Avaya IP Office upgrade from R10 and above to R11

Part 1:

Either the Business Partner or Distributor log onto PLDS and access the End Users Activation record for the site they want to upgrade.

Using the Host ID is the easiest way

Or you can search on the FL ID

Once you have the record you need check the licenses under “View Summary” and make sure they are R10 and above

Next choose “Options” then “Upgrade”

Check details then click “Next”

Check all the “Qty to Upgrade” quantities match the “Avail to Upgrade” quantities. You may notice the number of licenses here do not match exactly to what they have in the Summary. That is because a lot of the existing R10 licenses can be used on the R11 systems

Choose “Request Paid Upgrade Entitlement” from the drop-down box and press “Select”

Check the “Qty Needed” and “Request Qty” match then click “Next”

Add the email/s to where you want the record sent and press “Finish”

The Upgrade Request Notification that is received has the licenses and their amounts that must be crreated in Avaya One Source for the upgrade

Part 2:

Log into Avaya One Source (A1S) and create a new quote

Choose IP Office Software Upgrade and enter the Business Partner name

Now this is where it is different. Since you are upgrading an R10 system, under existing choose R10.

The Target will automatically change to R11 and you will need to select how many nodes you are upgrading. This is determined by how many Server Edition licenses were in the Upgrade Request Notification (in this case 1). (If the upgrade is for an IP500v2 it will always be 1). Once done click “Continue”

Choose the correct Solution Type. SMB is for an IP500v2. Mid-Market is for a Server Edition. Then go to Physical Location 1.

If there is a valid IPOSS support contract in place for this site, choose “Yes”. In not it is obviously no. Enter the Host ID that this site is using

Under the “Existing” column, add the licenses as they are in the Upgrade Request Notification that was retrieved from PLDS. The “Target” column should automatically update. (Note: not all licenses are available in R11. The Avaya Softphone in this case. If you cant add it make note and advise the Business Partner). Click “Next”

If there is a valid existing support contract the support can be left at 0, otherwise add support if need be.

Save and then Configure Design and you are done. Make sure you note what IPOSS support contract is to be used when the order is placed


VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)




After installing this update on a DHCP Failover Server, Enterprise clients may receive an invalid configuration when requesting a new IP address.  This may result in loss of connectivity as systems fail to renew their leases.

This issue is resolved in KB4345418.

After installing this update, some devices running network monitoring workloads may receive the 0xD1 Stop error because of a race condition.

This issue is resolved in KB4345418.

Restarting the SQL Service service may fail occasionally with the error, “Tcp port is already in use”.

This issue is resolved in KB4345418.

When an administrator tries to stop the World Wide Web Publishing Service (W3SVC), the W3SVC remains in a “stopping” state, but cannot fully stop or be restarted.

This issue is resolved in KB4345418.


VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

365 Standards

New Users

1 ) 2fa Enabled for Users

2 ) enable Litigation Hold :
Get-mailbox -Filter {(RecipientTypeDetails -eq 'UserMailbox')} | ForEach {Set-Mailbox $_.Identity -LitigationHoldEnabled $true }
3) enable mailbox auditing 
Get-mailbox -Filter {(RecipientTypeDetails -eq 'UserMailbox')} | ForEach {Set-Mailbox $_.Identity -AuditEnabled $true}
9) Increase Deleted Items from 14 days to 30 days – 
Set-Mailbox -Identity “user” -RetainDeletedItemsFor 30

Maintenance Tasks

1) Run the Health Score in Azure
2) Failed Logins -> Compliance Center , Audit Log Search , Change Filtet to Failed
6) Check and Report on any Email Forwarders -> https://gcits.com/knowledge-base/find-external-forwarding-mailboxes-office-365-customer-tenants-powershell/
7) Check Spam Policy
  • Image links to remote sites = OFF
  • Numeric IP addresses = ON
  • URL redirect to other port = ON
  • URL to .biz or .info websites = ON
  • Empty messages = ON
  • Javascript or VBScript in HTML = ON
  • Frame or iFrame tags in HTML = ON
  • Object tags in HTML = ON
  • Embed tags in HTML = ON
  • Form tags in HTML = ON
  • Web bugs in HTML = ON
  • Apply sensitive word list = ON
  • SPF record hard fail = ON
  • Conditional sender ID hard fail = ON
  • NDR backscatter = ON
8) Check Retention Policy: Security and Compliance Center, Retention
10 ) Disable users being able to installed 3rd party Plugins : 
set-MsolCompanysettings -UsersPermissionToUserConsentToAppEnabled $false
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Recently upgraded a IPV500 v2 phone system from Version 9 to 10 and had a phone stuck on 

Discover xxx.xx.xxx.x


To perform a reset in the Craft Menu you can try clearing the phones values so that when it establishes DHCP again it’ll point to the PBX (as long as the port its connected to has a route to the PBX).

Reboot the phone and when you see the “Press * to program” screen, press it and try entering the passcode as (CRAFT) 27238#.. Thats the default so it may not work on all phones. If it works, scroll down to “Clear values” and select it.

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

On the Fortigate , Create a new Interface and assign it to the Uplink of your internet or DMZ with a Vlan ID and Enable DHCP

Create a policy to allow outbound


On the Switch ( ours GS752TP ) that the access points plug into,  Tag the ports with the Vlan ID you created above, where your access points plug into as all as the port for the Uplink from the Switch to the Router

On your access points  ( Ours WNDAP360 ) create a new SSID and Tag these to the new VLAN ID

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Enter IP of the Server


Or deploy  GPO to copy the file

C:\Users\%username%\AppData\Local\e-BRIDGE Capture And Store\PC Client\Settings\Settings.dat



c:\Users\Default\AppData\Local\e-BRIDGE Capture And Store\PC Client\Settings\Settings.dat


VN:F [1.9.22_1171]
Rating: 1.0/10 (1 vote cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

As part of our ongoing security focus, we have enabled a new feature within our email security platform from Mimecast.

What will I see?

For a small percentage of links that you click in emails, we will show you a webpage with information about the email you received and the website you are trying to access.

We will ask you to make a decision about whether you are happy to continue to the website, or if you want to change your mind. By prompting you to think before you click, you will help us strengthen our defenses.


What do I need to do?

The next time you click a link in an email [delete as needed: or request the release of an original email attachment] you will be asked to enroll in the Mimecast Targeted Threat Protection service in order to continue. You will only be asked to enroll once on each device you use to access your work email (e.g. laptop and mobile).

When prompted in the browser, enter your work email address and click “Next”. We will send you a one time authentication code by email which you will need to enter into your browser where indicated.

If you have any questions or need further help, please contact the IT help desk.





VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Create a CSR , I find Digicert Util is the easiest way to do this


Save the CSR request somewhere on a network available to the SBS server

Run this on the SBS server

certreq.exe -submit -attrib "CertificateTemplate:WebServer" %locationofcsrfiles%\csr.txt

Save to .cer file somewhere then import this into the server via the Digicert Util

Change the IIS Bindings to this nearly imported CERT

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)