Hello guys, Steffen,
Well I see it's quite often topic here.
I have a CCX500 on some Asian market in our company which fails to update the firmware for Teams Profile (without latest compatible firmware it will not be possible to roll the device into Intune).
1) Local IT person on site tried to upgrade the device via USB flash formatted to FAT32. But the device doesn't recognize it at all.
Not sure why exactly. Is there any troubleshooting guide for how to check the root cause of such issue?
Are there any other requirements for flash? i.e. Size etc.
2) Upgrade from Web-Interface also failed via Polycom Hosted Server (downloads.polycom.com)
The reason is related to our config of the network.
Phone gets the DNS server settings based on DHCP server and resolves downloads.polycom.com
via it i.e. 18.104.22.168
We have a firewall/proxy device on site (fortigate) with firewall policy to allow connection to FQDN downloads.polycom.com
However it has it's own DNS servers from local ISP line and resolves DNS record to i.e. 22.214.171.124
So when the phones tries to reach 126.96.36.199 firewall blocks it as it resolves downloads.polycom.com to different IP.
Before this time it was working ok most probably because you had 1 IP address for Poly Hosted Server >> 188.8.131.52 and that was enough.
Now you're using Amazon Cloud which has tons of IPs so I have several options to resolve it:
- Make some DNS record on internal DNS servers to resolve FQDN to 1 specific IP address.
And to update FW rule of course to allow connectivity to this IP address.
- Allow multiple ranges of Amazon IP addresses to correlate this DNS lookup differences.
But we need to know what exactly to allow.
- Use local provisioning server >>> not expected solution.
- Use FortiGate device as DNS server for phones >> also very complex solution and requires a lot effort.
Please tell me if it's possible to select one of the addresses for downloads.polycom.com DNS Lookup? i.e. 184.108.40.206
If not and we have to go by IP ranges >> are there any note for which IP addresses should be allowed?
Can't you set DNS server on that CCX manually to match what is set on Fortigate firewall/proxy??
That way your IP mismatch should be resolved.
Hello @Ruslan Bakharev ,
Welcome back to the Poly Community.
Looking at your email credentials I can see your work for an organization I worked with via Orange in the past. I assume that Orange still looks after your global infrastructure and therefore can easily escalate into Poly.
I am petty sure you have a local upgrade server so I do not really understand where the issue is. Can you provide more details on what issues were encountered when trying this via a USB Stick?
Usually, you simply download the correct download package for the CCX phones (CCX 400 pre 5.2.x described >here<) and unzip these including all files and place these on a FAT 32 formatted USB stick. Same as described => here <= aka 000000000000.cfg and the relevant sip.ld files
Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.
If it's via Web GUI >> it will not work as DHCP have higher priority.
Setting it from teams could be an option of course.
I think it will be like last resort workaround.
You're right our vendor is OBS. For skype indeed it was a provisioning server inside Orange infra.
However with Teams it doesn't give sense to use because the only settings you need to adjust for Teams Phone is upgrade firmware, admin password and time zone.
Due to COVID quarantine worldwide number of phones slightly decreased so it's ok to use 1 time firmware upgrade from Public Server or via USB.
Then set some settings and roll it to Teams.
So it was working for us for a while until FQDN started resolving Amazon IPs.
Yep if 1 fixed IP should be checked in scope of Support Ticket then I'll speak with OBS for assistance. Just was wondering if it was some common practice for anyone.
Well it strange but we've actually made it work after several factory reset.
Originally we've made steps like you've shared in instruction for USB upgrade.
Strange behavior but indeed works now.
Other devices are also normally updated via USB so looks ok.
So more interesting question is still about IP address. I know that we can technically create some DNS reference but I'm not sure if it's ok for Poly.
Since we're not provisioning too many phones it should not be a problem I guess.
+ it's usually 1 time upgrade because further upgrades are handled from Teams Admin Centre.
Hello @Ruslan Bakharev
for Teams it is important to ensure prov.startupCheck.enabled="1" is part of your configuration or the phone will never check a provisioning server.
A basic setup to configure phones:
<?xml version="1.0" encoding="utf-8" standalone="yes"?> <!-- Change to Microsoft Teams --> <!-- Change Admin Password to 789 --> <!-- Accept the End User License Agreement --> <device device.set="1" device.baseProfile.set="1" device.baseProfile="MSTeams" device.auth.localAdminPassword.set="1" device.auth.localAdminPassword="789" device.eulaAccepted.set="1" device.eulaAccepted="1" prov.eula.accepted="1"/> <!-- Polling for new configuration daily between 01:00 and 05:00 with a postpone option --> <!-- Enable device on a reboot to check provisioning server --> <polling prov.polling.enabled="1" prov.polling.mode="random" prov.polling.period="86400" prov.polling.time="01:00" prov.polling.timeRandomEnd="05:00" prov.userControl.enabled="1" prov.userControl.postponeTime="00:15" prov.startupCheck.enabled="1"/> <!-- Set UK timezone --> <!-- See https://documents.polycom.com/bundle/trio-ag-5-9-0-AA/page/r2732735.html for more countries --> <tcpIpApp tcpIpApp.sntp.olsonTimezoneID="Europe/London" /> <!-- Enable REST API --> <!-- https://community.polycom.com/t5/VoIP-SIP-Phones/FAQ-REST-API/td-p/98914 --> <apps apps.restapi.enabled="1" /> <!-- Enable Web Interface for HTTPS --> <httpd httpd.cfg.enabled="1" httpd.cfg.secureTunnelRequired="1" httpd.enabled="1" /> <!-- Enable English United Kindom for PhoneUI --> <!-- Arabic_AE--> <!-- Chinese_China--> <!-- Chinese_Taiwan--> <!-- Czech_Czechia--> <!-- Danish_Denmark--> <!-- DTGerman_Germany--> <!-- Dutch_Netherlands--> <!-- English_Canada--> <!-- English_United_Kingdom--> <!-- English_United_States--> <!-- French_Canada--> <!-- French_France--> <!-- German_Germany--> <!-- Hungarian_Hungary--> <!-- Italian_Italy--> <!-- Japanese_Japan--> <!-- Korean_Korea--> <!-- Norwegian_Norway--> <!-- Polish_Poland--> <!-- Portuguese_Portugal--> <!-- Romanian_Romania--> <!-- Russian_Russia--> <!-- Slovenian_Slovenia--> <!-- Spanish_Spain--> <!-- Swedish_Sweden--> <lcl lcl.ml.lang="English_United_Kingdom" />
The above will use the hardcoded time.windows.com as an NTP server. If you want to set the time via the DHCP Offset simply remove:
<tcpIpApp tcpIpApp.sntp.olsonTimezoneID="Europe/London" />