What's New

VPN Security Update Required

E-MetroTel has now released a new software update for both UCX Release 6 and Release 7 systems that will replace the VPN certificate on the UCX without requiring the device to be unregistered and subsequently re-registered. Please refer to Step 2 below for additional details.
 

The certificate used for VPN access has expired and requires an update to maintain the highest level of security. VPN Connectivity for both user PCs and UCX systems requires updated certificates in order to reconnect. Refer to the following sections:

​Step 1: Updating the VPN certificate on your own PC(s)
Step 2: Updating the VPN Certificate on every UCX system
 
NOTE

You must update the PC used to connect to the VPN AND update each UCX system in your network before you can use the VPN to perform remote configuration.

Step 1: Updating VPN certificate on user’s PC

This is only required to be done once for each PC that you use to connect to the VPN. Use the following process to update the authentication certificate on any PC (Win/Mac) used to connect the the E-MetroTel support VPN.
  1. Connect your PC’s browser to remote.emetrotel.org and log in with your E-MetroTel UCX Remote Access account credentials. VpnRemoteAccessSignin.png
  2. If you have forgot your password, you may request a password reset using the link provided. Follow the instructions in the email. VpnForgotPassword.png
  3. All certificates issued by the VPN server are listed on the Certificates page. If you know the NameDescription, or User assigned when the certificate was originally created you may search for it using the browsers Search mechanism (usually Control-F or Command-F). The certificate would have been issued with a Type of PC or MAC. UCXRemAccessCertificates.png
  4. Once you find the certificate, proceed to Step 10.
  5. Alternatively, to find the existing PC device certificate, navigate to the Users page. Depending on the type of Remote VPN account credentials you have, this page may not be visible. VpnRemoteAccessUsers.png
  6. Use your browser’s Search mechanism (usually Control-F or Command-F) and search for your email address. VpnRemoteAccessEmail.png
  7. Click on the name (first column) associated with the email account. VpnRemoteAccessName.png
  8. You will be presented a list of all the UCX and PC devices that have been issued a certificate for this user account. VpnRemoteAccessDevices.png
  9. Scroll until you find the Name associated with your PC device. VpnRemoteAccessSelectPC.png
  10. Click on the Name
  11. Click on Revoke Certificate and then confirm your decision VpnRemoteAccessRevoke_0.png
  12. Now click on Certificates and then click the New Certificate button VpnRemoteAccessCertificates_0.png
  13. Enter a Name, the Certificate Type (to match your device), and a Description, then click Create Certificate. VpnRemoteAccessCertDeatils.png
  14. Now click Download Certificate and choose the location where you will store the file. VpnRemoteAccessCertCreated.png
  15. Follow the steps 1 through 8 of Install PC Certificate section of the PC OpenVPN Installation or refer to the Mac instructions on that same page. (Note that you must enter the “Y” or “y” key on step 6 instead of “any key“.)
  16. You may now connect to the E-MetroTel VPN using the standard connection procedure.
You may wish to remove the old configuration folder on your PC so that you do not have to select a particular profile when connecting to the VPN after a restart. You can remove the old VPN profile by deleting it from the config folder in the OpenVPN folder entry in Program Files. You must delete the old config folder prior to launching the OpenVPN client (you may have to do this after you have restarted your PC). Otherwise, you will have to manually select the new profile from its folder in the OpenVPN menu when you right-click on the icon in the task bar.
  1. Before removing the old folder from the configuration folder (Original_Config in this example): OpenVPNRightClickMultiple.png
  2. After removing the old configuration folder (Original_Config in this example): OpenVPNRightClickSingle.png

Step 2: Updating the VPN certificate on each UCX System

E-MetroTel has now released a new software update for both UCX Release 6 and Release 7 systems that will replace the VPN certificate on the UCX without requiring the device to be unregistered and subsequently re-registered. If the VPN was previously registered and started (i.e. connected) it will re-connect automatically after the update. If it was registered by not started, it will be able to be started directly through the Web-based Configuration Utility or using the configured Remote Support Toggle/Remote Support Password feature codes (if enabled – refer to UCX Remote Access).

If your UCX system is set for Automatic Updates, the new certificate will be installed and the VPN returned to its previous connection state at the time of the next scheduled update. If you do not have Automatic Updates configured then you will need local or alternative remote access to the system to initiate the update, during which the new certificate will be installed and the VPN returned to its previous connection state.

Note that this software update only applies to Release 6 and Release 7 UCX systems. The following process can be used for systems that are at UCX Release 5 or earlier, or for systems that cannot be updated for some other reason.

Manually updating the VPN Certificate on a UCX system

NOTE

You will need to have local access to the UCX or an alternative mechanism for connecting temporarily to the UCX through the customer's firewall to complete this procedure.This can be accomplished through remote desktop control applications such as Chrome Remote Desktop or Windows Remote Desktop Connection or other similar applications. Note that if the you may also try retrieving the UCX systems's public IP address through the Serial Number Records tool on the E-MetroTel partner portal. You may be able to access the UCX Web-based Configuration Tool through the system's public IP address if it is a cloud system or if the customer firewall has TCP port 443 forwarded to the system's internal address.

This step will be required for each of the UCX systems in your network as required for your support processes. To update the UCX VPN Certificate, proceed as follows:
  1. Login to UCX Administration with your standard log-in credentials.
  2. Navigate to the Support / Remote Access page.
  3. The page will report Remote access stopped.
    UCXRemAccessStopped1.png
  4. Click on Unregister.
    UCXRemAccessUnreg.png
  5. Enter the password associated with the Email address (shown) that was originally used to register the UCX software.
    UCXRemAccessUnreg.png
  6. If you do not know the password, you may be able to unregister it using your own account email/password combination or that of someone else in your organization.  If required, you may open a ticket with E-MetroTel support to unregister your system using the same remote desktop access method described above.
  7. Click on Unregister.
    UCXRemAccessUnregPassword.png
  8. Once the Un-Registration Complete message has been displayed, enter your Email, and Password for the account that you just updated the certificate for in the previous section, along with a Description for this UCX system and click Register.
    UCXRemAccessUnregComplete.png
  9. Then click Start to re-establish the VPN connection.
    UCXRemAccessRegComplete.png
  10. The UCX software has now connected to the E-MetroTel VPN.
    UCXRemAccessStarted.png

Contents