Transfer Response Point to virtual

If you have any tips or kudos to send, send to freddykrugler(AT)Hotmail.com.  I’d love to hear if this helped you out at all or have any questions I wasn’t clear on.

 

Updated June 22, 2024

 

The VPN via Wireguard has a unique issue with pfSense  Make sure you keep "IPv4 Upstream Gateway" is set to none, otherwise when your DPH-125MS/DPH-128MS receives a call will not hear your caller, all other functions will work.

 

Updated February 7, 2023

 

And the last issue has been resolved.  The certificate that protects the unit was set to expire in 2024, which wasn’t too bad, but was a nagging issue that I figured I’d have to solve at some point.  It turned out it was just some weird rights issue.

 

In the C:\edinburgh\bin folder is an executable “selfcert.exe” which actually generates the certificate; however I would always get 0x5 error.  By default, it will generate all the correct parameters, so you just need to run it with the /O switch, and it will do the rest, problem is, it will fail with the 0x5 error.  To resolve this, you have to navigate to the following file

 

D:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6b15d3fc364e9b1f7f0ccbd9affd0dea_fed6bc9d-f7b5-4295-aeb4-a4a249a6664e (Your file may be different, but appears all files should have full rights, so find the one that doesn’t)

 

You will find this file does not have write access to the administrator.  Simply modify so you can read/write the file and run the selfcert.exe /O from a command line and “Success”.  SelfCert will generate a new certificate for 5475 days from now (currently 2038, which January 19 2038 is a Y2K38 bug, so probably end of the line at that point.  I’m pretty sure the software is written in C++ prior to VC7).  Anyone using the Assistant/Administrator will need to re-accept the new certificate, but that is it.

 

Have Fun, it’s been an interesting ride.

 

Updated January 5, 2023

So when Microsoft released Windows 10 22H2, they disabled TLS 1.1 (Windows 11 disables by default, see my initial test), which is what the assistant uses to communicate with the RP base unit.  Very much a pain, but by adding the following registry key allows the assistant to continue to operate.  Now this key only enables TLS 1.1 for 32-bit software, so 64-bit will still default to TLS 1.3.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHTTP]

; TLS 1.1

"DefaultSecureProtocols"=dword:00000200

; TLS 1.2

;"DefaultSecureProtocols"=dword:00000800

; TLS 1.1 and 1.2

;"DefaultSecureProtocols"=dword:00000800

 

More information is here, but this will allow the assistant to continue to operate.  I was looking at a TLS proxy, but because this has the caller id function, RP was actually sending SIP messages, which I haven’t been able to find a good proxy substitute like I did for the SIP Proxy.

Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows - Microsoft Support

 

You can go here to verify your security if needed

SSL/TLS Client Security Test - BrowserLeaks

 

The last item will be the certificate of the unit.  Mine expires in June of 2024 so not sure what will happen.  There is a separate exe in the bin folder to create a new certificate, but it’s not working, wondering if you have to be on the actual hardware to get it to generate, so that is my next task, but luckily I have a year or so to figure that out.

 

Updated Nov 6, 2022

Just a note that the call information is stored in UTC, so when daylight savings time happens, everything is off by an hour if you export your call logs every month (as you can only access the logs for a rolling 4 months.

 

Updated July 27, 2022

In an attempt to notify the front desk of a 911 call, I made the mistake of having the “Response Point” monitor software unload and reload every minute to get the latest event info.  Problem is it floods the Event log with entries saying it was unloaded and reloaded.  So two choices where to create a filter to ignore the ID 0 so it only showed the, or get the software to send the Base Unit’s copy of the event viewer log.  So one of two options was to either open up the firewall more to access the event viewer on the Response Point Base Unit, or have it export out the event info and see if that changes.  So on a standard copy of xp is a cscript/vbs script that can export out the event viewer of the base unit.  You just need to copy the following missing files from another xp machine’s windows\system32 folder

CScript.exe

EventQuery.vbs

Cmdlib.wsc

Cdfview.dll

Once you copy these files over, you will have to run “regsvr32.exe cdfview.dll” to allow the dll to function properly.  Make you run this command from within the system32 folder.

Then create a batch file that runs the following command on the base unit via scheduled tasks say every minute.

CScript eventquery.vbs /l ResponsePoint >out.txt

Now the next trick is to get the file off the base unit to one of your servers.  I use an ftp script to dump the out.txt file to my server.  Now this script only creates a file with the last 8,100 entries, but all you need to do is look at the first line (well, 9th line)

warning       1106   7/27/2022 6:11:46 PM     Response Point    OEM-XXXXXXXXXX

 

so now you can limit your “I need to force the issue” time so if you only want to know within the next minute on certain event ID’s you can; my “non powershell commented out are”:

 

if (

    #($LastEventID -eq 1002) -or #RP Dialog Manager has started

    #($LastEventID -eq 1003) -or #RP Config Data Service has started

    #($LastEventID -eq 1006) -or #RP Dialog Manager Restarted

    ($LastEventID -eq 1007) -or #RP Config Data Error

    #($LastEventID -eq 1008) -or #Invalid Password in admin

    #($LastEventID -eq 1009) -or #Backup Complete

    #($LastEventID -eq 1010) -or #RP Restarted after restore

    #($LastEventID -eq 1100) -or #Could not send email

    #($LastEventID -eq 1106) -or #Invalid Password

    ($LastEventID -eq 1108) -or #RP Credentials Manager Error

    ($LastEventID -eq 1111) -or #RP Cannot Decrypt Credentials

    ($LastEventID -eq 1200) -or #IP Address Changed

    ($LastEventID -eq 1600) -or #Emergency call Made

    ($LastEventID -eq 4002) -or #Invalid VOIP Gateway

    #($LastEventID -eq 4003) -or #VOIP Gateway initialized

    ($LastEventID -eq 4004) -or #VOIP Cannot initialize - Duplicate

    ($LastEventID -eq 4019) -or #SIP Not responding

    ($LastEventID -eq 4020) -or #Sip is back online

    ($LastEventID -eq 4023) -or #VOIP Gateway - incorrect password

    #($LastEventID -eq 5002) -or #Invalid Sound Card

    #($LastEventID -eq 6001) -or #RP has VPN access Enabled

    0)

 

So if any of these event ID happen, I force the Monitor to reload, the rest I leave for the 15-30 minute timeout the software has and no 0 Event ID entries every minute keeping my event log a lot cleaner.

 

 

Updated July 1 2022

 

So there were some issues with the prefix.la, so we switched to using the regex.la plugin with the following

load_plugin=plugin_regex.la

plugin_regex_desc    = Prefix outgoing 10 digit number with a leading '1'

plugin_regex_pattern = ^(sips?:)(\+?)(.{10}@)

plugin_regex_replace = \1\21\3

 

plugin_regex_desc    = prefix outgoing 10 digits without a leading '+' with a leading '1'

plugin_regex_pattern = ^(sips?:)([0-9]{10}@)

plugin_regex_replace = \11\2

 

We also implemented the following because some were skipping the area code when dialing out as well

plugin_regex_desc    = prefix outgoing 7 digit number with 1(212)

plugin_regex_pattern = ^(sips?:)(\+?)(.{7}@)

plugin_regex_replace = \1\21212\3

 

plugin_regex_desc    = prefix outgoing 7 digits without a leading '+' with a leading '1 (212)'

plugin_regex_pattern = ^(sips?:)([0-9]{7}@)

plugin_regex_replace = \11212\2

 

Also I discovered that in 2018 the federal government (US) implemented Kari’s law, with some additional info here, which forces PBX’s to allow 911 and not require 9911 to get emergency staff.  RP only works for 2/3 of the law (with a little work), so be careful on this. 

 

1) RP does properly dial the emergency system as required by Kari’s law, by instituting a 911 call properly (note to users, don’t have 11X as an extension, one user accidentally dialed 911 because they thought “all” calls needed the 9 prefix, not just for outside calls, so dialed 911x, but RP ignored the x and dialed 911), so that part works just as Kari’s law requires. 

 

2) The law requires the front desk/security office has to be notified of the call and where.  Now if you are using the RP Status Monitor, it does log the emergency call.  I have a PowerShell script that retrieves those logs and reports to me (or ignores such as the Live audio complaint since it doesn’t have an audio jack) based on the error code.  One could easily setup so that you and/or the appropriate person are emailed once the 911 call is placed.

On 2021-06-03 Time 10:40:45, base unit OEM-XXXXXXXXXXX (00-40-yy-yy-yy-yy) reported: The Response Point base unit received an emergency call from:116@192.168.0.191:5060[MAC: 00yyyyyyyyyy]

 

3) Where RP fails is if you have multiple locations, all outside locations will act as if you are at the main office and not give the proper location.  So remote locations, all you can do is post a sign that says “NOT FOR 911 USE” to prevent officers from responding to the main office rather than “Your” location.

 

Updated June 7 2022

 

So we implemented FlowRoute.  Now outside of them being the best price for DID that I could find, they implement a sort of “hand-off” to getting audio delivered to the customer.  One of which is not entirely compatible with RP.  After some hard work, we implemented Siproxd to be the go between from FlowRoute and RP.  The basic issue is that nowhere in RP can you set the public IP address, so when RP sends a message to flowroute saying “I’m at 192.168.0.2”, Flowroute, or any other provider has no idea how to get the audio to you.  New systems these days have a field where you can type in your public IP.  So we implemented siproxd with a few settings that should help you out and make this very efficient.  In the config file for siproxd, the following variables are highly recommended:

 

hosts_allow_reg = 192.168.0.2

host_outbound = xxx.xxx.xxx.141

load_plugin=plugin_prefix.la

load_plugin=plugin_siptrunk.la

plugin_prefix_akey = 1

plugin_siptrunk_name = Response Point

 

plugin_siptrunk_account = sip:12025551212@xx-xxxx-xx.sip.flowroute.com

plugin_siptrunk_numbers_regex = ^\+?1202555121([1-9])$

 

Now, I also virtualized Ubuntu to make this work (so, yes two virtual machines total) and I recommend implementing two network cards on ubuntu and placing on 0.3 and 0.4, one for inbound, and one for outbound. 

 

A couple of notes on the settings for Siproxd above.  Flowroute requires the 1 when dialing out.  The akey prevents you from having to dial 912025551212 and lets your users just dial 92025551212.  Yeah, it’s one button push, but when your users are used to just dialing without the 1, it’s a hard habit to not hear someone in the other room complaining about it.  If your current phone provider requires it, you can ignore this one.

 

Since Response Point only uses one number to dial out, hopefully you are ok with just your main number showing on Caller ID, and not everyone’s direct dial, but for Siproxd to acknowledge your multiple DID’s, you need the siptrunk plugin with the info above.  You also have to have the \+? since Flowroute is not consistent with the + in front of the number it sends RP.

 

So now the settings in Response Point, when adding the VOIP service for Flowroute, the AOR is 12025551212@xx-xxxx-xx.sip.flowroute.com (or whatever number you want to be the caller ID value to show up on outgoing calls).  Enter your proxy server of 192.168.0.3 (the inbound IP for Siproxd) and the default domain of xx-xxxx-xx.sip.flowroute.com and your username into the UserID and the password.  You can then enter your DID’s.  Don’t worry about the caller ID display, it doesn’t work, or at least I haven’t figured out where it’s used.

 

You should now have an awesome/extremely low cost phone system.

 

Updated March 5 2022

 

Tip to allow a VPN to work better than it currently was programmed.  Since I’m able to log in to the desktop, adding a route into the table is pretty easy.  So if your phone that is another location (VPN driven) ever loses connection, it can be readded without bringing the phone back to the office. (or should have less times where the phone loses its connection)

route add -p 192.168.2.0 mask 255.255.255.0 192.168.0.1 the 2.0 address is your VPN address and the 0.1 is your gateway

 

Last was to try to get VOIP to work with our current provider “Flowroute”. “DID Logic” didn’t work at all because they employ an SSL that is incompatible with XP.  The DID is working fine but ran into an issue that when the Response Point button is pressed, Audio is disconnected (Even though the call stays connected).  Come to find out “Flowroute” employs a method where the provider of the call originator (Verizon, Tmobile, etc) submits the RTP audio signal directly to my the RP Base, and doesn’t route its signal at all, and for whatever reason, Response Point must send some notification when the RP button is pressed (or 0 is pressed during the automated Attendant) that it ends up sending the local IP address.  Now most systems have a setting you can enter to tell what the “public” IP address is to avoid such confusion.  But seeing this is some 14 years old, it didn’t have that field entry yet.  BTW, this is only an issue on incoming calls, outgoing works just fine.  So I attempted to put RP on the public side with an outside static address with a firewall that still ran on XP.  Even after that, taking out the local gateway, the RP button still sends something that screws this all up.  Obviously doesn’t have this problem with the PSTN gateway so what do you do.  Looks like this is the end of my journey as we can save over $1,000 a year by switching to completely VOIP rather than going through our internet provider providing the PSTN system.

 

Initial Post January 12 2022

So this is my log of what steps need to be completed in order to transfer the Response Point phone system from the base unit to a virtual unit.

 

Let’s start our journey in how I came to enjoy this system.   While it’s not perfect, the D-Link Response Point PBX system by Microsoft was a step ahead of its time, and the basis for sync and other voice activated systems by Microsoft.

 

You can read more on Wikipedia, but as for my story, our company purchased the unit in November of 2008, which if you already read Wiki, will notice Microsoft dropped RP within 6 months.  Not ideal, but the unit continues to operate.

 

The unit was designed to not have any moving parts, the hard drive was a 1 gig SSD card using PATA technology.  The only flaw was the CPU had a cooling fan, and a fan that was not easily replaceable and was a moving part, so if it went bad, well, no more unit.  So while you can still locate these units on ebay, a more permanent solution is required.  You can either leave the case open and have a separate fan blow on the cpu, or the next steps to make this virtual.

 

So pulling the unit apart, one finds the 1 gig of memory and the simplistic 1 gig SSD Hard Drive that operates the phone system (split into 2 partitions 480 MB each Sys and Data).  I connected the Hard Drive to a USB “connect any Hard Drive” and used Norton Ghost to copy or “ghost” the hard drive contents and transferred to a VHD to begin transferring this to a virtual mode and a much more controllable situation.

 

The MAC address MUST be the same as device you ghosted from, otherwise you’ll run into a plethora of security errors etc, it’s just easier, you copy the mac from the base unit and then put into the setting of the virtual machine.  If you keep the old controller around, there should be no licensing issue.  Since you can’t just make more devices by changing the MAC, it should keep you to only one virtual drive.  One note of caution, the backup doesn’t do very well, so you can’t have a “good” copy laying around and simply restore.  The backup/restore resets the phones so you end up having to remove and re-add all the phones.  I haven’t had a need to do that more than once to see if it worked, so I haven’t looked into fixing that.

 

So after ghosting the drive to my VHD (not vhdx), and launching, up pops the blue screen of death with error 0x0000007b.  A little background, the OS that ships is XP Embedded SP2 (So be careful leaving access to the internet).  It’s a stripped down version of XP, so don’t look to install much, and much of the settings have to use command line or other “low level” functions because the control panel is stripped down.

 

So now the nice feature of virtual is that you can simply mount the hard drive on your host machine and make modifications as needed, and we need to.  So first is we have to add a few drivers to change from PATA to SATA (MS doesn’t virtual PATA drivers).  Following the instructions here and here, but the quick is this, we need to copy the following files to the sys\windows\system32\drivers folder.  (also add reg.exe). We then have to fire up regedit on your host machine (or your WinPE ISO on the virtual computer), and load the hive located in \windows\system32\config\.  Highlight HKEY_LOCAL_MACHINE and under file select “load Hive” and find the “SYSTEM” in the config folder.  It will ask for a name, use the ITmugDC as you will need it in the next step.  Import the reg file all.reg (which should line up with the ITmugDC as used earlier.  Unmount the hard drive and relaunch the virtual machine.

 

So once you manually load the drivers the system boots to the login screen.  Now the next step while they attempted to make impossible to log in (and I tried many an hours to crack the hash for the admin password, my guess is it has Chinese letters) I realized “Do I care that DLink’s password isn’t their password?”  Nope.  So I used “NT Password Edit” and overwrote with my own (blank).  I now am able to log into the system.

 

Now for some settings.  There is no driver for CD Rom (The CD Rom is somehow disabled), so any item you need will have to be on D:\.  I created an “VHD” folder where I put the integrated iso, as well as SP3 to help with some settings.  Now either using 2005R2 virtual server or Hyper-visor or any other virtual setup from Microsoft, there are some drivers I have been unable to install because of the XP embedded, but the only one you really care about is the network card, every thing else is just gravy.         

 

So now it is just tweaking certain items.  The first issue “but has been there for a while” was that the admin interface had a few hardcoded years set within the interface.  I was fully expecting to have to jump into assembly language and modify one the of the DLL’s, but to my surprise, there was some java language immersed within the CpcMCRes.dll, now be careful, it is character dependent, meaning if you add one character, you throw off the functions below it and crash the software.  So I modified the following lines to make it a little smarter…

 

This line was date and time of the unit (even through the virtual host should be able to keep the date/time in sync), so not imperative. I can now set the year to 2039

Line 16158 I simply change 2007,14 to 2020,20

 

Now the holiday (or receptionist vacation)

For this one, I changed 2 lines to make sure I didn’t have to change it in the future. For this, I had to change 2 lines so that the location of the function below stayed the same

 

Line 39362 //Bld drop down list of seq num

Line 39364 BuildNumberedList(today.getFullYear(),9,window.IDDTYearList,Number(selectedYear), false);

 

So now the holiday routine uses the current year + 9 rather than 2008 through 2022 and by shortening the comments on the previous line, was able to get the current year (Why would I set the vacation date to last year)?

 

So my next task will be with Windows 11.  MS disabled IE, which doesn’t allow the assistant to run.  For a company that fought like hell and went to court to claim IE couldn’t be removed from its OS, they sure put in a lot of effort to make sure no one adds it back.  I have to work more on that.