Polycom CX600 cannot sign in after migration to Lync 2013 to update Firmware RRS feed

  • Question

  • Ladies/Gents...

    We have recently moved to Lync 2013 backend.  No problems there.  The issue came about after changing the _sip._tls.domain.com SRV record.  The SRV record changed from host "A" to host "B".

    All phones are CX600 and all phones are external.  NONE of the phones are on corporate LAN.  DHCP TFTP is NOT an option.  At this moment none of the phones can sign on.  I have narrowed this issue down to the phone FW version.  They are all RTM (4.0.7576.0) and according to http://blog.schertz.name/2013/05/updating-lync-phone-edition-devices-lync-2013/  they need to be running 4.0.7577.4363.

    So, how do I update the FW on a CX600 when the phone can no longer sign-on to receive the new firmware from the FE servers?  can we use the USB port?

    I'm looking for options?  Specifically one that does not have me changing the external SRV record.

    Thanks in advance

    Friday, September 12, 2014 3:38 PM

All replies

  • From my Understanding  Lync Phone does require a LYNC server in order to update the firmware and I am not aware of any other supported solution.

    The work around is you could modify the Client Version filter in Lync server 2013 


    I haven't test it however i believe this should work 

    Please remember, if you see a post that helped you please click ;Vote As Helpful" and if it answered your question please click "Mark As Answer" Regards Edwin Anthony Joseph

    Friday, September 12, 2014 3:47 PM
  • Thanks for the reply.

    Currently the CPE user agent only denies 2.0.6021 or older.  I definitely need to update but don't think this is the issue.  Schertz is implying it's an issue with Lync 2010 phone editions prior to 4.0.7577.4363.

    I do see on the phone last update status (0x2ee7/0)   I haven't changed DNS records for meet and dialin, they still point to 2010 pool.  could this be an issue?

    Friday, September 12, 2014 3:59 PM
  • Any other suggestions anyone? here's what I have found and maybe someone can validate my thoughts...

    My lync external webaccess FQDN is accessible and working.  I have tested.... "https://ExternalFQDN.domain.com/RequestHandlerext/files/UCPhone/POLYCOM/CX600/Rev-5/ENU/4.0.7577.4451/CPE/CPE_desc.xml"  This works.

    This works perfectly on my PC.  MY thought here is that the trusted root certs on Lync Phone version 4.0.7577.0  does not trust my certificate for the above FQDN.  my cert is issued from...  

    ROOT: Verisign Class 3 Public Primary Certification Authority - G5 (2048 bits)

    Intermediate/issuing CA:Verisign Class 3 Secure Server CA - G3 (2048 bits)

    I am unable to find CLEAR documentation on the EXACT certs included with 4.0.7577.  I can find a cert list for latest version but this does me no good.

    So in short I think my phone cannot trust the External Lync FQDN but I'm don't know how to validate.

    The thought here is if I change DNS to point phone back to 2010 I can get them "working".  however this is irrelevant if I can't push the latest build to a phone if it cannot connect to the external Lync FQDN if the cert isn't trusted?


    Monday, September 15, 2014 2:12 PM