manualshive.com logo in svg

Polycom 1725-31424-001, Deployment Manual

The Polycom 1725-31424-001 Deployment Manual is an essential resource for users looking to fully utilize this product. This comprehensive manual provides step-by-step instructions and helpful tips for successful deployment. Download this manual for free from manualshive.com and unlock the full potential of your Polycom 1725-31424-001.

Share
Download
background image

Deployment Guide for the Polycom CX700 IP Phone

 6

 

Although the actual operations of these two providers are closely related, they 

appear independent to the time service. By default, when a computer that is 
running Windows Server 2003 is connected to a network, it is configured as an 
NTP client. 
The Polycom CX700 phone searches for a NTP server in DNS as follows: 

NTP SRV record (UDP port 123) 

_ntp._udp.<SIP domain> pointing to NTP server

If it cannot find the NTP SRV record, it will try to use windows.com as an NTP 
server: 

NTP A record 

time.windows.com

To set Group Policy for Windows Time Service global configuration settings:

1.

From the 

MMC

, click 

Active Directory Users and Computers

.

2.

Right-click the domain that contains the NTP server, and then select 

Properties

.

3.

Click the 

Group Policy

 tab, make sure that the 

Default Domain Policy

 is 

highlighted, and then click 

Edit

.

4.

Click 

Computer Configuration

, click 

Administrative Templates

, click 

System

, and then click 

Windows Time Service

.

5.

Click 

Time Providers

 and in the right pane, double-click 

Enable 

Windows NTP Server

, select the 

Enabled

 button, and then click 

OK

.

6.

From the 

Group Policy Object Editor

 menu, select 

File

, and then click 

Exit

.

Server Security Framework Overview

The following section summarizes the elements that form the security 
framework for Microsoft Office Communications Server 2007 R2. It is helpful 
to understand how these elements work together when you deploy the 
Polycom CX700 phone in your organization.
These security elements are as follows:  

Active Directory Domain Services (AD DS) provides a single trusted, 
back-end repository for user accounts and network resources.

PKI (Public Key Infrastructure) uses certificates that are issued by trusted 
CAs (certificate authorities) to authenticate servers and to help ensure data 
integrity.

Summary of Contents for 1725-31424-001

Page 1: ...R2 July 2010 1725 31424 001 Rev A Deployment Guide for the Polycom CX700 IP Phone ...

Page 2: ...ows Windows Server Windows Vista Windows XP Office Communications Server Office Communicator and Office Live Meeting are either registered trademarks or trademarks of Microsoft Corporation in the United States and or other countries Patent Information The accompanying product is protected by one or more U S and foreign patents and or pending patent applications held by Polycom Inc and or one or mo...

Page 3: ... Using your Polycom CX700 lets you take advantage of Microsoft Office Communications Server 2007 R2 without needing access to a computer For more information on what s new in Microsoft Office Communications Server 2007 R2 refer to http www microsoft com communicationsserver en us whats new aspx This Deployment Guide provides everything you need to deploy the Polycom CX700 in a standard Microsoft e...

Page 4: ...Deployment Guide for the Polycom CX700 IP Phone iv ...

Page 5: ... Security Framework Overview 6 Root CA Certificate for the Polycom CX700 Phone 7 2 Upgrading Polycom CX700 Phone within a Microsoft Office Communications Server 2007 R2 Environment 11 Introduction 12 Assumptions and Terminology 12 Background 15 Polycom CX700 Phone Upgrade Steps Summary 21 Polycom CX700 Phone Upgrade Steps Details 23 Step 1 Set Environmental Dependencies 23 Step 2 Upgrade Polycom C...

Page 6: ...Windows Server as an NTP Time Source 43 Enabling Automatic Certificate Enrollment 45 Making the Root CA Certificate Available to a Polycom CX700 Phone 48 Installing a Public Root CA Certificate on a Polycom CX700 Phone 49 Confirming the Current Software Version 49 ...

Page 7: ...and the improved communication and collaboration of Microsoft Office Communications Server 2007 R2 To deploy and upgrade Polycom CX700 phones you must Configure a Dynamic Host Configuration Protocol DHCP server Configure a Domain Name Service DNS and add DNS SRV records Configure a Network Time Protocol NTP server Configure certificates for the phones Configure Microsoft Office Communications Serv...

Page 8: ...ffixes that can be appended to these DNS names For DHCP clients this can be set by assigning the DNS domain name option Option 15 and providing a single DNS suffix for the client to append and use in searches In some circumstances it is preferable that a DHCP client be configured by using multiple DNS suffixes supported with the use of DHCP Search Option 119 DHCP Search Option 119 is passed from t...

Page 9: ... and then select 119 DNS Search List 8 Enter a list of domain suffixes in your organization delimited by a semicolon for example contoso com dev contoso com corp microsoft com 9 Click OK DNS and the Polycom CX700 IP Phone The Polycom CX700 phone will process a number of DNS records in order to locate the Microsoft Office Communications Server 2007 R2 Topics in this section include Polycom CX700 Ph...

Page 10: ...d and configured correctly for Outlook 2007 clients to automatically connect to Exchange features such as the offline address book the Availability service and Unified Messaging UM For more information see the Exchange Server TechCenter topic How to Configure Exchange Services for the Autodiscover Service at http go microsoft com fwlink linkid 141087 Retrieving Outlook Contacts Call Logs and Voice...

Page 11: ...requently for synchronizing computer clocks It does this by using a designated time reference The Polycom CX700 phone requires NTP to set the correct time and date for the Polycom CX700 phone NTP Time Provider The NTP provider is the standard time provider that is included with Windows Server 2003 The NTP provider in the Windows Time service consists of the following two parts NtpServer output pro...

Page 12: ...sure that the Default Domain Policy is highlighted and then click Edit 4 Click Computer Configuration click Administrative Templates click System and then click Windows Time Service 5 Click Time Providers and in the right pane double click Enable Windows NTP Server select the Enabled button and then click OK 6 From the Group Policy Object Editor menu select File and then click Exit Server Security...

Page 13: ...ificate Authority Solution If Microsoft Office Communications Server 2007 R2 servers use public certificates the certificates will most likely be automatically trusted by the device because the device contains the same list of trusted CAs as Windows CE The table at the end of this topic lists the public certificates that are trusted by the Polycom CX700 phone Privately Hosted Certificate Authority...

Page 14: ...t of considerations for issuing certificates to the Polycom CX700 phone By default the uses Transport Layer Security TLS and Secure Real time Transport Protocol SRTP Requirement Trust certificates presented by Office Communications Server 2007 R2 and Exchange Server 2007 server Requirement Root certification authority CA chain certificate resides on the device No manual installation of certificate...

Page 15: ...ates that are trusted by the Polycom CX700 phone Vendor Certificate Name Expiry Date Key Length Comodo AAA Certificate Services 12 31 2020 2048 Comodo AddTrust External CA Root 5 30 2020 2048 Cybertrust Baltimore CyberTrust Root 5 12 2025 2048 Cybertrust GlobalSign Root CA 1 28 2014 2048 Cybertrust GTE CyberTrust Global Root 8 13 2018 1024 VeriSign Class 2 Public Primary Certification Authority 8 ...

Page 16: ... Authority 8 22 2018 1024 GeoTrust GetTrust Global CA 5 20 2022 2048 GoDaddy GoDaddy Class 2 Certification Authority 6 29 2034 2048 GoDaddy http www valicert c om 6 25 2019 1024 GoDaddy Starfield Class 2 Certification Authority 6 29 2034 2048 Vendor Certificate Name Expiry Date Key Length ...

Page 17: ... of issues the upgrade may be a two step process which includes a hard reset of the phone to remove any pre existing phone credentials certificates chains and URLs Topics in this chapter include Introduction Polycom CX700 Phone Upgrade Steps Summary Polycom CX700 Phone Upgrade Steps Details A list of frequency asked questions can be found in Troubleshooting the Polycom CX700 Phone on page 3 39 ...

Page 18: ...ing to signing in to the Polycom CX700 phone the following format will be used Sign in address userAlias SIPDomain Domain User name DomainFQDN userAlias For example Software Releases Corresponding Microsoft Office Communications Server OCS 2007 1 0 199 123 OCS 2007 R1 software on phones 1 0 522 101 OCS 2007 R1 download from Microsoft web site 3 5 6907 35 OCS 2007 R2 download from Microsoft web sit...

Page 19: ...evice Update service Domain User name is analogous to the account the user signs in to Active Directory with In some environments the SIPDomain and DHCPDomain values will be the same but they are purposely kept different in the examples used here to highlight the issues that arise as a result of them being different For example depending on the firmware version a phone will look in SIPDomain for t...

Page 20: ...e plus sign in the center This process removes any credentials certificate chains and XML configuration files and restores the phone to factory defaults The first time a user powers up the phone and signs in the phone gets in band provisioning information from the server or Enterprise pool hosting the user s account The information contains the internal and external URL of the server running Devic...

Page 21: ...rds It also contains _sipinternaltls _tcp and _ntp _udp SRV records There is an Active Directory DNS zone called contoso com i e the DHCPDomain and created automatically during setup It will contain the pool and ucupdates r2 A records at a minimum It also hosts all machine accounts There are corresponding external DNS zones for contoso com and fabrikam com There is a reverse proxy that is publishi...

Page 22: ...ou specified Pool01Data during setup the path would be C Pool01Data ClientUpdateStore DeviceUpdates Microsoft Office Communications Server 2007 R2 Standard Edition The installer automatically creates the DeviceUpdateFiles folder in the Web Components folder under the Office Communications Server 2007 R2 installation folder on the local computer This folder is not shared and it inherits the permiss...

Page 23: ...The request for example http 192 168 7 81 RequestHandler ucdevice upx is sent to the Web Components Server hosting the Device Update Service and includes the MAC address and serial number of the phone issuing the request 1 The Microsoft Office Communications Server OCS 2007 R2 Device Update Service returns a response containing one of the following If no updates exists for the current version the ...

Page 24: ...equence When Running Software Release 1 199 123 The following steps occur when you sign in to a Polycom CX700 phone running software release 1 199 123 This assumes that the Sign in address value is ocstest1 fabrikam com and the Domain User Name value is contoso com ocstest1 Action Examples Comments 1 Obtain DHCP address 2 Query DNS for time windows com and time windows com DHCPDomain A records tim...

Page 25: ...itiates TLS connection to pool IP Address specifying which Ciphers are supported Note SHA2 is not supported 10 Pool responds with Certificate detail they exchange keys if handshake is OK Server Hello Note TLS connection is not established yet 11 Polycom CX700 phone queries DHCPDomain for AD LDAP service using DC provided by DHCP _ldap _tcp dc _msdcs contoso com 12 Polycom CX700 phone binds to AD a...

Page 26: ...ge 2007 CAS Used for missed call notification 24 Polycom CX700 phone sends HTTP 80 POST to pool DHCPDomain for RequestHandler ucdevice upx Note This would be an HTTPS 443 POST to pool DHCPDomain for RequestHandlerExt ucdevice upx for an external OCPE device Payload contains phone vendor info 25 Pool responds with current firmware upgrade version and Internal External file path info These values ar...

Page 27: ...he pool running Device Updater b Configure DNS for SIPDomain fabrikam com is used in the example Add A records for autodiscover fabrikam com pointed to the IP address or the Exchange CAS server used by OCS sip fabrikam com pointed to the IP address of the pool running Device Updater Add SRV records for _sipinternaltls _tcp fabrikam com pointed to the FQDN of pool running Device Update service on p...

Page 28: ...t using the steps in Enabling Automatic Certificate Enrollment on page 3 45 Or alternatively you can enable Auto Enrollment 2 Configure Microsoft Office Communications Server OCS On the pool running the Device Update service Modify the Client Version filter to allow OCPhone devices equal to or greater than release 1 0 199 Modify Device Update Service External URLs required even if upgrading Polyco...

Page 29: ...o 1 0 522 101 a ucupdates XML file is copied to the Polycom CX700 phone and it should not be necessary to sign back in but you will want to power cycle the phone to start the upgrade If you do sign in to the Polycom CX700 phone use your SIP URI for the Sign in Address value and your domain FQDN for the Domain User name value for example ocstest1 fabrikam com and contoso com ocstest1 respectively T...

Page 30: ...s with is different than the domain where their domain controller is located you can configure DHCP Option 119 to include a list of all the domains to check for a DC For instructions on configuring Option 119 refer to How to Configure DHCP Option 119 on page 3 43 Step 1 2 Configure DNS The following DNS records are required for upgrading but some are only required for a specific phase for example ...

Page 31: ... N A External IP VIP of Access Edge server A autodiscover SIPDomain N A External IP VIP of Exchange server running CAS role Note this assumes SIP URI matches the user s Primary SMTP address in Exchange A reverseProxyFQDN SIPDomain N A IP of reverse proxy specified in the ExternalBaseURL WMI setting SRV _sip _tls SIPDomain 443 FQDN of Access Edge server SRV _ntp _udp SIPDomain 123 time windows com ...

Page 32: ...xt for the following entry under CN Certification Authorities you should see your Enterprise CA listed with a Class type of certificationAuthority Once you ve determined that your Enterprise CA is listed you can confirm that the Trusted Root certificate chain actually uploaded by double clicking on your Enterprise CA CN ContosoCA in the example and look for the cACertificate attribute It should be...

Page 33: ...ative to running certutil and uploading the Trusted Root Certificate Chain into Active Directory you can enable the domain for certificate auto enrollment For instructions refer to Enabling Automatic Certificate Enrollment on page 3 45 Step 1 4 Configure Microsoft Office Communications Server Modify client version filter On the Pool running the Device Update service confirm that Client Version con...

Page 34: ...running the Device Update service run cscript ConfigureExternalDownloadURLs vbs 3 The script will populate the DownloadURL StoreURL values with the FQDN of the reverse proxy server that is publishing the URLs from which remote Polycom CX700 phones will download updated image files from e g ocsrp fabrikam com and update the client version filter 4 If you plan to upgrade external Polycom CX700 phone...

Page 35: ...the instance name from the database name as shown for example local rtc 4 This query opens one instance of this class Double click the instance To determine the correct syntax for the DB to connect to you can look at the Pool Database tab the value listed for Database Instance Name is the value you substitute for poolbackend Also double quotes work as well as single quotes ...

Page 36: ...oreURL type https ReverseProxyFQDN DeviceUpdateFiles_Ext 7 Click Save Property and then Save Object to save the instance 8 Click Close 9 Verify that the Windows Management Instrumentation WMI values are updated by querying the class as described in step 3 The ExternalUpdatesDownloadURL and ExternalUpdatesStoreURL properties should be set to a non NULL value 10 Click Exit to close wbemtest Verify I...

Page 37: ...iceUpdateFiles_Ext OCInterim E NU cpe nbt and verify that you can download the file If you can chances are the Polycom CX700 phone can Using a browser from outside the corporate firewall connect to https ReverseProxyFQDN RequestHandlerExt ucdevice upx and download cpe nbt xml version 1 0 Response NumOfFiles 0 NumOfFiles CurrentTime 2009 06 04T06 22 03 CurrentTime ServerVersion 3 5 6907 0 ServerVer...

Page 38: ...ecause the 1 0 199 123 software does not recognize builds greater than 1 0 522 Step 2 1 Prepare Software Update Files There are three basic steps to this process 1 Download the UCUpdates files and uncompress them to CAB files 2 Upload the CAB files to the pool and uncompress them further to CPE files 3 Approve the CPE files In previous releases of OCS 2007 Polycom CX700 phones operating outside th...

Page 39: ... Pending Updates tab and ensure that 1 0 522 101 is in the Pending state Do not change it at this time 7 Click the Test Devices tab and add the Polycom CX700 phone to be upgraded no spaces dashes in the MAC address Step 2 2 Upgrade the Polycom CX700 Phone from 1 0 199 123 to 1 0 522 101 Now that the necessary CPE files have been installed and a test device created it is time to upgrade the Polycom...

Page 40: ...CX700 phones listed on the Test Devices tab can receive Pending Updates OR If no other production Polycom CX700 phones are on a build higher than 1 0 522 101 you can use Device Updater to approve the pending updates and finish flashing the software on the remaining phones running build 1 0 199 123 Once all Polycom CX700 phones are running release 1 0 522 101 and have been recalibrated go to the ne...

Page 41: ...s them further to CPE files 3 Approve the CPE files To prepare the software update files 1 Download the Microsoft Office Communications Server OCS 2007 3 5 6907 9 Polycom CX700 phone software release UCUpdates exe here and store it on a Pool Front End server for example c UCUpdates 6907 9 2 Open a CMD window change to the directory where you downloaded the 3 5 6907 9 version of UCUpdates and run t...

Page 42: ...minutes of inactivity or you want to expedite the process perform a reboot power cycle the phone and let it sit for five to ten minutes You can monitor the IIS and ImageUpdate Audit log files for progress status The phone will reset and go to the calibration screen There is a lag between when 3 5 6907 9 is available and when the phone can access it and the system logs the attempt Be sure to allow ...

Page 43: ... 2007 R2 Environment 37 3 Calibrate the phone and sign in 4 Confirm the Polycom CX700 phone is running release 3 5 6907 9 by clicking About on the main menu and checking the Version information Click OK to return to the Sign in screen The Polycom CX700 phone is now ready to use ...

Page 44: ...Deployment Guide for the Polycom CX700 IP Phone 38 ...

Page 45: ...Issues are grouped as follows Logs Used for Troubleshooting When to Use DHCP Option 119 Configuring Windows Server as an NTP Time Source Enabling Automatic Certificate Enrollment Making the Root CA Certificate Available to a Polycom CX700 Phone Installing a Public Root CA Certificate on a Polycom CX700 Phone Confirming the Current Software Version For more troubleshooting information refer to the ...

Page 46: ...CX700 phone connects to IIS correctly c inetpub logs LogFiles W3SVC1 _ log where _ some prefix and the current date To confirm the Polycom CX700 phone runs Locate the Device Update service correctly review the Device Update audit logs By default audit logs are located in different locations depending on Microsoft Office Communications Server 2007 R2 product type For Microsoft Office Communications...

Page 47: ...g example provides instructions for a Polycom CX700 running build 199 with planned upgrade to build 522 Internal assumes pool running Device Update service pool01 contoso com http pool01 contoso com DeviceUpdateFiles_Int UCPhone Poly com CX700 A ENU 1 0 522 101 CPE CPE nbt When hitting this link you should get prompted to save cpe nbt if security is set properly External assumes reverse proxy FQDN...

Page 48: ...his sequence _ldap _tcp dc _msdcs fabrikam takes the NetBIOS name directly fails _ldap _tcp dc _msdcs fabrikam fabrikam dk adds the DomainName value fails _ldap _tcp dc _msdcs fabrikam fabrikam dk adds first element in DomainSearch fails _ldap _tcp dc _msdcs fabrikam dk adds second element in DomainSearch succeeds So if dk was not added to DHCP option 119 the phone would have been unable to locate...

Page 49: ...xes in your organization delimited by a semi colon For example contoso com corp contoso com fabrikam com 6 Click OK to close the Predefined Options and Values page Configuring Windows Server as an NTP Time Source For Windows 2008 To configure Windows 2008 Server as an NTP time source 1 Click Start Run type regedit in the list box and click OK to open the Registry editor 2 To enable the Network Tim...

Page 50: ...ime service click Start Run or alternatively use the command prompt facility and type net stop w32time net start w32time Your time server should be now up and running For Windows 2003 To use an internal server as the authoritative time source as outlined in the section Configuring the Windows Time service to use an internal hardware clock in the document available at http support microsoft com kb ...

Page 51: ...lt Domain Policy GPO and then click Edit 4 In the Group Policy Management Console GPMC select User Configuration Policies Windows Settings Security Settings and then click Public Key Policies 5 Double click Certificate Services Client Auto Enrollment 6 Select Enabled from the configuration model list box 7 Select one of the following three check boxes depending on requirements Renew expired certif...

Page 52: ...on the domain object containing the Polycom CX700 phone using the following steps To configure autoenrollment Group Policy for a domain 1 Open Active Directory Users and Computers 2 Right click on the domain containing the Polycom CX700 phone and select Properties 3 Click the Group Policy tab make sure the Default Domain Policy is highlighted and click the Edit button 4 Select Computer Configurati...

Page 53: ... com 4 Select CN Services 5 Select CN Public Key Services and check the following two objects a Click CN Certification Authorities and confirm that the name of your internal Certificate Authority is listed in the right pane with a Class type of certificationAuthority b Click CN Enrollment Services and confirm that the name of your internal Certificate Authority is listed in the right pane with a C...

Page 54: ...ects of category certificationAuthority If the search returns any objects it will use the attribute caCertificate That attribute is assumed to hold the certificate and the device will install the certificate To get the Root CA certificate placed in the caCertificate attribute use the command certutil f dspublish Root CA certificate in cer file RootCA This command will publish the certificate as re...

Page 55: ... need the device to ask for certificates if you do not do this the phone will use the currently installed certificate when challenged by your internal Microsoft Office Communications Server 2007 R2 servers and not search for them in Active Directory You reset the device by inserting a paper clip in the small hole on the back between the USB and headset connectors Then you can connect the device to...

Page 56: ...Deployment Guide Polycom CX700 50 ...

Reviews:

No comments

Related manuals for 1725-31424-001

Yealink T54 Quick Reference Manual preview
T54
Brand: Yealink Pages: 2
HTC TOUCH DUAL - Smartphone - WCDMA Quick Start Manual preview
TOUCH DUAL - Smartphone - WCDMA
Brand: HTC Pages: 2
PORSCHE DESIGN BLACKBERRY P'9982 User Manual preview
BLACKBERRY P'9982
Brand: PORSCHE DESIGN Pages: 226
Blu Dash Music 4.0 User Manual preview
Dash Music 4.0
Brand: Blu Pages: 20
Micromax AD4500 Manual preview
AD4500
Brand: Micromax Pages: 40
Yuxin YWH201 User Manual preview
YWH201
Brand: Yuxin Pages: 42
Audiovox CDM-8100 User Manual preview
CDM-8100
Brand: Audiovox Pages: 52
HTC 10 evo Quick Start Manual preview
10 evo
Brand: HTC Pages: 4
Polycom Soundpoint 335 Configuring preview
Soundpoint 335
Brand: Polycom Pages: 9
Pantech ADR930 Perception User Manual preview
ADR930 Perception
Brand: Pantech Pages: 2
snopfon ezTWO3G Owner'S Manual preview
ezTWO3G
Brand: snopfon Pages: 46
Avaya Norstar T7316E User Manual preview
Norstar T7316E
Brand: Avaya Pages: 86
CLOUDCONNECT 2.00 User Manual preview
2.00
Brand: CLOUDCONNECT Pages: 15
XONTEL XT-07P User Manual preview
XT-07P
Brand: XONTEL Pages: 13
Lava KKT Alpha User Manual preview
KKT Alpha
Brand: Lava Pages: 21
Zte Z610DL User Manual preview
Z610DL
Brand: Zte Pages: 167
Zte REEF User Manual preview
REEF
Brand: Zte Pages: 177
Sanyo SCP-3200 Specifications preview
SCP-3200
Brand: Sanyo Pages: 2

Brands by name

Popular brands

Load more brands