locked
Polycom CX600 Exchange integration not working after ADFS 3.0 upgrade RRS feed

Answers

  • Hi Kevin_TOGL,

     

    The issue may be caused by SNI. There's a new Server Name Indication (SNI) feature in AD FS 3.0, but Polycom Phones are non-sni capable clients.

    In order to resolve this issue, you can bind the SSL certificate that is for the ADFS service to the general NIC and port 0.0.0.0:443.

    You can follow the steps below. If you have multiple ADFS servers, please run it on each server.

    1. On the ADFS server, run the following cmdlets to show the certificate.

      Netsh http show sslcert

     

    2. Run the following command to add the listener SSL certificate:

    netsh http add sslcert ipport=0.0.0.0:443 certhash=xxxxxxxxxxxxxxxxxxxxxxxxxxx appid={xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}

    (Please replace the certhash value and appid value with the one you find in the Step1 output.)

     

    After the certificate added successfully, please wait for about 10 minutes, and try to sign in again.

    There’s a related article that you may take a look at it.

    http://blogs.technet.com/b/applicationproxyblog/archive/2014/06/19/how-to-support-non-sni-capable-clients-with-web-application-proxy-and-ad-fs-2012-r2.aspx

     

    Best regards,

    Eric


    • Edited by Eric_YangK Friday, November 13, 2015 9:25 AM
    • Marked as answer by Kevin_TOGL Friday, November 13, 2015 8:28 PM
    Friday, November 13, 2015 9:25 AM

All replies

  • Could you check if SSL v2 is disabled through your upgrade to ADFS 3.0. SSL v2 should be enabled for the Polycom phones.

    regards Holger Technical Specialist UC

    Thursday, November 12, 2015 7:30 PM
  • Hi Kevin_TOGL,

     

    The issue may be caused by SNI. There's a new Server Name Indication (SNI) feature in AD FS 3.0, but Polycom Phones are non-sni capable clients.

    In order to resolve this issue, you can bind the SSL certificate that is for the ADFS service to the general NIC and port 0.0.0.0:443.

    You can follow the steps below. If you have multiple ADFS servers, please run it on each server.

    1. On the ADFS server, run the following cmdlets to show the certificate.

      Netsh http show sslcert

     

    2. Run the following command to add the listener SSL certificate:

    netsh http add sslcert ipport=0.0.0.0:443 certhash=xxxxxxxxxxxxxxxxxxxxxxxxxxx appid={xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx}

    (Please replace the certhash value and appid value with the one you find in the Step1 output.)

     

    After the certificate added successfully, please wait for about 10 minutes, and try to sign in again.

    There’s a related article that you may take a look at it.

    http://blogs.technet.com/b/applicationproxyblog/archive/2014/06/19/how-to-support-non-sni-capable-clients-with-web-application-proxy-and-ad-fs-2012-r2.aspx

     

    Best regards,

    Eric


    • Edited by Eric_YangK Friday, November 13, 2015 9:25 AM
    • Marked as answer by Kevin_TOGL Friday, November 13, 2015 8:28 PM
    Friday, November 13, 2015 9:25 AM
  • Thanks everyone for the replies. Eric I did come across this specific article but wanted to take the time to get recommendations from the forum, your response 100% fixed our problem. Within 10 minutes CX600 OWA integration was back up and working. Thank you !
    Friday, November 13, 2015 8:28 PM