Deployment Guide for the Polycom® CX700 IP Phone R2 | July 2010 | 1725-31424-001 Rev.
Trademark Information POLYCOM®, the Polycom “Triangles” logo and the names and marks associated with Polycom’s products are trademarks and/or service marks of Polycom, Inc. and are registered and/or common law marks in the United States and various other countries. All other trademarks are property of their respective owners.
About This Guide Thank you for choosing the Polycom® CX700 IP phone which enables a new era in unified communications currently unavailable with traditional desktop phones.
Deployment Guide for the Polycom CX700 IP Phone iv
Contents About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii 1 Deploying Polycom CX700 Phone within a Microsoft Office Communications Server 2007 R2 Environment . . . . . . . . . . . .1 DHCP and the Polycom CX700 IP Phone . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 DHCP Search Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 DNS and the Polycom CX700 IP Phone . . . . . . . . . . . . . . . . . . . . . . . . .
Deployment Guide for the Polycom CX700 IP Phone Configuring Windows Server as an NTP Time Source . . . . . . . . . . . . . . . . 43 Enabling Automatic Certificate Enrollment . . . . . . . . . . . . . . . . . . . . . . . . . 45 Making the Root CA Certificate Available to a Polycom CX700 Phone . . 48 Installing a Public Root CA Certificate on a Polycom CX700 Phone . . . . . 49 Confirming the Current Software Version . . . . . . . . . . . . . . . . . . . . . . . . . . .
1 Deploying Polycom CX700 Phone within a Microsoft Office Communications Server 2007 R2 Environment The Polycom® CX700 IP phone running Microsoft® Office Communicator 2007 R2 Phone Edition is an intelligent IP phone that is designed to get the most out of the Microsoft unified communication platform. The Polycom CX700 phone combines network voice, user-driven design, up-time reliability, quality audio, and the improved communication and collaboration of Microsoft® Office Communications Server 2007 R2.
Deployment Guide for the Polycom CX700 IP Phone For the most up-to-date version of the Deploying Microsoft Office Communicator 2007 R2 Phone Edition documentation and the complete set of the Microsoft® Office Communications Server 2007 R2 online server and client documentation, see the Office Communications Server TechNet Library at http://go.microsoft.com/fwlink/?LinkID=132106.
Deploying Polycom CX700 Phone within a Microsoft Office Communications Server 2007 R2 Environment To enable search option 119 for Windows Server 2003 DHCP server: 1. Open DHCP. (To open DHCP, click Start, point to Settings, click Control Panel, double-click Administrative Tools, and then double-click DHCP.) 2. In the console tree, click the applicable DHCP server. 3. On the Action menu, click Set Predefined Options. 4. In Predefined Options and Values, click Add (Option Class Standard), and then click OK.
Deployment Guide for the Polycom CX700 IP Phone When the Polycom CX700 phone connects to the Microsoft Office Communications Server 2007 R2, it queries in the following order. 1. Hosts and port pointed to by these SRV records — _sipinternaltls._tcp. — _sip._tls. — _sipinternal. tcp. 2. sipinternal.:5061 3. sipinternal.:443 4. sip.:5061 5. sip.:443 6. sipexternal.:5061 7. sipexternal.
Deploying Polycom CX700 Phone within a Microsoft Office Communications Server 2007 R2 Environment Outlook 2007 uses Active Directory Service Connections Points (SCP) and DNS SRV records to locate Exchange Server 2007 CAS. However, the device does not support these additional methods. The Autodiscover service finds and presents the various URLs that are used to interact with Exchange Web Services and information about how to connect Outlook 2007 to Exchange Server 2007.
Deployment Guide for the Polycom CX700 IP Phone Although the actual operations of these two providers are closely related, they appear independent to the time service. By default, when a computer that is running Windows Server 2003 is connected to a network, it is configured as an NTP client. The Polycom CX700 phone searches for a NTP server in DNS as follows: • NTP SRV record (UDP port 123) — _ntp._udp. pointing to NTP server If it cannot find the NTP SRV record, it will try to use windows.
Deploying Polycom CX700 Phone within a Microsoft Office Communications Server 2007 R2 Environment • TLS (Transport Layer Security) and MTLS (Mutual Transport Layer Security) enable endpoint authentication and instant messaging (IM) encryption. Media streams are encrypted by using Secure Real-time Transport Protocol (SRTP). These fundamental elements work together to define trusted users, servers, and connections.
Deployment Guide for the Polycom CX700 IP Phone 2. If the search for Active Directory objects of category CertificationAuthority does not return any objects, or if the objects have empty caCertificate attributes, the device searches for Active Directory objects of category pKIEnrollmentService in the configuration naming context. Such objects exist if certificate AutoEnrollment was enabled in Active Directory.
Deploying Polycom CX700 Phone within a Microsoft Office Communications Server 2007 R2 Environment — Cn=Certificate Authorities, cn=Public Key Services, CN=Services, cn=Configuration, dc= The LDAP request is BaseDN: CN=Configuration, dc= Filter: (objectCategory=pKIEnrollmentService) and searched for attribute is dNSHostname. Be aware that the device downloads the certificate by using HTTP get http:///certsrv/certnew.p7b?ReqID=CACert&Renewal=-1 &Enc=b64.
Deployment Guide for the Polycom CX700 IP Phone 10 Vendor Certificate Name Expiry Date Key Length Equilax Equifax Secure Certification Authority 8/22/2018 1024 GeoTrust GetTrust Global CA 5/20/2022 2048 GoDaddy GoDaddy Class 2 Certification Authority 6/29/2034 2048 GoDaddy http//www.valicert.
2 Upgrading Polycom CX700 Phone within a Microsoft Office Communications Server 2007 R2 Environment This chapter detailed instructions on how to upgrade Polycom CX700 IP Phone. Due to a number of issues, the upgrade may be a two-step process, which includes a hard reset of the phone to remove any pre-existing phone credentials, certificates chains, and URLs.
Deployment Guide for the Polycom CX700 IP Phone Introduction The Polycom® CX700 IP Phone may contain one of the following software releases: Software Releases Corresponding Microsoft Office Communications Server (OCS) 2007 1.0.199.123 OCS 2007 (R1)—software on phones 1.0.522.101 OCS 2007 (R1)—download from Microsoft web site 3.5.6907.35 OCS 2007 (R2)—download from Microsoft web site This section will focus on upgrading the Polycom CX700 phone from 1.0.199.123 to 1.0.522.101 and then to 3.5.6907.
Upgrading Polycom CX700 Phone within a Microsoft Office Communications Server 2007 R2 Environment Sign-in address: ocstest1@fabrikam.com(fabrikam.com represents in this document) Domain\User name: contoso.com\ocstest1(contoso.
Deployment Guide for the Polycom CX700 IP Phone The Polycom CX700 phone reset options are as follows: • Power cycle— Reboot the phone by removing and then reapplying power • Soft Reset—Press the reset button on the back of the phone just long enough to reset it • Hard Reset - Unplug the phone, use a paper clip to press and hold the reset button (small hole on back between USB and Headphone jack), reapply power (while continuing to hold down the reset button) until the scroll bar on the display goes al
Upgrading Polycom CX700 Phone within a Microsoft Office Communications Server 2007 R2 Environment http://POOL01.contoso.com/DeviceUpdateFiles_Int/UCPhone/Polycom/CX 700/A/ENU/1.0.522.101/CPE + Element: XmlElement: https://ocsrp.fabrikam.com/DeviceUpdateFiles_Ext/UCPhone/Polycom/C X700/A/ENU/1.0.522.101/CPE Scenario The upgrade instructions in this document assume the following conditions: • Starting state for a Polycom CX700 phone is software release 1.0.199.
Deployment Guide for the Polycom CX700 IP Phone Device Update File Storage During Microsoft Office Communications Server 2007 R2 installation, Device Update Service is automatically installed on all servers running the Web Components Server role. You do not need to plan for additional servers to support Device Update Service. Device Update Service uses a number of files that must be stored on a file system.
Upgrading Polycom CX700 Phone within a Microsoft Office Communications Server 2007 R2 Environment How Polycom CX700 Phones Connect to the Device Update Service At a high level, a Polycom CX700 phone using the default configuration connects to the Microsoft Office Communications Server (OCS) 2007 R2 Device Update Service in the following way: 1.
Deployment Guide for the Polycom CX700 IP Phone 2. If the phone determines it is running a down level version of firmware it issues either an HTTP or HTTPS GET request to the pool hosting the Device Update Service: http://192.168.7.81/DeviceUpdateFiles_Int/UCPhone/Polycom/CX700 /A/ENU/1.0.522.101/CPE/CPE.nbt https://63.123.155.6/DeviceUpdateFiles_Int/UCPhone/Polycom/CX70 0/A/ENU/1.0.522.101/CPE/CPE.nbt Where 192.168.7.81 is the internal pool IP address and 63.123.155.
Upgrading Polycom CX700 Phone within a Microsoft Office Communications Server 2007 R2 Environment • Query DNS for _sipinternal._tcp. SRV record (_sipinternal._tcp.fabrikam.com) • Query DNS for _sipinternal._tcp. . SRV record (_sipinternal._tcp.fabrikam.com.contoso.com) • Query DNS for _sip._tls. SRV record (_sip._tls.fabrikam.com) • Query DNS for _sip._tls. . SRV record (_sip._tls.fabrikam.com.contoso.
Deployment Guide for the Polycom CX700 IP Phone 17. Polycom CX700 phone attempts HTTP request to download RootCA cert chain using Kerberos (SPNEGO) (Kerberos Auth fails) 18. Polycom CX700 phone attempts HTTP request to download RootCA cert chain using Kerberos (SPNEGO) w/different key (Kerberos Auth succeeds) 19. DC streams Base64 certificate chain to Polycom CX700 phone via HTTP (URL: /certsrv/certnew.p7b, Using SPNEGO Authentication) 20.
Upgrading Polycom CX700 Phone within a Microsoft Office Communications Server 2007 R2 Environment When looking through a NetMon trace from an upgrade to 1.0.522.101, you may notice that the DNS query for ucupdates-r2. does not occur until the CPE.NBT file had already started streaming to the OCPE device. This happens when you sign into the phone prior to the upgrade starting; if you do not sign in, the DNS query would have occurred at the beginning of the trace.
Deployment Guide for the Polycom CX700 IP Phone c Configure DNS for (contoso.com is used in the example) Add A records for: — yourPoolName.contoso.com pointed to the IP address of the pool running Device Update service — ucupdates-r2.contoso.com pointed to the IP address of the pool running Device Update service. If you currently have a ucupdates. A record, it can be deleted if all your Polycom CX700 phones are release 1.0.199.123 or later.
Upgrading Polycom CX700 Phone within a Microsoft Office Communications Server 2007 R2 Environment — Performs a hard reset, and then recalibrate the phone. — Sign-in to the Polycom CX700 phone using your SIP URI for the Sign-in Address value and your domain FQDN for the Domain\User name value (e.g., ocstest1@fabrikam.com and contoso.com\ocstest1 respectively). 4. Upgrade Polycom CX700 phone from release from 1.0.522.101 to 3.5.6907.35 — Download the latest build 6907 ucupdates.exe file http://www.microsoft.
Deployment Guide for the Polycom CX700 IP Phone Step 1.1 - Configure DHCP The first step is to make sure the Polycom CX700 phone can get an IP address and the necessary DNS (and potentially WINS) information it needs to locate a time service, certificate chain and pool running the Device Update service. The figure below shows both WINS and DHCP Option 119 configured but typically you will only configure Option 119 and leave the WINS scope options out.
Upgrading Polycom CX700 Phone within a Microsoft Office Communications Server 2007 R2 Environment DNS Type Name Port IP Address / FQDN Internal Zone A sip. N/A IP/VIP of Pool running Device Update. A autodiscover. N/A Internal IP/VIP of Exchange server running CAS role. Note: this assumes SIP URI matches the user’s Primary SMTP address in Exchange. SRV _sipinternaltls._tcp. 5061 FQDN of Pool containing user(s) signing into the OCPE device being upgraded.
Deployment Guide for the Polycom CX700 IP Phone Step 1.3 - Configure Certificates Two approaches to configure certificates are provided. By default, a Windows 2008 / 2003 Enterprise Certificate Authority (CA) will publish the trusted root certificate chain in Active Directory automatically. To determine whether you need to run certutil, you can confirm that the certificate chain is present by running ADSIedit.
Upgrading Polycom CX700 Phone within a Microsoft Office Communications Server 2007 R2 Environment Do one of the following: • Upload certificate chain If for some reason the cACertificate attribute is not populated, or you want to make sure that it contains the information you want, you can run certutil with the -f option to force an override as shown. On a domain controller, open cmd.exe and run the following command: certutil -f -dspublish ".
Deployment Guide for the Polycom CX700 IP Phone Modify Device Update Service External URLs (required even if upgrading OCPE devices internally) There are two URLs used by external Polycom CX700 phones for downloading updates; the DownloadURL and StoreURL. If there are Polycom CX700 phones that need to upgrade remotely, then use either the Automatic or Manual method to configure the DownloadURL / StoreURL values using WMI.
Upgrading Polycom CX700 Phone within a Microsoft Office Communications Server 2007 R2 Environment To determine the correct syntax for the DB to connect to you can look at the Pool, Database tab; the value listed for Database Instance Name: is the value you substitute for $poolbackend$. Also, double quotes work as well as single quotes Also, you have to add a second backslash to existing backslash separating the instance name from the database name as shown (for example, '(local)\\rtc'): 4.
Deployment Guide for the Polycom CX700 IP Phone 5. Double-click the ExternalUpdatesDownloadURL and ExternalUpdatesStoreURL properties to edit them, and type the values for each property as follows: For ExternalUpdatesDownloadURL, type https://ReverseProxyFQDN/RequestHandlerExt/ucdevice.upx 6. Click Save Property. For ExternalUpdatesStoreURL, type https://ReverseProxyFQDN/DeviceUpdateFiles_Ext 7. Click Save Property and then Save Object to save the instance. 8. Click Close. 9.
Upgrading Polycom CX700 Phone within a Microsoft Office Communications Server 2007 R2 Environment • Internal — Using a browser from inside the corporate firewall, connect to: http://FQDNofPoolRunningDeviceUpdateService/DeviceUpdateFil es_Int/OCInterim/ENU/cpe.nbt and verify that you can download the file. If you can, chances are the Polycom CX700 phone can. The CPE files stored in the OCInterim directory are for build 522.103. If you have used the Device Update service to upload 1.0.522.
Deployment Guide for the Polycom CX700 IP Phone For details on Verifying External Device Access refer to the Microsoft Office Communications Server (OCS) 2007 R2 product documentation: http://technet.microsoft.com/en-us/library/dd572289(office.13).aspx In previous releases of OCS 2007, Polycom CX700 phones operating outside the firewall connected to the update service by using anonymous access. In this release, to enhance security, Polycom CX700 phones by default must use NTLM authentication.
Upgrading Polycom CX700 Phone within a Microsoft Office Communications Server 2007 R2 Environment To prepare the software update files: 1. Download the Microsoft Office Communications Server (OCS) 2007 1.0.522.101 Polycom CX700 phone software release (UCUpdates.exe) here and store it on a Pool Front End server (for example, c:\UCUpdates\522.101). 2. Open a CMD window, change to the directory where you downloaded the 1.0.522.101 version of UCUpdates and run the ucupdates.exe file.
Deployment Guide for the Polycom CX700 IP Phone 4. Sign in to the Polycom CX700 phone using an account that is on the same pool as the Device Update service. If the Polycom CX700 phone is not picking up downloads, be sure the client version filter is set properly and that WMI has been configured with internal (BaseURL) and external (ExternalBaseURL values.
Upgrading Polycom CX700 Phone within a Microsoft Office Communications Server 2007 R2 Environment Step 3 - Upgrade Polycom CX700 Phones from 1.0.522.101 to 3.5.6907.35 This is the final step in the upgrade process and can be conducted on a one-off basis or after all Polycom CX700 phones have been upgraded from release 1.0.522.101 to 3.5.6907.35.
Deployment Guide for the Polycom CX700 IP Phone 6. Click the Pending Updates tab and ensure that 3.5.6907.9 is in the “Pending” state. Do not change it at this time. 7. If using a different Polycom CX700 phone for testing release 3.5.6907.9, click the Test Devices tab and add the Polycom CX700 phone to be upgraded (no spaces / dashes in the MAC address); otherwise, use the existing test device. Step 3.2 - Upgrade the Polycom CX700 Phone from 1.0.522.101 to 3.5.6907.
Upgrading Polycom CX700 Phone within a Microsoft Office Communications Server 2007 R2 Environment 3. Calibrate the phone and sign in. 4. Confirm the Polycom CX700 phone is running release 3.5.6907.9 by clicking About on the main menu and checking the Version information. Click OK to return to the Sign in screen. The Polycom CX700 phone is now ready to use.
Deployment Guide for the Polycom CX700 IP Phone 38
3 Troubleshooting the Polycom CX700 Phone This chapter contains general troubleshooting information to help you solve any problems you might encounter when you use the Polycom® CX700 Phone in a wireless environment. The phone can provide feedback in the form of on-screen error messages, status indicators, and log files for troubleshooting issues.
Deployment Guide Polycom CX700 Logs Used for Troubleshooting To confirm that a Polycom CX700 phone running release 1.0.199.123 is not having issues locating resources, you can use a browser to FTP to the device and copy over the Communicator and DOMO log files. Use the IP address assigned to the device (for example, ftp://192.168.7.235). This option does not work for releases 1.0.522.101 or later. If the Polycom CX700 phone running release 1.0.199.123 contains a ucupdate.
Troubleshooting the Polycom CX700 Phone To confirm the Polycom CX700 phone can locate / run ucdevice.upx (which in turn locates the correct CPE.NBT file): >> Use a browser to confirm you can access the virtual directory where the ucdevice.upx file is located: Internal http://pool01.contoso.com/RequestHandler/ucdevice.upx When hitting this link, an XML file showing the current firmware version will be displayed if security is set properly. External http://ocsrp.fabrikam.com/RequestHandlerExt/ucdevice.
Deployment Guide Polycom CX700 When you use NetBIOS style, the phone needs to use the name to find a domain controller. If WINS is configured for use by the phone (via DHCP), it will use that. However if WINS is not configured, and the phone is on another subnet than the domain controller, it needs to use DNS to find it. The way it looks for a domain controller is using the DC locator SRV records in DNS (_ldap._tcp.dc._msdcs.).
Troubleshooting the Polycom CX700 Phone How to Configure DHCP Option 119 To configure DHCP Option 119: 1. From DHCP Administrator, right click DHCP server name and select Set Predefined Options. 2. Leave Option class: as DHCP Standard Options and click Add. 3. For Name:, enter DNS Search List, set Code: to 119 and Data Type to String, leave the Array check box unchecked (it is not an array) and click OK. 4. Right click Scope Options, select Configure Options, check Option 119 DNS Search List. 5.
Deployment Guide Polycom CX700 6. In the right pane, right-click NtpServer, then Modify, in the Edit DWORD Value under Value Data type the Domain Name System (DNS), each DNS must be unique and you must append 0×1 to the end of each DNS name otherwise changes will not take effect. By default this is set time.windows.com,0x9 and was changed to contoso.com,0x1 7. Now click OK. 8.
Troubleshooting the Polycom CX700 Phone 6. From the Group Policy Object Editor menu, select File and click Exit. Enabling Automatic Certificate Enrollment For Windows 2008 To configure autoenrollment Group Policy for a domain: 1. On a domain controller running Windows Server 2008 R2 or Windows Server 2008, click Start, point to Administrative Tools, and then click Group Policy Management. 2.
Deployment Guide Polycom CX700 — Expiration notification controls when the end user is notified that a certificate is about to expire. 8. Click OK to accept your changes. 9. Run the following command at an elevated command prompt: gpupdate /force Automatic enrollment will start working in about 90 seconds for any applicable templates.
Troubleshooting the Polycom CX700 Phone 6. From the Group Policy Object Editor menu, select File and click Exit. To confirm that the Certificate Authorities is set: 1. Click Start, Run, type ADSIEDIT.MSC and click OK. 2. Select Configuration [yourDC.yourDomain.com] 3. Select CN=Configuration,DC=yourDomain,DC=com 4. Select CN=Services 5.
Deployment Guide Polycom CX700 Making the Root CA Certificate Available to a Polycom CX700 Phone Communication between the Polycom CX700 phone and Microsoft Office Communications Server 2007 R2 is by default encrypted using TLS and SRTP. Therefore, the device needs to trust certificates presented by Microsoft Office Communications Server 2007 R2 servers.
Troubleshooting the Polycom CX700 Phone Installing a Public Root CA Certificate on a Polycom CX700 Phone The Public Certificate you are using on your Edge server(s) is not trusted by the Polycom CX700 phone, because its corresponding Root CA certificate is not installed on the phone per default. You can use the certutil mechanism to install the Public Root CA certificate. First, you download the certificate from the CA’s web site.
Deployment Guide Polycom CX700 50
