Polycom VVX PIN Authentication Issue

Hi All,

I cannot sign in to a Polycom phone with extension and PIN.(DHCP servers are Cisco Switches)

Looks like they cannot download the root certificate:

---------------------------------------

PS C:\Users\lync> test-csPhoneBootStrap -PhoneorExt 1000 -pin 62830 -verbose
VERBOSE: Workflow Instance Id '16cb7f98-16bc-4ff6-a8d5-473ee0439178', started.
VERBOSE: Command line executed is 'test-csPhoneBootStrap -PhoneorExt 1000 -pin 62830 -verbose'.


Target Fqdn   : fe01.mydomain.com
Target Uri    : https://fe01.mydomain.com:443/CertProv/CertProvisioningService.svc
Result        : Failure
Latency       : 00:00:01.2753538
Error Message : No response received for getting root certificate chain.
                Inner Exception:There was no endpoint listening at
                http://fe01.mydomain.com/CertProv/CertProvisioningService.svc/anon that could accept the m
                is often caused by an incorrect address or SOAP action. See InnerException, if present, f
                details.
                Inner Exception:The remote server returned an error: (404) Not Found.

Diagnosis     :
                Inner Diagnosis:Connection : close
                Content-Length : 315
                Content-Type : text/html; charset=us-ascii
                Date : Sun, 19 Apr 2015 13:44:24 GMT
                Server : Microsoft-HTTPAPI/2.0



VERBOSE: Workflow 'Microsoft.Rtc.SyntheticTransactions.Workflows.STPhoneBootstrapWorkflow' started.
Workflow 'Microsoft.Rtc.SyntheticTransactions.Workflows.STPhoneBootstrapWorkflow' completed in '0' second
Target server Fqdn or web service Url not provided. Will have to do DHCP Registrar Discovery.
An exception 'No response received for getting root certificate chain.' occurred during Workflow
Microsoft.Rtc.SyntheticTransactions.Workflows.STPhoneBootstrapWorkflow execution.
Exception Call Stack:    at Microsoft.Rtc.Admin.Authentication.WebServicesHelper.GetRootCertChains()
   at Microsoft.Rtc.SyntheticTransactions.Activities.GetRootCertChainsActivity.InternalExecute(ActivityEx
 executionContext)
   at Microsoft.Rtc.SyntheticTransactions.Activities.SyntheticTransactionsActivity.Execute(ActivityExecut
executionContext)
   at System.Workflow.ComponentModel.ActivityExecutor`1.Execute(T activity, ActivityExecutionContext exec
   at System.Workflow.ComponentModel.ActivityExecutorOperation.Run(IWorkflowCoreRuntime workflowCoreRunti
   at System.Workflow.Runtime.Scheduler.Run()

Server stack trace:
   at System.ServiceModel.Channels.HttpChannelUtilities.ProcessGetResponseWebException(WebException webEx
HttpWebRequest request, HttpAbortReason abortReason)
   at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForRepl
timeout)
   at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRunti
Object[] ins, Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall,
ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
   at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
   at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
   at RootCertChainService.GetRootCertChains(GetRootCertChainsRequest request)
   at Microsoft.Rtc.Admin.Authentication.WebServicesHelper.GetRootCertChains()
'DHCPDiscover' activity started.
Starting DHCP registrar discovery...
Constructing a DHCP packet.
Adding DHCP option PARAMETER_REQUEST_LIST.
Successfully added DHCP option.
Adding DHCP option VENDOR_CLASS_IDENTIFIER.
Successfully added DHCP option.
Successfully constructed DHCP packet.
Trying to open an udp connection.
Remote IP : 255.255.255.255.
Local IP : 192.168.1.42.
\tCreating a new UDP client.
Udp connection successfully created.
Sending packet.
Remote IP : 255.255.255.255.
Remote Port : 67.
Packet sent successfully.
DHCP discovery message send. Waiting for DHCP servers to respond.
Data received successfully.
Remote IP : 192.168.1.254.
Remote Port : 67.
Response received for the DHCP Discovery message.
Constructing a DHCP packet from received raw data.
Extracting DHCP Options.
Successfully constructed DHCP packet.
Return value for DHCP option : SIP_SERVER.
Found registrar Fqdn : fe01.mydomain.com.
Searching for DHCP sub option : VENDOR_SPECIFIC_INFORMATION.1.
Return value for DHCP option : VENDOR_SPECIFIC_INFORMATION.
Found DHCP sub option : VENDOR_SPECIFIC_INFORMATION.1 - MS-UC-Client.
Successfully extracted sub option value.
Searching for DHCP sub option : VENDOR_SPECIFIC_INFORMATION.2.
Return value for DHCP option : VENDOR_SPECIFIC_INFORMATION.
Found DHCP sub option : VENDOR_SPECIFIC_INFORMATION.2 - https.
Successfully extracted sub option value.
Searching for DHCP sub option : VENDOR_SPECIFIC_INFORMATION.3.
Return value for DHCP option : VENDOR_SPECIFIC_INFORMATION.
Found DHCP sub option : VENDOR_SPECIFIC_INFORMATION.3 - fe01.mydomain.com.
Successfully extracted sub option value.
Searching for DHCP sub option : VENDOR_SPECIFIC_INFORMATION.4.
Return value for DHCP option : VENDOR_SPECIFIC_INFORMATION.
Found DHCP sub option : VENDOR_SPECIFIC_INFORMATION.4 - 443.
Successfully extracted sub option value.
Searching for DHCP sub option : VENDOR_SPECIFIC_INFORMATION.5.
Return value for DHCP option : VENDOR_SPECIFIC_INFORMATION.
Found DHCP sub option : VENDOR_SPECIFIC_INFORMATION.5 - /CertProv/CertProvisioningService.svc.
Successfully extracted sub option value.
Found web service Url : https://fe01.mydomain.com:443/CertProv/CertProvisioningService.svc.
Disconnecting.
DHCP registrar discovery activity completed successfully.
'DHCPDiscover' activity completed in '1.2753538' seconds.
'GetRootCertChains' activity started.
Trying to download a certificate chain from web service.
Web Service Url : http://fe01.mydomain.com/CertProv/CertProvisioningService.svc
Could not download certificate chain from web service.
CHECK:
 - Web service Url is valid and the web services are functional.
'UnRegister' activity started.
'UnRegister' activity completed in '9.5E-06' seconds.
VERBOSE: Workflow Instance ID '16cb7f98-16bc-4ff6-a8d5-473ee0439178' completed.

----------------------------------------------------------------------------------------------------------------------------

When I browse to http://fe01.mydomain.com/CertProv/CertProvisioningService.svc, it will ask for username/password, if I enter the extension/PIN, I would get 403 error, if I enter the domain username/password, I can browse.

Any idea?

Thanks,

HM



April 19th, 2015 10:22am

Hi,

From your description above, it can be the issue of the wrong configuration of the DHCP Option values. Please double check the DHCP option, especially for Option 43 value.

Please try to rest the PIN via Lync web access and then check the issue.

If the issue persistent, please update Lync Server to the latest version and then test the issue again.

Best Regards,

Eason Huang  

Free Windows Admin Tool Kit Click here and download it now
April 19th, 2015 10:27pm

Hello Hamed,

it would also be of interest what Software Version the VVX is currently running.

UC Software 5.2.2 and later had a fix VOIP-95799 for DHCP ACK replies specifically from Cisco DHCP servers.

Best Regards

Steffen Baier

April 20th, 2015 7:32am

Hi Steffen,

The firmware would be 5.3.0 which came out few weeks ago.

Free Windows Admin Tool Kit Click here and download it now
April 22nd, 2015 11:50pm

Thanks Eason for your time,

When I do debug, I can see the phones going to the correct url to download the root certificate, does it mean that the issue still could be the DHCP server? DHCP Servers all are Cisco and as you know to add option 43 it is a bit tricky on Cisco Switches, However, I believe the correct entry is there.I will try to make a one Windows DHCP to see if that makes a different, if not, I go with the update.

Than you,

HM

April 22nd, 2015 11:53pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics