• V20: 3CX Re-engineered. Get V20 for increased security, better call management, a new admin console and Windows softphone. Learn More.

This Extension is not secure

Status
Not open for further replies.

jreddy

Forum User
Joined
Jun 20, 2017
Messages
45
Reaction score
4
Today I logged in and all extensions have a red triangle error next to the name saying this extension is not secure. Look at id, password etc. Nothing has changed so why all of a sudden I am seeing this error? Just upset that an update would be pushed out that would change the rules.

John
 
Last edited:
More issues. All of a sudden now a few phones show not registered and they are not registering. Yealink T58v being one of them. I changed the ID and password to confirm to the new 10 character rule, but no good. Also, now cannot log into the console as too many attempts. My IP has been white listed since this first happened a month or so ago. So not sure what the latest update did, but it sure messed up the system.
 
3CX is just giving you a visual indicator to something you should already know which is your existing passwords were not considered secure by today's standard. And is it really all of a sudden when you installed an update that lists the password policy change in the change logs?
 
The update did not change any existing passwords they merely gave an indicator that your existing passwords didn't meet the new policy. If you manually changed the ID and password then you did a bad thing and thus caused yourself to get locked. Once you resolve that issue, the proper method would be to simply regenerate the credentials for the extension via that handy button which will automatically re-provision the phone assuming you are using a supported endpoint.

upload_2018-8-31_15-24-8.png

upload_2018-8-31_15-24-22.png

Keep in mind this also regenerates the VM Pin which is unfortunate. Easiest thing to do is to copy the VM Pin beforehand and then paste it back after regenerating the credentials
 
  • Like
Reactions: jreddy
The update did not change any existing passwords they merely gave an indicator that your existing passwords didn't meet the new policy. If you manually changed the ID and password then you did a bad thing and thus caused yourself to get locked. Once you resolve that issue, the proper method would be to simply regenerate the credentials for the extension via that handy button which will automatically re-provision the phone assuming you are using a supported endpoint.

View attachment 8482

View attachment 8483

Keep in mind this also regenerates the VM Pin which is unfortunate. Easiest thing to do is to copy the VM Pin beforehand and then paste it back after regenerating the credentials
Thanks for the response. Here is what I have found out so far. I was able to log back in. However the issue with the extension credentials security indicator remains. The only way the indicator goes off is when both the ID and the password for the extension are in the 10 character format shown on the error. But when you change the ID to be 10 character, the phone does not register. I tried and changed the extension ID to several different ones to test. So I changed the ID back to the original (4 digit extension number in my case) and left the password in the new 10 character format. The phone immediately registered. So now I am stumped. The phones/extension is working fine, but the 'RED' triangle error indicator is annoying and want to make it work. will play with it some more.
 
So you keep saying the phone without mentioning what phone it is so I assume it's not a supported phone or you are manually provisioning. Some phones have a user id and a auth id field so make sure you are putting the id in the correct field. Some phones don't like alphanumeric IDs which could also be an issue. Hopefully you whitelisted your IP this time.
 
I've got similar problem with snom 300, snom M300 DECT base, Grandstream GXP1625, Gigaset N510, and of course all device you can use with no 3cx support for me a cisco SPA112 for example.

you need to regenerate credentials with console and reboot phones hanged after reprovisionning, of course see if all those phones are not in blacklist (because of failed authentication)

Some brand phones are easy to unlock else not, hope you have an easy brand to fix.
if you stay stuck after several tries, do a phone factory reset assign extension to the phone and provision it
 
Really annoying that this update has even wiped out all the BLF settings on the buttons of our Yealink T41S and T46S phones.
 
  • Like
Reactions: Jamie Bennett
Possibly the worst update by 3cx. Wiped out every single Yealink phone settings and we have to regenerate every extension and send out the updated password for users to login to their webclient.
 
  • Like
Reactions: Jamie Bennett
I had the same issue and just reverted to a backup that was made last night. I will not update until this is fixed and we do not have to be subjected to this nonsense. We shouldn't have to jump through hoops and all but reconfigure the entire system because of a single update. I will have to agree with lan soong as this being the worst update.
 
Please note that the update will not reset your phones or remove any BLF settings. The password complexity change did not force a new password. It gives a visual warning that you need to use a stronger password but does not force one.
If you are changing the passwords manually you do not need to change the ID of the extension.Only the password needs to meet the complexity. If you hover over the warning sign it will tell you which field needs updating. And you need to meet the complexity requirements to have the exclamation mark disappear. The password needs to be at least 10 characters long and have one upper case, one lower case and one one digit.
Supported devices and 3CX clients will auto-reprovision once the passwords are regenerated.
 
Please add a feature to change, enable/disable this password rule.
 
Confirmed moving 5 clients from sp5 to sp6 all with yealink supported phones (t42/46 with default templates), 4 of them we regenerated passwords for, one site we did not.

The 4 sites we regenerated passwords for, all had their phones unprovision overnight. A reboot of 3cx server, the phone, and a factory reset of the phone would not restore them.

A backup restore was the only option for all 4 sites, which interesting restored the phones with the security error and didnt actually roll back to sp5, it keeps sp6.

The one site we did not click regenrate for last night, is fine. Seems there might be something with the Regneration button and yealinks. Have a support ticket open now and will await response.

UPDATE:
https://www.3cx.com/community/posts/248071

Sounds like yealinks regenerate is broken, they get blacklisted somehow and you have to remove the blacklist and reboot them (maybe they arent auto provisioning and using old credentials until blacklisted). We have too many phones and clients to do it manually, will wait to see if support have a better solution.
 
Last edited:
Community forum is full of threads relating about SP6 consequences, it seems SP6 receive a very deep debug inspection before diffusion .

Nice Job! Well done.
 
This update gives me a lot of work and stress.... thanks Happy Business
 
I'm wondering if there's a way for us to determine the password complexity requirements ourselves. I simply want to change it from 10 digits to 9 digits. That is the requirement my users have for their AD accounts and it would be much easier for them and for me if they can use the same password they use for AD as their web client password.
 
I'm wondering if there's a way for us to determine the password complexity requirements ourselves. I simply want to change it from 10 digits to 9 digits. That is the requirement my users have for their AD accounts and it would be much easier for them and for me if they can use the same password they use for AD as their web client password.

And how about an AD Sync/LDAP login instead of remembering/changing 1 more password....
 
And how about an AD Sync/LDAP login instead of remembering/changing 1 more password....
That would be great, is there documentation on that? I didn't even know it was possible!

EDIT: I see you are making a suggestion to 3CX, not to me. I agree 100%
 
That would be great, is there documentation on that? I didn't even know it was possible!

EDIT: I see you are making a suggestion to 3CX, not to me. I agree 100%

yep... sadly I am. :)
 
Status
Not open for further replies.

Getting Started - Admin

Latest Posts

Forum statistics

Threads
141,630
Messages
748,952
Members
144,742
Latest member
Steffen Ekerdt
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.