ShoreTel Switches Rebooting/Crashing/Stop Processing Calls Until Rebooted
Examples of the issue:
See in the IPBX logs that the switch is out of memory
See in the IPBX logs stack trace for SG switches/see core dumps for VMB switches or Virtual switches
This may be due to the customer running port scans on the ShoreTel switches. The ShoreTel switches are not designed to have port scans run on them and all ShoreTel devices should be exempt from any port scans being run.
To determine if the customer is running a port scan on Shoretel devices
telnet/ssh to the switch
From the menu type gotoshell to get to the --> prompt
If a Virtual switch or VMB switch enter -->trace_redirect 1 to display the output
Log the output to a log file using putty
Search the putty log for the following output
telnetd: telnet not enabled for address 0xac1b690e
stelshark: Command Rcvd = stop
sshd_session_task(0x591b6a4) : enter
ssh_handle_key_exchange: Invalid session state : session->session_state=9
issuing a stelshark stop signal internally
If you see this command in the logs then the customer is running a port scan.
Correct the issue by excluding the ShoreTel devices from the scan and monitor.
To further verify, you can run a packet capture to verify there is a scan running. You will see multiple requests (most of the time telnet or SSH) originating from the same IP address. If you open the packets you will see every packet has a different port number this is how you know they are scanning the switch.
Created Date 2017-01-16 - Modified Date 2017-01-16