UCPrimer
  • Tech Blog
  • About UCPrimer.com

Deploying Lync Enterprise Voice phones without DHCP

4/27/2015

3 Comments

 
Picture
For the past several years customers adopting Lync Enterprise Voice have deployed either "Lync Optimized" or "Lync Compatible" phones to replace their existing legacy PBX phones. The differences between these two classes of Lync-based devices have already been explained in a previous blog article and will not be repeated here. Up until recently, one common requirement for both families of phones has been the need for a DHCP infrastructure. DHCP is mandatory for "Lync Optmized" phones since there is no way to manually set the IP address for these devices. In contrast, the "Lync Compatible" phones such as the Polycom VVX Business Media Phones can allow administrators to manually set the IP address, however, the phone still requires DHCP Option 43 to be provided in order for the phone to download the root and device certificates for TLS and Media encryption. This may pose a challenge for environments where DHCP is simply not deployed. This article explores a new feature in the recently released UCS5.3 firmware for the Polycom VVX Business Media phones and how it can allow both PIN and AD login without any DHCP infrastructure.
In summary, DHCP option 43 provides the phones with the Lync Certificate Provisioning service URL in order for the phone to download the Root CA certificate, which is typically done the first time the phone attempts to login to Lync, as well as to download the device certificate known as TLS-DSK for authentication. Fellow MVP Jeff Schertz has written a detailed article on how DHCP option 43 works. So what happens when DHCP is not deployed in the network? Enter the latest UCS5.3 firmware for Polycom VVX phones which provides the ability to manually specify DHCP Option 43 as a optional parameter known as "DHCP Option 43 Override STS-URI". To access this parameter simply access the phones web admin interface using a browser and navigate to Settings->Provisioning Server. A new "DHCP Menu" section has been added to this page as shown in the diagram below" 
Picture
In the box highlighted above, we can enter the full URL of the Lync Certificate Provisioning Service, for example https://lyncweb.mydomain.local/certProv/certificateProvisioningService.svc and the phone will use this for downloading the root CA and device authentication certificates. Polycom also provides the ability to login using either PIN authentication or NTLM username/password via the web admin interface. To do this navigate to Settings->Lync SignIn and choose the authentication type from the drop down box as shown in the two diagrams below:
Picture
Picture
Once successfully signed in, the phone also provides very useful information regarding the current signed in user's profile. Navigate to Diagnostics->Lync Status and a number of sections are available as shown in the diagram below:
Picture
Conclusion
In summary, Polycom's new UCS5.3 firmware for its VVX Phones contains a host of new features for Lync environments including the ability to manually specify the certificate provisioning service URL without the need for a DHCP server. To learn more about the new features, contact your nearest Polycom Sales Representative or Reseller.
3 Comments
Adarsh P S
5/10/2016 02:28:42 am

I was trying to do the same with VVX 410 deployment. the UC version is 5.4.3.

Is it possible to override option 42 and point the NTP server?
If possible how we can do it in through provision server.

Reply
Brennon link
5/17/2016 02:37:52 am

Yes you can override Option42 either from the Web UI or through provisioning server via the parameter tcpIpApp.sntp.address = <FQDN or IP> and tcpIpApp.sntp.address.overrideDHCP = 1

Reply
April
5/25/2021 12:11:59 am

Thank you! This fixed an issue that I was having with a few phones not getting the new Skype certificate.

Reply

Your comment will be posted after it is approved.


Leave a Reply.

    Picture
    Picture

    Important Links

    Microsoft Teams Docs
    Microsoft Learn

    ​Microsoft MVP Blogs

    Michael Tressler’s Blog
    Michael’s MTR Quick Tip Videos
    Jimmy Vaughan’s Blog
    Jeff Schertz
    Adam Jacobs
    James Cussen
    ​Damien Margaritis

    Archives

    September 2022
    August 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    June 2021
    April 2021
    March 2021
    December 2020
    October 2020
    September 2020
    August 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    March 2019
    November 2018
    October 2018
    September 2018
    August 2018
    June 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    August 2017
    July 2017
    April 2017
    March 2017
    February 2017
    January 2017
    November 2016
    October 2016
    September 2016
    August 2016
    July 2016
    June 2016
    May 2016
    April 2016
    March 2016
    January 2016
    November 2015
    October 2015
    September 2015
    August 2015
    July 2015
    June 2015
    May 2015
    April 2015
    March 2015
    February 2015
    January 2015
    December 2014
    November 2014
    October 2014
    September 2014
    August 2014
    July 2014
    June 2014
    May 2014
    April 2014
    March 2014
    February 2014
    January 2014
    December 2013
    November 2013
    October 2013
    September 2013
    August 2013
    July 2013
    June 2013
    May 2013
    April 2013
    March 2013
    February 2013
    January 2013
    December 2012
    November 2012
    September 2012
    August 2012

    Categories

    All
    Edge
    Exchange 2013
    Hybrid
    Lpe
    Lync 2010
    Lync 2013
    Mobility
    Oauth
    Office365
    Polycom
    Ucs

    RSS Feed

    This website uses marketing and tracking technologies. Opting out of this will opt you out of all cookies, except for those needed to run the website. Note that some products may not work as well without tracking cookies.

    Opt Out of Cookies