ShoreTel Voice Mail Email – Exchange or Google Apps

Plenty of customers choose to setup voicemail “send to email” functionality, so that the ShoreTel system emails the user when they receive an voicemail.  The feature isn’t extremely well documented, so I will attempt to explain how it works to assist with the troubleshooting process.

  1. ShoreTel Director (SWD) receives a voicemail
  2. SWD looks up the MX records for the domain of the user
  3. SWD sends the voicemail notification (or WAV file) via SMTP on Port 25


If this is not working, I would check the following components:

  1. Verify that the SMTP server feature is installed on the ShoreTel Director (SWD) server
  2. Verify the user that wants to receive the email has the correct email address populated in their user profile within SWD
  3. Verify the user’s personal settings have send to email enabled
  4. Verify that SWD has DNS servers configured
  5. Verify that SWD can look up MX records for the user’s email domain
    1. You can check what results Director will receive by going to the CMD line and using NSLOOKUP to find the MX records.  THIS article should help.
  6. Verify if mail is getting stuck in the queue: C:\\inetpub\mailroot\queue
  7. If you need to send voicemail directly to a mail server, then you can enable the IIS SMTP settings for SmartHost
  8. The receiving mail server should also provide some logs to identify if voicemails are being received

If you are using Google Apps integration, all you should need to do is enter the Gmail consumer key and secret into SWD and verify that SWD can successfully look up your domain’s MX record.  If you make any changes, restart the SMTP service to verify all changes are active.


ShoreTel Voicemail Switch Backup

If you do not do daily backups on your 50V or 90V switches, these steps well allow you to backup and restore voicemails.

  1. On the ShoreTel Director server, go to the C:\inetpub\ftproot folder and edit the security permissions, so that “\Users” have Write permissions
  2.  Log into Director web interface, and navigate to Platform Hardware–>Voice Switches–>Primary and click on the VM switch
  3. At the bottom of the page are backup options, enter:
    1. IP address of the Director server
    2. Folder name (it will create the folder)
    3. Username: anonymous
    4. Password: password (any password will work here)
  4. The “Daily Backup” box does not have to be checked (unless you want to do daily backups)
  5. SSH into the 50V or 90V switch with username “root” and password “ShoreTel”
  6. Log into the service cli with: svccli
  7. Backup all VM with: backupvm (this will create the folder specified and start copying all VM)
  8. You can also restore the voicemails with the command: restorevm
  9. Once you are done, edit the security permissions of the ftproot back to the original settings if desired

This should be performed when burnflashing a 50V or 90V, as a burnflash wipes the configuration (including IP information) on voicemail switches.

Telnet Commands for ShoreTel Switches – Part 2

I’ve already posted how to enable telnet and get to the shell for ShoreTel (non-V) switches here:

Here are some more advanced commands that I have found useful for troubleshooting:

ifShow – Shows network interface information

lsp_ping “”,100 – Tests LSP UDP connectivity to “”, repeats 100 times

lspConList – Shows connectivity to other switches/servers

lspTelList – Shows all extensions known to switch

lspTelList1 – Shows detailed info for local extensions

lspTelList2 – Shows detailed info for remote extensions

reboot – Restarts the switch

routeShow – Shows the routing table

sip_debug_level=2 – Shows detailed SIP info on the console.  sip_debug_level=0 is the default

**Note** Commands are case sensitive

More commands can be found in the ShoreTel release maintenance guides.

ShoreTel VPN Concentrator NTP Vulnerability

The ShoreTel VPN Concentrator responds to NTP requests (for remote IP phones), which makes it vulnerable to the NTP DDOS attacks that have been happening lately.  To enable the WAN firewall on the ShoreTel VPN Concentrator (off by default) you must access a hidden menu.

  1. Log into your VPN concentrator, and click “Network” on the left-hand side
  2. Access the hidden firewall menu by changing the URL to page=5
    1. change to:
  3. Check the box “Enable WAN Firewall
    1. This allows you to manage the concentrator via HTTP or HTTPS
  5. Press submit (All current VPN sessions will drop for ~30 seconds)
  6. The concentrator will be unresponsive for 30-60 seconds while it applies, and you are done!

ShoreTel Phone Configuration Codes

From a ShoreTel phone, you can ping, view configuration, etc directly from the phone:

For each operation, you press MUTE and then hit the number + #:

Press MUTE then 7464# (PING)

Press MUTE then 25327# (CLEAR)

Press MUTE then 73738# (RESET)

Press MUTE then 73887# (SETUP)

Press MUTE then 4636# (INFO)

Press MUTE then 772667# (RRAMOS), then press 1234 as password and confirm.

ShoreTel Least Cost Routing

**NOTICE** Changing these settings can impact your ability to make/receive calls, do not change unless instructed by ShoreTel TAC.

With that said, hopefully this information can be useful if you have a similar situation:

I had two ShoreTel sites within the same area code, HQ site had the PRI, and the Remote site had an analog trunk to be used for primary 911 and secondary voice failover (if the network connection failed between both sites or the PRI went down).  The tricky part was having the ShoreTel system prefer the PRI at HQ ONLY for normal voice calls, even though there was a local analog trunk at the Remote site.  The ShoreTel system still needed to to prefer the local analog trunk for 911 calls.

Least Cost Routing can only be changed on the Director through the Support Entry mode, accessed by hold Ctrl + Shift and clicking on the “U” in Username.  Then login using your normal admin credentials.

Verify that “Parent as Proxy” is not checked (PaP allows normally unroutable calls out the Parent site, like 911, which we don’t want in this scenario)

Navigate to the PRI trunk group, and at the bottom of the page, there is “Trunk Group Dialing Rules”.  Click “Edit” and add “;2E;-26A” without the quotation marks.  Click “Save” and wait about 2-3 minutes for the changes to take effect and test failover and 911!

ShoreTel Active Directory Integration

ShoreTel AD integration is pretty simple, just a couple of important steps to remember:

1. To use AD integration, check “Enable AD Integration” under System Parameters -> Other

2. ShoreTel is a top-level LDAP reader, so you do not need to specify certain OUs.  Your LDAP string should look like this:


3. At least one system administrator account has to be AD enabled for ShoreTel to use and perform LDAP lookups.  To use the “Test” or “Sync” buttons on an AD enabled user, you must be logged in with an administrator account that is AD enabled.

ShoreTel TMSNcc Log Info

Great informational article regarding ShoreTel TMSNcc logs:

Call Code Parameters:

C-CE Call Creation Event Call Initiation.
L-CE Leg Create Event Follows a C-CE; Internal Transfers
L-IE Leg Info Event Provides information on other parties in the call.
C-SE Call State Event
State of call in progress; RingBack, Offering, etc.
L-SE Leg State Event Follows a C-SE to inform the leg state changes.
L-DE Leg Destroy Event Call tear down; Leg is destroyed.
C-DE Call Destroy Event Call Destroyed by user or system hung up.
G-MST Media State Event Media states for the terminated call leg.

Example from the article linked above:


Trunk Call Leg To PSTN 40000001
Internal Call Leg 20000023
Call GUID 00020000-1aae-4f05-9cce-0010491e1b95
PBX Responding to Party ncc_media_ctl

Packet Information: (s:1, r:378, l:0),(j:0,u:0,o:0)

The above packet information lists sent and recieved packets, and jitter.  This is very useful in understanding why calls fail.  In many cases we will see issues with jitter readjustments during problem or dropped calls. The s:1 indicates 1 packet was sent, the r:378 indicates 378 packets were recieved.  The second set of parentheses (j:0,u:0,o:0) describes the jitter buffer, and in this case was adjusted 0 times.  This is more of an ideal scenario as problem calls will vary in their jitter and packet amounts.

ShoreTel V-Switch Commands

To connect to a V switch, you do not need to enable telnet from the Director server, but you do need to connect via SSH.  If you connect directly to the console, remember to set your speed to 19200.

Login with username/password: root | ShoreTel

Enter svccli and then getsvcstatus to verify services are running.  You can start services manually with startsvc *

To get back to the shell, type “q” and hit enter

Type date and press enter to verify NTP is working correctly.  If the date is off, resolve your NTP issue, since certain services will not start without NTP working properly.

To enter the ShoreTel menu, enter stcli

Reference :