So why not, nearly 16 years after the show started, try and get one of these working on an Asterisk PBX? At work we had a number of similar 7940 models that hadn’t be used for years, so why not give it a try…

History

When the show started in 2005, these phones would need an entire Cisco ecosystem to support it, as it was essentially locked to Cisco’s propriety SCCP system. It was later and when the models were approaching end of life that a firmware update allowed it to communicate over SIP, therefore making it compatible with many more systems.

Before going further, I should note that I the telephony world, these things are ancient and have fallen way behind the capability that modern phones can offer. I would recommend these as a novelty and not be considered for deployment as it requires a lot of manual setup for little return, as we’ll go into….

Requirements

PBX: SIP based, for this example I’ll be using FreePBX, based on Asterisk.

Firmware: Dependent on what’s already loaded on the phone, you may need to source the P0S3-8-12-00 firmware that enables SIP. It can still be found with enough searching online.

TFTP Server: The 7940 can only be configured via TFTP and cannot be setup manually on the phone, so this is essential. In this example I’ll be using Windows Server 2019 and repurposing the TFTP element of Windows Deployment Services.

DHCP Options: The phones are pointed to the TFTP server via DHCP Options, a router or DHCP server capable of these is required. I’ll be setting this up on a Draytek 2862.

HTTP Server: Should you wish to add Services and a Directory, the phone pulls this information via HTTP.

Setup

TFTP Server

In Windows Server 2019, open Server Manager and start the Add Roles and Features Wizard.

In Server Roles, tick Windows Deployment Services

Then in Role Services, select just Transport Server to enable TFTP.

By default, Windows uses TFTP exclusively to deploy Windows images on client machines, so we’ll need to make a registry edit to allow the server to provide all files.

Open RegEdit, and navigate to:

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WDSServer\Providers\WDSTFTP

TFTP files are served from C:\RemoteInstall by default, this can be changed by editing RootFolder value.

Edit ReadFilter value to add \* to allow all files to be read in the root folder.

To re load these changes, restart Windows Deployment Services Server from the Services folder.

DHCP Options

To allow the phone to know where the TFTP server is on boot, DHCP Option 150 is used to direct the phone.

Logged into the Draytek 2862, navigate to LAN –> General Setup –> DHCP Server Option button.

Enter Option Number 150, and enter the server IP address in the Data field:

To check its working, plug the phone into the network, after initial loading it will start looking for files at the server’s IP address.

Config Files

All of the phone’s functionality is provided by the config files. As a minimum the phone requires the following for use with SIP:

SIPDefault.cnf – Common configuration for all phones on the network, containing info such as SIP server.

SIP<MAC Address>.cnf – Phone’s individual config, such as extension registration info. File is named SIP001D45000000.cnf where 001D45000000 is the MAC address of the phone.

If your phone is loaded with SCCP firmware, for instance if it was pulled from a Cisco infrastructure environment, the phone will attempt to pull a different set of files from the TFTP server.

To identify SCCP firmware, when loading the top black bar will lack the “SIP” logo on the right.

If it is the older firmware, additional files are needed to instruct the phone to update its firmware:

XMLDefault.cnf.xml – First file served, specifies the firmware to load.

OS79XX.TXT – An alternative firmware pointer file.

Then you will need the firmware files, for reference / search purposes, these are the files needed:

P0S3-8-12-00.loads
P0S3-8-12-00.sb2
P0S3-8-12-00.tar
P0S3-8-12-00.bin
P0S3-8-12-00.sbin

Factory Reset

If the phone already loads and gives an extension, it will need to be factory reset:

With the phone unpowered, hold the # key. While holding, connect power to the phone and release the # key when the Headset, Mute and Speaker buttons start lighting in sequence.

Next whiles lights are still in sequence, press 123456789*0#.

When reset menu appears, press 2 to say no to keep network settings.

Phone will reboot and is ready to provision.

Provisioning

DHCP Option, TFTP Server, files in place, the phone can now be provisioned.

Dependant on firmware level it will take up to 5mins to upgrade and provision, during which and if all goes well will get some comforting references to the files served by the TFTP server.

You now have a Dunder Mifflin issued extension.

A report came in on this issue and a few checks of the domain DNS revealed it was on a platform we use for domains and web hosting.

Not overly familiar with the hosting company from a website standpoint and even less with Joomla, it was time to first fathom out how it works, and them find the problem and fix

At this stage of the initial report there’s not much that can be investigated on the fly as the whole website was offline. The only clue of the website showing a forbidden error when visiting suggests that there is a permissions conflict o the web server. Having access to the files, this could be tested by trying to browse to specific image files by using the directory path as the reference, however every file tried returned a 403 Forbidden error.

Joomla

The file structure had a lot of references to Joomla, and this was found to be an alternative blogging platform to WordPress. During the website’s commission in 2012, it seemed a choice between Joomla and WordPress, however with hindsight it seems the WordPress won the war. Essentially it’s pretty similar with an administration portal and driven by PHP and a MySQL database.

Of consideration from my experiences of WordPress is the number of updates a site will need over a year due to the vulnerabilities that constantly crop up, noting that the site has not been touched in the two years that I’ve been here, it could have been knocked offline as a result of an exploit.

With this is mind, I had to confirm that behind the 403 error was still a functioning website that could be restored.

Restoring to a New Server

Wanting to see if the site was still there and concerned about vulnerabilities, a fresh install of Windows Server 2012 in a VM was created to download the site and test.

In Windows, the Internet Information Services role was added, and the Web Platform Components 5.1 installed on top.

As a Joomla site is PHP and MySQL, I find the quickest way to get these installed and integrated with IIS is to install a new instance of Joomla via the Web Platform Installer, as it will also install all required packages in order to run on a Windows Server.

The WPI is followed to get the MySQL database and other components installed, the opening of the Joomla setup webpage is as far as is needed to go.

Adding the Website

A copy of the public_html files were restored to the emptied C:\inetpub\wwwroot folder so it can be run by the IIS default website,

To get the SQL database restored easily I used HeidiSQL, this is a great alternative to the go to MySQL Workbench CE, especially as I faced incompatibility issues with SQL version numbers and kept receiving “Bad Handshake” errors when connecting with Workbench.

In HeidiSQL, log in via the credentials entered during the initial Joomla setup. Create a new database in the left hand pane and name it the same as the backed up database.

Then with the database highlighted, choose File > Load SQL File, select the backup .sql file and open, when prompted choose to run immediately. The table structure and data will now import to the database.

Next was to create a user for the website to connect to the database, in Tools > User Manager, add a new user and give it access to Global Privileges.

Connecting

With the fundimentals now in place, the last step is to reconfigure the Joomla site so it connects to the newly restored database.

In Joomla, the database connection settings are stored in configuration.php located on in the root folder. Open this file in a text editor and amend the $user and $password fields to match the user created in HeidiSQL.

As in this instance the MySQL server and web server are on the same machine, $host can be changed to ‘localhost’

Now is the moment of truth, open a web browser on the server and navigate to http://localhost , deep breath encouraged.

Result

To my surprise it was actually there, and visibly intact. While the issue is not solved I at least know that I still have something to work with, and can continue working out what went wrong.

This also confirmed that it was indeed a permissions issue on the live web server, but without access to this it was time to raise a support ticket with the web space provider.

Update

Turns out from raising the support ticket the suspicions of an exploit reigned true. The website was blocked from the web by the provider as it was reported for being involved in a phishing attack, and it would have been nice to be notified of this!

A quick clean and a lot of patching later the site is now unblocked and back online.