Plantronics + Polycom. Now together as Poly Logo

HTTPS Provisioning/Boot Server

Visitor

HTTPS Provisioning/Boot Server

Hi Guys

 

This is my first post and hope you can help.

 

I have setup a Windows 2008 server as a DC. I have also installed IIS and have setup a new site for HTTPS provisioning.

 

It is setup on port 80/443, with Basic Auth, however when the Polycom tries to connect I get 'could not contact boot server'

 

All permissions are correct, I can browse to it via IE. With Annonymous Auth enabled it works fine, but I notice in Wireshark that when the server sends back unauthorised the phone nevers then retries the GET with the Auth details.

 

Any help would be much appreciated.

 

Many Thanks

Message 1 of 11
10 REPLIES 10
Polycom Employee & Community Manager

Re: HTTPS Provisioning/Boot Server

Hello edt8083,

 

welcome to the Polycom Community.

 

It would be helpful if your could specify the Phone Type, the SIP / UC Software Version and the BootROM Version of the Phone in question in order for someone to help you.

 

Did you check the Mutual Transport Layer Security Provisioning Using Microsoft Internet Information Services 6.0 at the  Feature Descriptions & Technical Notifications Section on the Polycom Web Site?

 

Did you install a certificate on the Polycom Phone if you are not using a VeriSign?

 

The minimum requierements are:

 

  • • Polycom SIP application 3.2 or later for mutual TLS feature.
  • • Polycom bootROM 4.2.0 or later for MD5 digest HTTP authentication.
  • • Web server capable of mutual TLS (client certificate checking). (For the configuration example in this bulletin, IIS is used.)
  • • One of the following:
  • — HTTPS server certificate and root CA certificate if it is self signed.
  • or
  • — A certificate from VeriSign® or another well known root CA.

 

Best Regards

 

Steffen Baier

 

Polycom Global Services




<======== Signature / Disclaimer ========>
Please be aware:For questions about the type of support to expect please check here

Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

The title Polycom Employee & Community Manager is an automatic setting within the community and any forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Poly employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and maybe answered on weekends, bank holidays or personal holidays.
Message 2 of 11
Visitor

Re: HTTPS Provisioning/Boot Server

Hi Steffan

 

Thanks for the info, I have not had much luck already consulted the links you have suggested.

 

The phones I have tested with are 331 and 550

 

The SIP version is 3.2.3.1734

 

Bootrom 4.2.2.0710.

 

Have tried one website with a global sign verified cert, and a second with a custom cert, uploaded to the phone.

 

I dont think https is necessarily the issue, as even just using http I have the issue.

 

 

Thanks

Ed

Message 3 of 11
Polycom Employee & Community Manager

Re: HTTPS Provisioning/Boot Server

Hello Ed,

 

can you clarify this statement: "as even just using http I have the issue" ?

 

Can you not even provision the Phone via HTTP ? Do you have all the files coming with the SIP 3.2.3 Software unzipped to that directory?

 

You need to provide more details in order for the community to support you or work with your Reseller and/or Polycom Support.

 

Best Regards

 

Steffen Baier

 

Polycom Global Services




<======== Signature / Disclaimer ========>
Please be aware:For questions about the type of support to expect please check here

Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

The title Polycom Employee & Community Manager is an automatic setting within the community and any forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Poly employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and maybe answered on weekends, bank holidays or personal holidays.
Message 4 of 11
Visitor

Re: HTTPS Provisioning/Boot Server

Hi Steffan

 

Sorry if I wasnt clear.

 

I have a directory call phones. In this directory I have my SIP files(ld, cfg etc), I have my bootrom files(ld etc) I have MAC address files, I have lineport files. I have all the files from the same directory from another server that is setup as an FTP server.

 

so I am quite happy to say I have all the correct files, as when I provision using FTP it works quite happily.

 

Now with all of those in place on the new HTTP/HTTPS server, the phone is setup with server type HTTPS, with the correct URL, and username and password set. I have a custom cert loaded on to the phone. This does not work. When the phone tries to get the 3 initial files during the boot sequence, the phone fails to send another GET request with the auth details when it receives the initial 401 unauthorised message for the initial GET.

 

So even setting up the phone to look at provisioning via HTTP, I get the same issue. It is as though the phone does not recognise that it has the auth username and password set.

 

Hope that makes a bit more sense.

 

Thanks

Ed

Message 5 of 11
Polycom Employee & Community Manager

Re: HTTPS Provisioning/Boot Server

Hello Ed,

 

I would suggest to upgrade to at least SIP 3.2.5 or UCS 3.3.2 and BootROM 4.3.0

 

Then enable the phone to be able to log to FTP or Syslog so you can see what the Phone is doing.

 

Can you wget from another Linux machine to the server to see if you can get the files or if it is just a permission on the Web Server ..?

 

Can another PC browse to the 000000000000.cfg on the HTTP Server?

 

This Feature is working and has been tested so you may need to go via your reseller / Polycom as advised above.

 

Regards

 

Steffen Baier

 

Polycom Global Services




<======== Signature / Disclaimer ========>
Please be aware:For questions about the type of support to expect please check here

Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

The title Polycom Employee & Community Manager is an automatic setting within the community and any forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Poly employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and maybe answered on weekends, bank holidays or personal holidays.
Message 6 of 11
Visitor

Re: HTTPS Provisioning/Boot Server

Hi,

I am done with http auto provisioning of polycom 335 phone using http server  successfully .

Now,I want to do the same for HTTPS,may i know the procedure about  auto provisioning of polycom 335 using HTTPS,the configuration files of HTTPS.

 

Thanks,

Alekhya.G

Message 7 of 11
Polycom Employee & Community Manager

Re: HTTPS Provisioning/Boot Server

Hello Alekhya.G,

welcome to the Polycom Community.

Our support page contains this post => here <=

 

This explains on page 40 how to use a Polycom certificate hosted at pki.polycom.com

 

The guide is a bit outdated as it only shows IIS 6.5 but should give you a good idea.

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services




<======== Signature / Disclaimer ========>
Please be aware:For questions about the type of support to expect please check here

Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

The title Polycom Employee & Community Manager is an automatic setting within the community and any forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Poly employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and maybe answered on weekends, bank holidays or personal holidays.
Message 8 of 11
Visitor

Re: HTTPS Provisioning/Boot Server

Helo,

 

I started learning asterisk last month ago..The file which u sended is very usefull,thankue

But iam working this provisioning on cent os (asterisk).May i know the procedure for auto provisioning of polycom 335 phone using HTTPS server

Thanks,

Alekhya.G

Message 9 of 11
Visitor

Re: HTTPS Provisioning/Boot Server

Hi,

Can i have reply from you?

 

Thanks,

Alekhya.G

Message 10 of 11