Cloud PBX, a Polycom VVX and ADFS

Came across an issue recently where a Polycom VVX wouldn’t sign in correctly when trying to sign in against an Office 365 tenant with ADFS enabled.

We reviewed the Cloud PBX configuration in the tenant and voice settings for the user and these were correct as we could make and receive calls from the SfB desktop client.

So we started with the VVX, we updated the phone to the latest UCS software release and ensured it was a compatible software version for Cloud PBX. At this time it was 5.4.4

We tried signing in again and the issue was the same so we tested with another tenant and it worked ! so this proved its not the phone that’s the problem here.

BUT this tenant didn’t have ADFS deployed so this made me think how is this different.

I looked into the VVX issues online and found a common issue when connecting to an on premises deployment of Lync or SfB was you had to deployed internal certificates so i wondered if this is similar with the ADFS servers as part of the user authentication.

 

Internal Root Certificate upload via FTP

This is what i did to upload the certificate to the VVX via FTP using a tftp server.

1. I downloaded the internal trusted root certificate from the ADFS server and saved to my PC. (You will also need any intermediate certificates for the full chain)

2. I downloaded and started TFTP Server on my PC and placed the certificates in the TFTP root folder. I noted my PCs internal IP Address and ensure windows firewalls are configured to allow access.

3. From the web interface on the VVX phone i went to Settings > Network > TLS

Under Certificate Configuration > CA Certificates

Under Application CA 1 i entered (If you have intermediates cert please ensure they are uploaded in order)

ftp://<IP Address of TFTP Server>/cert3.cer

image

and click “Install”

image

For a much more detailed blog on importing certificates to the VVX please see Jeff Schertz’s blog post here

After uploading the root certificates we tried to sign in again and it worked 🙂 whoop whoop so the internal root certificates were required for ADFS to sign the user in.

Hope this helps Cloud PBX users using ADFS 🙂
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s