VVX 500 / 600
UC Software Version 18.104.22.16810
BootROM Software Version 22.214.171.12400
Phones register against Lync 2010 via an edge pool with a public 3rd party certificate (GlobalSign)
Devices register and work as expected provided NTP servers are not set. If NTP is set via DHCP (option 42 or 4), device.sntp.serverName, DNS (_ntp._udp.[domain.name]) the devices fail to register.
If set manually via the web interface the time sync and the device works as expected, but fails at the next reboot.
Log messages seen in the failure logs but not in the success include:
000034.090|cfg |4|00|Prov|Unknown suboption received for DHCP option 43
000034.090|cfg |4|00|Prov|Invalid STS-URI: '://:'
0410123852|sip |4|00|Server certificate verification failed, Untrusted Cetificate
0410123852|sip |4|00|MakeTlsConnection: SSL_connect error 1
0410123852|sip |4|00|MakeTlsConnection: connection failed error -1
0410123852|sip |3|00|CTrans::TCPFail workingServer 2 -> 3 0x40e5b3e8
Having trouble seeing why setting NTP would cause this. (also there's a typo in the error message)
Have up.localClockEnabled="0" as a work-around, but not ideal.
just as a reminder to please ensure that you have a valid license for each phone running UCS 4.1.0 or later with LYNC.
A certificate can only be authenticated if the phone is able to check it's validity via a local clock source.
The FAQ contains this post here:
Jan 28, 2013 Question: Time and Date flashing or unable to set time correctly
Resolution: Please check => here <=
Above explains in detail how to troubleshoot time issues on the phone.
Lowering the SIP logging level would also show you more details on the certificate error.
If you require any further information please work with your Polycom reseller to bring this to the attention of Polycom support.
Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.
Polycom Global Services
I've forwarded this to our reseller.
This isn't realy a 'Time and Date flashing or unable to set time correctly' issue. We are able to set the time with any / all of the methods specified, it's jst that if / when we do the phones fail to login.
the FAQ post shows the relevant logging levels and by lowering the SIP logging you will see:
I think I’ve identified the issue, but why it presents in the way it does I don’t know.
Our Edge Servers are signed with Certificates from GlobalSign. Both the root and intermediate are present on the Edge.
Without the time set login works as expected.
With the time set, it appears to require both certificates in the chain (root & intermediate) installed on the device. Installing only the root certificate produced the same failure. (I don’t know if it’s related but the intermediate certificate available at the AIA location is DER and not Base-64) I was unable to load / save a certificate on the device encode in DER format.