-
×InformationWindows update impacting certain printer icons and names. Microsoft is working on a solution.
Click here to learn moreInformationNeed Windows 11 help?Check documents on compatibility, FAQs, upgrade information and available fixes.
Windows 11 Support Center.
-
×InformationWindows update impacting certain printer icons and names. Microsoft is working on a solution.
Click here to learn moreInformationNeed Windows 11 help?Check documents on compatibility, FAQs, upgrade information and available fixes.
Windows 11 Support Center.
- HP Community
- Poly Phones
- Desk and IP Conference Phones
- Re: Polycom CX600 Sign-in Error
Create an account on the HP Community to personalize your profile and ask a question
03-20-2014 12:30 PM
We recently ran into a situation where our Polycom phones will no longer work with our Lync 2013 implementation. These phones worked for 6 months and then just stopped.
Scenario
Lync 2103 Enterprise pool load balanced with Kemp Loadmaster
Lync 2013 Edge Server
ForeFront TMG for Reverse Proxy
SQL 2012 BE Database Server
Lync Persistent Chat Server
Phones USB tethered to desktop computers
Version 4.0.7577.4413 - Cycles back and forth between downloading certificate, installing certificate, and contacting Lync server (endless loop)
Version 4.0.7577.1000 - Right out of box returns "Sign-in Error" This is the same error another phone gives that was flashed to factory default
The only change that occurred in our Lync environment more or less prior to this problem occurring is that the Lync Edge external certificate was updated on 2/27/2014.
Last record of device update logs shows 1/28/2014.
We came in on Monday 3/1/2014 with the phones in the currently described condition.
Wireshark captures show the phone talking to NTP server, FE pool address (TLS etc, and cylcing through the same communication twice), and then talking to Edge external IP doing the same exact TLS and certificate negotiating as the pool address (this also happens twice).
Been through all of Jeff Schertz's blogs, setup DHCP (although we had not used it before) and can successfully test configuration with test-csphonebootstrap.
Set SCHANNEL on FE servers to not send the list of trusted roots, rebooted them, still no effect.
It's as if the phones just quit communicating properly with the FE pool.
There are no real logs to review and we don't know exactly what logs we could use and how to read them.
Any help with this would be greatly appreciated
Solved! Go to Solution.
Accepted Solutions
03-21-2014 02:09 AM
We were able to register the phones against the FE pool and update them. Once at 4420 the registered via the edge again.
If you've an enterprise FE pool and you change the cert becsure to reboot the pool servers.
James
03-20-2014 04:58 PM
Yes. I saw a post elsewhere recently where a fellow ran into this with a Globalsign cert but he described it as the root certs expiring. Ours haven't. The Edge server cert expired "accidentally" so I scambled to get that renewed. The workaround the other fellow did was to set SCHANNEL parameters in the registry and reboot but that didn't work.
I just stumbled on to your article at:
http://blog.strencom.net/author/james-waite-2/
What do you suggest? Dump a cert from my domain root CA onto the FE servers or the Edge server or both to get past the issue. Then get the devices up to .4420? If that works dump the 3rd party certs back into service?
I tried to do a free Comodo cert on the Edge but it wouldn't install presumably because they don't allow SANs in the free certs so the edge server refused it due to improper name support.
03-21-2014 02:09 AM
We were able to register the phones against the FE pool and update them. Once at 4420 the registered via the edge again.
If you've an enterprise FE pool and you change the cert becsure to reboot the pool servers.
James
Didn't find what you were looking for? Ask the community