API "api/v1/system/profiles" node. This
provides default behavioral settings for all call legs hosted by the system for call legs,
tenants, or coSpaces when more specific call leg profiles do not apply. For example, the toplevel profile's setting for whether to show participant names as pane labels will apply to all
calls
Note: Call leg profiles can be set globally, per tenant, per coSpace, per access method, per
coSpace user, or per call leg.

Call leg profiles can now set:

As in R1.1 whether call legs are "deactivated" (muted bi-directionally) until the first call
leg connects that does not require activation. These call legs revert to "deactivated"
when the last activator call leg disconnects

Whether call legs will receive any active presentation video combined with the main
video stream or (if capable) in a separate stream

Whether call legs are permitted to contribute presentations

Video layout: the default layout on devices that do not choose the layout for themselves

Whether participant name labels are included in multi-pane video layouts

Initial mute status for individual video and audio streams – both contributed by, and
received by, a call leg

Whether media encryption is Allowed, Required or Forbidden

Whether join and leave tones are played on this call leg, and at what threshold values
(see below)

Audio packet size (see below). The default is 20ms

Requiring activation enhancements (see the next section)
Acano Solution: Acano Server R1.2.18 Release Notes 76-1005-15-Al
Page 7
New Features/Changes in 1.2
2.7.2 Activation mode enhancements
R1.1 call leg profiles allowed individual call legs to be either "requiring activation" or "not
requiring activation". All call legs in a call "requiring activation" would be "deactivated"
(essentially, muted bi-directionally) until the first call leg that did not require activation connected.
Then, all other call legs would become "activated" (unmuted) but would revert to "deactivated"
when the last “activator call leg” disconnected.
R1.2 extends and enhances this mode:

Using call leg profiles, you can now set the "deactivation behaviour":

deactivate (the former, R1.1, behaviour), stay activated (allowing the participants to
continue to interact) or be disconnected

set a time value for how soon the deactivated mode takes effect: e.g. choose to
disconnect all "guest" participants a specified time after the last "activator call leg"
disconnects
These settings follow the normal call leg profile hierarchy, so you can set box-wide
behaviour via the top-level global call leg profile, or exercise more fine-grained control at the
per-tenant or per-coSpace level: in the most advanced modes, some "guest" participants
might be disconnected when the last "chair" leaves while others remain [active]
Information on whether a participation's call leg is activated or deactivated is pushed out to
Acano clients if the call leg is an Acano (rather than standard SIP, Lync or avaya) one.
There's a new specific "callDeactivated" CDR disconnect reason to indicate that a call leg has
been disconnected due to its call being deactivated.
2.7.3 Participants joining and leaving tones enhancements
In R1.2, you can configure the Acano Call Bridge to play out audible notifications when
participants leave or join a coSpace. Call leg profiles configured via the API (for instance, the
top-level default call leg profile or a call leg profile for an individual tenant or coSpace) include
threshold values for when to play join and leave tones. The Acano Call Bridge will play join and
leave tones to other participants when new people join and leave according to those thresholds.
For instance, if the join tone threshold is set to "5", then tones will be played out for the first 5
people joining, but not for additional participants (unless the total number of participants drops
below 5). The leave tone threshold is configured separately to the join tone threshold; if, for
example, the leave tone threshold is set to "3", the audible notification will only be played out if
someone leaves when there are 3 or fewer participants in the call.
Until configured for a call leg profile via the API, the join and leave tone participant thresholds
are 0: by default, R1.2 behaves like previous software releases and no tones are played when
participants join or leave the call.
2.8 Outbound Calls Page Updates
2.8.1 Configurable control stream encryption for outbound calls
For each Outbound Calls dial rule, you can now set whether SIP control traffic:

Uses only encrypted transport (TLS) - Encrypted
Acano Solution: Acano Server R1.2.18 Release Notes 76-1005-15-Al
Page 8
New Features/Changes in 1.2

Uses only unencrypted transport (typically TCP) - Unencrypted

Tries Encrypted mode first and falls back to Unencrypted in the event of failure – Auto (the
default)
This can be controlled via a new SIP Encryption field in the Web Admin Interface Configuration
> Outbound Calls page or the API (see the API Reference guide).
CAUTION: The default behavior R1.2 mode is Auto. This does not match pre-R1.2 behavior.
Previously, all "Lync" outbound dialling rules would automatically use Encrypted mode;
therefore you may need to ensure that these rules are explicitly set to Encrypted mode to
prevent the Call Bridge attempting to use unencrypted TCP for these connections in the event
of the TLS connection attempt failing.
Prior to R1.2, whether or not to attempt TLS first would be determined by the media encryption
setting; specifically, if media encryption was Disabled, then the Call Bridge would never attempt
to use TLS for SIP control connections. The new behaviour separates the control and media
encryption behaviour, allowing a TLS control connection to be used in the absence of media
encryption, for example.
2.8.2 New Local From Domain field
In previous releases the Configuration > Outbound Calls Local Contact Domain field
controlled the domain of the "From" address used in outgoing calls initiated via that Outbound
Call rule:
The contact domain was derived from the local Acano Call Bridge IP address used for the call.
From R1.2 the Outbound Calls page shows what was previously configured as the contact
address in a new Local From Domain field. This more closely matches its actual function: and
there's now the new ability to configure an explicit contact domain to be used: if you leave this
new field blank then the contact domain is derived from the local IP address (as before). If you
are using Lync, we suggest that you use this new function.
If you are not using Lync we recommend that the Local Contact Domain field is left blank to
avoid unexpected issues with the SIP call flow.
CAUTION: Therefore previous Outbound Calls dial plan rules may not work after upgrading to
R1.2 and they must all be checked and updated if required.
2.9 External Directory Support in Searches
Using the API, you can add additional directory locations to be searched when Acano client
users perform searches. If you are using the tenant feature, this is on a per-tenant level.
Results from these locations are added to the results from the LDAP-sourced user lists
displayed in the Acano clients.
2.10 CDR Enhancements/Changes
The CDR receiver address can now be read or written to via the API (GET or PUT to a new
/api/v1/system/cdrReceiver" node).
Acano Solution: Acano Server R1.2.18 Release Notes 76-1005-15-Al
Page 9
New Features/Changes in 1.2

The URI field in the CDR Receiver Settings section of the Configuration > API Settings
page remains for setting the CDR receiver address from the Web Admin Interface.

From R1.2 an audit log entry is made when the CDR receiver is added, modified or deleted.
Within a CDR, where applicable:

callLegStart records now include a "localAddress" value showing any local destination
relevant to the call leg (e.g. what the caller connected to in order to reach the Acano
solution)

A new "callDeactivated" leg end reason code signifies that the call leg was disconnected by
the Acano solution because the call of which the call leg was part was deactivated, and its
deactivate action (see above) was set to "disconnect"
R1.2 supports keepalive connections to allow the Acano solution to send multiple (batches of)
records on one TCP or TLS connection to a CDR receiver.
2.11 Main MMP Changes
The following enhancements/changes have been made in the R1.2 MMP for security. For full
details of the new command set see the MMP Command Reference for R1.2

The command passwd can now only be used by admin-level users

Admin-level users can now:

reset another user’s password

set the maximum number of characters that can be repeated in a user’s password – and
there are a number of other user password rule additions

limit MMP access by IP address

disable MMP accounts after configurable idle period

The command webbridge clickonce default is now webbridge clickonce none
to match other commands and disables all clickonce redirect behavior

There is a new dscp 4|6 <traffic type> <DSCP value> command to set DSCP
values

There are new commands for Common Access Card (CAC) integration

You can now permanently store system and audit log files using the new syslog rotate
<filename> and syslog audit rotate <filename> commands

You can now enable a FIPS 140-2 level 1 certified software cryptographic module, Then
cryptographic operations are carried out using this module and cryptographic operations are
restricted to the FIPS approved cryptographic algorithms

Users with the audit role can enable verbose logs for certain services using the audit
http (enable|disable) command

The Acano solution now

validates the new upgrade.img file before initiating a backup before upgrading

notifies users (on login) of the number of unsuccessful login attempts since last
successful login
Acano Solution: Acano Server R1.2.18 Release Notes 76-1005-15-Al
Page 10
New Features/Changes in 1.2


handles certificate bundles as well as certificate files. There are changes to pki
command parameters to accommodate this and a new pki verify <cert> <cert
bundle/CA cert> [<CA cert>] command
When deploying R1.2 as a new virtualized deployment, dhcp is enabled on interface a by
default
2.12 Miscellaneous Enhancements
2.12.1 OpenLDAP support
Previously you needed to make changes to openLDAP's schema to get an LDAP sync to work
with openLDAP (adding an objectUUID), but this is no longer necessary in R1.2.
Take great care if you choose to migrate from AD to openLDAP. The key is the objectGUID: this
is the object that the Acano solution uses to sync the coSpace database and AD. So long as the
objectGUID is intact when you migrate, the sync will maintain all properties on the Acano Server.
Make a backup of the current system configuration prior to migration. We strongly suggest
detailed testing with the LDAP mappings and filters on the new AD prior to initiating the Sync for
the first time from the new AD source.
2.12.2 Logging/Diagnostic Enhancements
The diagnostic logging available from the Web Admin Interface Logging > Detailed tracing
page has been improved:

All SIP traffic shown via this method has a fixed "SIP trace" prefix, so that it can be identified
from the more general event log

New DNS and API tracing complements the existing SIP tracing; the information produced
by these methods starts with either "DNS trace" or "API trace" for easy identification

For all tracing methods, the range of timed enablement now includes a "24 hours" option;
allowing extended diagnostics to be left on overnight, for instance

There are more date values along with times in the logs

Displays a warning message for failed DNS lookups
2.12.3 Audit Log Improvements
From R1.2, the audit log shows:

participants joining and leaving events

modifications to the CDR receiver settings (see below)
The audit log settings can only be changed by a user with the audit role: that is, only audit-level
users can use the syslog audit commands.
Users with the audit role can enable verbose logs for certain services using the audit http
(enable|disable) command.
Acano Solution: Acano Server R1.2.18 Release Notes 76-1005-15-Al
Page 11
New Features/Changes in 1.2
2.12.4 Configurable Outgoing Audio Packet Size
Whereas previous Acano solution releases would always send 20ms outgoing audio packets
where possible, R1.2 introduces the ability to set a preference of 10ms or 40ms instead by using
the Audio Packet Size Preferred field in the Configuration > Call Settings page if your
environment requires a different setting.
Note: Not all audio codecs support the ability send different packet sizes, and therefore the
effect of setting 10ms or 40ms settings may vary from call to call.
While you must select from pre-defined values in the Configuration > Call Settings page, by
using the API you can set other sizes for the outgoing audio packets according to the
capabilities of the codec in use.
2.12.5 Media Encryption
From R1.2, an unencrypted warning indicator shows up on endpoints' screens if those endpoints
have an encrypted connection to the call, but there are call legs in the same call that are not
using encryption. Using call leg profiles, it is now possible to configure encryption requirements
on a system-wide, tenant-wide or coSpace level.
Acano clients show an equivalent indicator.
2.12.6 Acano client presence enhancements
From R1.2, if you are in call on an Acano client, your user status will change to "Busy".
2.12.7 Resolution enhancements
From R1.2, the Acano solution supports 1920x1200 and 1600x1200 resolutions.
2.12.8 Active Call List Enhancements
From R1.2, the Acano solution displays the SIP URI of the caller in the Active Call list.
2.13 Summary of API Enhancement/Changes
This section summarizes the API enhancements and changes in R1.2. Some of these changes
are for features mentioned previously in these Release notes. For full details see the API
Reference for R1.2.

The reply to a GET on "/api/v1/system/status" now includes the software version.

New API tracing is shown in logs from the Logging > Detailed tracing page (see above)

There are a number of new elements in the object hierarchy:

/accessQuery (and associated method to find full details of how a given URI or call ID,
for instance, one that might be associated with a coSpace, might be reached)

/callLegs/<call leg ID>/callLegProfileTrace

/system/profiles
Acano Solution: Acano Server R1.2.18 Release Notes 76-1005-15-Al
Page 12
New Features/Changes in 1.2



/system/cdrReceiver (see above)
Retrieve or write the CDR receiver address (see above)
There are some new fields for existing objects:

/tenants/<tenant ID>/callLegProfile – for per-tenant call leg profiles

/coSpace/<coSpace ID>/coSpaceUsers/<coSpaceUser ID>/callLegProfile – for per
coSpace user call leg profiles

/outboundDialPlanRules/<outbound dial plan rule ID>/sipControlTransport – a per
outbound dialling rule setting for SIP control traffic transport. <outbound dial plan rule
ID> is one of :encrypted, unencrypted or auto
There are some additional filters to use in queries:

/callLegProfiles - you can now specify "usageFilter=unreferenced" as a filter to return
only call leg profiles not referenced anywhere (and therefore potentially safe for deletion)

/coSpaces - you can now specify a "callLegProfileFilter=<GUID>" filter to return just
those coSpaces using that call leg profile (at the coSpace level, or for an accessMethod
or coSpaceUser)

/tenants - you can now specify a "callLegProfileFilter=<GUID>" filter to return just those
tenants associated with that call leg profile

Enable tones for participants joining and leaving calls (see above)

callLegProfile additions (see above)

A top-level profile can be set, via a new API "api/v1/system/profiles" node (see above)

Requiring/not requiring activation enhancements (see above)

Add additional directory locations to be searched when Acano client users perform searches
(see above)

New failure reason databaseNotReady for LDAP sync operations

New parameters when adding and modifying a coSpace member
Acano Solution: Acano Server R1.2.18 Release Notes 76-1005-15-Al
Page 13
Notes on Upgrading to R1.2
3 Notes on Upgrading to R1.2
This section includes information about upgrading an Acano Server Release.
CAUTION: Before upgrading to R1.2 (either an Acano Server or a virtualized deployment) you
must take a configuration backup using the backup snapshot <filename> command and
store it safely on a separate device. See the MMP Command Reference document for full
details.
CAUTION VM ONLY: Before you upgrade a virtualized deployment to Release 1.2 you must
ask support@acano.com for a new license file. This file replaces the activation key on a
virtualized deployment – the activation key is no longer required.
3.1 Upgrading to Release R1.2
Unless specifically mentioned, the instructions in this section apply to both Acano Server and
virtualized deployments.
Upgrading the firmware is a two-stage process: first, upload the upgraded firmware image; then
issue the upgrade command. (This restarts the Acano solution: the restart process interrupts all
active calls running on the Acano solution; therefore, this stage should be done at a suitable
time so as not to impact users − or users should be warned in advance.
To install the new firmware on the Acano Server follow these steps:
1. Check that you have the new license file from support@acano.com. This file is required on
virtualized deployments. It replaces the activation key on a virtualized deployment – the
activation key is no longer required and has been deprecated.
2. Obtain the upgrade image from the secure partner section of the Acano website. You should
have obtained a file called upgrade.img. If this is not the case – rename the file to
upgrade.img.
Note: If you are using WinSCP for the file transfer, ensure that the transfer setting is ‘binary’
not ‘text’. Using the incorrect setting results in the transferred file being slightly smaller than
the original – and this prevents successful upgrade.
If you are using a virtualized server, when you log in with the admin user account after
upgrade, for security you will be prompted to change the password before proceeding.
CAUTION: After upgrading you must check your Outbound Calls dial plan rules – see
section 2.8.
3. Using a SFTP client, log into the MMP using its IP address. The login credentials will be the
ones set for the MMP admin account. If you are using Windows, we recommend using the
winSCP tool.
Notes:
You can find the IP address of the MMP’s interface with the ipv4 admin command or the
equivalent ipv6 command.
Acano Solution: Acano Server R1.2.18 Release Notes 76-1005-15-Al
Page 14
Notes on Upgrading to R1.2
The SFTP server runs on the standard port, 22.
After copying the upgrade.img file, you will not be able to see it listed as being in the file
system; this is normal.
4. Copy the software to the Acano Server/ virtualized server.
5. To apply the upgrade, issue the upgrade command.
a. Establish a SSH connection to the MMP and log in.
b. Initiate the upgrade by executing the upgrade command.
upgrade
The Acano Server/ virtualized server restarts automatically: allow 10 minutes for the process
to complete.
6. Verify that the Acano solution is running the upgraded image by re-establishing the SSH
connection to the MMP and typing:
version
Remember to use the MMP user accounts to log into the Web Admin Interface. Refer to the
MMP Command Reference document for more information.
7. If you are using a virtualized deployment, upload your new license file.
8. For all deployments, check the Configuration > Outbound Calls rules updating the Local
Contact Domain field and completing the new Local From Domain field if necessary.
3.2 Downgrading
To return to the older version, use the regular upgrade procedure to “upgrade” to the appropriate
version, and then restore the configuration backup for that version.
Acano Solution: Acano Server R1.2.18 Release Notes 76-1005-15-Al
Page 15
Resolved Issues
4 Resolved Issues
Resolved in R1.2.18
Reference
Issue
Summary
7707
WebRTC client does not work with
Chrome version 41.0.2272.64 beta-m
(64-bit)
When attempting to join a call with the WebRTC client
v41 the client displays the spinning circle for a while and
then the call fails. R1.2.18 fixes an interop issue that
was preventing WebRTC clients from working with this
beta version of Chrome.
7839
XSS vulnerability could result in
execution of javascript to create a
popup with the text xss after clicking
through authentication (successful or
not)
A bug was discovered in R1.2.14 which could result in
the coSpace database not initialising, following an
upgrade or downgrade to R1.2.14 on Acano Server
hardware only. The VM version of this release is not
impacted by this issue.is fixed in R1.2.18.
Resolved in R1.2.15
Reference
Issue
Summary
7471
CVE-2015-0235 - Ghost vulnerability
This issue was reported as Security alert 017 and is
fixed in R1.2.15.
7485
Unable to join coSpace on Web
Bridge with Firefox
This issue can be seen whether joining as a guest or
signing in to the WebRTC Client as a user and is fixed in
R1.2.15.
7557
Lync calls fail after 30 seconds to
direct federated Lync servers in
1.6.11
Fixed in R1.2.15.
Resolved in R1.2.14
Reference
Issue
Summary
7055
CSR generated on the Acano server
could be rejected as an Invalid CSR
This was occurring because of a difference between
the given and expected version number. This issue is
fixed in R1.2.14.
7298
Call Bridge passing incorrect
information about the number of
recent participants when there have
been 10 or more participants in the
coSpace
When 10 or more participants were in a call in a
coSpace (not necessarily concurrently), the server
includes an incorrect number of participants in the
recent call message sent to the Acano clients. This
issue is fixed in R1.2.14.
7420
Open URL redirection vulnerability
could be exploited to gather
credentials from an unsuspecting
user
This issue was reported as Security Incident 017 and is
fixed in R1.2.14.
7421
XSS vulnerability could result in
execution of javascript to create a
popup with the text xss after clicking
This issue was reported as Security Incident 018 and is
fixed in R1.2.14.
Acano Solution: Acano Server R1.2.18 Release Notes 76-1005-15-Al
Page 16
Resolved Issues
through authentication (successful or
not)
Resolved in R1.2.13
Reference
Issue
Summary
6204
All active calls are dropped
Calls being dropped when component connection from the Call
Bridge to the XMPP server dropped because invalid XML was
sent from a client. This issue was raised as Security issue 013,
and is fixed in R1.2.13.
6684
Issues in calls with VCS
X7.2.2 and Acano 1.2.11 &
1.2.9
This could occur when the “Minimum session refresh interval
(seconds)” was higher than 1800 in VCS. This issue is fixed in
R1.2.13.
6686
API system status messages
returning unwanted
information
This issue is fixed in R1.2.13.
6744
Syslog "unrecognised protocol
message" at "Warning" level
This has been made an info level message rather than warning;
it indicated that older versions of the clients are being used with
the Acano server. This issue is fixed in R1.2.13.
6755
First few seconds of the video
stream could be fragmented
This was related to setting MTU settings on an interface. This
issue is fixed in R1.2.13.
6779
Calls being dropped
This occurred because of TURN server issues when listening on
multiple interfaces. This issue is fixed in R1.2.13.
6858
MMP commands didn’t autocomplete with all possible
matches
This issue is fixed in R1.2.13.
6923
Lync AVMCU calls disconnect
at 16 minutes
Lync AVMCU calls to SIP endpoints disconnected at 16 minutes.
This issue is fixed in R1.2.13.
Resolved in R1.2.12
Reference
Issue
Summary
5779
Sending higher than
configured Tx maximum
bandwidth to Lync client
This issue is fixed in R1.2.12.
6491
Logs filling with repeated
message approximately every
second
This was caused by starting the server with an invalid XMPP
license. This issue is fixed in R1.2.12.
6510
Server crash when running
R1.1.8.
This was caused by a DNS lookup error and this issue is fixed in
R1.2.12.
6567
Frequent resolution changes
when Lync client and EX60
endpoint in a coSpace
This was caused by frequent changes to the incoming resolution
and from R1.2.12 we have adapted our algorithms to suit this
situation. This issue is fixed in R1.2.12.
Resolved in R1.2.11
Acano Solution: Acano Server R1.2.18 Release Notes 76-1005-15-Al
Page 17
Resolved Issues
Reference
Issue
Summary
6067
Custom IVR image issue
Customized image could be pixilated in full-screen mode on
Lync participants. This issue is fixed in R1.2.11.
6182
Certificate chain issue
This certificate trust issue is fixed in R1.2.11.
6235
Content fails SIP calls through
Codian ISDN GW
Content could fail to stop and cause lip sync issues. This is fixed
in R1.2.11.
6313
Max number of hostname IPs
exceeded
Previously the Acano solution could only resolve 8 names to a
DNS load balancer. This has been increased and the issue is
fixed in R1.2.11.
6340
H264 decoder crash
This issue was caused by a rare software loop and is fixed in
R1.2.11.
6368
Load balance across VCS
peers
Outbound calls from an Acano server were not load balanced
across all available VCS cluster peers. This is fixed in R1.2.11.
6375
Server crash
This issue is fixed in R1.2.11.
6376
Active calls stop working
The Call Bridge service could stop on receiving 401 messages.
We have improved 401 message handling and this issue is fixed
in R1.2.11.
6575
Security fix CVE 2014 3513
R1.2.11 fixes a security issue with OpenSSL denial of service
vulnerability that is detailed in the Security Alert Details
document
6596
No video to Polycom DMA
We have improved our handling of parameters in the H.264
advertisement parsing code and this issue is fixed in R1.2.11.
Resolved in R1.2.9
Reference
Issue
Summary
6153
Occasional Lync calls failing
This was caused by a NOTIFY message with zero length. This is
no longer transmitted and therefore is fixed in R1.2.9.
6337
postgres not starting
Some changes have been made to the postgres setup and this
issue is fixed in R1.2.9.
Resolved in R1.2.8
Reference
Issue
Summary
5760
Require a Chrome extension
to be able to share desktop
from Chrome.
This issue is fixed in R1.2.8.
6132
Server crash caused by issue
with Active Directory settings
Field Mapping Expression
This issue is fixed in R1.2.8.
Resolved in R1.2.7
Reference
Issue
Summary
Acano Solution: Acano Server R1.2.18 Release Notes 76-1005-15-Al
Page 18
Resolved Issues
5963
Vulnerability issues with
OpenSSL
R1.2.7 uses the latest OpenSSL library addressing some
vulnerability issues reported as Security Incident 007.
5968
Issues with Apache's
mod_reqtimeout
R1.2.7 uses Apache 2.4.10 addressing potential slow http
attacks. This issue was reported as Security Incident 008.
5890
One-way video with Chrome
v37
Although Chrome v36 was fine in the same circumstances,
when using v37 the Acano WebRTC Client received video, but
didn't transmit any. This issue is fixed in R1.2.7; however, see
the Known limitations below.
5980
tenantFilter for callLegs
returns no results
In R1.2.5 an API GET on /api/v1/callLegs?tenantFilter=xyz could
return zero results. This is fixed in R1.2.7.
5981
Empty/missing <name> tags
in API responses for
participants without a SIP
display name
If an endpoint didn't supply a SIP display name, then in the list of
/callLegs from the API, you could see an empty name tag. This
is fixed in R1.2.7.
6055
Virtualized Edge server not
responding to SNMP polls
snmpd wasn't starting up and this is fixed in R1.2.7.
6070
In R1.1 WebRTC guest
diagnostics could show
unnecessary information
This is fixed R1.2.7.
6071
WebRTC Client’s Chat tab
does not show the latest
messages
There was a missing refresh of the message board when
returning to it from another view. This is fixed in R1.2.7
Resolved in R1.2.6
Reference
Issue
Summary
5904
XMPP (authp) authentication
succeeds with empty
password if LDAP server
allows 'unauthenticated
authentication' method of
simple bind
Active Directory allows unauthenticated authentication and
therefore if the client supplied an empty password, but a valid,
known JID, such client log-in requests succeeded. This was a
security issue reported as Security alert 006 – this issue has
been fixed in R1.2.6.
Resolved in R1.2.5
Reference
Issue
Summary
5398/5681
Core server crash
There could be an occasional crash when the Core server was
communicating with the Web Bridge(s) due to a memory buffer
issue. This is fixed in R1.2.5.
5641
Decoder rejected frames with
width or height not divisible by
4
One consequence was that the Acano solution did not output
any frames when Chrome sent a desktop at 1680x1050 for
example (as 1050 is 2 mod 4). In R1.2.5 the Acano solution is
more flexible on resolutions and this issue is fixed.
5647
Logo shown to clients when
multiple deactivated ("guest")
video participants are present
R1.2.5 deals with deactivated video streams better and no
longer sends anything to the clients when there are no "real"
participant video streams available.
5650
Failed API/webadmin
authentication causes
This issue was previously reported as Security Alert 005. This
issue is fixed in R1.2.5.
Acano Solution: Acano Server R1.2.18 Release Notes 76-1005-15-Al
Page 19
Resolved Issues
slowdown of webadmin, API
and SIP processing
5661
Loaded media message after
changing microphone when
using Chrome WebRTC
The Chrome client would show "Loading Media - Please wait";
and to re-establish full audio and video the user would have to
dial in again.There is now improved handling of trickle ICE on
the Web Bridge and this issue is fixed in R1.2.5.
5678
Issues changing the layout for
a callLeg via the API in R1.2
In R1.2.0 changing the layout for a callLeg via the API didn't
work if you did a PUT with layout = telepresence but worked if
you specified defaultLayout = telepresence. The published API
spec for 1.2.0 was incorrect. In R1.2.5 the Acano solution will
accept either parameter for a callLeg – but the documentation
has been updated to reflect defaultLayout = telepresence and
this is the recommended statement. This issue is fixed in R1.2.5.
5802
Thread safety issues with
json_read in PAM
Repeated failed authentication could cause a crash. This is fixed
in R1.2.5
Releases R1.2.1 to R1.2.4 were not released.
Resolved in R1.2 (previously called R1.2 RC2)
Reference
Issue
Summary
2578
Escalation from audio to video
not working over Lync Edge
server
Escalation from audio to video would not work over Lync Edge
server; this is fixed in R1.2.
4214
The webbridge listen
command doesn't work for
certain port numbers
Some port numbers did not work with the webbridge
listen command; for example Firefox considers port 1 as a
reserved port. The webbridge status returns “Running”
but the web page doesn't seem to load when you browse to the
Acano server, e.g. join.tryacano.com. This is fixed in R1.2
5444
Calls fail with uppercase
content-type
If the content-type header in SIP messages had SDP in
uppercase then calls could fail with "ACK received with no
session description late media call - ending call”. This is fixed in
R1.2.
5445
Web Bridge issue could cause
a crash
This is fixed in R1.2.
Acano Solution: Acano Server R1.2.18 Release Notes 76-1005-15-Al
Page 20
Known Limitations
5 Known Limitations
If you encounter any of the following issues, contact support@acano.com because we are likely
to have test builds to send you with fixes for many or all of them by the time you find them.
Reference
Issue
Summary
2449
Lync Edge clients lose
audio/video after hold/resume
If you dial a Lync 2010 client into a coSpace and hold/resume
the call a few times, it can end up with either no audio or no
video or no media at all after a call resume. If you leave it in this
state, Lync 2010 client eventually prints a message saying "Call
failed due to network issues". This issue will be addressed in a
future release.
3445
Lync calls to coSpace with
PIN do not connect reliably.
This affects all Lync clients
When dialing from a Lync client using a Lync server which has
SupportEncryption or RequireEncryption set, then after you
enter the coSpace PIN, the result can be unreliable. The call
may connect perfectly, or audio and/or video may not be sent.
3965
Unable to stop pcap capture
on serial/ssh
Occasionally users running pcap from the serial console for a
few minutes are unable to stop the capture with a Ctr+C, if this
happens try crt+\ or contact Acano support.
4132
Prevent logging in to the Web
Admin Interface.
By going to the Web Admin Interface login page, clicking OK to
login and then holding down F5, all the sessions will be “used”
without even logging in. This prevents anyone else from logging
in until those sessions expire. This issue will be addressed in
R1.2.
4838
Call Bridge Crash
A stress crash can occur in R1.2 Beta 22/04/2012 when using
the WebRTC client.
5228
No DNS failover for AD sync
Although the initial problem of the Call Bridge not falling back to
a second AD server address after the LDAP connection to the
first failed has been fixed in R1.2, there remains the issue that
trying to connect to a non-existent/non-responding remote
address can take a long time to time out.
6763
“syscall error” messages
appearing in log
The syscall error message should not have been left enabled in
this maintenance release. However, they are harmless and
should be ignored.
7920
OpenSSL vulnerable to a
denial of service attack
This issue is reported as Security Alert 022.
Acano Solution: Acano Server R1.2.18 Release Notes 76-1005-15-Al
Page 21
© 2015 Acano (UK) Ltd. All rights reserved.
This document is provided for information purposes only and its contents are subject to change without notice. This
document may not be reproduced or transmitted in any form or by any means, for any purpose other than the
recipient’s personal use, without our prior written permission.
Acano and coSpace are trademarks of Acano. Other names may be trademarks of their respective owners.
Acano Solution: Acano Server R1.2.18 Release Notes 76-1005-15-Al
Page 22