 | For the past several years customers adopting Lync Enterprise Voice have deployed either "Lync Optimized" or "Lync Compatible" phones to replace their existing legacy PBX phones. The differences between these two classes of Lync-based devices have already been explained in a previous blog article and will not be repeated here. Up until recently, one common requirement for both families of phones has been the need for a DHCP infrastructure. DHCP is mandatory for "Lync Optmized" phones since there is no way to manually set the IP address for these devices. In contrast, the "Lync Compatible" phones such as the Polycom VVX Business Media Phones can allow administrators to manually set the IP address, however, the phone still requires DHCP Option 43 to be provided in order for the phone to download the root and device certificates for TLS and Media encryption. This may pose a challenge for environments where DHCP is simply not deployed. This article explores a new feature in the recently released UCS5.3 firmware for the Polycom VVX Business Media phones and how it can allow both PIN and AD login without any DHCP infrastructure. |
In summary, DHCP option 43 provides the phones with the Lync Certificate Provisioning service URL in order for the phone to download the Root CA certificate, which is typically done the first time the phone attempts to login to Lync, as well as to download the device certificate known as TLS-DSK for authentication. Fellow MVP Jeff Schertz has written a detailed article on how DHCP option 43 works. So what happens when DHCP is not deployed in the network? Enter the latest UCS5.3 firmware for Polycom VVX phones which provides the ability to manually specify DHCP Option 43 as a optional parameter known as "DHCP Option 43 Override STS-URI". To access this parameter simply access the phones web admin interface using a browser and navigate to Settings->Provisioning Server. A new "DHCP Menu" section has been added to this page as shown in the diagram below"
In the box highlighted above, we can enter the full URL of the Lync Certificate Provisioning Service, for example https://lyncweb.mydomain.local/certProv/certificateProvisioningService.svc and the phone will use this for downloading the root CA and device authentication certificates. Polycom also provides the ability to login using either PIN authentication or NTLM username/password via the web admin interface. To do this navigate to Settings->Lync SignIn and choose the authentication type from the drop down box as shown in the two diagrams below:
 |  |
Once successfully signed in, the phone also provides very useful information regarding the current signed in user's profile. Navigate to Diagnostics->Lync Status and a number of sections are available as shown in the diagram below:
Conclusion
In summary, Polycom's new UCS5.3 firmware for its VVX Phones contains a host of new features for Lync environments including the ability to manually specify the certificate provisioning service URL without the need for a DHCP server. To learn more about the new features, contact your nearest Polycom Sales Representative or Reseller.
In summary, Polycom's new UCS5.3 firmware for its VVX Phones contains a host of new features for Lync environments including the ability to manually specify the certificate provisioning service URL without the need for a DHCP server. To learn more about the new features, contact your nearest Polycom Sales Representative or Reseller.
RSS Feed