Endpoint manager and Polycom VVX600

Hi all, I have successfully provisioned a Yealink T46S phone with https but I have a Polycom VVX600 and have used exactly the same settings. HTTPS, server https : // serverdomain : 1443 (ignore the spaces - had to put those in for this post to be accepted, and obviously the serverdomain part is the domain name - I also tried the ip address), with username and pass but it just kept saying provisioning failed. I read docs on endpoint manager for polycom handsets and it told me to reset to factory and format… now the phone will not boot… it lets me into settings where I verify the provisioning server details, but it then just says cannot find MACADDRESSHERE.cfg (replace MACADDRESSHERE with the actual mac address of the phone) and then error application not found, and reboots… what should I do? Have I got the address incorrect for the provisioning server? I assume it is setup correctly because the yealinks are working fine.

Seems I got the phone working again by setting up my own FTP server and placing the .cfg and sip.ld files in there which got things going again. I really dont want to be setting up FTP or TFTP servers for this though. How do I get my VVX600 (also I have a VVX500 somewhere) working through HTTPS provisioning?

Hi again, ok a bit of success. I thought I would just plug back in the HTTPS settings again without changing anything else! This was the same as I had previously tried, but this time it seemed to do something! I can initiate the provisioning, the phone restarts, and then comes up with something about failed to provision with Polycom ZTP (stands for zero touch provisioning?). I looked at the logs on the phone and it has this:

1121101503|copy |4|00|SSL_connect error Peer certificate cannot be authenticated with known CA certificates.SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
1121101503|cfg |4|00|Prov|Download of master configuration file failed

Is there a way around this? I feel I am very close.

I would try offering the ‘fullchain’ and not just the ‘certificate’ in your https server’s ssl config.

GOT IT! I feel weird answering my own posts here, but hopefully this helps someone. I googled around and some information at a 3CX forum mentioning that Polycom dont like something in the certificate, so I went to the FreePBX certificates page and saw a checkbox for ‘Remove DST Root CA X3’. Initiated the provisioning again and wahoo! it worked.

just saw your reply, thanks dicko, all sorted.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.