Reply
Polycom Employee & Community Manager
Posts: 13,312

[FAQ] How can I setup my Phone / Provisioning / Download / Upgrade / Downgrade Software?

[ Edited ]

Question: How can I setup my Phone / Provisioning  / Download Software?

 

Polycom Phones may be connected to Platforms like Microsoft Lync and Skype for Business, Broadsoft or Digium Asterisk or other VoIP Interop Partners.

 

Skype for Business

 

In order to utilize your Phone with Skype for Business the phone needs to have at least UC Software 5.4.0A (5.4.0.10182) => installed <=

 

Please follow Option 1 to upgrade your phone if => compatible <= and already on UC Software 4.0.0 or later or follow Option 2 using a Provisioning Server.

 

LYNC 2010 or LYNC 2013

 

Please follow Option 1 to upgrade your phone if => compatible <= and already on UC Software 4.0.0 or later or follow Option 2 using a Provisioning Server.

 

NOTE: You may have to enable the Web Interface as explained => here <=

 

RealPresence Trio

 

The RealPresence Trio supports USB provision as shown => here <=

 

General Provisioning

 

Some of the above Platforms provide the configuration files templates or Software in order to provision the phones and set the correct configuration values.

 

Detailed Information about Provisioning can be found in the Admin Guide matching your Phones SIP / UC Software Revision.

 

NOTE: UC Software 4.0.0 or later added the ability to import a configuration via the Web Interface. For more details check => here <=

 

OPTION 1

 

Using the Web Interface Phone Software Update

 

UC Software 4.0.0 or later introduced a new feature where a hosted server either by Polycom or => locally <= can be used to upgrade the phones software via the Web Interface.

 

NOTE: Phones delivered with this software version should be the VVX101, VVX201, VVX300, VVX310, VVX400, VVX410,  VVX500, VVX600

 

Browsing to the Phones => IP Adddress <= will bring up the Phones Web Interface and you can Login using the phones => default Password <= .

 

NOTE: UC Software 5.1.0 or will present changes to the HTTP/HTTPS availability of the Web Interface as explained => here <=

 

Via Utilities => Software Upgrade:

 

WebInterfaceUpdate.png

 

Pressing the "Check for Updates" Radio button will connect to the Polycom server and display the available software versions in a drop down menu

 

versions.PNG

 

NOTE: The phone requires to be able to connect via Port 80 to the Internet if the Polycom hosted server is being used

 

OPTION 2:

 

Using a Provisioning Server

 

UC Software 4.0.0 or later introduced a new Feature where the Provisioning Server can be added via the Web Interface of the phone.

 

WebServerProvisioning.PNG

 

 

 

NOTE: Prior to UCS 4.0.0 the Provisioning server was only available via the Phones GUI

 

OPTION 3:

 

Manually utilizing a provisioning server via the Phone GUI when the Phone is running

 

Press Menu => Settings => Advanced => Admin Settings => Network Configuration => Provisioning Server

 

 

 

OPTION 4:

 

Manually utilizing a provisioning server via the Phone GUI when the Phone is booting up

 

> UC Software 4.0.0 or later

 

  • Polycom Logo appears
  • Press Cancel when "Loading Application" appears
    CancelBootup_01.PNG
  • Select Setup during the countdown
    CancelBootup_02.PNG
  • Enter the => Password <=
    CancelBootup_04.png
  • Select Provisioning Server
    CancelBootup_05.png
  • Modify the Server Type, Server Address, Server User and Server Password
    CancelBootup_07.png

> SIP Software 3.3.5 or older

 

  • Polycom Logo appears
  • Select Setup during the countdown
    CancelBootup_02.PNG
  • Enter the => Password <=
  • Select Provisioning Server
  • Modify the Server Type, Server Address, Server User and Server Password

 

 

Software Download Location:

 

The Provisioning Server (FTP is preferred => details below) needs to be setup to provision the desired SIP / UC Software Revision.

 

Usually this is archived via downloading a compatible SIP / UC Software Revision from => here <=

 

Oct 7, 2011 Question: What SIP or UC Software Version or BootROM Version is supported by my Phone?

Resolution: Please check => here <=

 

Additional considerations:

 

The downloaded Software usually comes in two different variants:

 

  • Combined download should be used where phones may be running pre-4.0 BootROM. 
    NOTE: Please bear in mind that the combined file is large and may cause long downloading times for the individual phones

  • Split download file is recommended, but requires that all phones are running BootROM 4.0 or newer.
    Note: The split file may be a better option on slow network connections

 

May 14, 2012 Question: Can I support a mix of legacy SIP and UCS Phones on the same Provisioning Server?
Resolution: Please check => here <=

 

Checking the current Software Version:

 

Oct 7, 2011 Question: How can I find out my SIP UC Software Version or the BootROM Version of my Phone?
Resolution: Please check => here <=

 

SOFTWARE UPGRADE PATH

 

Updating to SIP 3.1.x:

 

If the phone is running an older Version of Software you will need to download the compatible SIP Version and in addition the BootROM.

 

Note: The accompanying sip.cfg and phone1.cfg must be used


Oct 7, 2011 Question: What is the relevance of the sip.cfg and phone1.cfg files?

Resolution: Please check => here <=

 

 

Updating to SIP 3.2.x:

 

If the phone is running an older Version of Software you will need to download the compatible SIP Version and in addition the BootROM.

 

Note: The accompanying sip.cfg and phone1.cfg must be used


Oct 7, 2011 Question: What is the relevance of the sip.cfg and phone1.cfg files?

Resolution: Please check => here <=

 

Updating to UCS 3.3.x:

 

If the phone is running an older Version of Software you will need to download the compatible UCS Version and in addition the BootROM.

 

Note: Do not use any old sip.cfg or phone1.cfg and utilize the cfcUtility to convert your old configuration files instead

 

Oct 03, 2012 QuestionWhat is the cfcUtility and where can I get it?

Resolution: Please check => here <=

 

Updating to UCS 4.x.x:

 

If the phone is running an older Version of Software you will need to download the compatible UCS Version and in addition the BootROM 4.4.0 B Upgrader.

 

As an example download software version UCS 4.0.3 Rev F (or later) and BootROM 4.4.0 B Upgrader and unzip the content of both of the downloads into one directory.

 

You will then have to point the relevant Server (HTTP(s), FTP(s) or TFTP to the directory where the Software has been unzipped.

 

Before you can successfully install UC Software 4.x.x onto phones running Polycom® UCS released prior to version 4.0.0, you must perform a required upgrade procedure using the Polycom® Upgrader 4.0.0 Utility.

Before you download and install Polycom® UC Software version 4.0.x or higher, Polycom strongly recommends that you review the changes to the upgrade procedures detailed in the Polycom® UC Software 4.0.0 Administrators’ Guide or newer and Engineering Advisory 64731 Polycom® UC Software 4.0.0: Upgrade and Downgrade Methods.

 

Note: A SoundStation IP 6000 and IP 7000 need the Updater upgraded as shown => here <=.

 

Downgrading from UCS 4.x.x:

 

If the phone is running the new version of UC Software you will need to download the compatible Downgrader (Example SoundPoint_IP_Updater_4_5_0B_Downgrader_release_sig.zip). 

 

This will downgrade the compatible phones to UCS 3.3.2 and you then can update to any other UCS 3.3.x Version or Downgrade to SIP 3.2.x

 

Please check the Polycom UC Software 4.0.x Upgrade and Downgrade Methods (Engineering Advisory 64731).

 

Please be aware:

The purpose of these forums is to allow community members collaborate and help each other.
Questions posted here do not follow Polycom’s SLA guidelines.
If you require assistance from Polycom technical support, please open a
web service request or call us .

The above is necessary in order to track issue internally within Polycom.

You are welcome to post more questions or configuration or logs for other community members to look at but if your issue requires a fix via Polycom you must go via the official support structure.

Please ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

This forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Polycom employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and may be answered on weekends, bank holidays or personal holidays.
Polycom Employee & Community Manager
Posts: 13,312
0

Re: [FAQ] How can I setup my Phone / Provisioning / Download / Upgrade / Downgrade Software?

[ Edited ]

SoundStation IP6000 and SoundStation IP7000 Examples:

 

Basically the process is the same as described in this FAQ but you need to ensure you also have the relevant compatible Updater:

 

First download:

 

Unzip all of the above into one directory and then point the phone to the Server

 

 IP6000_IP7000Update.PNG

Please be aware:

The purpose of these forums is to allow community members collaborate and help each other.
Questions posted here do not follow Polycom’s SLA guidelines.
If you require assistance from Polycom technical support, please open a
web service request or call us .

The above is necessary in order to track issue internally within Polycom.

You are welcome to post more questions or configuration or logs for other community members to look at but if your issue requires a fix via Polycom you must go via the official support structure.

Please ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

This forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Polycom employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and may be answered on weekends, bank holidays or personal holidays.
Polycom Employee & Community Manager
Posts: 13,312
0

Re: [FAQ] How can I setup my Phone / Provisioning / Download / Upgrade / Downgrade Software?

[ Edited ]

Automation

 

Local provisioning automated DHCP Server Options:

 

Polycom Phones delivered from the Factory are preconfigured to be using DHCP Custom Option 160 or 161 (If ordered as LYNC SKU)  and then Option 66 to inform themselves about the location of a potential Provisioning Server.

 

Adding a Custom 160 / 161:

 

PreDefinedOptions.png

 

 PreDefinedOptions_add.png

 

 PreDefinedOptions_add_160.png

 

PreDefinedOptions_add_160_Value.png 

 

And then select the actual new Option 160 or 161

 

PreDefinedOptions_Select.png

 

Option160.PNG 

 

Option 66: 


Option66.PNG

 

Above Example uses the Standard Provisioning Factory Default Username of PlcmSpIp and the Password PlcmSpIp and would utilize these using FTP as the protocol and 10.252.149.100 as the Server IP or Hostname.

 

This is submitted via a DHCP String and could be in one of the following formats:


HTTP(S), FTP(S) or TFTP.

 

Example DHCP string: 

 

 

ftp://Username:Password@IP_Address or URL

 

A Username & Password could also be:

 

http://domain\username:password@IP_Address_or_URL

NOTE: If the password as an example contains an @ please replace this with %40 instead.

 

Example:

 

ftp://Username:%40123$@IP_Address or URL

The above would use @123$ as the password or the phone would interpret the @Symbol as the separator between the password and the IP Address or URL.

 

If a Polycom Phone is used in a non supported Environment the End Customer is responsible to setting up a local Provisioning Server.

Please be aware:

The purpose of these forums is to allow community members collaborate and help each other.
Questions posted here do not follow Polycom’s SLA guidelines.
If you require assistance from Polycom technical support, please open a
web service request or call us .

The above is necessary in order to track issue internally within Polycom.

You are welcome to post more questions or configuration or logs for other community members to look at but if your issue requires a fix via Polycom you must go via the official support structure.

Please ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

This forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Polycom employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and may be answered on weekends, bank holidays or personal holidays.
Polycom Employee & Community Manager
Posts: 13,312
0

Re: [FAQ] How can I setup my Phone / Provisioning / Download / Upgrade / Downgrade Software?

[ Edited ]

Pointing a Phone to an Provisioning Server manually:

 

 

NOTE: Please remember that you may need to require to add a local Firewall Rule or Disable the Firewall completely !

 

To manually point the Phone to a Provisioning Server please do the following Steps:

 

Reboot the Phone (unplug Ethernet cable and plug back in)

 

  • Press Setup or Cancel and then Setup when the countdown is being displayed
    CancelBootup_01.PNG CancelBootup_02.PNG
  • Use the standard => Password <= of 456
    CancelBootup_04.png
  • Select Provisioning Server
    CancelBootup_05.png
  • Select DHCP Menu and press select/enter
    CancelBootup_07.png
  • Change the Boot Server to static via the Edit Button
    CancelBootup_07.png
  • Press Exit
  • Scroll down to Server Type / Server Address etc. and press select/enter and change to the following values
    CancelBootup_07.png
Server Type:  FTP(s), TFTP or HTTP(S)
Server Address:  IP Address or Hostname of your Server
Server User:  Username of your server (if needed)
Server Password: Password of your server (if needed)

 

  • Exit and Save and let the Phone re-boot.

 

In a normal setup we recommend using an FTP Server in order to provision the Phone and in addition to allow the Phone to upload its own <mac>-app.log and <mac>-boot.log files.

 

The Server directory should contain the unzipped Version of either UCS or SIP Software (depending on the compatible version)

 

NOTE: check => here <= if legacy phones are used


The FTP Server needs to allow append and write for this functionality.

 

Above is vital for Polycom Support in order to troubleshoot cases.

 

The Customer needs to create their own individual Configuration Files and can use separate files for a Phones registration (per Phone Mac Address) and Global Settings like SIP Server, NTP and Language etc.

 

When is a Provisioning Server needed:
 

  • Running an older Software than UCS 3.3.0 as the phone needs to load the sip.cfg / phone1.cfg

  • Upgrading a Phone from an older Software to UCS 4.x.x

  • Language change from English on pre UCS3.3.x Software Versions (example SIP 3.2.7 or older)

  • License provisioning for H323,Corporate Directory / LDAP, Local / Centralized Conferencing and Audio Recording
  • Central Phone Book via 000000000000-directory.xml or individual <mac>-directory.xml

  • Log Files for Support troubleshooting prior to UCS 4.0.0

  • Specific Customer configurations parameters that cannot be changed via the Web Interface (UCS 3.3.0 introduced a large scope of changes and the new UCS 4.0.0 has enhanced this functionality even more) require the usage of configuration files being loaded from the provisioning server.

 

Example FTP Server:

 

Note: Below example utilizes the Freeware FTP Server Filezilla. Please ensure to setup the correct Firewall settings and liaise directly with Filezilla for any issues encountered with their Software. The example provided is utilizing UCS 4.1.0 Rev B as the Polycom Phone Software

 

NOTE: Above UC Software 4.1.0 is just an example and is for LYNC deployments only. For SIP please check the Support page for the compatible software !

 

 

Pre-requisite:

 

  • Download the latest Phone Software from => here <=

    Example UCS 4.1.0 Rev B (!! please check that your phone is compatible as shown => here <= !!)

    provision_00.PNG


    !! Both files are required as outlined above !!

  • Create a directory and copy the two archives into this directory (Example D:\Software\UCS410revB\ )

    provision_005.PNG

  • Unzip the two Archives so they are in the UCS410revB Directory

    Directory.PNG

 

Setting up the server

 

  • After downloading and installing the Server from => here <= a User needs to be setup to be utilized

    provision_01.PNG

  • Create the new user 410b


    provision_02.PNG

    provision_03.PNG

  • Add the directory created for above Software to the new User

    provision_03_5.PNG

    provision_04.PNG


  • Ensure that the User 410b is able to append and write / delete files

    provision_05.PNG

  • Once the phone is pointed at the FTP Server address the Phone will attempt to download the relevant files

    provisioning_07.PNG

    provisioning_06.PNG
Please be aware:

The purpose of these forums is to allow community members collaborate and help each other.
Questions posted here do not follow Polycom’s SLA guidelines.
If you require assistance from Polycom technical support, please open a
web service request or call us .

The above is necessary in order to track issue internally within Polycom.

You are welcome to post more questions or configuration or logs for other community members to look at but if your issue requires a fix via Polycom you must go via the official support structure.

Please ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

This forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Polycom employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and may be answered on weekends, bank holidays or personal holidays.
Polycom Employee & Community Manager
Posts: 13,312
0

Re: [FAQ] How can I setup my Phone / Provisioning / Download / Upgrade / Downgrade Software?

[ Edited ]

Setting up Microsoft IIS for HTTP Provisioning

 

NOTE: Please be aware that Polycom does not provide any support on the below and any changes or permissions are at your own risk !!

 

A "normal" IIS server is unable to append using HTTP or HTTPS. Utilising HTTPd, Apache or any other flavor of HTTP/HTTPS servers should work.

 

The LOG_FILE_DIRECTORY="" can be used to define a FTP server instead. Example:

 

  • LOG_FILE_DIRECTORY="ftp://username:password@domain"

 

Below information is based on a Microsoft Windows Server 2008 R2 and assumes that you install the below on a separate server that is part of an existing domain.

 

Option 1 Basic Authentication:

 

  • Enable the Web Server (IIS) via adding a new Role

IIS_AddRole.PNG

  

  • You may skip the next page if shown

IIS_Skip.PNG

 

 

  • Select the Web Server (IIS) and click on Install

IIS_Install.PNG

 

  • Select in addition the WebDav Publishing

IIS_WebDav.PNG

 

  • Scroll further down to add Basic Authentication (Note: in a follow up further below XXX will be added !)

IIS_BasicAuth.PNG

 

  • Click Next and then Install to complete this step to install IIS

Once IIS is installed please download and unzip the Software you wish to provision into the C:\inetpub\wwwroot Directory

 

Example:

 

IIS_wwwroot_Directory.PNG

 

  • Launch the IIS services manager under Administrative Tools

IIS_Launch.PNG

 

  • Expand the default Web Site and select the Mime Types

IIS_Mime_Types.PNG

 

  • A list of Mime Types the web server supports are listed and you will require to add an additional minimum 3 mime types to recognize Polycom specific file extensions.
    (NOTE: please check => here <= for all required types !)

IIS_mime_cfg.PNG IIS_mime_log.PNG IIS_mime_LD.PNG

 

  • Select Authentication

IIS_Authentication_01.PNG

 

  • Enable Basic Authentication and Disable Anonymous Authentication

IIS_Authentication_02.PNG

 

  • Click on Edit and add the default Domain so the phone just requires the Username PlcmSpIp and Password PlcmSpIp

IIS_BasicAuth_Edit.PNG

 

  • Select Directory Browsing

IIS_directory_browsing.PNG

 

  • And enable the following

IIS_enableDirectoryBrowse.PNG

 

NOTE: As a standard Windows will not allow basic passwords so the following is at your own risk!

 

In order to enable a basic Password like the Polycom factory default of PlcmSpIp you will need to change the Password Policy

 

  • On your Active Directory Server start a Console via MMC and Add/Remove a Snap-in via the File Option

IIS_SnapIn.PNG

 

  • Select the Group Policy Management Editor and add this and press OK

IIS_Snap_groupPolicy_management_Editor.PNG

 

  • Browse for the Group Policy Object

IIS_Group_Policy_Object.PNG

 

  • Select your Default Domain Policy and proceed

IIS_Default_Domain_Policy.PNG

 

  • Select Computer Configuration => Windows Settings => Security Settings => Account Policies => Password Policy and Disable the setting.

IIS_Password_Policy.PNG

 

 

NOTE: The above is only an example to create a User that can utilize the Standard Polycom Password PlcmSpIp and may violate local policies !

 

  • Using Active Directory Users and Computers, create a new user. You will be assigning this user to your WebDAV authoring in a later step.

IIS_new_AD_User.PNG

 

  • Create the PlcmSpIp Provisioning user account. This can be whatever user account you want to use. The default is PlcmSpIp and passwordPlcmSpIp.

IIS75_06.PNG

 

  • Select the WebDAV authoring rules to provide write permission to your provisioning directory

 IIS_Web_Dav_01.PNG

 

  • Enable WebDav

IIS_Web_Dav_02.PNG

 

  • Add an Authoring Rule

IIS_Web_Dav_03.PNG

 

  • Specify the PlcmSpIp user and give Permission to Read and Write

IIS_Web_Dav_04.PNG

 

  • Right click on the Default Web Site and select Edit Permissions

IIS_premissions.PNG

 

  • Edit the Security

IIS_Security_Edit.PNG

 

  • Add a new User

IIC_Add_new_User.PNG

 

  • Add the newly created PlcmSpIp User and Check Names and then click on OK

IIC_security_add_Plcm.PNG

 

 

  • Allow Full Control for the PlcmSpIp user and press Apply and then OK

IIS_FullControl.PNG

 

  • Select the PlcmSpIp User and select Advanced

IIS_Advanced_Security.PNG

 

  • Change Permission for the PlcmSpIp user

IIS_changePermission.PNG

 

  • Uncheck the “Include inheritable permissions from this object’s parent” (confirm the follow up warning via Add )

IIS_Untick_inheritable.PNG

 

  • Check the “Replace all child object permissions with inheritable permissions from this object” option

IIS_Replace all.PNG

 

  • Apply the settings and confirm the process by clicking YES on the next pop up Box and return to the previous menu via OK.

  • Leave the next Menu via clicking OK and OK.

NOTE: IIS or the Server hosting IIS may need to be restarted after a successful installation !

 

 

The Option 160 or 66 DHCP Server string explained => here <= would now be as follows:

 

 

 

http://PlcmSpIp : PlcmSpIp @ 10.252.122.133/UCS_5.2.0.8330_rts55rel

IIS_Phone_webInterface.PNG  IIS_PhoneGUI.PNG

 

Please be aware:

The purpose of these forums is to allow community members collaborate and help each other.
Questions posted here do not follow Polycom’s SLA guidelines.
If you require assistance from Polycom technical support, please open a
web service request or call us .

The above is necessary in order to track issue internally within Polycom.

You are welcome to post more questions or configuration or logs for other community members to look at but if your issue requires a fix via Polycom you must go via the official support structure.

Please ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

This forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Polycom employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and may be answered on weekends, bank holidays or personal holidays.
Polycom Employee & Community Manager
Posts: 13,312
0

Re: [FAQ] How can I setup my Phone / Provisioning / Download / Upgrade / Downgrade Software?

Setting up Microsoft IIS for HTTPS Provisioning

 

NOTE: Please be aware that Polycom does not provide any support on the below and any changes or permissions are at your own risk !!

 

Below information is based on a Microsoft Windows Server 2012 and assumes that you install the below on a separate server that is part of an existing domain.

 

This Guide also assumes that you have setup a AD User called ftpuser with a password of T3ch!ab and the C:\inetpub\wwwroot Directory in the sbaierhome.lab domain.

 

The above HTTP Instructions already document how to add IIS as a role and the relevant addition of Basic Authentication, Mime Types and WebDav

 

The C:\inetpub\wwwroot Directory directory is being used for HTTP so we create a new Directory called C:\inetpub\wwwhttps

 

    • Launch the IIS services manager under Administrative Tools and create a new Site (HTTPS Web Site)
      IIS_HTTPS_00.png IIS_HTTPS_001.png
      (We remove the HTTP and add HTTPS via binding later)

    • Create a Server Certificate via "Create Domain Certificate"

      Note: If you already have a certificate signed by a Polycom trusted authority this step is not required. Please work with your network admin Team

      IIS_HTTPS_01.png
      IIS_HTTPS_02.png

    • Add the Distinguished Name Properties

      Note: The Common Name is the Name of this server that is verfied
      IIS_HTTPS_03.png

    • Select your Online Certificate Authority via clicking on Select

      Note: This is usually your AD Server. For more details work with your Network Team
      IIS_HTTPS_05.png

    • Give the Certificate itself a name so you can identify it easily

      IIS_HTTPS_06.png

    • Finish the process and the newly created and signed certificate can be checked via double clicking on the certificate

      IIS_HTTPS_07.png

    • Select the Certification Path tab and View Certificate


      IIS_HTTPS_08.png

    • Click on Next in the "Welcome to the Certificate Export Wizard"

      IIS_HTTPS_09.png

    • Select Base-64 .CER and select Next

      IIS_HTTPS_10.png

    • Provide a name for the for the exported Certificate

      IIS_HTTPS_11.png
      Example ExportedRootCertificateForPhoneProvisioning.cer

      IIS_HTTPS_12.png
      Store the newly created Certificate on a location that allows you to retrieve it. For this exercise we call it ExportedRootCertificateForPhoneProvisioning.cer

    • Browse to the new HTTPS Web Site and select Bindings

      IIS_HTTPS_13.png

    • Select Add
      Note: you will see the original binding for port 80 which we can now remove after assigning HTTPS

      IIS_HTTPS_14.png

      IIS_HTTPS_15.png

    • Select SSL Settings

      IIS_HTTPS_16.png


    • Set Require SSL and Ignore Client Certificates

      IIS_HTTPS_17.png

    • Right Click on the HTTPS Website and select Manage Website

      IIS_HTTPS_18.png

      Ensure the Physical Path points to the inetpub\wwwhttps Directory


    • Select Physical Path Credentials

      IIS_HTTPS_19.png

    • Path Credentials

      IIS_HTTPS_20.png
      IIS_HTTPS_21.png
      IIS_HTTPS_22.png

    • Select Authentication

      IIS_HTTPS_23.png

      Ensure you Disable Anonymous Authentication and Enable Basic Authentication

      IIS_HTTPS_23_1.png

    • Change the WebDAV Autoring

      IIS_HTTPS_24.png

      Enable

      IIS_HTTPS_25.png

      Add / Edit the Authoring Rule

      IIS_HTTPS_26.png

    • Open the Windows Explorer and Navigate to the wwwhttps Sub Directory and right click to change / add the user

      IIS_HTTPS_27.png
      IIS_HTTPS_28.png

      Add the User and set the Permissions
      Note: Please check with your network admin on any local policies.

      IIS_HTTPS_29.png

 

Once all of the above has been set you should be able to browse to the URL of the Provisioning Server and receive a challenge for a Username and Password.

 

Copy the ExportedRootCertificateForPhoneProvisioning.cer to your main PC so you can create the certificate for the Polycom phone to use.

 

In order for the Phone to be able to either import this via the Web Interface or load it from a Provisioning server the file needs to be correctly formatted.

 

IIS_HTTPS_30.png

 

device.set="1" 
device.sec.TLS.customCaCert1.set="1" 
device.sec.TLS.customCaCert1=" place certificate here " 

The Certificate can then be seen:

 

IIS_HTTPS_31.png

 

Setting the Provisioning Server Details on the phone:

 

IIS_HTTPS_32.png

 

The Phone connects via HTTPS:

 

0517184023|copy |3|00|'https://sbaierhome%5Cftpuser:****@iistestserver.sbaierhome.lab/000000000000.cfg' from 'iistestserver.sbaierhome.lab(10.252.149.123)'
0517184023|copy |3|00|cfgProvSrvTypeGet()[0]
0517184023|copy |1|00|performCurl : ipAddress = 10.252.149.123, connTimeout = 16, respCode =0, numAddress = 1
0517184023|curl |3|00|timeout on name lookup is not supported
0517184023|curl |3|00|About to connect() to iistestserver.sbaierhome.lab port 443 (#0)
0517184023|curl |3|00|  Trying 10.252.149.123...
0517184023|curl |3|00|the local port callback returned 0
0517184023|curl |3|00|Local port: 57091
0517184023|curl |3|00|Connected to iistestserver.sbaierhome.lab (10.252.149.123) port 443 (#0)
0517184023|curl |3|00|successfully set certificate verify locations:
0517184023|curl |3|00|  CAfile: /ffs0/ca1.crt
  CApath: none
0517184023|curl |3|00|SSLv3, TLS handshake, Client hello (1):
0517184023|curl |0|00|SSL DATA_OUT: Data of len 105 not displayed
0517184023|curl |3|00|SSLv3, TLS handshake, Server hello (2):
0517184023|curl |0|00|SSL DATA_IN: Data of len 81 not displayed
0517184023|curl |3|00|SSLv3, TLS handshake, CERT (11):
0517184023|curl |0|00|SSL DATA_IN: Data of len 1428 not displayed
0517184023|curl |3|00|SSLv3, TLS handshake, Server finished (14):
0517184023|curl |0|00|SSL DATA_IN: Data of len 4 not displayed
0517184023|curl |3|00|SSLv3, TLS handshake, Client key exchange (16):
0517184023|curl |0|00|SSL DATA_OUT: Data of len 134 not displayed
0517184023|curl |3|00|SSLv3, TLS change cipher, Client hello (1):
0517184023|curl |0|00|SSL DATA_OUT: Data of len 1 not displayed
0517184023|curl |3|00|SSLv3, TLS handshake, Finished (20):
0517184023|curl |0|00|SSL DATA_OUT: Data of len 16 not displayed
0517184023|curl |3|00|SSLv3, TLS change cipher, Client hello (1):
0517184023|curl |0|00|SSL DATA_IN: Data of len 1 not displayed
0517184023|curl |3|00|SSLv3, TLS handshake, Finished (20):
0517184023|curl |0|00|SSL DATA_IN: Data of len 16 not displayed
0517184023|curl |3|00|SSL connection using AES256-SHA
0517184023|curl |3|00|Server certificate:
0517184023|curl |3|00|   subject: C=GB, ST=Berkshire, L=Slough, O=Polycom, OU=Tier3, CN=iistestserver.sbaierhome.lab
0517184023|curl |3|00|   start date: 2016-05-17 11:09:25 GMT
0517184023|curl |3|00|   expire date: 2018-05-17 11:09:25 GMT
0517184023|curl |3|00|   common name: iistestserver.sbaierhome.lab (matched)
0517184023|curl |3|00|   issuer: DC=lab, DC=sbaierhome, CN=sbaierhome-LYNCLAB1DC-CA
0517184023|curl |3|00|   SSL certificate verify ok.
0517184023|curl |3|00|Server auth using Basic with user 'sbaierhome\ftpuser'
...7184023|curl |1|00|HEADER_OUT: GET /000000000000.cfg HTTP/1.1
0517184023|curl |1|00|HEADER_IN : HTTP/1.1 200 OK
0517184023|curl |1|00|HEADER_IN : Content-Type: text/plain
0517184023|curl |1|00|HEADER_IN : Last-Modified: Wed, 08 Apr 2015 14:54:52 GMT
0517184023|curl |1|00|HEADER_IN : Accept-Ranges: bytes
0517184023|curl |1|00|HEADER_IN : ETag: "046b8f7b72d01:0"
0517184023|curl |1|00|HEADER_IN : Server: Microsoft-IIS/8.5
0517184023|curl |1|00|HEADER_IN : Date: Tue, 17 May 2016 17:40:24 GMT
0517184023|curl |1|00|HEADER_IN : Content-Length: 1961
0517184023|curl |1|00|HEADER_IN :
0517184023|curl |0|00|DATA_IN   : Data of len 1961 not displayed
 

 

Please be aware:

The purpose of these forums is to allow community members collaborate and help each other.
Questions posted here do not follow Polycom’s SLA guidelines.
If you require assistance from Polycom technical support, please open a
web service request or call us .

The above is necessary in order to track issue internally within Polycom.

You are welcome to post more questions or configuration or logs for other community members to look at but if your issue requires a fix via Polycom you must go via the official support structure.

Please ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

This forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Polycom employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and may be answered on weekends, bank holidays or personal holidays.