We have yealink endpoints and are using the commercial endpoint manager. regularly, an extension will get deleted, but the phone doesn’t get unplugged/de-provisioned/etc. This causes it to spam the pbx with failed registration attempts, and sets off fail2ban… not a big deal, but its a few extra steps.
how most of you handle de-provisioning an endpoint?
yealink offer an action uri which can be used to trigger a factory reset. is it possible to fire this off prior to running the delete functions? if so, any insight on how to accomplish this?
Thanks
Well you would just unplug the phone if it’s not in use anymore. However, if this is some setup where the user isn’t someone you can’t just tell to unplug the phone, there’s not much you can do. The phone needs to be unplugged, reset or you need to put a blank profile up for it so it pulls a config with no details inside of it and resets itself.
We deal with a lot of remote locations, so getting the phone unplugged or removed doesn’t always happen. We have found that if the phone gets unplugged without having the config wiped; the next time its plugged in, Sometimes,it will will get blacklisted by fail2ban before getting the new config file from endpoint manager. Of course, I can do a lot of it manually, but trying to find a more automatic way to do things…Sending a sip notify (or firing off a curl command to the action url), prior to running the delete functions should help. I know next to nothing about php, or where to look in the code to get started.
I suspect that the configuration in your DHCP server and TFTP Server would end up with the same SPAM problem.
When I remove a phone from service, I remove the instrument and the config. That way, when it comes time to reprovision it, I have the bar code at my provisioning workstation so I can scan it in wherever I need to (instead of retyping).
No, using something to trigger a reset will work fine, assuming that the device was deleted in EPM, there will be no MAC.cfg file. Even if his DHCP setup tells the phone to talk to the PBX, it will connect and get the global model file, y0000000000XX.cfg.
Nothing in that process will cause an attempt to authenticate, which is his problem now.
Before deleting the extension from the PBX, you want to remove the phone config. I would do this by creating a special template used only for decommissioning phones. Have the “SIP Destination Address” in the template server set to 127.0.0.1 and leave the provisioning server as-is. Then assign the device in question to this template and push a new config to the phone. Once you confirm the registration is gone, then remove the extension.
By leaving the prov address set correctly, you can always push a new config to the phone in the future, tho you will have to wait for the phone to auto-sync.
I also have this setup for flipping DND with FOP2 to make the phone also show DND status when changed from FOP2 by an operator/admin. It is just a small tweak to the FOP2 code to let it all be seamless.
If you delete an extension without going into EPM -> Extension Mapping, does EPM still delete the MAC.cfg file? I know even deleting from the main Extension Mapping list did not delete the config file until the bug report I put in back in the spring.
I use DHCP options to make sure things point to the provisioning server when defaulted. gets around the extra work inside of FreePBX.
I think at this point a question has to be asked and it probably should have been asked earlier.
@speedy01 Is this a FreePBX system that is being used for a company with remote locations and therefore the users are employees? Or is this a setup for individual clients that have users on the FreePBX system?
This is actually a very important question since there was advice asked on how to handle this situation. Since these are completely different beasts in this regard, knowing what environment this is can lead to better advice as to handling the situation.
This is for a business…users are employees and remote branches…
Some what @sorvani described is what Id like to accomplish but in a more automatic way. I’m currently using dhcp for provisioning with EPM.
So Im trying to accomplish the following to simply my life. delete extension will send the sip notify to reset the phone, then proceed with clearing out all the related information and configurations freepbx. I guess a condition could occur if freepbx doesn’t clear things out by the time the endpoint resets and reboots, but I find that to be very unlikely, or if the phone doesn’t get the command and doesn’t reset…either way, I’m no worse off than I was before…
Well I would suggest that deleting the extension is the last step. As once it is deleted, there’s no peer/endpoint configured and Asterisk/FreePBX can’t send a SIP Notify command to an endpoint/peer it doesn’t have a contact/location for.
To do this 100% through FreePBX/EPM, you need a reset template that is going to have blank details for the device. You’ll need to update the endpoint to use this template, push that update to the phone and verify the phone is no longer sending REGISTER requests to the PBX. Once you’ve confirmed that, then you can delete the extension.
Well I would suggest that deleting the extension is the last step. As once it is deleted, there’s no peer/endpoint configured and Asterisk/FreePBX can’t send a SIP Notify command to an endpoint/peer it doesn’t have a contact/location for.
This is why the sip notify command would be the first thing to be sent prior to any of the actually deleting… anyway…messing with blank templates and pushing, etc seems like more clicking and more manually work than before, which brings back the same issue of something getting missed and not done.
perhaps I could look into switching to user - device mode. then I could just leave the endpoint configured and just delete the users separately, although that brings up the other issues of user-device mode not supported.
This is only sort of true. Device and User mode is completely supported by Asterisk. It is supported as an option by FreePBX core. It is only marginally supported by various modules that deal with users and extensions.
