Provisioning of Polycom endpoints -Microsoft Skype for Business

Polycom provides several methods to provision phones. The method you use depends on the number of phones and how you want to apply features and settings. Methods available can vary by device model. You can use multiple methods concurrently to provision and configure features but there is a priority among the methods when you use multiple methods concurrently—settings you make using a higher priority configuration method override settings made using a lower priority method. When using multiple configuration methods, a setting you make using a lower-priority method does not apply to or override a duplicate setting made using a higher-priority method.

The provisioning and configuration methods in order of priority are as follows:

  • Quick Setup
  • Centralized provisioning

Quick Setup of Polycom Phones by default, Quick Setup is enabled on phones and the QSetup soft key displays on the phone interface when the phone is booting. This key allows users to access the provisioning server and configure the phone for provisioning. After the user completes initial configuration, you can show or hide the QSetup soft key using the parameter in the following table

Configure Quick Setup

This section lists parameters that configure the Quick Setup feature

Parameter Template Permitted Values
prov.quickSetup.enabled site.cfg 1 (default) – The quick setup feature and soft key is enabled. 0 – The quick setup feature and soft key is disabled.

Centralized Provisioning

I strongly recommends using a central provisioning server when provisioning multiple phones to:

  • Configure multiple devices automatically
  • Facilitate automated software updates
  • Receive automatic log files
  • Add, remove, or manage features and settings to multiple phones simultaneously
  • Create phone groups and modify features and settings for each phone group

The centralized provisioning method is recommended for phone deployment of about 20 or more phones. After phones are provisioned with UC Software, you can configure features and settings for all phones with the UC Software configuration files that you store and modify on your provisioning server. For information about configuring features and settings, refer to Configure with the Master Configuration File.

To provision endpoints you will need provisioning server on premise or on Cloud with below minimum hardware recomondations basis on count of endpoints loads

In my case i have used minimum hardwares in my lab.

Server Details

Server Name HDD RAM NIC
polypro.ucchamp.com 200 16 GB 1

Network and Firewall details

Source Destination Protocol Port Number
Client FTP Server FTP 21
FTP Server Client FTP 21
       

Server Authentication

Before setting up the file server it is important to understand that the UCS firmware is pre-programmed with a default username and password which is used during authentication to the provisioning server.  The default credentials use the same string for both the username and password and are stored in as case-sensitive so if the FTP server uses case-sensitive username and/or password make sure the uppercase and lowercase characters are used correctly. (Traditionally username are not case-sensitive while passwords are, but this may depend on the actual file server product used).

Username Polycomadmin
Password Polycom!@3

User credentials can be changed manually on each phone prior to provisioning by accessing the Settings Advanced Administration Settings Network Configuration Provisioning Server menu.

Login Screen

  • Create a new Active Directory user account (or a local user account in the event that the FTP Server is running on a standalone Windows server)

2       3

Name Resolution

To facilitate simple access to the FTP site, select a dedicated hostname and configure it for name resolution.

  • Select a fully qualified domain name for the FTP server (e.g. ucs.schertz.name) and then create a new DNS Alias(CNAME) record in the proper zone pointing the physical server Host (A) record where the FTP service is installed and listening.

4

We are done with initial server configuratiosn now moving to FTP service configurations.

FTP service configurations

 

  • Using the directions provided in TechNet to Build an FTP Site on IISadd the FTP Server role, as well as any prerequisite IIS Web Service roles in the event that IIS is not currently installed on the desired server.
  • Launch Internet Information Services (IIS) Manager (inetmgr.exe) and expand the server object.  Right-click Sites and select Add FTP Site.
  • Enter a name for the new FTP site (e.g. Polycom) and then select or create a local path to place the root directory of the site (e.g. c:\inetpub\Polypro).5
  • On the Bindings and SSL Settings page disable secure sockets layer by selecting No SSL.

On the Authentication and Information page enable Basic authentication and then select Specified Users in the ‘Allow access to’drop-down list.  Enter the desired user name (e.g. sp-polycomadmin) in the field below, and enable both Read and Write 6

Because the devices should be able to upload configuration data as well as download it then both Read and Write permissions are required.

FTP Directory configuration

Now that the FTP service has been prepared the root directory needs to be populated.  This is a simple process given that every UCS package released by Polycom always includes the entire set of base files needed, so any version of UCS can be used to first populate the directory.

The desired software package can be downloaded from the Polycom Support site, either directly from the support page for a specific phone model, or from the Software Release Matrix page.  Depending on the number of different device models which need to be supported multiple packages may be required, but the first package selected is sufficient to instantiate the directory.

  • From the Polycom support site download the UCS Package latest version release sig split.zip (It is recommended to always download the ‘split’ package, the ‘combined’ packages can be ignored).
  • Expand the contents of the software package to the root of the defined FTP directory (e.g. c:\inetpub\Polycom).
  • 7

The package contains a number of directories and files but most of these can be ignored when dealing with Lync integration, including the directories which store sample configuration and localization files as well as the image and audio files.  The important files are highlighted in the table below.

Name Description
0000000000.cfg Default Master SIP Configuration File
*.sip.ld Firmware files for each unique phone model
sip.ver Text file which stores the full version number for this package
  • To insure that the phones have the appropriate rights to the directory add the desired user account (e.g. PlcmSpIp) to the root folder’s Access Control List and grant it Modify

8

An additional recommendation is to create dedicated directories to store call and diagnostic logs for each phone.  By default, they would all be written to the root directory which in larger deployments can lead to a lot of files being stored there, making it more difficult to weed through and manage files configuration files.

  • Create new folders named calls and logs in the root directory.9
  • Edit the master configuration file (0000000000.cfg) using Notepad or an XML Text Editor of choice and enter the names of the new directories for the LOG_FILE_DIRECTORY and CALL_LISTS_DIRECTORY 10
  • Notice that the APP_FILE_PATH parameter is set to sip.ld by default.  This tells the device to look in the root directory for the firmware files.  If desired the firmware files can also be moved into a new subdirectory (e.g. \firmware) and then the proper parameter value would be “firmware/sip.ld”.  For the purposes of this article, and for most deployments, the firmware files can be left in the default location.

DHCP Options configuration

For proper operation of the phones it is required to provide information about the location of critical network resources automatically to the phones via DHCP.  In this example Microsoft DHCP Services are currently configured to hand out IP addresses to any network hosts.  These options can be defined at either the server or scope level.

Provisioning Server Location

When receiving a dynamic IP address on the network the phone will by default look for the location of a provisioning server by first checking for the existence of DHCP Option 160.  In the event that option 160 is not configured then it will fall back to looking for Option 66.

The preferred option 160 is specific to Polycom UCS devices while the secondary option 66 value is commonly shared with other SIP phones as well.  Either option can be used with the UCS phones, thus the configuration of the existing network will typically drive the choice of which to utilize.  In a lab or green-field environment where no other hosts are leveraging option 66 then this can be used and is commonly pre-defined as an available option on most DHCP servers.  If some other devices are already leveraging option 66 then it may be best to utilize option 160 for these phones.

If planning to use option 160 with a DHCP server that does not already have it defined, like Microsoft Windows DHCP, then the option will first need to be created.

  • Using DHCP Managerhighlight the network type object (e.g. IPv4) and then select the Set Predefined Options
  • Click Addto create a new option and then enter a descriptive name (e.g. UCS Boot Server Name).  Change the Data Type to String and then enter 160 as the Code   If desired add a Description and then save the new option.

11

  • Configure the Server Options under the same network scope and then select option 160 UCS Boot Server Name.  For the data value use the format of <service type>://polypro.ucchamp.com
  • 12
  • In the event that option 66 is to be used instead of option 160 then it can be defined in a Microsoft DHCP server by simply configuring the pre-defined option.
    • Using DHCP Manager configure the Server Options under an existing IPv4 scope and then enable option 066 Boot Server Host Name.  For the data value use the format of <service type>://polypro.ucchamp.com
    • 13
  • Time Server Location

    Providing the location of a time server on the network is critical to operation of the phones, so if DHCP Option 42 is not already defined then it should be added to the same scope.

    • In the Server Options for the same scope enable 042 NTP Serversand then enter the IP address of at least one host which provides network time services (e.g. a Windows Active Directory Domain Controller).

    Time Offset

    Although the time server location will provide the accurate time required to perform authentication and registration processes the device will display the time in GMT by default.  To show the correct local time on the phone’s display the standard time offset DHCP parameter can be used.

    • In the Server Options for the same scope enable 002 Time Offsetand then enter the desired offset in seconds as a hexadecimal value (e.g. 0xffffaba0).

14.png

To calculate the correct hexadecimal value the Windows Calculator can be used in Programmer mode.  The following example is used for the Central Time Zone which is GMT -6.

  • Enable Programmer Mode (Alt+3) and select Dec and Qword.  Multiply the number of seconds in one hour (3600) by the desired offset value (make sure to include the negative sign if the time zone is earlier than GMT).

3600 x -6 = -21600

  • Select Hexto convert the value to hexadecimal.

FFFF FFFF FFFF ABA0

  • Select Dwordto convert the string from 64 bits to 32 bits.

FFFF ABA0

  • Insert the 0x prefix and remove the space for the final value which should be used as the data in Microsoft DHCP.

0xFFFFABA0

  • Microsoft Vendor Class ID

For the purposes of this article it is assumed that the network is not pre-configured to support the Vendor Class DHCP Option 43 or Option 120 as documented in the article Configuring Lync Server for Phone Edition Devices.  This option is leveraged by both UCS devices and Lync Phone Edition devices to download an internal, private certification authority (CA) certificate to establish TLS communications with the Lync Server as well as for supporting PIN Authentication.  When option 43 is not defined on the network then the CA certificate must be provided by the provisioning server to support standard NTLM authentication with user credentials, but the Lync Server PIN Authentication feature would not be available.

At this point the example network configuration used for this article is simply using options 2, 42, and 160 as shown below.

15

Validate Configuration

Before moving on with additional customization make sure that the FTP server is discoverable, available and the desired user credentials are working correctly.

Using the Windows Command Prompt use the ftp command to connect to the site using the configured FQDN, username, and password

The next step is to connect the phone to the network to make sure that the provisioning server is available before customizing any specific behaviour on the phones.  It is recommended to perform a full factory reset of the device first so that the process in this article can be followed without any problems created by any unknown settings.

If the phone’s current firmware does not match the version currently stored on the FTP server then the phone will automatically download and install that version after the first time it connects.

16

If the configuration was successful then the phone should display the correct Boot Server and BootSrv Type options which were provided via DHCP.  Because there are no custom settings yet defined then the Config value is blank.  The three default configuration containers (SIP, Web, Local) should display zero parameters configured.

As previously mentioned the phones will not only attempt to pull down settings but also upload any local settings to the provisioning server directory.  This allows the phones to backup any device-side settings to the central directory by creating two new files on the directory the first time they connect (if the files do not already exist).

Open the FTP root directory on the server and look for the newly created phone configuration file starting with the MAC address of the device and the suffix -phone. (e.g. 0004f28062d6-phone.cfg)

  • Open the file in an XML or Text viewer to view the newly defined configuration parameter in the OVERRIDES 

<?xml version=”1.0″ encoding=”UTF-8″ standalone=”yes”?>
<!– Application SIP PrairieDog 4.1.4.0296 29-Nov-12 02:40 –>
<!– Created 10-05-2013 11:12 –>
<PHONE_CONFIG>
<OVERRIDES np.normal.ringing.calls.tonePattern=”ringer10″/>
</PHONE_CONFIG>

During the initial connection to the FTP server the phone should have also uploaded separate application and boot log files into the defined log directory. (Or at the root of the FTP directory in the event that the CALL_LISTS_DIRECTORY parameter was left undefined).  These logs can be used to troubleshoot registration problems or other issues if needed.  Be aware that if a separate log directory is defined the phone may initially create these two logs files in the root directory during the first connection, but after pulling down the custom setting will then create new log files in the specified directory.  It is safe to delete any orphaned log files in the root directories in this case.

18.png

Configuring Global Settings

While this can be set manually on each phone, it is also possible to set this centrally. Each phone are powered on from a factory-reset state they will automatically enable Lync mode, and populate some or all of the user credentials.  The Polycom UC Administrator’s Guide covers many of the configurable parameters and can be used as a detailed reference for additional customization.

The general approach is to use a combination of files to provide various settings to the phones in an efficient manner.  Any parameters which would be configured on all devices should be defined in a single, shared configuration file (separately from the master configuration file) while device-specific settings would be included in a separate file for each phone

Master Configuration File

Actual device settings are not defined in the master configuration file, instead this file can be configured to point the phone to additional configuration files which will store the desired settings.  The names of these files need to be manually defined in the CONFIG_FILES parameter which supports one or more entries in a comma-separated list.

  • In the FTP root directory edit the Master Configuration File (000000000000.cfg) and add the device-specific file mask entry following value to the CONFIG_FILE parameter and save the file.

Real Presence Trio 8800:

CONFIG_FILES=”common-trio.cfg”19.png

VVX 500 & 501

CONFIG_FILES=”common-VVX.cfg”20

Shared Configuration File

Now that a shared configuration file has been defined (Common-Trip.cfg & Common-vvx.cfg) the file needs to be created and populated with the desired parameters.  Basically any parameter where every phone in the environment needs to receive the same value is a candidate for including in this file.

 

Most importantly the Base Profile will be set to Lync mode using the following set of parameters. All of those settings are pre-programmed into the Lync Base Profile which was introduced in the 4.1.0 release, so there is no longer any need to define all those other settings.

device.set=”1″

device.baseProfile.set=”1″

device.baseProfile=”Lync”

Secondly the root CA certificate is provided to the phone so that it will trust the certificate issued to the Lync Server to allow for secure TLS communications.  In the event that the DHCP server is already configured correctly with DHCP Options 43 and 120 then this parameter can be omitted from the configuration file.  There is no need to pass a private CA certificate in this manner as UCS will utilize DHCP 43 to locate the Lync Certificate Provisioning service and automatically download the certificate.

sec.TLS.customCaCert.1=" -----BEGIN CERTIFICATE-----

MIIDdTCCAl2gAwIBAgIQZECCncHjXKdLr5Vf+1VxbzANBgkqhkiG9w0BAQsFADBN

MRUwEwYKCZImiZPyLGvdbsdqqrYWwxFDASBgoJkiaJk/IsZAEZFgRhZGN4MR4w

HAYDVQQDExVhZGN4LUFEQ1hOWUNWRENTMDEtQ0EwHhcNMTYxMjA1MTExMDM0WhcN

NDYxMjA1MTEyMDMyWjBNMRUwEwYKCZImiZPyLGQBGRYFbG9jYWwxFDASBgoJkiaJ

k/IsZAEZFgRhZGN4MR4wHAYDVQQDExVhZGN4LUFEQ1hOWUNWRENTMDEtQ0EwggEi

MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGQ2UgqWMLmCHc7yFATumZdbFj

atE8x6DmeBX65mTz9pjPpc+FX8OzH4GjnwxqaYGDwkqD866afmfSw0Wtj6aKm0hS

wg5vjp+PBiEd1I/S5FjxhcAeQJYnGrtFMhpZ6WBUH7hB3wUeWbUL9tjvFMMECUOR

QG+97DDArUOZEANvv4zo1HscvjkxYl7GESdQDEeJDH2siFTXXSrE2iDQCEHSd3wv

Ed9rw1eL+uz1HCRBDnULLjkPEEhZyiqDXiktzDftjvPEHeXBRvjogr+g3uoSGW5H

C1/witnHbOJ8EIbm7SmKfPzLcsjA0kF+dzR3uzcet7osAzv4KG89kf4MmK7TAgMB

AAGjUTBPMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQD

yFONOjaN0lWJmMM7VMRUhcza5zAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0B

AQsFAAOCAQEAYH8OqhP18KbSz6tBUY2N4NE3XtTrekYUVoHNNr1OdK7qyP9AKCBU

6dlZOgEClWbOcNWny+gnLKEMNkFM/usc/G39zDt17UdiWGp6vKEFYR9Aefpr7Yni

g5ziRZ2g07K9cPvRjuIBooCuhEVKgLB5dELlN1i61FXN9BqOS/ymzlEIJ92LuHjQ

SZdGXHX0ga4PojOO7OP/1iu5aLrCVCTpp1TFSHsje7uwmH5x7IPEwQXzmxf2k0My

LYzzHyQUw3G4P3bKJp6OlHSGiL4GdLMjwfZ0SpvFcjSofijeKIMceEBZUEKuVTU6

DofEizZdvFMW4vGtBakQ/eHKdzt/pjmM7w==

-----END CERTIFICATE-----"

 

To locate the certificate trusted by the environment’s Lync Server follow the directions in the first section entitled Retrieving the CA Certificate Hash in this previous article.  Disregard the remainder of that article as it is outdated and applies to older UCS firmware versions (4.0) which pre-date the Lync Base Profile.

  • Open the certificate file which was exported and saved in the other article and copy the entire contents of the file to the clipboard, including the BEGIN and END 
  • Then open the Common-trio.cfg & Common-vvx.cfg file in XML Notepad and then paste the contents of the clipboard directly into the sec.TLS.customCert.1 parameter and save the changes to the file.

21.png

Note that the names used in the XML tags (e.g. LYNC, device, registration) have no special meaning and are only provided as a way to organize groups of parameters for easy reading.  Any name could be used, or if desired all parameters could be defined under the primary Lync tag as the file hierarchy is also not important.  The phone will simply read in all defined parameters in the file as long as at least one tag is defined.  The device configuration file example in the next section will use this approach to illustrate that either format is acceptable.

Exchange Integrations

Polycom SIP phones also support native integration with Microsoft Exchange Server for access to Calendar data with meeting reminders and click-to-join support for Skype for business Meeting invitations.

Devices that support both features can independently register to either Lync or Exchange, or both.  There is no dependency on either feature or server for either integration to function.  The only caveat is that Skype for business and Exchange registration use different configuration file parameters for being passed the Active Directory authentication credentials, but when the user credentials are added directly into the phone then the same set are used for both registration types.  This is another reason to follow the general practice of having users enter their own credentials into the phone and not having them pushed in-band from an unsecure text file on an FTP server.

Configuration Methods

There are a few different approaches which can be used to enable Exchange integration. At Ascensia we have used below centralized configured to access exchange web services.

Open the Common-trio.cfg & Common-vvx.cfg file in XML Notepad and then paste the contents of the clipboard directly into the below parameters

Attribute
Value
feature.exchangeCalendar.enabled
1
exchange.server.url
https://outlook.office365.com/EWS/Exchange.asmx/WSSecurity
exchange.meeting.reminderEnabled
1 or 0

and save the changes to the file.22.png

We are all set to test the polycom endpoints.

Test Device Registration

At this point the phones have enough information to register to Skype for business Server and it would be possible to simply enter the SIP address and user credentials for a Lync User directly on the phone itself.  Now is a good time to validate that this is functional in the environment before moving on to provisioning any additional account registration information.

  • Reboot the phone by either disconnecting the power temporarily or by selecting the Settings > Advanced > Reboot Phone menu option.

After the device completes rebooting it should have picked up the new configuration options in the shared file which will trigger Lync mode then default to the displaying the Sign In menu.

  • Using the phone’s keypad or on-screen keyboard enter the SIP Address, Active Directory Domain name, User name, and Password for the desired account.  The Domain field can be populated with either the NetBIOS Domain Name (e.g. SCHERTZ) or the DNS Domain Name (e.g. schertz.name).  In the User field if the user account’s sAMAccountName and Username are not identical in AD then make sure to use the value that matches the domain name format selected. (For additional details it is suggested to read through the Understanding Active Directory Naming Formats article.)

Once the credentials are entered select the More button and then select the Sign In button.  After a few seconds the phone should report a successful registration to Lync Server

25

Depending on the configuration of the Lync user’s Line URI field the Line 1 button will either show the extension, full telephone number, or Display Name of the user account.

  • To review the current configuration status on the phone navigate to the Settings > Status > Platform > Configuration menu to check the provisioning server status

16.png

The Config value should show the name of the shared configuration file as well as the number of parameters imported from each source.  The 5 parameters configured in the Common-trio.cfg or Common-VVX.cfg file are reflected in this screenshot.

Managing Firmware Updates

When new firmware versions are published for different Polycom SIP phones the associated package can be downloaded and easily added to the provisioning server’s Software directory.  Make sure never to simply copy over all the files though as this might overwrite a customized master configuration file and break the integration; only use the firmware files provided in the package.

Note: Make sure you have full backup of all the directory and configurations files. Do ot forget to replicate the customized changes to new configuration files.

  • Open the software release package and extract only the .sip.ld files copying them into the FTP root directory (or wherever the firmware files are stored on the provisioning server if a custom directory was configured).

27

As long as the firmware file stored on the server is a different version, newer or older, than what the device currently has installed then it will download and update the firmware automatically at the next reboot.

 

 


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s