Hello Patrick ,

welcome back to the Polycom Community.

Usually the FQDN or IP aka:

https://10.252.122.65/phoneservice/configfiles/

HTTP works out of the Box and HTTPs either needs your own certificate signed by one of the compatible ones the phone has on it or disable Common Name Validation.

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

Steffen

Is there a list of CA's the vvx and Trio devices support out-of-the-box?  If the DHCP Option is to enable automatic provisioning then the device needs to connect to the RPRM server to make that first connection so that we can then push down the approporiate configuration file and software version.

Hi Steffan -

Is this the same path that should be used with the mr.bg.url attribute?

I'm trying to set a custom background our OCM team created to help us better drive adoption by placing the "quick and dirty" connection steps directly on the screen.

Thanks!

-Derek

Hello Derek,

no that would be this as an example:

[https://username:password@rprm.fqdn.addresss/phoneservice/configfiles/resources/filename.jpg]

Simply look at the Trio-Display-CustomBackground-Template Configuration Profile.

Best Regards

Steffen Baier

Having finally got the certificates in place on the RPRM server and got the devices provisioning when manually configured, we still have issues with DHCP Option 160/161

What DHCP has is :

[https://username:password@rprm.fqdn.net/phoneservice/configfiles] matching the entries in the phone provisioning fields but we get an error reported:

"File transfer failed due to curl error code:22 and respCode:401"

The post above sugests that the username&password is needed to authenticate but a 401 sugests a file access issue.

Anyone have a similer issue with the DHCP Options?

Hello @Patrick-J,

welcome back to the Polycom Community.

• Did you get an external certificate which matches what is already included on the Phone?
• Have you lowered the CURL logging to see what actual error you get?
• Does the phone have a valid time source ?

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

Steffen

• Did you get an external certificate  . . . ? - Yes we have a Thawte certificate in place and all certificate error messages have disapeared from the logs.
• Have you lowered the CURL logging . . ? - CURL set to Debug and the details are in the excerpt below
• Does the phone have a valid time source ? - Yes

Log excerpt from VVX restart after logging cleared and no config settings made after factory reset.

Picking up on the last line of the certificate validation . . . . . .

0706134814|curl |3|00|  SSL certificate verify ok.
0706134814|curl |3|00|SSLv2, Unknown (23):
0706134814|curl |1|00|HEADER_OUT: GET /phoneservice/configfiles/000000000000-directory.xml HTTP/1.1
...
0706134814|curl |3|00|SSLv2, Unknown (23):
0706134814|curl |1|00|HEADER_IN : HTTP/1.1 401 Unauthorized
0706134814|curl |1|00|HEADER_IN : Server: Apache-Coyote/1.1
0706134814|curl |1|00|HEADER_IN : X-Powered-By: RealPresence Resource Platform
0706134814|curl |1|00|HEADER_IN : Cache-Control: no-cache
0706134814|curl |1|00|HEADER_IN : Pragma: No-cache
0706134814|curl |1|00|HEADER_IN : Expires: Thu, 01 Jan 1970 00:00:00 GMT
0706134814|curl |1|00|HEADER_IN : X-Frame-Options: SAMEORIGIN
0706134814|curl |1|00|HEADER_IN : X-Content-Type-Options: nosniff
0706134814|curl |1|00|HEADER_IN : X-XSS-Protection: 1; mode=block
0706134814|curl |1|00|HEADER_IN : Strict-Transport-Security: max-age=31536000; includeSubDomains;
0706134814|curl |1|00|HEADER_IN : WWW-Authenticate: Basic
0706134814|curl |1|00|HEADER_IN : Transfer-Encoding: chunked
0706134814|curl |1|00|HEADER_IN : Date: Fri, 06 Jul 2018 12:48:14 GMT
0706134814|curl |1|00|HEADER_IN :
0706134814|curl |3|00|SSLv2, Unknown (23):
0706134814|curl |3|00|Ignoring the response-body
0706134814|curl |3|00|Connection #0 to host rprm-hdvc.greenlnk.net left intact
0706134814|curl |3|00|Issue another request to this URL: '** not displayed **'
0706134814|curl |3|00|Re-using existing connection (#0) with host rprm-hdvc.greenlnk.net
0706134814|curl |3|00|Connected to rprm-hdvc.greenlnk.net (10.10.10.10) port 443 (#0)
0706134814|curl |3|00|Server auth using Basic with user 'PlcmSpIp'
0706134814|curl |3|00|SSLv2, Unknown (23):
0706134814|curl |1|00|HEADER_OUT: GET /phoneservice/configfiles/000000000000-directory.xml HTTP/1.1
...
0706134814|curl |3|00|SSLv2, Unknown (23):
0706134814|curl |1|00|HEADER_IN : HTTP/1.1 401 Unauthorized
0706134814|curl |1|00|HEADER_IN : Server: Apache-Coyote/1.1
0706134814|curl |1|00|HEADER_IN : X-Powered-By: RealPresence Resource Platform
0706134814|curl |1|00|HEADER_IN : Cache-Control: no-cache
0706134814|curl |1|00|HEADER_IN : Pragma: No-cache
0706134814|curl |1|00|HEADER_IN : Expires: Thu, 01 Jan 1970 00:00:00 GMT
0706134814|curl |1|00|HEADER_IN : X-Frame-Options: SAMEORIGIN
0706134814|curl |1|00|HEADER_IN : X-Content-Type-Options: nosniff
0706134814|curl |1|00|HEADER_IN : X-XSS-Protection: 1; mode=block
0706134814|curl |1|00|HEADER_IN : Strict-Transport-Security: max-age=31536000; includeSubDomains;
0706134814|curl |3|00|Authentication problem. Ignoring this.
0706134814|curl |1|00|HEADER_IN : WWW-Authenticate: Basic
0706134814|curl |1|00|HEADER_IN : Transfer-Encoding: chunked
0706134814|curl |1|00|HEADER_IN : Date: Fri, 06 Jul 2018 12:48:14 GMT
0706134814|curl |3|00|The requested URL returned error: 401
0706134814|curl |3|00|Closing connection #0
0706134814|curl |3|00|SSLv2, Unknown (21):
0706134814|curl |3|00|SSLv3, TLS alert, Client hello (1):
0706134814|curl |3|00|successfully set certificate verify locations:
0706134814|curl |3|00|  CAfile: /ffs0/ca1.crt
  CApath: none

It would seem to be around authentication but using the same username and password when entering them into the device.prov.user and device.prov.password in the config which works.