Hello @Enfield303,

welcome back to the Polycom community.

Some or a couple of your old post(s) or reply(s) to them => here <= are still open / pending as you have not marked these as "Accept as a solution" or at least provided some form of feedback or answer.

If they are in this state nobody finding them via a community search will know if an answer or advice provided was useful and has maybe helped you.

Could you therefore kindly go over them and mark or answer as appropriate ?

If they are marked as "Accept as a solution" other users can find these easier and it helps them to utilise the community more efficiently. Please do not simply mark them without any type of feedback.

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

Hello @Enfield303,

welcome back to the Polycom Community.

Newer Phones and software can usually extract the Certificate in question from LDAP when signing into Skype for Business and place this automatically into sec.TLS.customCaCert.6.

In your case I suggest you use sec.TLS.customCACert.4 for the Root and sec.TLS.customCACert.5 for the intermediate.

Your reseller from another case was Scansource so they can open a ticket with Polycom support.

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

Thanks for getting back to me Steffen; we purchased the phone though Insight (https://www.uk.insight.com/en-gb)  - I did ask them to open a support ticket with Polycom on our behalf but the upshot was that they told us all they can do is replace the phone, I'm afraid I can't remember the reason why they couldn't open a support ticket.

I have imported the certificates and placed them in the application containers as you suggested:

Application CA 4 - root certificate

Application CA 5 - sub certificate

However I'm still getting TLS connection issues in the logs:

000017.362|sip  |*|03|Sip Register Usr:myuser@domain.com Dsp:IT 3730 Auth:'Using Login Cred' Inx:0
000017.372|app1 |4|03|[AppHybridC::procCfgParamChange] unexpected line index=(-1)
000017.394|app1 |4|03|Unexpected Event: State: AppStateMenu, Event: AppEvLclCfgWebServerInitialized
000017.542|utilm|4|03|uBLFCompressed: File /ffs0/local/local-directory_xml.zzz does not exist or is empty
000017.576|utilm|4|03|uBLFCompressed: File /ffs0/local/local-directory_xml.zzz does not exist or is empty
000017.630|cfg  |*|03|Prov|Starting to update 3111-30900-001.sip.ld
000018.882|cfg  |*|03|Prov|Finished updating configuration
000021.482|sip  |*|03|Fast Boot Measurement Point: Ready for Call, uptime: 21.482 sec.
000022.106|sip  |4|03|Server certificate verification failed, Untrusted Cetificate
000022.110|sip  |4|03|MakeTlsConnection: SSL_connect error 1
000022.110|sip  |4|03|MakeTlsConnection: connection failed error -1
000022.898|sip  |4|03|Server certificate verification failed, Untrusted Cetificate
000022.902|sip  |4|03|MakeTlsConnection: SSL_connect error 1
000022.902|sip  |4|03|MakeTlsConnection: connection failed error -1
000022.902|sip  |4|03|Registration failed User: myuser, Error Code:480 Temporarily not available

Hello @Enfield303,

The FAQ has this post:

Jan 17, 2017 Question:How can I troubleshoot simple Skype for Business, LYNC or Office365 issues?

Resolution: Have a look => here <=

Briefly looking at your log the phone has not got an NTP time.

SIP is not at debug or you would see more details.

The other phone came originally from Scansource so I would try them for support.

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

WHERE CAN I ASK A QUESTION / START DISCUSSION PLEASE ??? 

Something wrong with my account ??  (Found no Button to start / ask !!) 

Please check https://community.polycom.com/t5/Community-Announcements-and/How-Do-I-Sign-In-and-Post/m-p/10

Thankyou Steffan, I've added the SNTP server address which has gotten rid of most of the TLS errors; I'm now seeing the following when entering the domain credentials to connecto to Lync:

1204155319|so   |4|03|[soRegistrationC] Login Credentials valid causing SoRegEventLine Changed
1204155320|app1 |*|03|SoRegistrationEventLineChanged - success lineIndex 0 RegListSize 0
1204155320|app1 |*|03|SoRegistrationEventLast - new AppRegLineC, szUser = user@domain.com
1204155320|app1 |4|03|[AppHybridC::procCfgParamChange] unexpected line index=(-1)
1204155320|sip  |*|03|Sip UnRegister Usr:SSIP Dsp:SoundStation IP Auth:'' Inx:0
1204155320|sip  |*|03|SipUserRemove: user 0 being removed.
1204155320|sip  |*|03|Sip Register Usr:user@domain.com Dsp:user Auth:'Using Login Cred' Inx:0
1204155326|sip  |*|03|User removed
1204155326|sip  |5|03|m_nTLSDSKState = TLSDSK_INIT : pNtlmDomain or m_csAuthDomain is NULL
1204155326|sip  |5|03|Unsupported authentication
1204155327|sip  |4|03|CTcpSocket::Abandon connected socket. Send Message 0x94e32780
1204155327|cfg  |4|03|RT|SIP is settting Login Credentials to invalid
1204155327|so   |4|03|[soRegistrationC] Login Credentials invalid causing SoRegEventLine Deleted
1204155327|sip  |4|03|Registration failed User: user, Error Code:480 Temporarily not available
1204155327|sip  |4|03|CTcpSocket::TlsListenThread: SSL_get_error Error code=5
1204155327|sip  |4|03|TLS Listen Thread Exit
1204155328|app1 |*|03|SoRegistrationEventLineDeleted - new AppRegLineC, Default user
1204155328|app1 |4|03|[AppHybridC::procCfgParamChange] unexpected line index=(-1)
1204155328|sip  |*|03|Sip UnRegister Usr:user@domain.com Dsp:user Auth:'' Inx:0
1204155328|sip  |*|03|SipUserRemove: user 0 being removed.
1204155328|sip  |*|03|Sip Register Usr:SSIP Dsp:SoundStation IP Auth:'Using Login Cred' Inx:0
1204155333|sip  |*|03|User removed

As you can see from the above it seems to successfully register then then it unregisters because of  pNtlmDomain or m_csAuthDomain is NULL - I've definitley entered the domain netBIOS name in the phone configuration so I'm not sure why its complaining about that.

Hello @Enfield303,

As already stated I cannot provide free support via the community.

End Customers are unable to open a ticket directly with Polycom support.

Your reseller from another case was Scansource so they can open a ticket with Polycom support.

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services