Press "Enter" to skip to content

Polycom CX IP Phone Requirements Steps to be connected to OCS environment

GrahamWalsh 0

Here are some notes from my colleague Brahim Ait Oumeri at Polycom on setting up Polycom handsets to work with Microsoft Communications Server.

To setup CX IP Phones within CS14 environment, you will need to have the following setup:

 

  • CS14 up and running
  • Certificate Authority up and running (Could be integrated in Active Directory itself)
  • Network Time Protocol setup
    • Could be the Active Directory itself. In this case, you will need to enable “Windows Time Services” via GPO at domain level.
  • Publish Root CA in the Active Directory
  • Enable “Auto-Enrollement” policy in the Active Directory Domain Controller via GPO at domain level
  • DHCP setup for following options
    • IP address
    • Mask
    • Router (Gateway)
    • DNS
  • DNS setup for 2 SRV records
    • _ntp record
    • _sipinternaltls

 

Below are the procedures step by step for each part of configuration. I had also added a troubleshooting case scenario.

1 – Enabling Windows Time Server

Step 1 – Open Group Policy 
Step1
Step 2 – Navigate to Forests > Domain > Your Domain > Group Policy Objects > Default Domain Policy & right click and choose Edit
Step2
Step 3 – Navigate to Policy > Administrative Templates > System > Windows Time Service > Time Providers > Open Enable Windows NTP Server
Step3
Step 4 – Select Enabled and OK
Step4
You should now have the Windows Time server showing as enabled.
Time
2 – Publish the Root CA certificate in AD Domain Controller

 

Step 1 – Export the certificate of the Root CA to a .cer file.

 

The following file formats are supported:
  • DER encoded binary X.509 (.cer)
  • Base-64 encoded X.509 (.cer)

 

– Then copy the Root CA certificate under C:windowssystem32>

 

Step 2 – Publish the Cert

 

Run the following command:
C:windowssystem32>certutil.exe –f –dspublish certnew.cer NTAuthCA
  • certnew.cer is being the Root CA certificate
  • NTAuthCA is being the name of your Root CA Certificate Authority server

 

The result message should be at the end the following:
CertUtil: -dsPublish command completed successfully.

 

3 – Procedure to setup in AD the “Auto-Enrollement” policy

 

Step 1 – Open the Group Policy Configuration and navigate to Default Domain Policy > Computer Configuration > Policies > Windows Settings > Security Settings > Public Key Policies
Step1
Step 2 – Double click on Certificate Services Client – Auto Enrolment and select Enabled
Step2
Step 3 – Click on Apply and OK.
Step3
4 – DHCP setup for following options

 

  • IP
  • Mask
  • Router (Gateway)
  • DNS
You will need to pay attention to the SIP domain name you configure here.
If CX IP Phone cannot sign-in, you will need to take wireshark to see if the CX is being sent the right domain name string

 

5 – DNS setup for following options

 

  • _ntp SRV record using port 123 pointing to the DC is Windows NTP is enabled on DC server
_ntp._udp.<SIP Domain>
  • _sipinternaltls SRV record using port 5061 pointing to the OCS pool
_sipinternaltls._tcp.<SIP Domain>

 

6 – Troubleshooting scenarios

 

Possible root cause 1
If you put an incorrect DNS entry in DHCP, then the CX IP phone will not be able to sign-in and you will see in the CX IP screen in sequence way the following messages in the screen of the phone:
  • Acquiring IP address
  • Connecting to Network Time Protocol server
  • Connecting to Office Communication Server
  • Cannot locate the server. If the problem persists, contact your administrator
In this case, the root cause was that the DNS entry in DHCP were wrong since the last message you see in the CX IP screen “Cannot locate the server …”.

 

Possible root cause 2
Check if you get the right IP address from the DHCP server in the CX IP Phone, by navigating through the IP configuration menu in the CX IP phone.
Thanks for Brahim for taking to the time to document this.

 

 

 

 

 

 

 

 

 

1660total visits,2visits today

Show Buttons
Hide Buttons