Answered by:
Polycom CX600 Exchange integration not working after ADFS 3.0 upgrade

Question
-
Hi , our Polycom CX 600 phones no longer integrate with our Office 365 exchange accounts after upgrading from ADFS 2.0 to ADFS 3.0 . Users receive "Connection to Exchange is unavailable please contact your support team" message. We attempted a suggestion from a similar article (https://social.technet.microsoft.com/Forums/en-US/8b52a99e-1088-4dca-8833-15c14cc1dff2/polycom-cx600-and-exchange-online-issue) to create registry keys on Front end and Edge servers, however after rebooting this did not correct the problem. Any suggestions ?
Thanks
Thursday, November 12, 2015 4:42 PM
Answers
-
Hi Kevin_TOGL,
The issue may be caused by SNI. There's a new Server Name Indication (SNI) feature in AD FS 3.0, but Polycom Phones are non-sni capable clients.
In order to resolve this issue, you can bind the SSL certificate that is for the ADFS service to the general NIC and port 0.0.0.0:443.
You can follow the steps below. If you have multiple ADFS servers, please run it on each server.
1. On the ADFS server, run the following cmdlets to show the certificate.
Netsh http show sslcert
2. Run the following command to add the listener SSL certificate:
netsh http add sslcert ipport=0.0.0.0:443 certhash=xxxxxxxxxxxxxxxxxxxxxxxxxxx appid={xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}
(Please replace the certhash value and appid value with the one you find in the Step1 output.)
After the certificate added successfully, please wait for about 10 minutes, and try to sign in again.
There’s a related article that you may take a look at it.
Best regards,
Eric
- Edited by Eric_YangK Friday, November 13, 2015 9:25 AM
- Marked as answer by Kevin_TOGL Friday, November 13, 2015 8:28 PM
Friday, November 13, 2015 9:25 AM
All replies
-
Could you check if SSL v2 is disabled through your upgrade to ADFS 3.0. SSL v2 should be enabled for the Polycom phones.
regards Holger Technical Specialist UC
Thursday, November 12, 2015 7:30 PM -
Hi Kevin_TOGL,
The issue may be caused by SNI. There's a new Server Name Indication (SNI) feature in AD FS 3.0, but Polycom Phones are non-sni capable clients.
In order to resolve this issue, you can bind the SSL certificate that is for the ADFS service to the general NIC and port 0.0.0.0:443.
You can follow the steps below. If you have multiple ADFS servers, please run it on each server.
1. On the ADFS server, run the following cmdlets to show the certificate.
Netsh http show sslcert
2. Run the following command to add the listener SSL certificate:
netsh http add sslcert ipport=0.0.0.0:443 certhash=xxxxxxxxxxxxxxxxxxxxxxxxxxx appid={xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}
(Please replace the certhash value and appid value with the one you find in the Step1 output.)
After the certificate added successfully, please wait for about 10 minutes, and try to sign in again.
There’s a related article that you may take a look at it.
Best regards,
Eric
- Edited by Eric_YangK Friday, November 13, 2015 9:25 AM
- Marked as answer by Kevin_TOGL Friday, November 13, 2015 8:28 PM
Friday, November 13, 2015 9:25 AM -
Thanks everyone for the replies. Eric I did come across this specific article but wanted to take the time to get recommendations from the forum, your response 100% fixed our problem. Within 10 minutes CX600 OWA integration was back up and working. Thank you !Friday, November 13, 2015 8:28 PM