Came across an issue recently where a Polycom VVX wouldn’t sign in correctly when trying to sign in against an Office 365 tenant with ADFS enabled.
We reviewed the Cloud PBX configuration in the tenant and voice settings for the user and these were correct as we could make and receive calls from the SfB desktop client.
So we started with the VVX, we updated the phone to the latest UCS software release and ensured it was a compatible software version for Cloud PBX. At this time it was 5.4.4
We tried signing in again and the issue was the same so we tested with another tenant and it worked ! so this proved its not the phone that’s the problem here.
BUT this tenant didn’t have ADFS deployed so this made me think how is this different.
I looked into the VVX issues online and found a common issue when connecting to an on premises deployment of Lync or SfB was you had to deployed internal certificates so i wondered if this is similar with the ADFS servers as part of the user authentication.
Internal Root Certificate upload via FTP
This is what i did to upload the certificate to the VVX via FTP using a tftp server.
1. I downloaded the internal trusted root certificate from the ADFS server and saved to my PC. (You will also need any intermediate certificates for the full chain)
2. I downloaded and started TFTP Server on my PC and placed the certificates in the TFTP root folder. I noted my PCs internal IP Address and ensure windows firewalls are configured to allow access.
3. From the web interface on the VVX phone i went to Settings > Network > TLS
Under Certificate Configuration > CA Certificates
Under Application CA 1 i entered (If you have intermediates cert please ensure they are uploaded in order)
ftp://<IP Address of TFTP Server>/cert3.cer
and click “Install”
For a much more detailed blog on importing certificates to the VVX please see Jeff Schertz’s blog post here
After uploading the root certificates we tried to sign in again and it worked 🙂 whoop whoop so the internal root certificates were required for ADFS to sign the user in.