Step by Step configuration of Polycom IP phones using FileZilla FTP Server

We are going to start with creating Lync.cfg file used to configure user on Polycom followed by Set up FTP Server for loading configuration files to Polycom IP phone, Configure your phone to point FTP server, Importing the Configuration File and Storing User Credentials.

Before we start I hope you have basic knowledge of using arrow key.

Retrieving the CA Certificate Confusion:

In order to configure trust relationship with the Polycom SIP phones the CA certificate will need to be manually provided to the phone as part of the provisioning process.

The first step is to identify the certificate currently applied to the Lync Server so that the proper CA certificate is exported.

§  On the Lync Server in which the phones will be configured to register to launch the Lync Server Management Shell and run the Get-CsCertificate cmdlet.

§  Although all usages should normally have the same certificate assigned look for the Use: Default entry to identify the certificate assigned to the SIP registrar on the Lync Server.  This usage will show the Issuer as well as the certificate Subject. Issuer and certificate information validated, the certificate must be exported to a text file so that the raw mess text can be accessed.

§  On the same Lync Server open the Microsoft Management Console (mmc.exe) add the Certificates snap-in and manage the Computer account of the Local computer.

§  Expand the Personal store, then Certificate store and open the server certificate used by Lync and select the Certification Path tab.

§  Select the root certificate at the top of the tree and click View Certificate.  This will open the root certificate for the CA which issued this server certificate.

  

§  Select the Details tab in the new window and verify the Subject Name matches the CN field from the Issuer value in the previous Get-CsCertificate output.  Click the Copy to File button to launch the Certificate Export Wizard.

§  In the export wizard select Base-64 encoded X.509 (.CER) as the Export File Format.

§  Save the exported file (e.g. c:\RootCA.cer) and keep this file handy for later, as a configuration step in the next section will require the contents of this file.

Configuration

Now that the certificate information has been retrieved, next step to configuring a standard SIP phone is to prepare an XML configuration file with all of the Lync-specific settings which will be imported directly into the phone using the web management interface.

Creating Lync.cfg file using XML notepad:

Copy the text in the quote box below and save it to a new text file called lync.cfg.

<lync>
  <profile reg.1.address="user1@contoso.com" msg.mwi.1.callBack="sip:user1@contoso.com;opaque=app:voicemail" />
  <registration voIpProt.server.1.address="lyncserver.contoso.local" sec.TLS.customCaCert.1="" sec.TLS.profileSelection.SIP="ApplicationProfile1" reg.1.auth.useLoginCredentials="1" voIpProt.SIP.mtls.enable="0" voIpProt.server.1.specialInterop="lync2010" voIpProt.server.1.transport="TLS" voIpProt.SIP.allowTransferOnProceeding="0" />
  <features feature.presence.enabled="1" feature.messaging.enabled="1" msg.mwi.1.callBackMode="contact" roaming_buddies.reg="1" />
  <media sec.srtp.require="1" sec.srtp.key.lifetime="2^31" sec.srtp.mki.enabled="1" sec.srtp.mki.length="1" sec.srtp.holdWithNewKey="0" sec.srtp.resumeWithNewKey="0" voice.audioProfile.G7221.24kbps.payloadType="112" voice.codecPref.G7221.24kbps="5" voice.codecPref.G7221.32kbps="0" video.iFrame.delay="2"></media>
</lync>

As editing raw XML can be a little tricky and the above text is clearly not fun to read through it is suggested to use an XML editor, like Microsoft’s XML Notepad 2007 to manipulate the content once it is saved as a text file.

§  Open the lync.cfg configuration file in an XML Editor and expand the root branch to view each child branch and all of the individual elements.

This template is divided into a few branches.  Attribute names and values themselves are parsed by the device when the configuration file is read-in. By using this template only the first 4 parameters need to be modified to work with any Lync environment.

Updating the Configuration File

The first group of settings under the Profile branch are user-specific and would be the only values changed when importing into multiple phones in the same environment.

§  Change the reg.1.address attribute to include the primary SIP address of the desired Lync user (e.g.Lyncadmin@______.com).  This setting defines the Lync identity of the specific phone that the configuration file is imported into.

§  Update the msg.mwi.1.callBack attribute to use the same SIP address as above, retaining the request of the URI as shown.  This setting is used by the device to retrieve the user’s voicemail from Exchange UM.

The second group of settings under Registration contains the only other settings which must be modified and these would be global across all devices in the environment so they only need to be configured once.  These include providing the CA certificate hash as well as the Lync registrar name.  Afterward the template file can be duplicated and only the previous two user specific values would need to be updated for use with a different device.

§  Open the RootCA.cer file (exported in the first section of this article) with Notepad and then copy the entire contents of the file to the clipboard (including the BEGIN and END lines).

§  Paste the clipboard contents directly into the sec.TLS.customCaCert.1 attribute in the configuration file making sure not to add any unwanted spaces, carriage returns or characters.

    

§  Update the voIpProt.server.1.address attribute to use the Lync registrar FQDN for the specific environment. This can be a Standard Edition or Enterprise Edition Front End server or a Director server. (Native registration directly to an Edge Server is not yet supported as ICE compatibility for media sessions will be provided in a future release of the UC software).

§  Save the changes to the configuration file and store in C:/Polycom-FileServer.

Folder (C:\Polycom-FileServer) will contain Lync.cfg, 000000000000.cfg and sip.ld files as in below excel. Last to file will be there in downloaded folder from http://downloads.polycom.com/.

·         Lync.cfg is used to create user

·         ooooooooo.cfg and sip.ld files is used to update polycom

Model Name	Firmware Filename
SoundPoint IP 321	2345-12360-001.sip.ld
SoundPoint IP 331	2345-12365-001.sip.ld
SoundPoint IP 335	2345-12375-001.sip.ld
SoundPoint IP 450	2345-12450-001.sip.ld
SoundPoint IP 550	2345-12500-001.sip.ld
SoundPoint IP 560	2345-12560-001.sip.ld
SoundPoint IP 650	2345-12600-001.sip.ld
VVX 1500	2345-17960-001.sip.ld
SoundStation Duo	3111-19000-001.sip.ld
SoundStation IP 5000	3111-30900-001.sip.ld
SpectraLink 8440	3111-36150-001.sip.ld
SpectraLink 8450	3111-36152-001.sip.ld
SpectraLink 8452	3111-36154-001.sip.ld
VVX 500	3111-44500-001.sip.ld
VVX 600	3111-44600-001.sip.ld

Set up FTP Server for loading configuration files to Polycom IP phone:

1.      Download and install the latest version of FileZilla Server.

2.      After installation, you are presented with a Connect to Server pop-up. Click OK to open the administrative user interface.

3.      Start FileZilla Server Interface from the Start menu, and connect to server.

Note: The Administration password is blank by default.

4.      To configure a user, select Edit > Users in the status bar.

5.      Select Add.

6.      Enter the user name for the phone and select OK. For example, 987. The phone will use this password to login.

7.      Select the Password checkbox and enter a password. For example, 987.The phone will use this password to login.

8.      Select Page > Shared folders to specify the server-side directory where the provisioning files will be located (and the log files uploaded). For Example, C:\Polycom-FileServer

  

9.      Select Add and pick the directory.

10.  To allow the phone to upload logs onto the provisioning server, goto Shared Folders and select the Read, Write and Delete checkboxes under the Files heading.

11.  Download the latest SIP software version. Extract and copy the entire folder from the software download into the provisioning server directory specified above.

12.  Determine the IP address of the provisioning server by entering ipconfig at a command prompt to display the server network configuration.

On a computer running Windows, choose Start > Run and enter cmd in the Open field of the Run dialog box.

13.  In the resulting window, type ipconfig.

The IP address of the provisioning server is located next to IP Address:

Refer to the next section for instructions on Configure your phone to point FTP server.

Configure your phone to point FTP server:

1.      Press Menu and select Settings > Advanced > Admin Settings >Network Configuration. When prompted for the password, enter 456.

2.      Scroll down to Server Menu and press the Edit soft key.

3.      Using the right arrow key, select FTP as the Server Type.

4.      Enter the IP address that you found in the previous section as the Server Address, and then press the OK soft key.

5.      Enter the username and password from the previous section as the Server User and Server Password.

6.      Press the Back soft key or the Left arrow twice and select Save Config. The phone will reboot.

Importing the Configuration File

§  Retrieve the current IP address of the phone by navigating to Main Menu > Status > Network > TCP/IP Parameters.

                                          

§  To access the Polycom Web Configuration Utility for the phone simply enter http://<IPaddress> in a web browser using the IP address of the phone.

  

§  Enter the Admin device password and then navigate to the Utilities > Import & Export Configuration menu.

§  In the Import Configuration section select Choose File and browses to the customized lync.cfg file and then click Import.

                           

A response of “Configuration file imported successfully” should be reported almost immediately, followed by the phone rebooting itself automatically.

Storing User Credentials

After the device is finished rebooting the username portion of the SIP address should be displayed in the primary line soft key tag.  Additionally a status message of “Login credentials failed, Offline” should be reported on the device’s display.

§  From the Main Menu select Settings > Basic > Login Credentials and then enter the Active Directory user credentials for the Lync user you want to configure this phone for.  The Domain field should be populated with the NetBIOS name of the AD domain in which the user account is stored in (e.g. ______.com).  The User field is thesAMAccountName of the desired user account (e.g. chetan.kattarmal).

                                     

§  Press the Submit key/left pointing kye to submit credential and registration to Lync should be reattempted automatically.

§  Press the Back soft key or the Left arrow and select Save Config/Yes. The phone will Sign in the user.

Repeat Configure your phone to point FTP server and importing the Configuration File  to configure remaining Polycom’s.