none
Cannot sign in with PIN on Polycom CX600

    Întrebare

  • Hi,

    We have a problem getting a Polycom CX600 phone to work with our Lync server. The phone works fine if used together with a PC and USB cable, but when used standalone with phone number and PIN it will not sign in. It just says "Sign.in Error  , Cannot sign in. Please verify your sign-in address, domain\user name, and passoword and then try again" . If we enter the wrong pin it tells us that the pin is wrong, so it definitively checks the pin.

    We have followed the "Configuring Lync Server for Phone Edition Devices" blog by Jeff Schertz to configure both the DHCP server and the Lync server to work with the Lync Phone.

    When I try the 'Test-CsPhoneBootstrap -PhoneOrExt 103 -PIN 1234' on the Lync server this cmdlet returns success.

    In the WebService logfiles I see that the cmdlet is doing some more request than the CX600.

    2012-02-21 08:55:02  POST /CertProv/CertProvisioningService.svc/anon - 80 -  - 200 0 0 10
    2012-02-21 08:55:02  POST /WebTicket/WebTicketService.svc/pin - 443 -  - 401 0 0 5
    2012-02-21 08:55:02  POST /WebTicket/WebTicketService.svc/pin - 443 sip:meet1@domain.com   - 200 0 0 324
    2012-02-21 08:55:02  POST /CertProv/CertProvisioningService.svc/mex - 443 -  - 200 0 0 92
    2012-02-21 08:55:02  POST /WebTicket/WebTicketService.svc/mex - 443 -  - 200 0 0 11
    2012-02-21 08:55:03  POST /WebTicket/WebTicketService.svc/mex - 443 -  - 200 0 0 8
    2012-02-21 08:55:03  POST /CertProv/CertProvisioningService.svc/WebTicket_Proof - 443 -  - 200 0 0 28
    2012-02-21 08:55:03  POST /WebTicket/WebTicketService.svc/pin - 443 sip:meet1@domain.com  - 200 0 0 225
    2012-02-21 08:55:07  POST /CertProv/CertProvisioningService.svc/mex - 443 -  - 200 0 0 20
    2012-02-21 08:55:07  POST /WebTicket/WebTicketService.svc/mex - 443 -  - 200 0 0 5
    2012-02-21 08:55:07  POST /WebTicket/WebTicketService.svc/mex - 443 -  - 200 0 0 5
    2012-02-21 08:55:07  POST /CertProv/CertProvisioningService.svc/WebTicket_Proof - 443 -  - 200 0 0 70

    2012-02-21 08:57:07  POST /CertProv/CertProvisioningService.svc/anon - 80 - OCPhone/4.0.7577.4047+(Microsoft+Lync+2010+Phone+Edition) 200 0 0 10
    2012-02-21 08:57:07  POST /WebTicket/WebTicketService.svc/pin - 443 -  OCPhone/4.0.7577.4047+(Microsoft+Lync+2010+Phone+Edition) 401 0 0 0
    2012-02-21 08:57:07  POST /WebTicket/WebTicketService.svc/pin - 443 sip:meet1@domain.com  OCPhone/4.0.7577.4047+(Microsoft+Lync+2010+Phone+Edition) 200 0 0 305
    2012-02-21 08:57:07  POST /CertProv/CertProvisioningService.svc/WebTicket_Proof_SHA1 - 443 -  OCPhone/4.0.7577.4047+(Microsoft+Lync+2010+Phone+Edition) 200 0 0 180

    Anyone that have an idea of what could be wrong or in wich direction I should look ?.

    Trond

    21 februarie 2012 11:43

Răspunsuri

  • Hi.

    If the Schannel send the truncated list of trusted root certificate authorities to the Lync phone edition during the TLS/SSL handshake process. Please try to configure the Schannel does not send the list on the Lync FE server and check the problem occurs again.:

    1,Click Start, click Run, type regedit, and then click OK.Locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL

    2,On the Edit menu, point to New, and then click DWORD Value.Type SendTrustedIssuerList, and then press ENTER to name the registry entry.

    3,Right-click SendTrustedIssuerList, and then click Modify.In the Value data box, type 0 if that value is not already.

    4,Exit Registry Editor and reboot the server.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    27 februarie 2012 02:37
    Moderator

Toate mesajele

  • Hi,

    I had also issue with Lync Phone. It said contacting time server and after a while its giving you the dign in error.

    I specified my time server in DNS, and DHCP. but still couldnt log in. Found out when you failed to log in you can look at the system information via the menu button. I looked at the time and found out the time was not correct. After opening up NTP to internet to test if the phone could update its time it worked and i could sign in.


    Best regards,
    Mark Scholman.
    Infrastructure Engineer
    Follow me on Twitter
    My Blog:TechMark's Blog

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    21 februarie 2012 15:02
  • Hi,

    From what I can see the time server is correctly configured. The phone retreives the correct time. When i key in the the number and PIN  it briefly says "Contacting time sever" before it says "Connecting to Lync Server" then it stops on "Sign-in Error..............".

    I tried to reconfigure the DHCP settings with the DHPCutil , but still the same problem.

    I Also noticed a weird thing. When I connect the USB cable and authenticate via a PC, the phone seems to "reauthenticate" every 35-40 seconds. The device signs out, displays the "Sign-in Error" and then signs in again after a couple of seconds.

    I'm definitively getting very frustrated by this.

    Trond

    22 februarie 2012 10:05
  • HI,

    Can you try to hard reset the phone and connect it again to the network?

    I had a reconnect issue aswell on my phone and hard resetted it. That worked for me.

    For testing if the configuration in lync has been setup correctly use the Test-CsPhoneBootstrap cmdlet.

    Here some links:

    Configure Lync for Phone edition (here you can find more info about test-CsPhoneBootstrap:

    http://blog.schertz.name/2010/12/configuring-lync-server-for-phone-edition-devices/

    Hard Reset Lync Phone edition:

    http://blog.josmar.nl/2012/02/hard-reset-lync-phone-edition.html


    Best regards,
    Mark Scholman.
    Infrastructure Engineer
    Follow me on Twitter
    My Blog:TechMark's Blog

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    22 februarie 2012 15:27
  • Hi,

    First, please make sure your PIN is not expired. If it is expired, please reset it.

    Second, run get-cswebserviceconfiguration and check the valueof UserPinAuth is true.

    More about troubleshooting of lync device, please read the following aritlce:

    http://technet.microsoft.com/en-us/library/gg413090.aspx


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    23 februarie 2012 08:16
    Moderator
  • Hi,

    I tried to Hard hard reset the phone, and I read through the blog from Jeff Schertz and checked everything there. I ran the  test-CsPhoneBootstrap on the Lync server and it returned success. I checked the get-cswebserviceconfiguration and valueof UserPinAuth and it's set to True. I also tried to lock the PIN, then the device repsons with a message telling me that the PIN is locked,unlocked it and the same "Sign-in Error".

    I also tried the test-CsClientAuth on the Lync server and it too returns Success.

    I have run the DHCPutil again to ensure that the DHCP settings are correct. I also did a packettrace on the DHCP / DNS server and saw that the client received the correct data from the DHCP server.

    I'm very close to calling the supplier of the CX600 and asking them for a replacement device to see if it has the same behavior.

    Trond

    23 februarie 2012 10:52
  • I am aware it has been as before but did you check the time the DHCP Server provides to the Phone is the same time as it is on the LYNC Server itself?

    I had this once and the LYNC Server was a couple of minutes faster than the Phones time and this did not enable me to sign in.

    Regards

    Steffen Baier


    Steffen Baier EMEA Team Lead Tech Support (Voice)

    23 februarie 2012 15:56
  • Hi,

    Just logged in to the Lync server and it is the same time witin a second as the DHCP server. So this is not the problem.

    Trond

    24 februarie 2012 09:53
  • Is that user account in Lync configured for 'Enterprise Voice' for the Telephont setting?  Have you tried any other accounts or was all testing performed with a single account?

    Jeff Schertz | Microsoft Solutions Architect - Polycom | Lync MVP

    24 februarie 2012 14:05
    Moderator
  • The user account is enabled and configured for 'Enterprise voice'. I have also tried with my own account wich is also enbled for Enterprise Voice, still no luck.

    As I wrote earlier I can manage to log into the phone when I use the USB cable and connect it via a PC. The problem then is that the device logs out every 35-40 seconds , and then it shows the "Sign-in Error" for a few seconds and the signs in again. When I have authenticated the device via USB I can reboot it and it signs in, but it still has those 35-40 seconds cycles.

    Trond

    24 februarie 2012 14:25
  • Hmm, that is a strange one.  Since you only have a single device I tend to agree with your approach to try swapping it out or getting a second device to validate as I have never seen that before.  Do you get an error when it signs itself out?

    Jeff Schertz | Microsoft Solutions Architect - Polycom | Lync MVP

    24 februarie 2012 14:35
    Moderator
  • No I don't see any error when the device is signing out. It migth be that it displays an error, because there is somthing flashing when it signs out but it's there just for a fraction of a second.

    I'm now trying to get a hold of the readlog tool to examine the device logs , if they can tell me anything useful. Next step is then to replace the device to see if the problem persists there.

    If you have any information on where to locate the readlog tool , I would be very thankful.

    Trond

    24 februarie 2012 14:45
  • Hi.

    If the Schannel send the truncated list of trusted root certificate authorities to the Lync phone edition during the TLS/SSL handshake process. Please try to configure the Schannel does not send the list on the Lync FE server and check the problem occurs again.:

    1,Click Start, click Run, type regedit, and then click OK.Locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL

    2,On the Edit menu, point to New, and then click DWORD Value.Type SendTrustedIssuerList, and then press ENTER to name the registry entry.

    3,Right-click SendTrustedIssuerList, and then click Modify.In the Value data box, type 0 if that value is not already.

    4,Exit Registry Editor and reboot the server.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    27 februarie 2012 02:37
    Moderator
  • Where have you been all my life :-). This really made my day. I discovered many Schannel warnings on the server ( Event ID 36885), telling me that the list of trusted root certificates is too long. After going through the list of trusted root certificates and deleting the ones that we really do not need, everything worked well.

    Thank you for pointing my in the right direction.

    Trond

    27 februarie 2012 09:55
  • I have the same error using Windows Server 2012 R2... i make all the changes and im still have the same error like you at the first message ...

    I thing that the problem come from the type of certificate..

    22 iulie 2014 16:27