Plantronics + Polycom. Now together as Poly Logo

Login fail with NTP set

Highlighted
Occasional Advisor

Login fail with NTP set

VVX 500 / 600

UC Software Version 5.0.1.7310 
BootROM Software Version 5.2.1.6300

 

Phones register against Lync 2010 via an edge pool with a public 3rd party certificate (GlobalSign)

 

Devices register and work as expected provided NTP servers are not set. If NTP is set via DHCP (option 42 or 4), device.sntp.serverName, DNS (_ntp._udp.[domain.name]) the devices fail to register.

If set manually via the web interface the time sync and the device works as expected, but fails at the next reboot.

 

Log messages seen in the failure logs but not in the success include:

 

000034.090|cfg  |4|00|Prov|Unknown suboption received for DHCP option 43
000034.090|cfg  |4|00|Prov|Invalid STS-URI: '://:'

 

0410123852|sip  |4|00|Server certificate verification failed, Untrusted Cetificate
0410123852|sip  |4|00|MakeTlsConnection: SSL_connect error 1
0410123852|sip  |4|00|MakeTlsConnection: connection failed error -1
0410123852|sip  |3|00|CTrans::TCPFail workingServer 2 -> 3 0x40e5b3e8

 

Having trouble seeing why setting NTP would cause this. (also there's a typo in the error message)

 

Have up.localClockEnabled="0" as a work-around, but not ideal.

 

Ideas?

 

Thanks,

 

James

Message 1 of 5
4 REPLIES 4
Highlighted
Polycom Employee & Community Manager

Re: Login fail with NTP set

Hello James,

just as a reminder to please ensure that you have a valid license for each phone running UCS 4.1.0 or later with LYNC.

 

A certificate can only be authenticated if the phone is able to check it's validity via a local clock source.

 

The FAQ contains this post here:

 

Jan 28, 2013 QuestionTime and Date flashing or unable to set time correctly

Resolution: Please check => here <=

 

Above explains in detail how to troubleshoot time issues on the phone.

 

Lowering the SIP logging level would also show you more details on the certificate error.

 

If you require any further information please work with your Polycom reseller to bring this to the attention of Polycom support.

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services

----------------
The title Polycom Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. My official "day" Job is 3rd Level support at Poly but I am unable to provide official support via the community.

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 2 of 5
Highlighted
Occasional Advisor

Re: Login fail with NTP set

I've forwarded this to our reseller.

 

This isn't realy a 'Time and Date flashing or unable to set time correctly' issue. We are able to set the time with any / all of the methods specified, it's jst that if / when we do the phones fail to login.

 

James

Message 3 of 5
Highlighted
Polycom Employee & Community Manager

Re: Login fail with NTP set

Hello James,

 

the FAQ post shows the relevant logging levels and by lowering the SIP logging you will see:

 

  • More detailed SIP messages including the certificate error

  • Confirm and verify that the correct time is set and matches with the time on the LYNC server.

Best Regards

 

Steffen Baier

----------------
The title Polycom Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. My official "day" Job is 3rd Level support at Poly but I am unable to provide official support via the community.

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 4 of 5
Highlighted
Occasional Advisor

Re: Login fail with NTP set

I think I’ve identified the issue, but why it presents in the way it does I don’t know.

 

Our Edge Servers are signed with Certificates from GlobalSign. Both the root and intermediate are present on the Edge.

 

Without the time set login works as expected.

 

With the time set, it appears to require both certificates in the chain (root & intermediate) installed on the device. Installing only the root certificate produced the same failure. (I don’t know if it’s related but the intermediate certificate available at the AIA location is DER and not Base-64) I was unable to load / save a certificate on the device encode in DER format.

Message 5 of 5