Hello all, I'll just post the phone model and firmware versions below:
Phone Model: SoundStation IP 5000
Part Number: 3111-30900-001 Rev:H
UC Software Version: 4.1.1.0731
BootROM Software Version: 5.1.1.0132
I'm attempting to connect the phone to our Lync 2010 environment and we use SSL certificates with an intermediate CA; I've been using the following link to import the certificates on the phone using an XML .cfg file:
http://blog.schertz.name/2012/11/importing-certificates-polycom-ucs/
My question is, in what order do I import the certificate chain - is it something like the below:
Application CA 5 = Intermediate certificate
Application CA 6 = root certificate
...or is it in a different order?
Thanks for any help.
Hello @Enfield303,
welcome back to the Polycom community.
Some or a couple of your old post(s) or reply(s) to them => here <= are still open / pending as you have not marked these as "Accept as a solution" or at least provided some form of feedback or answer.
If they are in this state nobody finding them via a community search will know if an answer or advice provided was useful and has maybe helped you.
Could you therefore kindly go over them and mark or answer as appropriate ?
If they are marked as "Accept as a solution" other users can find these easier and it helps them to utilise the community more efficiently. Please do not simply mark them without any type of feedback.
Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.
Best Regards
Steffen Baier
Polycom Global Services
Hello @Enfield303,
welcome back to the Polycom Community.
Newer Phones and software can usually extract the Certificate in question from LDAP when signing into Skype for Business and place this automatically into sec.TLS.customCaCert.6.
In your case I suggest you use sec.TLS.customCACert.4 for the Root and sec.TLS.customCACert.5 for the intermediate.
Your reseller from another case was Scansource so they can open a ticket with Polycom support.
Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.
Best Regards
Steffen Baier
Polycom Global Services
Thanks for getting back to me Steffen; we purchased the phone though Insight (https://www.uk.insight.com/en-gb) - I did ask them to open a support ticket with Polycom on our behalf but the upshot was that they told us all they can do is replace the phone, I'm afraid I can't remember the reason why they couldn't open a support ticket.
I have imported the certificates and placed them in the application containers as you suggested:
Application CA 4 - root certificate
Application CA 5 - sub certificate
However I'm still getting TLS connection issues in the logs:
000017.362|sip |*|03|Sip Register Usr:myuser@domain.com Dsp:IT 3730 Auth:'Using Login Cred' Inx:0 000017.372|app1 |4|03|[AppHybridC::procCfgParamChange] unexpected line index=(-1) 000017.394|app1 |4|03|Unexpected Event: State: AppStateMenu, Event: AppEvLclCfgWebServerInitialized 000017.542|utilm|4|03|uBLFCompressed: File /ffs0/local/local-directory_xml.zzz does not exist or is empty 000017.576|utilm|4|03|uBLFCompressed: File /ffs0/local/local-directory_xml.zzz does not exist or is empty 000017.630|cfg |*|03|Prov|Starting to update 3111-30900-001.sip.ld 000018.882|cfg |*|03|Prov|Finished updating configuration 000021.482|sip |*|03|Fast Boot Measurement Point: Ready for Call, uptime: 21.482 sec. 000022.106|sip |4|03|Server certificate verification failed, Untrusted Cetificate 000022.110|sip |4|03|MakeTlsConnection: SSL_connect error 1 000022.110|sip |4|03|MakeTlsConnection: connection failed error -1 000022.898|sip |4|03|Server certificate verification failed, Untrusted Cetificate 000022.902|sip |4|03|MakeTlsConnection: SSL_connect error 1 000022.902|sip |4|03|MakeTlsConnection: connection failed error -1 000022.902|sip |4|03|Registration failed User: myuser, Error Code:480 Temporarily not available
Hello @Enfield303,
The FAQ has this post:
Jan 17, 2017 Question:How can I troubleshoot simple Skype for Business, LYNC or Office365 issues?
Resolution: Have a look => here <=
Briefly looking at your log the phone has not got an NTP time.
SIP is not at debug or you would see more details.
The other phone came originally from Scansource so I would try them for support.
Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.
Best Regards
Steffen Baier
Polycom Global Services
WHERE CAN I ASK A QUESTION / START DISCUSSION PLEASE ???
Something wrong with my account ?? (Found no Button to start / ask !!)
Please check https://community.polycom.com/t5/Community-Announcements-and/How-Do-I-Sign-In-and-Post/m-p/10
Thankyou Steffan, I've added the SNTP server address which has gotten rid of most of the TLS errors; I'm now seeing the following when entering the domain credentials to connecto to Lync:
1204155319|so |4|03|[soRegistrationC] Login Credentials valid causing SoRegEventLine Changed 1204155320|app1 |*|03|SoRegistrationEventLineChanged - success lineIndex 0 RegListSize 0 1204155320|app1 |*|03|SoRegistrationEventLast - new AppRegLineC, szUser = user@domain.com 1204155320|app1 |4|03|[AppHybridC::procCfgParamChange] unexpected line index=(-1) 1204155320|sip |*|03|Sip UnRegister Usr:SSIP Dsp:SoundStation IP Auth:'' Inx:0 1204155320|sip |*|03|SipUserRemove: user 0 being removed. 1204155320|sip |*|03|Sip Register Usr:user@domain.com Dsp:user Auth:'Using Login Cred' Inx:0 1204155326|sip |*|03|User removed 1204155326|sip |5|03|m_nTLSDSKState = TLSDSK_INIT : pNtlmDomain or m_csAuthDomain is NULL 1204155326|sip |5|03|Unsupported authentication 1204155327|sip |4|03|CTcpSocket::Abandon connected socket. Send Message 0x94e32780 1204155327|cfg |4|03|RT|SIP is settting Login Credentials to invalid 1204155327|so |4|03|[soRegistrationC] Login Credentials invalid causing SoRegEventLine Deleted 1204155327|sip |4|03|Registration failed User: user, Error Code:480 Temporarily not available 1204155327|sip |4|03|CTcpSocket::TlsListenThread: SSL_get_error Error code=5 1204155327|sip |4|03|TLS Listen Thread Exit 1204155328|app1 |*|03|SoRegistrationEventLineDeleted - new AppRegLineC, Default user 1204155328|app1 |4|03|[AppHybridC::procCfgParamChange] unexpected line index=(-1) 1204155328|sip |*|03|Sip UnRegister Usr:user@domain.com Dsp:user Auth:'' Inx:0 1204155328|sip |*|03|SipUserRemove: user 0 being removed. 1204155328|sip |*|03|Sip Register Usr:SSIP Dsp:SoundStation IP Auth:'Using Login Cred' Inx:0 1204155333|sip |*|03|User removed
As you can see from the above it seems to successfully register then then it unregisters because of pNtlmDomain or m_csAuthDomain is NULL - I've definitley entered the domain netBIOS name in the phone configuration so I'm not sure why its complaining about that.
Hello @Enfield303,
As already stated I cannot provide free support via the community.
End Customers are unable to open a ticket directly with Polycom support.
Your reseller from another case was Scansource so they can open a ticket with Polycom support.
Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.
Best Regards
Steffen Baier
Polycom Global Services