Polycom CX500 Lync Phone Edition consistently failing to sign in

lyncpolycom

I have configured a Lync system which is successfully working with the Lync windows client.

I followed the instructions at http://blog.schertz.name/2010/12/configuring-lync-server-for-phone-edition-devices/ and was able to successfully configure DHCP and DNS. I tested with:

DHCPUtil -EmulateClient

and

Test-CsPhoneBootstrap

Which both returned successfully.

However, when entering the same details which worked on Test-CsPhoneBootstrap on a Polycom CX500, I get the error:

"An account matching this phone number cannot be found. Please contact your support team."

There is also a very quick flash of an error which I managed to capture on video:

"Account used is not authorized. Please contact your support team."

This appears very briefly before the error above remains on the screen.

In my Lync logs, there is only a single line logged for the device:

2012-05-23 04:37:51 10.8.0.111 POST /CertProv/CertProvisioningService.svc/anon - 80 - 10.8.32.6 OCPhone/4.0.7577.250+(Microsoft+Lync+2010+Phone+Edition) 200 0 0 7

There is nothing else logged for the IP address of the phone.

What I've tried

I've found very few reports on the Internet of similar problems. Tried solutions:

Factory reset

I booted the phone holding 4 and 6, and chose the option to reset it.

Upgrade the firmware

I imported and approved the latest firmware. However, it seems the phone will not update if it cannot sign in.

Don't use a wildcard certificate

http://blog.schertz.name/2011/02/lync-phone-edition-incompatible-wildcard-certificates/
Our internal certificates are not wildcard certificates. They are created by our certificate server.

Has anyone else come across this before? Any tips?

Best Answer

If the Schannel send the truncated list of trusted root certificate authorities to the Lync phone edition during the TLS/SSL handshake process. Please try to configure the Schannel does not send the list on the Lync FE server and check the problem occurs again.:

  1. Click Start, click Run, type regedit, and then click OK.Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL

  2. On the Edit menu, point to New, and then click DWORD Value.Type SendTrustedIssuerList, and then press ENTER to name the registry entry.

  3. Right-click SendTrustedIssuerList, and then click Modify.In the Value data box, type 0 if that value is not already.

  4. Exit Registry Editor and reboot the server.

Related Topic