Release Notes R1.2.18
Acano Solution
Acano Server Release 1.2.18
Release Notes
March 2015
1.1 Before upgrading...................................................................................................... 4
1.2 After upgrading......................................................................................................... 4
New Features/Changes in 1.2
2.1 New Chrome Sharing Extension from R1.2.8 ........................................................... 5
2.2 New License File Replacing VM Activation Key........................................................ 5
2.3 Guest Access Support.............................................................................................. 5
2.4 Enhancements for WebRTC Support ....................................................................... 6
2.5 Lync Enhancements ................................................................................................. 6
2.5.1 H.264 UC ("SVC") video support
2.5.2 Presence enhancements
2.6 DNS Enhancement .................................................................................................. 6
2.7 Call Leg Profile Enhancements ................................................................................ 7
2.7.1 Call leg profile additions
2.7.2 Activation mode enhancements
2.7.3 Participants joining and leaving tones enhancements
2.8 Outbound Calls Page Updates ................................................................................. 8
2.8.1 Configurable control stream encryption for outbound calls
2.8.2 New Local From Domain field
2.9 External Directory Support in Searches .................................................................... 9
2.10 CDR Enhancements/Changes ................................................................................. 9
2.11 Main MMP Changes ............................................................................................... 10
2.12 Miscellaneous Enhancements ................................................................................ 11
2.12.1 OpenLDAP support
2.12.2 Logging/Diagnostic Enhancements
2.12.3 Audit Log Improvements
2.12.4 Configurable Outgoing Audio Packet Size
2.12.5 Media Encryption
2.12.6 Acano client presence enhancements
2.12.7 Resolution enhancements
2.12.8 Active Call List Enhancements
2.13 Summary of API Enhancement/Changes ............................................................... 12
Notes on Upgrading to R1.2
3.1 Upgrading to Release R1.2 .................................................................................... 14
3.2 Downgrading .......................................................................................................... 15
Resolved Issues
Resolved in R1.2.18
Resolved in R1.2.15
Resolved in R1.2.14
Resolved in R1.2.13
Resolved in R1.2.12
Resolved in R1.2.11
Resolved in R1.2.9
Resolved in R1.2.8
Resolved in R1.2.7
Resolved in R1.2.6
Resolved in R1.2.5
Resolved in R1.2 (previously called R1.2 RC2)
Known Limitations
1 Introduction
This release note describes the new features, improvements and changes in Release 1.2 of the
Acano solution software for both Acano Server and virtualized deployments.
Release 1.2.15 is a maintenance release with bug fixes, as described later in this release note.
Also see section 2.12, Ability to add SAN names to the MMP command PKI CSR.
1.1 Before upgrading
If you are upgrading from a release before 1.2.12 and you have an Acano hardware server with
serial number less than 00072 then you need to check your license.dat file, you may need to
obtain a replacement license. Follow these steps:
1. SFTP the license.dat file off the Acano server and open license.dat in a text editor
2. Check line 7 of license.dat, if it reads
licensed product name=M-Link version=16.0 expires=unlimited options="0”
then contact support before the upgrade to obtain a replacement licence.dat file.
If line 7 reads:
licensed product name=M-Link version=16.9 expires=unlimited options="0”
you do not need to replace license.dat, proceed with the upgrade.
CAUTION VM ONLY: Before you upgrade a virtualized deployment to Release 1.2 you must
ask for a new license file if you have not already done so. This file
replaces the activation key on a virtualized deployment – the activation key is no longer
required. If the license is missing, the Call Bridge is limited to 4 call legs as before.
1.2 After upgrading
CAUTION Acano Server & VM: After upgrading either an Acano Server or a Virtualized
deployment you must check your Outbound Calls dial plan rules; the Local Contact Name field
usage has changed and there is a new Local From Domain with the functionality of the old
Local Contact Name field. This provides better interworking with Lync. See below.
New Features/Changes in 1.2
2 New Features/Changes in 1.2
2.1 New Chrome Sharing Extension from R1.2.8
In Chrome v.37 the way content sharing is supported was changed and this broke our support
for this feature. Therefore as a temporary measure we removed the Chrome content sharing
button in maintenance release 1.2.7; but the Acano Chrome extension for content sharing
restored this feature in 1.2.8.
2.2 New License File Replacing VM Activation Key
In releases after R1.2 Beta 4 there is a new license manager for virtualized deployments. This
replaces the VM activation key used in previous releases. (The license is not used on the Acano
Server at present.) The license is a JSON file with a digital signature appended.
Acano support will provide this acano.lic file to you. Upload the file to your VM host using SFTP:
do not rename the file. Then restart your Call Bridge.
You can check the licensed features and their status by issuing the MMP command license.
You will also see an entry in the syslog.
2.3 Guest Access Support
In R1.2 there is increased support for users to join a call using a guest user web link via a "Web
Bridge" URL which displays a "guest" login page. After they enter their name, the following
action is taken based on the platform and/or browser:
on a Windows PC, the administrator can configure a ClickOnce installer. (An additional click
is required after installation in order to launch the PC Client.)
Google Chrome and Firefox (see note later on Firefox support) uses WebRTC natively
Internet Explorer (IE9 or later), the Acano PC client launches (if it was installed
previously) or is downloaded automatically. (Internet Explorer does not support
on an iOS device, the Acano iOS client launches if it is installed. If the client is not installed
then a page is displayed with a link to the App Store
on a Mac:
Chrome uses WebRTC natively
with Safari, a dialog box will open. If the Acano Mac client is installed, click on the Join
call in app button. If the client is not installed, click on the Install Acano for OSX
button. Note: You will need to click on the downloaded .dmg file to install the Acano
client. Then click on the Join call in app button.
Note: Specific versions (or later) of these clients are required for this feature, and some of these
are work-in-progress. See the Acano Client FAQs on the web site for the latest status.
New Features/Changes in 1.2
2.4 Enhancements for WebRTC Support
Additions have been made to WebRTC client operation in R1.2:
Firefox support for WebRTC in Release 1.2 is in Beta – users can test this functionality and
give us feedback, but no customer should rely on using it in production and the support we
offer is limited.
DTLS (encryption) support to allow you to use WebRTC on recent versions of Firefox to log
in to the Acano solution. This functionality is in Beta; no customer should rely on using it in
production and the support we offer is limited
Application sharing via Google Chrome – see the Acano Client FAQs document on the
Acano web site for details of how to enable application sharing in Chrome
Note: Due to the way Chrome handles key frames for multiple simultaneous video streams
currently, sharing an application with Chrome means that the main video stream from that
browser session stops, and only restarts when sharing stops.
2.5 Lync Enhancements
2.5.1 H.264 UC ("SVC") video support
Previously, video support for Lync was restricted to RTVideo. From R1.2, the Acano solution can
also send and receive H.264 UC. This is the default mode of operation with Lync 2013 and
provides a much improved video experience.
Note: With Lync 2010, RTVideo is still used; this is the highest quality codec that Lync 2010
2.5.2 Presence enhancements
The Acano solution now returns presence information to Lync for domains that can be reached
through a Lync > SIP rule configured in the Call Forwarding section of the Incoming Calls page.
Such destinations show up as "Available" normally. (If no rules are configured, the Acano
solution only provides presence for coSpaces.)
A status of Available tells Lync that the outbound SIP call is possible (because the Call Bridge
can route this call as a gatewayed call). Most SIP codecs do not support presence so there is no
way to get a true status from them to determine if they are actually available or not.
When the Acano Call Bridge knows that this destination is in a call – that is, if the Call Bridge
has placed a call to that destination (as a gatewayed or conferencing call leg) presence then
changes to "In a call".
2.6 DNS Enhancement
From R1.2 you can now configure the DNS resolver(s) to return values which are not configured
in external DNS servers or which need to be overridden, custom Resource Records (RRs) can
be configured which will be returned instead of querying external DNS servers. Use the new
New Features/Changes in 1.2
command: dns (mmp|app) add rr <DNS RR> and see the MMP Command Reference for
2.7 Call Leg Profile Enhancements
2.7.1 Call leg profile additions
R1.1 introduced the concept of "profiles", allowing individual coSpaces or coSpace access
methods to use different call leg profiles which could enforce varying in-call behaviors. A number
of additions have been made to the mechanism for R1.2:
Call leg profiles can be attached to specific tenants: behavioral defaults can be applied for
all call and coSpace interactions for that tenant
Call leg profiles can be attached to individual "coSpaceUser" entries in the hierarchy; the call
leg profile then applies to that user's participation in the coSpace
A top-level call leg profile can be set, via a new API "api/v1/system/profiles" node. This
provides default behavioral settings for all call legs hosted by the system for call legs,
tenants, or coSpaces when more specific call leg profiles do not apply. For example, the toplevel profile's setting for whether to show participant names as pane labels will apply to all
Note: Call leg profiles can be set globally, per tenant, per coSpace, per access method, per
coSpace user, or per call leg.
Call leg profiles can now set:
As in R1.1 whether call legs are "deactivated" (muted bi-directionally) until the first call
leg connects that does not require activation. These call legs revert to "deactivated"
when the last activator call leg disconnects
Whether call legs will receive any active presentation video combined with the main
video stream or (if capable) in a separate stream
Whether call legs are permitted to contribute presentations
Video layout: the default layout on devices that do not choose the layout for themselves
Whether participant name labels are included in multi-pane video layouts
Initial mute status for individual video and audio streams – both contributed by, and
received by, a call leg
Whether media encryption is Allowed, Required or Forbidden
Whether join and leave tones are played on this call leg, and at what threshold values
(see below)
Audio packet size (see below). The default is 20ms
Requiring activation enhancements (see the next section)
New Features/Changes in 1.2
2.7.2 Activation mode enhancements
R1.1 call leg profiles allowed individual call legs to be either "requiring activation" or "not
requiring activation". All call legs in a call "requiring activation" would be "deactivated"
(essentially, muted bi-directionally) until the first call leg that did not require activation connected.
Then, all other call legs would become "activated" (unmuted) but would revert to "deactivated"
when the last “activator call leg” disconnected.
R1.2 extends and enhances this mode:
Using call leg profiles, you can now set the "deactivation behaviour":
deactivate (the former, R1.1, behaviour), stay activated (allowing the participants to
continue to interact) or be disconnected
set a time value for how soon the deactivated mode takes effect: e.g. choose to
disconnect all "guest" participants a specified time after the last "activator call leg"
These settings follow the normal call leg profile hierarchy, so you can set box-wide
behaviour via the top-level global call leg profile, or exercise more fine-grained control at the
per-tenant or per-coSpace level: in the most advanced modes, some "guest" participants
might be disconnected when the last "chair" leaves while others remain [active]
Information on whether a participation's call leg is activated or deactivated is pushed out to
Acano clients if the call leg is an Acano (rather than standard SIP, Lync or avaya) one.
There's a new specific "callDeactivated" CDR disconnect reason to indicate that a call leg has
been disconnected due to its call being deactivated.
2.7.3 Participants joining and leaving tones enhancements
In R1.2, you can configure the Acano Call Bridge to play out audible notifications when
participants leave or join a coSpace. Call leg profiles configured via the API (for instance, the
top-level default call leg profile or a call leg profile for an individual tenant or coSpace) include
threshold values for when to play join and leave tones. The Acano Call Bridge will play join and
leave tones to other participants when new people join and leave according to those thresholds.
For instance, if the join tone threshold is set to "5", then tones will be played out for the first 5
people joining, but not for additional participants (unless the total number of participants drops
below 5). The leave tone threshold is configured separately to the join tone threshold; if, for
example, the leave tone threshold is set to "3", the audible notification will only be played out if
someone leaves when there are 3 or fewer participants in the call.
Until configured for a call leg profile via the API, the join and leave tone participant thresholds
are 0: by default, R1.2 behaves like previous software releases and no tones are played when
participants join or leave the call.
2.8 Outbound Calls Page Updates
2.8.1 Configurable control stream encryption for outbound calls
For each Outbound Calls dial rule, you can now set whether SIP control traffic:
Uses only encrypted transport (TLS) - Encrypted
New Features/Changes in 1.2
Uses only unencrypted transport (typically TCP) - Unencrypted
Tries Encrypted mode first and falls back to Unencrypted in the event of failure – Auto (the
This can be controlled via a new SIP Encryption field in the Web Admin Interface Configuration
> Outbound Calls page or the API (see the API Reference guide).
CAUTION: The default behavior R1.2 mode is Auto. This does not match pre-R1.2 behavior.
Previously, all "Lync" outbound dialling rules would automatically use Encrypted mode;
therefore you may need to ensure that these rules are explicitly set to Encrypted mode to
prevent the Call Bridge attempting to use unencrypted TCP for these connections in the event
of the TLS connection attempt failing.
Prior to R1.2, whether or not to attempt TLS first would be determined by the media encryption
setting; specifically, if media encryption was Disabled, then the Call Bridge would never attempt
to use TLS for SIP control connections. The new behaviour separates the control and media
encryption behaviour, allowing a TLS control connection to be used in the absence of media
encryption, for example.
2.8.2 New Local From Domain field
In previous releases the Configuration > Outbound Calls Local Contact Domain field
controlled the domain of the "From" address used in outgoing calls initiated via that Outbound
Call rule:
The contact domain was derived from the local Acano Call Bridge IP address used for the call.
From R1.2 the Outbound Calls page shows what was previously configured as the contact
address in a new Local From Domain field. This more closely matches its actual function: and
there's now the new ability to configure an explicit contact domain to be used: if you leave this
new field blank then the contact domain is derived from the local IP address (as before). If you
are using Lync, we suggest that you use this new function.
If you are not using Lync we recommend that the Local Contact Domain field is left blank to
avoid unexpected issues with the SIP call flow.
CAUTION: Therefore previous Outbound Calls dial plan rules may not work after upgrading to
R1.2 and they must all be checked and updated if required.
2.9 External Directory Support in Searches
Using the API, you can add additional directory locations to be searched when Acano client
users perform searches. If you are using the tenant feature, this is on a per-tenant level.
Results from these locations are added to the results from the LDAP-sourced user lists
displayed in the Acano clients.
2.10 CDR Enhancements/Changes
The CDR receiver address can now be read or written to via the API (GET or PUT to a new
/api/v1/system/cdrReceiver" node).
New Features/Changes in 1.2
The URI field in the CDR Receiver Settings section of the Configuration > API Settings
page remains for setting the CDR receiver address from the Web Admin Interface.
From R1.2 an audit log entry is made when the CDR receiver is added, modified or deleted.
Within a CDR, where applicable:
callLegStart records now include a "localAddress" value showing any local destination
relevant to the call leg (e.g. what the caller connected to in order to reach the Acano
A new "callDeactivated" leg end reason code signifies that the call leg was disconnected by
the Acano solution because the call of which the call leg was part was deactivated, and its
deactivate action (see above) was set to "disconnect"
R1.2 supports keepalive connections to allow the Acano solution to send multiple (batches of)
records on one TCP or TLS connection to a CDR receiver.
2.11 Main MMP Changes
The following enhancements/changes have been made in the R1.2 MMP for security. For full
details of the new command set see the MMP Command Reference for R1.2
The command passwd can now only be used by admin-level users
Admin-level users can now:
reset another user’s password
set the maximum number of characters that can be repeated in a user’s password – and
there are a number of other user password rule additions
limit MMP access by IP address
disable MMP accounts after configurable idle period
The command webbridge clickonce default is now webbridge clickonce none
to match other commands and disables all clickonce redirect behavior
There is a new dscp 4|6 <traffic type> <DSCP value> command to set DSCP
There are new commands for Common Access Card (CAC) integration
You can now permanently store system and audit log files using the new syslog rotate
<filename> and syslog audit rotate <filename> commands
You can now enable a FIPS 140-2 level 1 certified software cryptographic module, Then
cryptographic operations are carried out using this module and cryptographic operations are
restricted to the FIPS approved cryptographic algorithms
Users with the audit role can enable verbose logs for certain services using the audit
http (enable|disable) command
The Acano solution now
validates the new upgrade.img file before initiating a backup before upgrading
notifies users (on login) of the number of unsuccessful login attempts since last
successful login
New Features/Changes in 1.2
handles certificate bundles as well as certificate files. There are changes to pki
command parameters to accommodate this and a new pki verify <cert> <cert
bundle/CA cert> [<CA cert>] command
When deploying R1.2 as a new virtualized deployment, dhcp is enabled on interface a by
2.12 Miscellaneous Enhancements
2.12.1 OpenLDAP support
Previously you needed to make changes to openLDAP's schema to get an LDAP sync to work
with openLDAP (adding an objectUUID), but this is no longer necessary in R1.2.
Take great care if you choose to migrate from AD to openLDAP. The key is the objectGUID: this
is the object that the Acano solution uses to sync the coSpace database and AD. So long as the
objectGUID is intact when you migrate, the sync will maintain all properties on the Acano Server.
Make a backup of the current system configuration prior to migration. We strongly suggest
detailed testing with the LDAP mappings and filters on the new AD prior to initiating the Sync for
the first time from the new AD source.
2.12.2 Logging/Diagnostic Enhancements
The diagnostic logging available from the Web Admin Interface Logging > Detailed tracing
page has been improved:
All SIP traffic shown via this method has a fixed "SIP trace" prefix, so that it can be identified
from the more general event log
New DNS and API tracing complements the existing SIP tracing; the information produced
by these methods starts with either "DNS trace" or "API trace" for easy identification
For all tracing methods, the range of timed enablement now includes a "24 hours" option;
allowing extended diagnostics to be left on overnight, for instance
There are more date values along with times in the logs
Displays a warning message for failed DNS lookups
2.12.3 Audit Log Improvements
From R1.2, the audit log shows:
participants joining and leaving events
modifications to the CDR receiver settings (see below)
The audit log settings can only be changed by a user with the audit role: that is, only audit-level
users can use the syslog audit commands.
Users with the audit role can enable verbose logs for certain services using the audit http
(enable|disable) command.
New Features/Changes in 1.2
2.12.4 Configurable Outgoing Audio Packet Size
Whereas previous Acano solution releases would always send 20ms outgoing audio packets
where possible, R1.2 introduces the ability to set a preference of 10ms or 40ms instead by using
the Audio Packet Size Preferred field in the Configuration > Call Settings page if your
environment requires a different setting.
Note: Not all audio codecs support the ability send different packet sizes, and therefore the
effect of setting 10ms or 40ms settings may vary from call to call.
While you must select from pre-defined values in the Configuration > Call Settings page, by
using the API you can set other sizes for the outgoing audio packets according to the
capabilities of the codec in use.
2.12.5 Media Encryption
From R1.2, an unencrypted warning indicator shows up on endpoints' screens if those endpoints
have an encrypted connection to the call, but there are call legs in the same call that are not
using encryption. Using call leg profiles, it is now possible to configure encryption requirements
on a system-wide, tenant-wide or coSpace level.
Acano clients show an equivalent indicator.
2.12.6 Acano client presence enhancements
From R1.2, if you are in call on an Acano client, your user status will change to "Busy".
2.12.7 Resolution enhancements
From R1.2, the Acano solution supports 1920x1200 and 1600x1200 resolutions.
2.12.8 Active Call List Enhancements
From R1.2, the Acano solution displays the SIP URI of the caller in the Active Call list.
2.13 Summary of API Enhancement/Changes
This section summarizes the API enhancements and changes in R1.2. Some of these changes
are for features mentioned previously in these Release notes. For full details see the API
Reference for R1.2.
The reply to a GET on "/api/v1/system/status" now includes the software version.
New API tracing is shown in logs from the Logging > Detailed tracing page (see above)
There are a number of new elements in the object hierarchy:
/accessQuery (and associated method to find full details of how a given URI or call ID,
for instance, one that might be associated with a coSpace, might be reached)
/callLegs/<call leg ID>/callLegProfileTrace
New Features/Changes in 1.2
/system/cdrReceiver (see above)
Retrieve or write the CDR receiver address (see above)
There are some new fields for existing objects:
/tenants/<tenant ID>/callLegProfile – for per-tenant call leg profiles
/coSpace/<coSpace ID>/coSpaceUsers/<coSpaceUser ID>/callLegProfile – for per
coSpace user call leg profiles
/outboundDialPlanRules/<outbound dial plan rule ID>/sipControlTransport – a per
outbound dialling rule setting for SIP control traffic transport. <outbound dial plan rule
ID> is one of :encrypted, unencrypted or auto
There are some additional filters to use in queries:
/callLegProfiles - you can now specify "usageFilter=unreferenced" as a filter to return
only call leg profiles not referenced anywhere (and therefore potentially safe for deletion)
/coSpaces - you can now specify a "callLegProfileFilter=<GUID>" filter to return just
those coSpaces using that call leg profile (at the coSpace level, or for an accessMethod
or coSpaceUser)
/tenants - you can now specify a "callLegProfileFilter=<GUID>" filter to return just those
tenants associated with that call leg profile
Enable tones for participants joining and leaving calls (see above)
callLegProfile additions (see above)
A top-level profile can be set, via a new API "api/v1/system/profiles" node (see above)
Requiring/not requiring activation enhancements (see above)
Add additional directory locations to be searched when Acano client users perform searches
(see above)
New failure reason databaseNotReady for LDAP sync operations
New parameters when adding and modifying a coSpace member
Notes on Upgrading to R1.2
3 Notes on Upgrading to R1.2
This section includes information about upgrading an Acano Server Release.
CAUTION: Before upgrading to R1.2 (either an Acano Server or a virtualized deployment) you
must take a configuration backup using the backup snapshot <filename> command and
store it safely on a separate device. See the MMP Command Reference document for full
CAUTION VM ONLY: Before you upgrade a virtualized deployment to Release 1.2 you must
ask for a new license file. This file replaces the activation key on a
virtualized deployment – the activation key is no longer required.
3.1 Upgrading to Release R1.2
Unless specifically mentioned, the instructions in this section apply to both Acano Server and
virtualized deployments.
Upgrading the firmware is a two-stage process: first, upload the upgraded firmware image; then
issue the upgrade command. (This restarts the Acano solution: the restart process interrupts all
active calls running on the Acano solution; therefore, this stage should be done at a suitable
time so as not to impact users − or users should be warned in advance.
To install the new firmware on the Acano Server follow these steps:
1. Check that you have the new license file from This file is required on
virtualized deployments. It replaces the activation key on a virtualized deployment – the
activation key is no longer required and has been deprecated.
2. Obtain the upgrade image from the secure partner section of the Acano website. You should
have obtained a file called upgrade.img. If this is not the case – rename the file to
Note: If you are using WinSCP for the file transfer, ensure that the transfer setting is ‘binary’
not ‘text’. Using the incorrect setting results in the transferred file being slightly smaller than
the original – and this prevents successful upgrade.
If you are using a virtualized server, when you log in with the admin user account after
upgrade, for security you will be prompted to change the password before proceeding.
CAUTION: After upgrading you must check your Outbound Calls dial plan rules – see
section 2.8.
3. Using a SFTP client, log into the MMP using its IP address. The login credentials will be the
ones set for the MMP admin account. If you are using Windows, we recommend using the
winSCP tool.
You can find the IP address of the MMP’s interface with the ipv4 admin command or the
equivalent ipv6 command.
Notes on Upgrading to R1.2
The SFTP server runs on the standard port, 22.
After copying the upgrade.img file, you will not be able to see it listed as being in the file
system; this is normal.
4. Copy the software to the Acano Server/ virtualized server.
5. To apply the upgrade, issue the upgrade command.
a. Establish a SSH connection to the MMP and log in.
b. Initiate the upgrade by executing the upgrade command.
The Acano Server/ virtualized server restarts automatically: allow 10 minutes for the process
to complete.
6. Verify that the Acano solution is running the upgraded image by re-establishing the SSH
connection to the MMP and typing:
Remember to use the MMP user accounts to log into the Web Admin Interface. Refer to the
MMP Command Reference document for more information.
7. If you are using a virtualized deployment, upload your new license file.
8. For all deployments, check the Configuration > Outbound Calls rules updating the Local
Contact Domain field and completing the new Local From Domain field if necessary.
3.2 Downgrading
To return to the older version, use the regular upgrade procedure to “upgrade” to the appropriate
version, and then restore the configuration backup for that version.
Resolved Issues
4 Resolved Issues
Resolved in R1.2.18
WebRTC client does not work with
Chrome version 41.0.2272.64 beta-m
When attempting to join a call with the WebRTC client
v41 the client displays the spinning circle for a while and
then the call fails. R1.2.18 fixes an interop issue that
was preventing WebRTC clients from working with this
beta version of Chrome.
XSS vulnerability could result in
execution of javascript to create a
popup with the text xss after clicking
through authentication (successful or
A bug was discovered in R1.2.14 which could result in
the coSpace database not initialising, following an
upgrade or downgrade to R1.2.14 on Acano Server
hardware only. The VM version of this release is not
impacted by this fixed in R1.2.18.
Resolved in R1.2.15
CVE-2015-0235 - Ghost vulnerability
This issue was reported as Security alert 017 and is
fixed in R1.2.15.
Unable to join coSpace on Web
Bridge with Firefox
This issue can be seen whether joining as a guest or
signing in to the WebRTC Client as a user and is fixed in
Lync calls fail after 30 seconds to
direct federated Lync servers in
Fixed in R1.2.15.
Resolved in R1.2.14
CSR generated on the Acano server
could be rejected as an Invalid CSR
This was occurring because of a difference between
the given and expected version number. This issue is
fixed in R1.2.14.
Call Bridge passing incorrect
information about the number of
recent participants when there have
been 10 or more participants in the
When 10 or more participants were in a call in a
coSpace (not necessarily concurrently), the server
includes an incorrect number of participants in the
recent call message sent to the Acano clients. This
issue is fixed in R1.2.14.
Open URL redirection vulnerability
could be exploited to gather
credentials from an unsuspecting
This issue was reported as Security Incident 017 and is
fixed in R1.2.14.
XSS vulnerability could result in
execution of javascript to create a
popup with the text xss after clicking
This issue was reported as Security Incident 018 and is
fixed in R1.2.14.
Resolved Issues
through authentication (successful or
Resolved in R1.2.13
All active calls are dropped
Calls being dropped when component connection from the Call
Bridge to the XMPP server dropped because invalid XML was
sent from a client. This issue was raised as Security issue 013,
and is fixed in R1.2.13.
Issues in calls with VCS
X7.2.2 and Acano 1.2.11 &
This could occur when the “Minimum session refresh interval
(seconds)” was higher than 1800 in VCS. This issue is fixed in
API system status messages
returning unwanted
This issue is fixed in R1.2.13.
Syslog "unrecognised protocol
message" at "Warning" level
This has been made an info level message rather than warning;
it indicated that older versions of the clients are being used with
the Acano server. This issue is fixed in R1.2.13.
First few seconds of the video
stream could be fragmented
This was related to setting MTU settings on an interface. This
issue is fixed in R1.2.13.
Calls being dropped
This occurred because of TURN server issues when listening on
multiple interfaces. This issue is fixed in R1.2.13.
MMP commands didn’t autocomplete with all possible
This issue is fixed in R1.2.13.
Lync AVMCU calls disconnect
at 16 minutes
Lync AVMCU calls to SIP endpoints disconnected at 16 minutes.
This issue is fixed in R1.2.13.
Resolved in R1.2.12
Sending higher than
configured Tx maximum
bandwidth to Lync client
This issue is fixed in R1.2.12.
Logs filling with repeated
message approximately every
This was caused by starting the server with an invalid XMPP
license. This issue is fixed in R1.2.12.
Server crash when running
This was caused by a DNS lookup error and this issue is fixed in
Frequent resolution changes
when Lync client and EX60
endpoint in a coSpace
This was caused by frequent changes to the incoming resolution
and from R1.2.12 we have adapted our algorithms to suit this
situation. This issue is fixed in R1.2.12.
Resolved in R1.2.11
Resolved Issues
Custom IVR image issue
Customized image could be pixilated in full-screen mode on
Lync participants. This issue is fixed in R1.2.11.
Certificate chain issue
This certificate trust issue is fixed in R1.2.11.
Content fails SIP calls through
Codian ISDN GW
Content could fail to stop and cause lip sync issues. This is fixed
in R1.2.11.
Max number of hostname IPs
Previously the Acano solution could only resolve 8 names to a
DNS load balancer. This has been increased and the issue is
fixed in R1.2.11.
H264 decoder crash
This issue was caused by a rare software loop and is fixed in
Load balance across VCS
Outbound calls from an Acano server were not load balanced
across all available VCS cluster peers. This is fixed in R1.2.11.
Server crash
This issue is fixed in R1.2.11.
Active calls stop working
The Call Bridge service could stop on receiving 401 messages.
We have improved 401 message handling and this issue is fixed
in R1.2.11.
Security fix CVE 2014 3513
R1.2.11 fixes a security issue with OpenSSL denial of service
vulnerability that is detailed in the Security Alert Details
No video to Polycom DMA
We have improved our handling of parameters in the H.264
advertisement parsing code and this issue is fixed in R1.2.11.
Resolved in R1.2.9
Occasional Lync calls failing
This was caused by a NOTIFY message with zero length. This is
no longer transmitted and therefore is fixed in R1.2.9.
postgres not starting
Some changes have been made to the postgres setup and this
issue is fixed in R1.2.9.
Resolved in R1.2.8
Require a Chrome extension
to be able to share desktop
from Chrome.
This issue is fixed in R1.2.8.
Server crash caused by issue
with Active Directory settings
Field Mapping Expression
This issue is fixed in R1.2.8.
Resolved in R1.2.7
Resolved Issues
Vulnerability issues with
R1.2.7 uses the latest OpenSSL library addressing some
vulnerability issues reported as Security Incident 007.
Issues with Apache's
R1.2.7 uses Apache 2.4.10 addressing potential slow http
attacks. This issue was reported as Security Incident 008.
One-way video with Chrome
Although Chrome v36 was fine in the same circumstances,
when using v37 the Acano WebRTC Client received video, but
didn't transmit any. This issue is fixed in R1.2.7; however, see
the Known limitations below.
tenantFilter for callLegs
returns no results
In R1.2.5 an API GET on /api/v1/callLegs?tenantFilter=xyz could
return zero results. This is fixed in R1.2.7.
Empty/missing <name> tags
in API responses for
participants without a SIP
display name
If an endpoint didn't supply a SIP display name, then in the list of
/callLegs from the API, you could see an empty name tag. This
is fixed in R1.2.7.
Virtualized Edge server not
responding to SNMP polls
snmpd wasn't starting up and this is fixed in R1.2.7.
In R1.1 WebRTC guest
diagnostics could show
unnecessary information
This is fixed R1.2.7.
WebRTC Client’s Chat tab
does not show the latest
There was a missing refresh of the message board when
returning to it from another view. This is fixed in R1.2.7
Resolved in R1.2.6
XMPP (authp) authentication
succeeds with empty
password if LDAP server
allows 'unauthenticated
authentication' method of
simple bind
Active Directory allows unauthenticated authentication and
therefore if the client supplied an empty password, but a valid,
known JID, such client log-in requests succeeded. This was a
security issue reported as Security alert 006 – this issue has
been fixed in R1.2.6.
Resolved in R1.2.5
Core server crash
There could be an occasional crash when the Core server was
communicating with the Web Bridge(s) due to a memory buffer
issue. This is fixed in R1.2.5.
Decoder rejected frames with
width or height not divisible by
One consequence was that the Acano solution did not output
any frames when Chrome sent a desktop at 1680x1050 for
example (as 1050 is 2 mod 4). In R1.2.5 the Acano solution is
more flexible on resolutions and this issue is fixed.
Logo shown to clients when
multiple deactivated ("guest")
video participants are present
R1.2.5 deals with deactivated video streams better and no
longer sends anything to the clients when there are no "real"
participant video streams available.
Failed API/webadmin
authentication causes
This issue was previously reported as Security Alert 005. This
issue is fixed in R1.2.5.
Resolved Issues
slowdown of webadmin, API
and SIP processing
Loaded media message after
changing microphone when
using Chrome WebRTC
The Chrome client would show "Loading Media - Please wait";
and to re-establish full audio and video the user would have to
dial in again.There is now improved handling of trickle ICE on
the Web Bridge and this issue is fixed in R1.2.5.
Issues changing the layout for
a callLeg via the API in R1.2
In R1.2.0 changing the layout for a callLeg via the API didn't
work if you did a PUT with layout = telepresence but worked if
you specified defaultLayout = telepresence. The published API
spec for 1.2.0 was incorrect. In R1.2.5 the Acano solution will
accept either parameter for a callLeg – but the documentation
has been updated to reflect defaultLayout = telepresence and
this is the recommended statement. This issue is fixed in R1.2.5.
Thread safety issues with
json_read in PAM
Repeated failed authentication could cause a crash. This is fixed
in R1.2.5
Releases R1.2.1 to R1.2.4 were not released.
Resolved in R1.2 (previously called R1.2 RC2)
Escalation from audio to video
not working over Lync Edge
Escalation from audio to video would not work over Lync Edge
server; this is fixed in R1.2.
The webbridge listen
command doesn't work for
certain port numbers
Some port numbers did not work with the webbridge
listen command; for example Firefox considers port 1 as a
reserved port. The webbridge status returns “Running”
but the web page doesn't seem to load when you browse to the
Acano server, e.g. This is fixed in R1.2
Calls fail with uppercase
If the content-type header in SIP messages had SDP in
uppercase then calls could fail with "ACK received with no
session description late media call - ending call”. This is fixed in
Web Bridge issue could cause
a crash
This is fixed in R1.2.
Known Limitations
5 Known Limitations
If you encounter any of the following issues, contact because we are likely
to have test builds to send you with fixes for many or all of them by the time you find them.
Lync Edge clients lose
audio/video after hold/resume
If you dial a Lync 2010 client into a coSpace and hold/resume
the call a few times, it can end up with either no audio or no
video or no media at all after a call resume. If you leave it in this
state, Lync 2010 client eventually prints a message saying "Call
failed due to network issues". This issue will be addressed in a
future release.
Lync calls to coSpace with
PIN do not connect reliably.
This affects all Lync clients
When dialing from a Lync client using a Lync server which has
SupportEncryption or RequireEncryption set, then after you
enter the coSpace PIN, the result can be unreliable. The call
may connect perfectly, or audio and/or video may not be sent.
Unable to stop pcap capture
on serial/ssh
Occasionally users running pcap from the serial console for a
few minutes are unable to stop the capture with a Ctr+C, if this
happens try crt+\ or contact Acano support.
Prevent logging in to the Web
Admin Interface.
By going to the Web Admin Interface login page, clicking OK to
login and then holding down F5, all the sessions will be “used”
without even logging in. This prevents anyone else from logging
in until those sessions expire. This issue will be addressed in
Call Bridge Crash
A stress crash can occur in R1.2 Beta 22/04/2012 when using
the WebRTC client.
No DNS failover for AD sync
Although the initial problem of the Call Bridge not falling back to
a second AD server address after the LDAP connection to the
first failed has been fixed in R1.2, there remains the issue that
trying to connect to a non-existent/non-responding remote
address can take a long time to time out.
“syscall error” messages
appearing in log
The syscall error message should not have been left enabled in
this maintenance release. However, they are harmless and
should be ignored.
OpenSSL vulnerable to a
denial of service attack
This issue is reported as Security Alert 022.
