-
×InformationWindows update impacting certain printer icons and names. Microsoft is working on a solution.
Click here to learn moreInformationNeed Windows 11 help?Check documents on compatibility, FAQs, upgrade information and available fixes.
Windows 11 Support Center.
-
×InformationWindows update impacting certain printer icons and names. Microsoft is working on a solution.
Click here to learn moreInformationNeed Windows 11 help?Check documents on compatibility, FAQs, upgrade information and available fixes.
Windows 11 Support Center.
- HP Community
- Poly Phones
- Desk and IP Conference Phones
- Can't get DHCP 43 Override and Pin Auth working with UCS5.3
Create an account on the HP Community to personalize your profile and ask a question
06-26-2015 02:47 PM
I've followed Brennon's article http://www.ucprimer.com/tech-blog/deploying-lync-enterprise-voice-phones-without-dhcp, and am pointing my STS-UTI directly at a Lync 2013 server running Windows 2012 R2. In my situation t's https://lync-03.domain.com:443/CertProv/CertProvisioningService.svc We're using public certificates on the server, but I exported the roots and intermediates regardless and installed them as Application CA 1, 2, and 3. Still, when I attempt to pin authenticate I get the following:
0626154056|cfg |5|00|Prm|Parameter reg.x.auth.useLoginCredentials requested type 2 but is of type 7
0626154056|so |4|00|[soRegistrationC] Login Credentials valid causing SoRegEventLine Changed
0626154056|cfg |4|00|Web|[cfgSaProcessRequestC::signInToLync] Successfully updated the PIN Auth Login credentials
0626154100|sip |*|00|dhcpOption120LyncQuery numList [2]
0626154100|utilm|4|00|uBLFUnCompressed: File /ffs0/Config/Local/WebTicket/0/certProvSvc.mex doesn't exist or is empty
0626154100|utilm|4|00|uBLFUnCompressed: File /ffs0/Config/Local/WebTicket/0/certProvSvc.mex doesn't exist or is empty
0626154101|app1 |*|00|SoRegistrationEventLineChanged - success lineIndex 0 RegListSize 0
0626154101|app1 |*|00|SoRegistrationEventLast - new AppRegLineC, Default user
0626154101|sip |*|00|Sip Register Usr:VVX310 Dsp:VVX 310 Auth:'Using Login Cred' Inx:0
0626154115|tickt|5|00|soWebticketGetAllUserInfo: soWebTicketPinAuthGetRootCertChain Failed
0626154115|tickt|5|00|[MsgSoWebTicketSignWithPinAuth]: PIN Auth Failed
I see the line "soWebTicketPinAuthGetRootCertChain Failed" but I don't really understand what it's trying to tell me. I thought at first it might be a trust issue, which is why I imported the root and intermediates as seperate certs.
Can someone help me decipher what it's trying to tell me is failing?
Solved! Go to Solution.
Accepted Solutions
06-26-2015 03:39 PM
Nevermind, figured it out. Sometimes it just helps to talk it out.
I saw this in the log:
0626160151|tickt|3|00|soWebTicketServersGet: getRootCertChain URL is //lyncfeint.domain.com/CertProv/CertProvisioningService.svc/anon
hack prepended http: to the getRootCertChains URL
and realized that port 80 was blocked though the hardware load balancer while 443 was allowed. That was my issue. Problem solved.
06-26-2015 03:07 PM
I upped the logging levels to debug and received this if it helps:
0626160146|cfg |5|00|Prm|Parameter reg.x.auth.useLoginCredentials requested type 2 but is of type 7
0626160146|so |4|00|[soRegistrationC] Login Credentials valid causing SoRegEventLine Changed
0626160146|cfg |4|00|Web|[cfgSaProcessRequestC::signInToLync] Successfully updated the PIN Auth Login credentials
0626160150|sip |*|00|dhcpOption120LyncQuery numList [2]
0626160150|tickt|0|00|soWebTicket: msg 7002 0 22 e86028
0626160150|tickt|0|00|[MsgSoWebTicketSignWithPinAuth]: Pin Sign With Ext/Pin In Device Flash
0626160150|tickt|1|00|soWebticketGetAllUserInfo:input parameters user index 0, Extension 67324 server https://lync-03.ad.domain.com:443/CertProv/CertProvisioningService.svc UUID 41251496-6342-53e9-9513-4652e9c5acf0
0626160150|utilm|4|00|uBLFUnCompressed: File /ffs0/Config/Local/WebTicket/0/certProvSvc.mex doesn't exist or is empty
0626160150|tickt|1|00|soWebTicketServersGet: request URI is https://lync-03.ad.domain.com:443/CertProv/CertProvisioningService.svc/mex
0626160150|tickt|1|00|Provisioning:Cipher suite = RSA:!EXP:!LOW:!NULL:!MD5:@STRENGTH
0626160150|tickt|1|00|soWebTicketServersGet: Got response 0 code 200
0626160150|tickt|0|00|Got response 0 code 200 data:
[HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 16599
Content-Type: text/xml; charset=UTF-8
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-MS-Server-Fqdn: lync-03.ad.domain.com
X-Powered-By: ASP.NET
Date: Fri, 26 Jun 2015 21:01:50 GMT
<?xml version="1.0" encoding="utf-8"?><wsdl:definitions name="CertProvisioningService" targetNamespace="http://schemas.microsoft.com/OCS/AuthWebServices/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:wsx="
0626160150|tickt|2|00|doXmlParsingForErrorCode: stripped pResponse is:
<?xml version="1.0" encoding="utf-8"?><wsdl:definitions name="CertProvisioningService" targetNamespace="http://schemas.microsoft.com/OCS/AuthWebServices/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsa10="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmln
0626160150|tickt|3|00|soWebTicketServersGet: WebTicketAddress is https://lyncfeint.domain.com/WebTicket/WebTicketService.svc
0626160150|tickt|3|00|soWebTicketServersGet: getRootCertChain URL is //lyncfeint.domain.com/CertProv/CertProvisioningService.svc/anon
0626160150|tickt|3|00|soWebTicketServersGet: webticket proof service URL is https://lyncfeint.domain.com/CertProv/CertProvisioningService.svc/WebTicket_Proof_SHA1
0626160150|tickt|2|00|soWebTicketPinauthGetRootCertChain: SpecialInterop_Lync2010 detected
0626160150|tickt|2|00|soWebTicketPinauthGetRootCertChain: autoProvision location is 6
0626160150|tickt|2|00|soWebTicketPinauthGetRootCertChain: Cert is not available at 6
0626160150|utilm|4|00|uBLFUnCompressed: File /ffs0/Config/Local/WebTicket/0/certProvSvc.mex doesn't exist or is empty
0626160150|tickt|1|00|soWebTicketServersGet: request URI is https://lync-03.ad.domain.com:443/CertProv/CertProvisioningService.svc/mex
0626160150|tickt|1|00|Provisioning:Cipher suite = RSA:!EXP:!LOW:!NULL:!MD5:@STRENGTH
0626160151|app1 |*|00|SoRegistrationEventLineChanged - success lineIndex 0 RegListSize 0
0626160151|app1 |*|00|SoRegistrationEventLast - new AppRegLineC, Default user
0626160151|sip |*|00|Sip Register Usr:VVX310 Dsp:VVX 310 Auth:'Using Login Cred' Inx:0
0626160151|tickt|1|00|soWebTicketServersGet: Got response 0 code 200
0626160151|tickt|0|00|Got response 0 code 200 data:
[HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 16599
Content-Type: text/xml; charset=UTF-8
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-MS-Server-Fqdn: lync-03.ad.domain.com
X-Powered-By: ASP.NET
Date: Fri, 26 Jun 2015 21:01:51 GMT
<?xml version="1.0" encoding="utf-8"?><wsdl:definitions name="CertProvisioningService" targetNamespace="http://schemas.microsoft.com/OCS/AuthWebServices/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:wsx="
0626160151|tickt|2|00|doXmlParsingForErrorCode: stripped pResponse is:
<?xml version="1.0" encoding="utf-8"?><wsdl:definitions name="CertProvisioningService" targetNamespace="http://schemas.microsoft.com/OCS/AuthWebServices/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsa10="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmln
0626160151|tickt|3|00|soWebTicketServersGet: WebTicketAddress is https://lyncfeint.domain.com/WebTicket/WebTicketService.svc
0626160151|tickt|3|00|soWebTicketServersGet: getRootCertChain URL is //lyncfeint.domain.com/CertProv/CertProvisioningService.svc/anon
0626160152|tickt|3|00|soWebTicketServersGet: webticket proof service URL is https://lyncfeint.domain.com/CertProv/CertProvisioningService.svc/WebTicket_Proof_SHA1
0626160152|tickt|1|00|soRootCertGet: hack prepended http: to the getRootCertChains URL
0626160205|tickt|2|00|[PpsHybridC]: OnEvSipOnFetchRootCert soRootCertGet returned Failure
0626160205|tickt|5|00|soWebticketGetAllUserInfo: soWebTicketPinAuthGetRootCertChain Failed
0626160205|tickt|5|00|[MsgSoWebTicketSignWithPinAuth]: PIN Auth Failed
06-26-2015 03:39 PM
Nevermind, figured it out. Sometimes it just helps to talk it out.
I saw this in the log:
0626160151|tickt|3|00|soWebTicketServersGet: getRootCertChain URL is //lyncfeint.domain.com/CertProv/CertProvisioningService.svc/anon
hack prepended http: to the getRootCertChains URL
and realized that port 80 was blocked though the hardware load balancer while 443 was allowed. That was my issue. Problem solved.
Didn't find what you were looking for? Ask the community