Plantronics + Polycom. Now together as Poly Logo

Phone wont download config if downloading application from format IF in https mode

Occasional Advisor

Phone wont download config if downloading application from format IF in https mode

Tested multiple time on a IP 331 with device certificate installed.  (But problem seem to happen on 335, 550)

 

When upgrading or doing a format of a phone, and the provisioning use the type HTTPS, the phone will download it software, but it will not download it configuration.  An additional manual reboot is required for the config to be accepted.

 

If doing the same process with server type set to HTTP, everything will load normally.

 

My guess about this problem is that after a clean install of the software, the phone ssl certificate are not ready to be used when it try to download it config file, so by the time it is, the phone have given up downloading config file.

 

I just got about 40 remote phone that I lost access too... I only hope that the nightly provisionning pooling is active... Else I'll get lot of angry call tomorow morning !

 

I tried to open a jira, but I can't login.

 

Marc O.

Message 1 of 8
7 REPLIES 7
Polycom Employee & Community Manager

Re: Phone wont download config if downloading application from format IF in https mode

Hello Marc,

welcome to the Polycom Community.

 

End Customers cannot open JIRA tickets as these are used between Escalations and Engineering.

 

You will have to raise a Web Ticket or work with your Polycom reseller to contact Polycom support.

 

In addition it is always useful to clarify what software version you are using when posting a new topic as newer software may have fixes included.

 

HTTPS / Certificates require a NTP time and depending on the Software versions changes may have been added to get the time before any TLS handshake happens.


Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services




<======== Signature / Disclaimer ========>
Please be aware:For questions about the type of support to expect please check here

Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

The title Polycom Employee & Community Manager is an automatic setting within the community and any forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Poly employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and maybe answered on weekends, bank holidays or personal holidays.
Message 2 of 8
Occasional Advisor

Re: Phone wont download config if downloading application from format IF in https mode

Hi,

 

Sorry, I was sure I mentioned the version.  I tried to upgraded to 4.0.5 (latest as far as I can tell for the 331,450,550 using SIP).

 

That make sense, the phone would consider it certificate expired if it clock dated back to 1969.  I do set the NTP info into the bootrom and the sip software.

 

Sadly the phone didn't pool the provisioning automaticly as hoped, so I'll get busy today explaining ppl how to reboot their phones.

 

As for contacting the reseller, I would have to call myself then :)  I normally get email notification to get my certificate renewed but I didn't last time so apparently it got expired.  I guess they disabled my jira access at the same time as my portal access.  I didn't had the time to watch the hours of slides AGAIN yet.

 

I'll try to do more test this week, maybe try a few older version.

Message 3 of 8
Polycom Employee & Community Manager

Re: Phone wont download config if downloading application from format IF in https mode

Hello Marc,

 

UCS 4.0.5 addressed the mentioned issue via:

 

  •  89007 The phone now contacts the NTP server for updates before establishing an SSL connection via HTTPS.

So the NTP process should start before the SSL verification but in your case we would need to see log's and probably a matching wireshark trace.

 

Please ensure to provide some feedback if this reply has helped you so other users can profit from your experience.

Best Regards

Steffen Baier

Polycom Global Services




<======== Signature / Disclaimer ========>
Please be aware:For questions about the type of support to expect please check here

Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

The title Polycom Employee & Community Manager is an automatic setting within the community and any forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Poly employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and maybe answered on weekends, bank holidays or personal holidays.
Message 4 of 8
Occasional Advisor

Re: Phone wont download config if downloading application from format IF in https mode

Maybe it a problem with the application NTP process after a format not applying the GMTOffset from the bootrom settings.  I'm not sure if it the bootrom or application layer that download which config files, but it seem like Bootrom have no problem contacting the https server, but the application can't download it files  (except for the directory.xml, but maybe when it got to that point of boot, the ntp code have run again and taking care of the gmtoffset).

 

Checking the https web query to the server, I see these query being performed after doing a file system format :

GET /0004f2123456.cfg
GET /000000000000.cfg
GET /2345-12365-001.sip.ld
PUT /0004f2123456-boot.log
GET /0004f2123456-directory.xml
PUT /0004f2123456-boot.log
PUT /0004f2123456-app.log

Here is all the syslog entry I received :

Jan 27 14:47:45 192.168.87.12 0127144745|sig  |*|01|Initial log entry. Current logging level 3
Jan 27 14:48:06 192.168.87.12 0127144806|cfg  |*|01|Prov|Succeeded updating file 2345-12365-001.sip.ld
Jan 27 14:48:06 192.168.87.12 0127144806|cfg  |*|01|Prov|Image has been changed
Jan 27 14:48:06 192.168.87.12 0127144806|boot |*|01|Using TFFS for flash load
Jan 27 14:48:06 192.168.87.12 0127144806|boot |*|01|Code length:         0x0038148D
Jan 27 14:48:06 192.168.87.12 0127144806|boot |*|01|Code checksum:       0x1BEB1844
Jan 27 14:48:06 192.168.87.12 0127144806|cfg  |*|01|Prov|Finished updating configuration
Jan 27 14:48:21 192.168.87.12 0127144821|app1 |6|01|Uploading boot log, time is MON JAN 27 14:48:22 2014

The phone at this point didn't download it additional config (base.cfg...) file provided in 000000000000.cfg and remain in a unusable mode.

 

The phone syslog show GMT time, but once the phone booted, it display on screen the local time (-5) (9h48)

I rebooted the phone, and here are the result :

GET /0004f2123456-directory.xml
GET /0004f2123456.cfg
GET /000000000000.cfg
GET /2345-12365-001.sip.ld
GET /flash.cfg
GET /0004f2123456-user.cfg
GET /0004f2123456-server.cfg
GET /base.cfg
GET /efk.cfg
GET /0004f2123456-phone.cfg
GET /0004f2123456-web.cfg
GET /000000000000-license.cfg
GET /0004f2123456-license.cfg

Here is the syslog output:

Jan 27 09:53:20 192.168.87.12 0127095320|copy |*|03|Server 'prov.private.com' said '0004f2123456.cfg' is not present")
Jan 27 09:53:23 192.168.87.12 0127095323|cfg  |*|03|Prov|Starting to update 2345-12365-001.sip.ld

Jan 27 09:53:40 192.168.87.12 0127095340|copy |*|03|Server 'prov.private.com' said '0004f2123456-web.cfg' is not present
Jan 27 09:53:42 192.168.87.12 0127095342|copy |*|03|Server 'prov.private.com' said '000000000000-license.cfg' is not present
Jan 27 09:53:45 192.168.87.12 0127095345|copy |*|03|Server 'prov.private.com' said '0004f2123456-license.cfg' is not present
Jan 27 09:53:45 192.168.87.12 0127095345|so   |*|03|soCodecConfig: 12 value (110) already used
Jan 27 09:53:45 192.168.87.12 0127095345|so   |*|03|soCodecConfig: Explicitly Adding codecG722 for PTT
Jan 27 09:53:45 192.168.87.12 0127095345|sip  |*|03|SipUserRemove 0
Jan 27 09:53:45 192.168.87.12 0127095345|app1 |*|03| is out of range, using 60
Jan 27 09:53:45 192.168.87.12 0127095345|app1 |*|03| is out of range, using 60
Jan 27 09:53:45 192.168.87.12 0127095345|cfg  |*|03|RT|   Phone IP address is 192.168.87.12.
Jan 27 09:53:45 192.168.87.12 0127095345|cfg  |*|03|RT|   Subnet mask is 255.255.255.0.
Jan 27 09:53:45 192.168.87.12 0127095345|cfg  |*|03|RT|   Gateway address is 192.168.87.1.
Jan 27 09:53:45 192.168.87.12 0127095345|cfg  |*|03|RT|DHCP: Alternate DNS server is not specified
Jan 27 09:53:45 192.168.87.12 0127095345|cfg  |*|03|RT|   DNS server is 192.168.87.1.
Jan 27 09:53:45 192.168.87.12 0127095345|cfg  |*|03|RT|   GMT offset is -18000 seconds.
Jan 27 09:53:45 192.168.87.12 0127095345|cfg  |*|03|Prm|Restarting because of parameter change
Jan 27 09:53:46 192.168.87.12 0127095346|app1 |6|03|Manual Restart
Jan 27 09:53:46 192.168.87.12 0127095346|cfg  |*|03|Prov|Setting device parameters from configuration files.
Jan 27 09:53:46 192.168.87.12 0127095346|cfg  |*|03|Prov|Finished updating configuration
Jan 27 09:53:46 192.168.87.12 0127095346|so   |*|03|SoNcasC::procMsg: Client service shutdown complete
Jan 27 09:53:46 192.168.87.12 0127095346|wdog |*|03|Watchdog Expired: tSupObjs
Jan 27 09:54:18 192.168.87.12 0127095418|copy |*|03|Server 'prov.private.com' said '0004f2123456.cfg' is not present")
Jan 27 09:54:20 192.168.87.12 0127095420|cfg  |*|03|Prov|Starting to update 2345-12365-001.sip.ld
Jan 27 09:54:37 192.168.87.12 0127095437|copy |*|03|Server 'prov.private.com' said '0004f2123456-web.cfg' is not present")
Jan 27 09:54:40 192.168.87.12 0127095440|copy |*|03|Server 'prov.private.com' said '000000000000-license.cfg' is not present")
Jan 27 09:54:42 192.168.87.12 0127095442|copy |*|03|Server 'prov.private.com' said '0004f2123456-license.cfg' is not present")
Jan 27 09:54:42 192.168.87.12 0127095442|cfg  |*|03|Prov|Setting device parameters from configuration files.
Jan 27 09:54:42 192.168.87.12 0127095442|cfg  |*|03|Prov|Finished updating configuration

 

Phone is now functional.


One of the big thing I notice is that on the initial boot, the syslog show the time in GMT format rather than my eastern -5 format (I did set the GMT Offset of -5 in the bootrom and the config file).  Maybe the time difference between both cause the system to make the certificate considered expired... I'm guessing the Bootrom have it own https stack, and it use the correct timezone, but the application software doesn't. 

 

It doesn't show any attempt or error to get other server config file.  (The lowest syslog setting I could select is 6 in the bootrom (Can't select 7 for debug)).

If I reboot the phone, go in bootrom and do a filesystem format, I can reproduce this problem over and over again everytime with the same result as previously described.

I've just done a second test, where instead of rebooting the phone after the format, I just go in the menu->settings->basic->update configuration and it did download all the file correctly and the phone show the correct information AND the syslog show the correct time

 

My provisioning server is on the internet, so I can provide the link and configuration if you want to test it on your end.

 

I did a tcpdump from the provisioning server... I checked it and there is some communication, but it seem to fail and try again as the packet identity look repetitive.  I never debug https communication before this weekend, so looking at it, I don't know what to look for.  I can provide the dump, but I don't want it to remain private.

 

But I got a good feeling the problem is related to the 'fix' in 89007 not using the bootrom offset value.

 

Hope this help.

 

Marc O.

Message 5 of 8
Occasional Advisor

Re: Phone wont download config if downloading application from format IF in https mode

Little addition, The phone show the GMT time at the top while it say Initializing networking on the first boot after format... And as soon as the initializing networking is complete, the correct Local date is displayed.

Message 6 of 8
Polycom Employee & Community Manager

Re: Phone wont download config if downloading application from format IF in https mode

Hello Marc,

 

to troubleshoot this myself would be outside the scope of the Polycom community as a Polycom employee.

 

We would need you to go ahead and escalate this as initially replied and specified within my signature.

 

Best Regards

 

Steffen




<======== Signature / Disclaimer ========>
Please be aware:For questions about the type of support to expect please check here

Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

The title Polycom Employee & Community Manager is an automatic setting within the community and any forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Poly employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and maybe answered on weekends, bank holidays or personal holidays.
Message 7 of 8
Occasional Advisor

Re: Phone wont download config if downloading application from format IF in https mode

Perfect, ticket number 1-487301331 created with reference to this post.

 

Thanks

 

Marc O.

Message 8 of 8