Plantronics + Polycom. Now together as Poly Logo

Polycom CX600 Sign-in Error

Occasional Visitor

Polycom CX600 Sign-in Error

We recently ran into a situation where our Polycom phones will no longer work with our Lync 2013 implementation. These phones worked for 6 months and then just stopped.



Lync 2103 Enterprise pool load balanced with Kemp Loadmaster

Lync 2013 Edge Server

ForeFront TMG for Reverse Proxy

SQL 2012 BE Database Server

Lync Persistent Chat Server

Phones USB tethered to desktop computers


Version 4.0.7577.4413 - Cycles back and forth between downloading certificate, installing certificate, and contacting Lync server (endless loop)

Version 4.0.7577.1000 - Right out of box returns "Sign-in Error" This is the same error another phone gives that was flashed to factory default


The only change that occurred in our Lync environment more or less prior to this problem occurring is that the Lync Edge external certificate was updated on 2/27/2014.


Last record of device update logs shows 1/28/2014.


We came in on Monday 3/1/2014 with the phones in the currently described condition.


Wireshark captures show the phone talking to NTP server, FE pool address (TLS etc, and cylcing through the same communication twice), and then talking to Edge external IP doing the same exact TLS and certificate negotiating as the pool address (this also happens twice).


Been through all of Jeff Schertz's blogs, setup DHCP (although we had not used it before) and can successfully test configuration with test-csphonebootstrap.


Set SCHANNEL on FE servers to not send the list of trusted roots, rebooted them, still no effect.

It's as if the phones just quit communicating properly with the FE pool.

There are no real logs to review and we don't know exactly what logs we could use and how to read them.


Any help with this would be greatly appreciated

Message 1 of 5
Occasional Advisor

Re: Polycom CX600 Sign-in Error

GlobalSign certificate?
Message 2 of 5
Occasional Visitor

Re: Polycom CX600 Sign-in Error

Yes. I saw a post elsewhere recently where a fellow ran into this with a Globalsign cert but he described it as the root certs expiring. Ours haven't. The Edge server cert expired "accidentally" so I scambled to get that renewed. The workaround the other fellow did was to set SCHANNEL parameters in the registry and reboot but that didn't work.


I just stumbled on to your article at:


What do you suggest? Dump a cert from my domain root CA onto the FE servers or the Edge server or both to get past the issue. Then get the devices up to .4420? If that works dump the 3rd party certs back into service?


I tried to do a free Comodo cert on the Edge but it wouldn't install presumably because they don't allow SANs in the free certs so the edge server refused it due to improper name support.

Message 3 of 5
Occasional Advisor

Re: Polycom CX600 Sign-in Error

We had active Lync Clients registered against the edge servers so an internal cert there wasn't an option for us. We had an internal / domain cert on the FE pool but the site with the issue accessed Lync via the Edge.

We were able to register the phones against the FE pool and update them. Once at 4420 the registered via the edge again.

If you've an enterprise FE pool and you change the cert becsure to reboot the pool servers.

Message 4 of 5
Occasional Visitor

Re: Polycom CX600 Sign-in Error

That did it. Temporarily changing the cert to an internally cert allowed the devices to update. Switching back to the Globalsign cert after the update to 4420 the phone continue to work.


Thanks much

Message 5 of 5