Troubleshooting
The following sections contain information about how to troubleshoot common problems, usually related to improper installation, encountered during Phone Password Manager deployments.
Consult your vendor for additional troubleshooting information regarding your voice board, associated drivers, System Release software, or PBX.
Problems with the voice board
If you run into problems with your voice board:
Check for IRQ conflicts.
One of the most common issues encountered when using voice boards is an IRQ conflict. Voice boards work best when configured with their own, high-priority, IRQ.
Ensure that you are using the right type of phone line.
Only analog lines can be used with analog boards, and only digital lines can be used with digital boards. Plugging in the wrong type of line can damage the voice board.
Check your PBX documentation to ensure that the board you purchased is compatible with your PBX.
Ensure that the voice board can pick up calls.
You can use the Intel voice demo to do this.
Problems with hangup events
If Phone Password Manager is having problems with hangup events on a digital network system, and you have correctly completed all configuration steps outlined in this manual, then there is probably a misconfiguration on the Dialogic card. This problem should not happen on digital network systems. If it is happening, contact the support department of your Dialogic hardware supply company, or purchase support services from a third-party company.
If Phone Password Manager is having problems with hangup events, and the Dialogic card is connected with analog CO lines or analog PBX lines:
Enable the "circuit reverse" or "battery reverse" features on those lines. This can offer more reliable disconnect supervision.
If "circuit reverse" is not available, use the PBXpert to detect and enable tones for the analog Dialogic card. For further details, see your Dialogic manual.
Welcome message does not play
If you hear dead air instead of the welcome message, then upgrade to the latest Dialogic System Release Software Updates. This issue can also be caused by improper audio file configuration.
Some or all audio files are not playing
If no sound is played to users who connect, or there are certain menu options for which the sound files are not being played, it is possible that your audio file configuration is incorrect. Phone Password Manager organizes audio files in the following directory structure:
<Instance>\audio\
en-us
a.wav
b.wav
(etc)
<Language code>
(Other languages)
If this directory structure is disturbed, or any of the audio files themselves are missing, then the system will not be able to locate those files for playback to the user. This error can be easily diagnosed by reviewing the system logs, which will include a message such as:
Warning: Cannot open C:\Program Files (x86)\Bravura Security\Telephone Password Manager\<instance>\audio\en-us\<filename>.wav, errno: 2
This error indicates that Phone Password Manager was unable to locate the audio files in their usual directory.
Asterisk® audio files
When using an Asterisk® server, Phone Password Manager needs to upload the locally-stored audio files onto the Asterisk® server. Phone Password Manager will only initiate this file synchronization if it cannot find the following directory on the Asterisk® server:
\var\lib\asterisk\sounds\HiTPM\
To force Phone Password Manager to update the Asterisk® server’s audio files: delete the directory listed above, restart the Phone Password Manager service, and place a call to the IVR.
The Phone Password Manager service fails to start
In the system services menu, you should see:
Dialogic® Boardserver
Dialogic® SS7 Service
Dialogic® System Service *
Bravura Security logging Service *
Telephone Password Manager Module Service *, or Bravura Security VoIP Telephony Service * (Dialogic only)
Services marked with a * must be started in order for Phone Password Manager to operate properly. Dialogic® services only appear on a system using a Dialogic® IVR backend. The names of the Dialogic® services may vary.
In Phone Password Manager version 9.0+, the VoIP service has been merged into the Phone Password Manager module service.
If the Phone Password Manager Service fails to start:
Ensure that the Dialogic® System Service, and Dialogic® Boardserver service, are running and configured to start automatically.
You can do this using the Windows Service Control Manager (SCM), or the Dialogic® product Configuration.
Ensure that pspushpass.dll is installed and can be found in the system PATH.
Some Dialogic® services are dependant on other Dialogic® services and will not restart automatically after a reboot of the server. After a reboot, make a test call into your IVR server, and manually restart Dialogic® services if required.
The Phone Password Manager Service is dependant on Dialogic® system services, and also needs to be manually restarted after a reboot. It may take several seconds before the service is ready to be started, so ensure that you refresh the list of services to confirm that this service is running.
Phone Password Manager cannot return requests
If Phone Password Manager cannot return requests properly due to slow network speeds, then you can modify the "SoapTimeout" registry key:
HKLM\SOFTWARE\Bravura Security\Bravura Security Fabric\<instance>\\Idapi\
Modify the "SoapTimeout" registry key by increasing the value. The default setting for this value is 60000 milliseconds, which is one minute.
Phone Password Manager cannot connect to the softphone system
If Phone Password Manager cannot connect to the softphone system, try switching audio codecs in idtel.cfg . The codec in Phone Password Manager must match the supported codecs of your softphone system.
Phone Password Manager fails unexpectedly
If Phone Password Manager fails unexpectedly, it is possible the Dialogic license is expired or invalid. You may see an error message like the following:
2013-01-15 07:54:59.532.2056 - [] idvoip.exe [3292,3180] Warning: gc_Start, GC ErrorValue: 0x8c - The start procedure of a call control library failed, CCLibID: 0 - GLOBALCALL, CC ErrorValue: 0x8c - The start procedure of a call control library failed 2013-01-15 07:54:59.532.2093 - [] idvoip.exe [3292,3180] Debug: Failed to initialize GlobalCall Libraries 2013-01-15 07:54:59.532.3090 - [] idvoip.exe [3292,3180] Error: Failed to InitGC, service terminated
To resolve this, update the Dialogic license, then restart the Phone Password Manager service. See the Dialogic documentation for details on updating a license.
SoX version mismatched
Phone Password Manager is fully functional with newer versions of the SoX utility, however Phone Password Manager expects SoX versions equal to or earlier than those shipped with Asterisk® when checking for the existence of a SoX installation. This version mismatch can impede the installation and function of Phone Password Manager with Asterisk.
To resolve this issue, log into the Asterisk® server as root, or escalate to root. Execute the following commands in the Unix terminal, in order:
cp 'which sox' 'which sox'2 echo '#!/bin/bash' > 'which sox' echo '[ "$1" = "--version" ] && echo "sox: Version 0.0.0" || sox2 $*' >> 'which sox'
This change will reconfigure how SoX responds when asked to display its version, allowing Phone Password Manager to install with newer versions of SoX.
Logging Phone Password Manager events
An issue in trying to follow the logged events from the scripts, common to other PSLang usage in Bravura Security Fabric , such as ssh/telnet/cmd/ps expect scripts, is that PSLang logs the line in the script that records the log entry, but not the file.The filename can theoretically be added in file-specific interpreted log functions that wrap the built-in (compiled) log function, but that has not been done in samples shipped with Bravura Security Fabric .
From the compiled PSLang functions, the emitted SOAP API calls have to reach the SOAP endpoints provided by idapisoap on the Bravura Security Fabric server.
Increasing tpm.exe's logging to Verbose (99 ), logs both the outgoing API calls and the returning answers (the entire SOAP XML of the call/response with some sensitive fields starr(*)ed out for privacy). At that point the troubleshooting moves over to the Bravura Security Fabric server's idapisoap and idapi services.
Log analysis
Bad Phone Password Manager config file
In the Phone Password Manager server's idmsuite.log, after you start the Telephone Password Manager service, there should be no logged entries containing:
Can not parse config file
If there are such entries, the line mention is malformed and has to be fixed.
Usually, the error location (file, line and position in the config file, as well as what is missing or found more than expected), are mentioned on the logged entry.
Bad API password
On the Phone Password Manager server you can see entries such as:
2023-12-14 10:19:44.533.2542 - [] idvoip.exe [4144,4468] Warning: Failed to LocalLogin, sessdat has not been updated
That means that the password is misconfigured in Phone Password Manager's service\pushpass.cfg
At the same time, on the Bravura Pass server that receives the API login operation, you will see entries like:
2023-12-14 10:19:57.201.2003 - [] idapi.exe [7120,7664] Warning: Login failed: invalid password specified for [_API_USER_TPM].
To fix that:
Use idapitool to change the password and AES-encrypt it.
lib> idapitool.exe -url https://host.domain.com/instancename/idapi -user _API_USER_TPM -psw password
The URL has to be the one as seen by the API client, in this case by Phone Password Manager, as configured in its service\pspushpass.cfg.
Use the AES-encrypted version of the password in Phone Password Manager's service\pspushpass.cfg. Ensure you save the changes.
Restart Phone Password Manager so it reads the new config
Check
idmsuite.logagain to ensure this time the API logging succeeds.
Connecting SIP through NATs
Network Address Translation (NAT) has been always a problem for Session Initiation Protocol (SIP).
Most problems are caused by the peer side (user side) network.
Make sure the SIP client software supports STUN & UPnP protocol.
Also make sure the UDP port 5060 - 5080 and 10000 - 20000 are allowed on both sides of network.
Test SOAP API
When SOAP API commands fail to be sent to the Bravura Pass instance, or if the Bravura Pass instance logs some error or warning, you'll find them in a default Phone Password Manager logging like this, from the Phone Password Manager service (idvoip):
2023-12-14 10:19:44.533.2542 - [] idvoip.exe [4144,4468] Warning: Failed to LocalLogin, sessdat has not been updated
or:
2023-12-05 10:21:33.914.5137 - [] idvoip.exe [8508,9016] Warning: Error [Can not parse
config file [D:\Program Files\Bravura Security\Telephone Password Manager\hidpwm\service\pspushpass.cfg]. Error [[Line: 30, Pos:
3]: Parse error: expected ';'].]Warnings such as the following are expected and can be ignored, if the unavailable functionality is not used in the affected implementation.
2023-12-12 09:46:01.439.3620 - [] idvoip.exe [1288,7272] Warning: Failed to load library
[VC_Database.dll]. Error [126]
_2023-12-12 09:46:01.439.3635 - [] idvoip.exe [1288,7272] Info: Voice print functionality
disabledOn the Bravura Pass server, from idapisoap.exe or idapi.exe , for example:
2023-12-14 10:19:57.201.2003 - [] idapi.exe [7120,7664] Warning: Login failed: invalid password specified for [_API_USER_TPM].
On the Phone Password Manager side, increase logging to Debug level , to see both the SOAP outgoing message (SND) and the SOAP message Bravura Pass sends back (RCV), for example:
2023-11-15 11:08:29.384.7518 - [] idvoip.exe [4596,6852] Verbose: SND:<?xml version="1.0"
encoding="UTF-8"?> <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><Login
xmlns="http://www.hitachi-id.com/idapi"><request xmlns:a="http://schemas.datacontract.org/2004/07/idapi" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><a:sessdat></a:sessdat><a:userid>_API_USER_TPM</a:userid><a:password>***</a:password><a:isadmin>1</a:isadmin><a:options></a:options></request></Login></s:Body></s:Envelope>
For a successful login, a sessdata item will be returned (RCVed), as well as a Success message and a "0"(zero) value for the returncode of the operation:
_2023-11-15 11:08:29.384.7546 - [] idvoip.exe [4596,6852] Verbose: RCV:<s:Envelope
xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><LoginResponse xmlns="http://www.hitachi-id.com/idapi"><LoginResult><errmsg xmlns="http://schemas.datacontract.org/2004/07/idapi">Success</errmsg><rc xmlns="http://schemas.datacontract.org/2004/07/idapi">0</rc><sessdat xmlns="http://schemas.datacontract.org/2004/07/idapi">73bb9a4b-46bb-4944-8d64-7f53ee87e55b</sessdat></LoginResult></LoginResponse></s:Body></s:Envelope>Note that:
The URL-like values in those SOAP messages are NOT the address of the Bravura Pass instance, they are SOAP namespaces.
Passwords will always be obscured (replaced with ***) which can make troubleshooting failed logins tricky.
If you want to test the SND operations, Bravura Security recommends using a SOAP client such as SoapUI or postman. For a complete connection test, such SOAP clients have to be run from the Phone Password Manager server.
If company policy doesn't allow installing such clients for testing, you could try using Powershell instead:
Initialize a variable with the text of the raw SOAP call:
$Body = '<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><Login xmlns="http://www.hitachi-id.com/idapi"><request xmlns:a="http://schemas.datacontract.org/2004/07/idapi" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><a:sessdat></a:sessdat><a:userid>_API_USER_TPM</a:userid><a:password>PUT_PLAIN_TEXT_PASSWORD_HERE</a:password><a:isadmin>1</a:isadmin><a:options></a:options></request></Login></s:Body></s:Envelope>'Send that SOAP message to the same Bravura Pass endpoint configured in Phone Password Manager's pspushpass.cfg :
Invoke-WebRequest -Uri https://hpmtest.company.net/myidpm/idapi -Method Post -Body $Body -ContentType application/xml
If the correct password for the used API profile was successfully tested with idapitool , yet Phone Password Manager itself fails to Login into Bravura Pass with the same encrypted password, there's likely a difference in encryption keys between the Bravura Pass and Phone Password Manager instance. Use the same encryption keys on both servers, and the same product version of Phone Password Manager and Bravura Pass .