Plantronics + Polycom. Now together as Poly Logo

VVX 331 & 600 not able to log in with Extension & PIN

SOLVED
Highlighted
Occasional Advisor

VVX 331 & 600 not able to log in with Extension & PIN

I'm just turning up a on premiss Skype for Business system with a handfull of phone from different vendors for evaluation reasons. The network is configured with both the DHCP Options 43 and 120 and only the Polycom handsets (VVX331 & 600) are not able to login using the extension & PIN methond.

From what I've confirmed that these device do have a Skype licences ie -018 / -019 on the order number. So this should not be the issue.

 

I talked both to the vendor I purchassed from and polycom support, both of which reffered me to the other. Hopefully this community can help.

 

I've attached the App log after I from when I initiated a extentnion & PIN process. The final itmes show a DNS and ldap lookup, but I don't see (in log or config) when the SRV record the phone is requesting is located.

 

0927195242|ldap |4|00|ldapCfg::initCfg: ldapCfg::initCfg  for cid cmdLine
0927195242|ldap |4|00|ldapCfg::isDirFeatureEnabled: for 5 enabled 1
0927195242|dns  |4|00|doDnsLookupForList(SRV): hostname (dc._msdcs..domain-name.com) is invalid
0927195242|dns  |4|00|doDnsLookupForList: given NULL hostname 
0927195242|dns  |4|00|doDnsLookupForList: given NULL hostname 
0927195242|ldap |4|00|ldap: Cfg Failed
0927195242|ldap |4|00|ldapAccess::dirAccessPmtWithCB:configuration failed
0927195838|app1 |4|00|CContentInfo::TimerOut500ms [State = 1]

I'll be raising the logging level to include more options in a followup post. The current log is based off the FAQ-Troubleshooting-sign-in-issues posting looking for the " Option 43 for Extension & PIN troubleshooting.

Message 1 of 12
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Occasional Advisor

Re: VVX 311 & 600 not able to log in with Extension & PIN

After working with Polycom Support, Skype & Mircorsoft Consultants, various networks vendors to identify what was causing the problem with the PIN authentication. At one time Polycom eventualy identified the following configuration change.

<PHONE_CONFIG>
	<ALL
	feature.validate.peer.cert ="0"
	/>
</PHONE_CONFIG>

The admin guides I checked did not include this setting. From what I can tell the certificate validation process was failing, an none of the support teams could identify how/why this was happening. This setting allows the phone to "skip" part of the certification validation process.

I've varifies these results on the VVX311.

View solution in original post

Message 7 of 12
11 REPLIES 11
Highlighted
Polycom Employee & Community Manager

Re: VVX 331 & 600 not able to log in with Extension & PIN

Hello BaldingAdmin,

welcome to the Polycom Community.

It is always useful to include the currently used UC Software version as issues experienced or a question asked may already be addressed in a newer release.

This also allows yourself and others to check against current software release notes, Administrator Guides or FAQ post’s.

The above is also stated in the "Must Read First" and is the absolute minimum requirement every new post should include. .

In addition providing us with this basic information gives Polycom an idea what Software Versions are used in the field and avoids wasting time trying to troubleshoot issues which have already been addressed.

Therefore the Polycom VoIP FAQ contains this post here:

Question: How can I find out my SIP or UC Software Version of my Phone?
Resolution: Please check here

 

In addition your log does not show the details explained for Option 43 as outlined in the referenced FAQ.

 

Simply follow the FAQ and then post the whole log so we can look at it rather than yourself deciding what to post.


Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 2 of 12
Highlighted
Occasional Advisor

Re: VVX 331 & 600 not able to log in with Extension & PIN

For the time being I am focusing my efforts on the 331, as worst case I can have users use the touch screen to enter to usernames and compleax passwords.

 

VVX 311

UCSoftware Version 5.6.0.17325

Updater Version 5.8.0.19248

 

The original app logs were pulled with the following settings:

Golbal Level Limit = Debug

Type = MDHms

Web Ticket = Event 1

Configuration = Event 3

 

Other then the IP address for the local provisiong server used to give the phone updated firmware no changes were made to the phones configuration from a factory reset phone.

 

Message 3 of 12
Highlighted
Polycom Employee & Community Manager

Re: VVX 331 & 600 not able to log in with Extension & PIN

Hello BaldingAdmin,

You can always use the Web Interface to add the Skype for Business credentials so there is no need to do this on the phone.

 

In addition you could also utilize BToE as this enables the same from the PC and the Username should be populated already.

 

You have not posted any new or complete logs so you can either do this or simply open a support ticket with your reseller.


In order to raise a support ticket you need to work with your Polycom reseller as they need to do this for you. End Customers are usually unable to open a ticket directly with Polycom support.

If this is some sort of an Internet discounter please post either your phone's MAC address or your Polycom devices serial so I can look up who would be able to support you. This may not be who you purchased the Polycom device from.

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 4 of 12
Highlighted
Occasional Advisor

Re: VVX 331 & 600 not able to log in with Extension & PIN

@SteffenBaierUK Can you provide guidance on what you mean buy "complete logs"? I included the app log as an attachmented file, but I do not see them in the tread. I did not want to fill a post with 100+ lines of code.

 

I understand the alternitives but based on our users and the current enviroment there are problems/ concerns with these alternitives.

From what I've found, admitaly most of the posts are older, the BToE is not supported at this time in a thin-client/ Citrix which would include a larger portion of our population. The person I asked to test the Citrix enviroment said it didn't work. I have yet found confirmation that this should work.

The "Web Sign-in" feature, which provides the http://aka.ms/sphone link, is capatable with only Skype in the cloud. As I stated in the first posts this is a on premess, and everythign I read that is not an option. We have already receaved pushback to the having the users enter the phones web page then having them go to Settings > Skype for Business > Sign-In. We have sucessfully gotten a majority of our user base to use more compleax passwords,to the point of using the T9 entry interface is a non-started, but having them navagate though the web client is above meany of their abilityes.

 

On the bright side, even though no-one (network or server admin) has stated they made a change, some of our test Polycoms have started allowing Extension + PIN log in. The only confirmed change was been adding some additional logging, but after lowering the logging the phone PIN login will still work. Looking at the logs the first differences in the logs are listed below.

 

Failed login directs to a /anon

0927195241|nisvc|2|00|HTTP SEND:: DestUrl(https://sfbpool01.domain-name.com:443/CertProv/CertProvisioningService.svc/mex), HttpResCode(200), curlRetCode(0) retVal(0)
0927195241|nisvc|2|00|

****************************HTTP SEND**************************

0927195241|nisvc|2|00|<\NIModuleKey00:1,time taken(0)>
0927195241|auth |2|00|<SM>(303)AuthServiceRootCertStateMachine(0x179df10):Ctx((315),(301)kEAuthOnRecvDataResponse,Ticks(0))
0927195241|xml  |*|00|Initial log entry. Current logging level 4
0927195241|auth |2|00|m_RetVal[0] eReqRspID[1] curlReturn[0] HttpRspCode[200] messageLen[16580]
0927195241|auth |2|00|S/E(sSAuthSvcGetServers,kEAuthOnRecvDataResponse),rO(3)
0927195241|auth |2|00|<\SM>(303)AuthServiceRootCertStateMachine(0x179df10):Ctx((316),(1)kBaseEventInit,Ticks(0))
0927195241|auth |2|00|<SM>(303)AuthServiceRootCertStateMachine(0x179df10):Ctx((316),(1)kBaseEventInit,Ticks(0))
0927195241|auth |2|00|[prepareAndSendRequest]:[4324]:[2]:[http://sfbwsint.domain-name.com/CertProv/CertProvisioningService.svc/anon]
0927195241|cfg  |5|00|Prm|Parameter feature.validate.peer.cert requested type 0 but is of type 7
0927195241|nisvc|2|00|Request(-1)nisvc,(702)NIServiceHttpReqMsgKey,(-1)auth,(703)NIServiceHttpResMsgKey,(Expiry,TransactionId,Time,Type):(-1,-1,1506538361,0)IndicationLevel:(200)
0927195241|auth |2|00|S/E(sSAuthSvcFetchRootCertUsingDHCP,kBaseEventInit),rO(5)
0927195241|auth |2|00|<\SM>(303)AuthServiceRootCertStateMachine(0x179df10):Ctx((316),(5),Ticks(0))

Working login diects to a /pin

0927165616|nisvc|2|00|HTTP SEND:: DestUrl(https://sfbwsint.domain-name.com/WebTicket/WebTicketService.svc/mex), HttpResCode(200), curlRetCode(0) retVal(0)
0927165616|nisvc|2|00|

****************************HTTP SEND**************************

0927165616|auth |2|00|<SM>(304)AuthServiceUTStateMachine(0x41979b60):Ctx((318),(301)kEAuthOnRecvDataResponse,Ticks(0))
0927165616|auth |2|00|m_RetVal[0] eReqRspID[3] curlReturn[0] HttpRspCode[200] messageLen[15661]
0927165616|auth |2|00|S/E(sSAuthSvcGetTokenProvider,kEAuthOnRecvDataResponse),rO(3)
0927165616|auth |2|00|<\SM>(304)AuthServiceUTStateMachine(0x41979b60):Ctx((345),(1)kBaseEventInit,Ticks(0))
0927165616|auth |2|00|<SM>(304)AuthServiceUTStateMachine(0x41979b60):Ctx((345),(1)kBaseEventInit,Ticks(0))
0927165616|auth |2|00|S/E(sSAuthSvcUTEnd,kBaseEventInit),rO(3)
0927165616|auth |2|00|<\SM>(304)AuthServiceUTStateMachine(0x41979b60):Ctx((345),(3),Ticks(0))
0927165616|auth |2|00|<SM>(304)AuthServiceUTStateMachine(0x41979b60):Ctx((345),(3),Ticks(0))
0927165616|auth |2|00|<\SM>(304)AuthServiceUTStateMachine(0x41979b60):Ctx((345),(-1),Ticks(0))
0927165616|auth |2|00|Policy Dest:(203)AuthServicePolicyFsmKey:(105)AuthServiceUTMsgKey:(215)AuthSvcAOFsmReplyKey
Caller Service(139)AuthServiceCallerWbad:IndicationCode(200)Got User Type
,TransactionID(1666987473)
0927165616|auth |2|00|Policy Dest:(202)AuthServicePolicyDBKey:(105)AuthServiceUTMsgKey:(212)AuthSvcAODBDBIndKey
Caller Service(139)AuthServiceCallerWbad:IndicationCode(200)Got User Type
,TransactionID(1666987473)
0927165616|auth |2|00|Policy Dest:(202)AuthServicePolicyDBKey:(101)AuthServiceWTMsgKey:(211)AuthSvcAODBIEIndKey
Caller Service(139)AuthServiceCallerWbad:IndicationCode(200)Got User Type
,TransactionID(1666987473)
0927165616|auth |2|00|Policy Dest:(203)AuthServicePolicyFsmKey:(101)AuthServiceWTMsgKey:(214)AuthSvcAOFsmRequestKey
Caller Service(139)AuthServiceCallerWbad:IndicationCode(0)
,TransactionID(1666987473)
0927165616|auth |2|00|SM Module: SM created Ref(2715822)
0927165616|auth |2|00|<SM>(307)AuthServiceWTUsingCredStateMachine(0x41996a00):Ctx((336),(1)kBaseEventInit,Ticks(0))
0927165616|auth |2|00|S/E(sSAuthSvcWTS0,kBaseEventInit),rO(310)
0927165616|auth |2|00|<\SM>(307)AuthServiceWTUsingCredStateMachine(0x41996a00):Ctx((322),(1)kBaseEventInit,Ticks(0))
0927165616|auth |2|00|<SM>(307)AuthServiceWTUsingCredStateMachine(0x41996a00):Ctx((322),(1)kBaseEventInit,Ticks(0))
0927165616|auth |2|00|S/E(sSAuthSvcOnPrem,kBaseEventInit),rO(311)
0927165616|auth |2|00|<\SM>(307)AuthServiceWTUsingCredStateMachine(0x41996a00):Ctx((340),(1)kBaseEventInit,Ticks(0))
0927165616|auth |2|00|<SM>(307)AuthServiceWTUsingCredStateMachine(0x41996a00):Ctx((340),(1)kBaseEventInit,Ticks(0))
0927165616|auth |2|00|[prepareAndSendRequest]:[4324]:[4]:[https://sfbwsint.domain-name.com/WebTicket/WebTicketService.svc/pin]
0927165616|cfg  |5|00|Prm|Parameter feature.validate.peer.cert requested type 0 but is of type 7
0927165616|nisvc|2|00|Request(-1)nisvc,(702)NIServiceHttpReqMsgKey,(-1)auth,(703)NIServiceHttpResMsgKey,(Expiry,TransactionId,Time,Type):(-1,-1,1506545776,0)IndicationLevel:(200)
0927165616|auth |2|00|S/E(sSAuthSvcGetWTForRegUsingCredentials,kBaseEventInit),rO(5)
0927165616|auth |2|00|<\SM>(307)AuthServiceWTUsingCredStateMachine(0x41996a00):Ctx((340),(5),Ticks(0))
0927165616|nisvc|2|00|<\NIModuleKey02:1,time taken(1)>
0927165616|nisvc|2|00|
Message 5 of 12
Highlighted
Polycom Employee & Community Manager

Re: VVX 331 & 600 not able to log in with Extension & PIN

Hello BaldingAdmin,

as stated in my reply I meant this:

 

Sep 30 2014 Question:Can I sign into LYNC using the Web Interface?

Resolution: Please check => here <=

 

But you already confirmed that you are aware how to do this. 

 

You can only attach certain document types and a log is not one of them.

 

Posting a log will also allow search engines or the community search to find these which we cannot if attached as a file.

 

I did not mention the "Web Sign-in" feature so not sure why this was mentioned.

 

99,999% of all issues with Skype for Business is someone not setting up the right DNS entries as an example amongst others.

 

Working PIN scenario:

 

0927165616|nisvc|2|00|HTTP SEND:: DestUrl(https://sfbwsint.domain-name.com/WebTicket/WebTicketService.svc/mex), HttpResCode(200), curlRetCode(0) retVal(0)

Not working scenario:

 

0927195241|nisvc|2|00|HTTP SEND:: DestUrl(https://sfbpool01.domain-name.com:443/CertProv/CertProvisioningService.svc/mex), HttpResCode(200), curlRetCode(0) retVal(0)

 

I suggest you check this and then maybe get Microsoft involved as the initial setup needs to be 100% to their specifications.

 

If you still have trouble feel free to work with your reseller to get this into Polycom support.

In order to raise a support ticket you need to work with your Polycom reseller as they need to do this for you. End Customers are usually unable to open a ticket directly with Polycom support.

If this is some sort of an Internet discounter please post either your phone's MAC address or your Polycom devices serial so I can look up who would be able to support you. This may not be who you purchased the Polycom device from.

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 6 of 12
Highlighted
Occasional Advisor

Re: VVX 311 & 600 not able to log in with Extension & PIN

After working with Polycom Support, Skype & Mircorsoft Consultants, various networks vendors to identify what was causing the problem with the PIN authentication. At one time Polycom eventualy identified the following configuration change.

<PHONE_CONFIG>
	<ALL
	feature.validate.peer.cert ="0"
	/>
</PHONE_CONFIG>

The admin guides I checked did not include this setting. From what I can tell the certificate validation process was failing, an none of the support teams could identify how/why this was happening. This setting allows the phone to "skip" part of the certification validation process.

I've varifies these results on the VVX311.

View solution in original post

Message 7 of 12
Highlighted
Polycom Employee & Community Manager

Re: VVX 311 & 600 not able to log in with Extension & PIN

just to close the loop this was 1-7285271620 / VESC-8044

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 8 of 12
Highlighted
Occasional Advisor

Re: VVX 311 & 600 not able to log in with Extension & PIN

Not sure I understand your last comment:
"just to close the loop this was 1-7285271620 / VESC-8044"

 

Message 9 of 12
Highlighted
Polycom Employee & Community Manager

Re: VVX 311 & 600 not able to log in with Extension & PIN

The Polycom service reference which was opened for you and Polycom internal engineering ticket in case anyone wants to follow this up

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 10 of 12