How it Works
Polycom
Loading...
1725-31424-001
User Manual
56 pgs1.63 Mb0
Table of contents
Loading...

Polycom 1725-31424-001 User Manual

Deployment Guide for the Polycom® CX700 IP Phone

R2 | July 2010 | 1725-31424-001 Rev. A
Trademark Information
POLYCOM®, the Polycom “Triangles” logo and the names and marks associated with Polycom’s products are trademarks and/or service marks of Polycom, Inc. and are registered and/or common law marks in the United States and various other countries. All other trademarks are property of their respective owners. No portion hereof may be reproduced or transmitted in any form or by any means, for any purpose other than the recipient’s personal use, without the express written permission of Polycom.
Microsoft, MS-DOS, Windows, Windows Server, Windows Vista, Windows XP, Office Communications Server, Office Communicator, and Office Live Meeting are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
Patent Information
The accompanying product is protected by one or more U.S. and foreign patents and/or pending patent applications held by Polycom, Inc. and/or one or more of its licensors.
Disclaimer
Some countries, states, or provinces do not allow the exclusion or limitation of implied warranties or the limitation of incidental or consequential damages for certain products supplied to consumers, or the limitation of liability for personal injury, so the above limitations and exclusions may be limited in their application to you. When the implied warranties are not allowed to be excluded in their entirety, they will be limited to the duration of the applicable written warranty. This warranty gives you specific legal rights which may vary depending on local law.
Copyright Notice
The software contained in this product may be copyrighted by Polycom and/or one or more of its licensors. Copyright © 2009 Microsoft Corporation. All rights reserved. Copyright © 2009 Polycom, Inc. THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDNG BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
© 2010 Polycom, Inc. All rights reserved. Polycom, Inc.
4750 Willow Road Pleasanton, CA 94588-2708 USA
No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Polycom, Inc. Under the law, reproducing includes translating into another language or format.
As between the parties, Polycom, Inc., retains title to and ownership of all proprietary rights with respect to the software contained within its products. The software is protected by United States copyright laws and international treaty provision. Therefore, you must treat the software like any other copyrighted material (e.g., a book or sound recording).
Every effort has been made to ensure that the information in this manual is accurate. Polycom, Inc., is not responsible for printing or clerical errors. Information in this document is subject to change without notice.
ii
About This Guide
Thank you for choosing the Polycom® CX700 IP phone which enables a new era in unified communications currently unavailable with traditional desktop phones. Connecting a Polycom CX700 to Microsoft® Office Communications Server 2007 R2 allows you to place regular and Voice over Internet Protocol (VoIP) calls, answer calls, forward calls, keep a record of all calls, start a conference call, and click to call from a list of your personal contacts through integration with Microsoft’s Active Directory and Microsoft Exchange Server. Using your Polycom CX700 lets you take advantage of Microsoft Office Communications Server 2007 R2 without needing access to a computer. For more information on what’s new in Microsoft Office Communications Server 2007 R2, refer to
http://www.microsoft.com/communicationsserver/en/us/whats-new.aspx
This Deployment Guide provides everything you need to deploy the Polycom CX700 in a standard Microsoft environment. Verify that the network is prepared for deploying the Polycom CX700 IP phones with Microsoft Office Communications Server 2007 R2, and your network is correctly configured. Review the Polycom CX700 Quick Start Guide before you attempt to deploy the phones. This information can also be found at
http://www.polycom.com/voicedocumentation/.
iii
Deployment Guide for the Polycom CX700 IP Phone
iv
Contents
About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii
1 Deploying Polycom CX700 Phone within a Microsoft Office
Communications Server 2007 R2 Environment . . . . . . . . . . . .1
DHCP and the Polycom CX700 IP Phone . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
DHCP Search Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
DNS and the Polycom CX700 IP Phone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Polycom CX700 Phone Querying . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Exchange Server 2007 Autodiscover Service . . . . . . . . . . . . . . . . . . . . . . 4
Polycom CX700 Phone Querying of Exchange Server 2007 . . . . . . . . . . 5
NTP and the Polycom CX700 IP Phone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
NTP Time Provider . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Server Security Framework Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Root CA Certificate for the Polycom CX700 Phone . . . . . . . . . . . . . . . . . 7
2 Upgrading Polycom CX700 Phone within a Microsoft Office
Communications Server 2007 R2 Environment . . . . . . . . . . .11
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Assumptions and Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Polycom CX700 Phone Upgrade Steps - Summary . . . . . . . . . . . . . . . . . . . 21
Polycom CX700 Phone Upgrade Steps - Details . . . . . . . . . . . . . . . . . . . . . . 23
Step 1 - Set Environmental Dependencies . . . . . . . . . . . . . . . . . . . . . . . 23
Step 2 - Upgrade Polycom CX700 Phones from 1.0.199.123 to
1.0.522.101 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Step 3 - Upgrade Polycom CX700 Phones from 1.0.522.101 to
3.5.6907.35 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
3 Troubleshooting the Polycom CX700 Phone . . . . . . . . . . . . .39
Logs Used for Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
When to Use DHCP Option 119 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
v
Deployment Guide for the Polycom CX700 IP Phone
Configuring Windows Server as an NTP Time Source . . . . . . . . . . . . . . . . 43
Enabling Automatic Certificate Enrollment . . . . . . . . . . . . . . . . . . . . . . . . . 45
Making the Root CA Certificate Available to a Polycom CX700 Phone . . 48
Installing a Public Root CA Certificate on a Polycom CX700 Phone . . . . . 49
Confirming the Current Software Version . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
vi

Deploying Polycom CX700 Phone within a Microsoft Office Communications Server 2007 R2 Environment

The Polycom® CX700 IP phone running Microsoft® Office Communicator 2007 R2 Phone Edition is an intelligent IP phone that is designed to get the most out of the Microsoft unified communication platform. The Polycom CX700 phone combines network voice, user-driven design, up-time reliability, quality audio, and the improved communication and collaboration of Microsoft® Office Communications Server 2007 R2.
1
To deploy and upgrade Polycom CX700 phones, you must:
Configure a Dynamic Host Configuration Protocol (DHCP) server
Configure a Domain Name Service (DNS) and add DNS SRV records
Configure a Network Time Protocol (NTP) server
Configure certificates for the phones
Configure Microsoft Office Communications Server 2007 R2
Topics in this section include:
DHCP and the Polycom CX700 IP Phone
DHCP Search Options
DNS and the Polycom CX700 IP Phone
NTP and the Polycom CX700 IP Phone
Server Security Framework Overview
1
Deployment Guide for the Polycom CX700 IP Phone
For the most up-to-date version of the Deploying Microsoft Office Communicator 2007 R2 Phone Edition documentation and the complete set of the Microsoft® Office Communications Server 2007 R2 online server and client documentation, see the Office Communications Server TechNet Library at
http://go.microsoft.com/fwlink/?LinkID=132106.

DHCP and the Polycom CX700 IP Phone

All computers that are on a TCP/IP network must have an IP address for the network to work correctly. Generally, you can manually configure IP addresses at each computer, or you can install a Dynamic Host Configuration Protocol (DHCP) server that automatically assigns IP addresses to each client computer or device on the network. The Polycom CX700 phone is no exception and therefore can receive only DHCP-assigned IP addresses and requires no configuration on the device.
A DHCP client is any network-enabled device that enables you to communicate with a DHCP server to obtain dynamic, leased IP configuration and related optional information. The Polycom CX700 phone is a DHCP client.

DHCP Search Options

To complete unqualified domain name system (DNS) names that will be used to search and submit DNS queries at the client for resolution, you must have a list of DNS suffixes that can be appended to these DNS names. For DHCP clients, this can be set by assigning the DNS domain name option (Option 15) and providing a single DNS suffix for the client to append and use in searches.
In some circumstances it is preferable that a DHCP client be configured by using multiple DNS suffixes, supported with the use of DHCP Search Option
119.
DHCP Search Option 119 is passed from the DHCP server to the DHCP client to specify the domain search list used when resolving hostnames with DNS. DHCP Search Option 119 applies only to DNS and does not apply to other name resolution mechanisms.
DHCP Option Description
015 Specifies the connection-specific DNS domain suffix to
119 DNS Domain Search List option to specify the domain
be used by the DHCP client.
search list used when resolving hostnames with DNS.
2
Deploying Polycom CX700 Phone within a Microsoft Office Communications Server 2007 R2 Environment
To enable search option 119 for Windows Server 2003 DHCP server:
1. Open DHCP. (To open DHCP, click Start, point to Settings, click Control
Panel, double-click Administrative Tools, and then double-click DHCP.)
2. In the console tree, click the applicable DHCP server.
3. On the Action menu, click Set Predefined Options.
4. In Predefined Options and Values, click Add (Option Class Standard),
and then click OK.
5. In Name, type the string DNS Search List.
6. Set Code to 119 and Data Type string (it is not an array), and then click
OK.
7. Right-click Scope Options, select Configure Options, and then select 119
DNS Search List.
8. Enter a list of domain suffixes in your organization, delimited by a
semicolon (for example, contoso.com;dev.contoso.com;corp.microsoft.com).
9. Click OK.

DNS and the Polycom CX700 IP Phone

The Polycom CX700 phone will process a number of DNS records in order to locate the Microsoft Office Communications Server 2007 R2.
Topics in this section include:
Polycom CX700 Phone Querying
Exchange Server 2007 Autodiscover Service
Polycom CX700 Phone Querying of Exchange Server 2007

Polycom CX700 Phone Querying

The Polycom CX700 phone uses the following DNS domains when querying information in DNS.
SIP domain = Right side of sign-in address
SMTP domain = Right side of primary e-mail address
If the query fails, the Polycom CX700 phone tries to look up the same record with DNS suffix(es) appended.
host.<SIP domain>
host.<SIP domain>.<DNS suffix>
3
Deployment Guide for the Polycom CX700 IP Phone
When the Polycom CX700 phone connects to the Microsoft Office Communications Server 2007 R2, it queries in the following order.
1. Hosts and port pointed to by these SRV records
_sipinternaltls._tcp.<SIP domain>
_sip._tls.<SIP domain>
_sipinternal. tcp.<SIP domain>
2. sipinternal.<SIP domain>:5061
3. sipinternal.<SIP domain>:443
4. sip.<SIP domain>:5061
5. sip.<SIP domain>:443
6. sipexternal.<SIP domain>:5061
7. sipexternal.<SIP domain>:443

Exchange Server 2007 Autodiscover Service

Microsoft® Exchange Server 2007 includes a new Exchange service named the Autodiscover service. The Autodiscover service configures client computers that are running Microsoft® Office Outlook 2007. The Autodiscover service can also configure supported mobile devices. The Autodiscover service provides access to Exchange features for Outlook 2007 clients that are connected to an Exchange messaging environment. The Autodiscover service must be deployed and configured correctly for Outlook 2007 clients to automatically connect to Exchange features, such as the offline address book, the Availability service, and Unified Messaging (UM).
For more information, see the Exchange Server TechCenter topic How to Configure Exchange Services for the Autodiscover Service at
http://go.microsoft.com/fwlink/?linkid=141087.
Retrieving Outlook Contacts, Call Logs, and Voice Mail
The Polycom CX700 phone retrieves Outlook contacts, call logs, and voice mails and displays them on the device. The Polycom CX700 phone does this by accessing the Exchange Server 2007 Client Access Server (CAS) and retrieving the information by using Exchange Web Services (EWS). The Polycom CX700 phone locates the Exchange Server 2007 CAS by using an A record that is in DNS. It uses the SMTP domain of the primary e-mail address for the user to locate the A record. The primary e-mail address is sent to the device during the sign-in process through in-band provisioning. The A record it is querying is in the following order.
https://<SMTP domain>/autodiscover/autodiscover.xml, https://autodiscover.<SMTP domain>/autodiscover/autodiscover.xml,
and http/ https redirect
4
Deploying Polycom CX700 Phone within a Microsoft Office Communications Server 2007 R2 Environment
Outlook 2007 uses Active Directory Service Connections Points (SCP) and DNS SRV records to locate Exchange Server 2007 CAS. However, the device does not support these additional methods.
The Autodiscover service finds and presents the various URLs that are used to interact with Exchange Web Services and information about how to connect Outlook 2007 to Exchange Server 2007. The device uses those URLs to retrieve the Outlook contacts, call logs, and voice mails from Exchange Server 2007.

Polycom CX700 Phone Querying of Exchange Server 2007

The device must be able to resolve to the Exchange Web Services URL and connect to it using HTTP or HTTPS.
If HTTPS is enabled, the certificate must be trusted by the device. The Polycom CX700 phone tries to connects to the Exchange Server 2007
Autodiscover service in the following order:
https://<SMTP domain>/autodiscover/autodiscover.xml
https://autodiscover.<SMTP domain>/autodiscover/autodiscover.xml
http -> https redirect
On successful response, the Polycom CX700 phone connects to the Exchange Web Service URL in the Autodiscover response XML.
The certificate from Exchange Server 2007 must be trusted.

NTP and the Polycom CX700 IP Phone

Network Time Protocol (NTP) is the default time synchronization protocol that is used by the Windows Time service in Windows Server 2003. NTP is a fault-tolerant, highly scalable, time protocol that is used most frequently for synchronizing computer clocks. It does this by using a designated time reference. The Polycom CX700 phone requires NTP to set the correct time and date for the Polycom CX700 phone.

NTP Time Provider

The NTP provider is the standard time provider that is included with Windows Server 2003. The NTP provider in the Windows Time service consists of the following two parts:
NtpServer output provider. This is a time server that responds to client time requests on the network.
NtpClient input provider. This is a time client that obtains time information from another source, either a hardware device or an NTP server, and can return time samples that are useful for synchronizing the local clock.
5
Deployment Guide for the Polycom CX700 IP Phone
Although the actual operations of these two providers are closely related, they appear independent to the time service. By default, when a computer that is running Windows Server 2003 is connected to a network, it is configured as an NTP client.
The Polycom CX700 phone searches for a NTP server in DNS as follows:
NTP SRV record (UDP port 123)
_ntp._udp.<SIP domain> pointing to NTP server
If it cannot find the NTP SRV record, it will try to use windows.com as an NTP server:
NTP A record
time.windows.com
To set Group Policy for Windows Time Service global configuration settings:
1. From the MMC, click Active Directory Users and Computers.
2. Right-click the domain that contains the NTP server, and then select
Properties.
3. Click the Group Policy tab, make sure that the Default Domain Policy is highlighted, and then click Edit.
4. Click Computer Configuration, click Administrative Templates, click System, and then click Windows Time Service.
5. Click Time Providers and in the right pane, double-click Enable Windows NTP Server, select the Enabled button, and then click OK.
6. From the Group Policy Object Editor menu, select File, and then click Exit.

Server Security Framework Overview

The following section summarizes the elements that form the security framework for Microsoft Office Communications Server 2007 R2. It is helpful to understand how these elements work together when you deploy the Polycom CX700 phone in your organization.
These security elements are as follows:
Active Directory Domain Services (AD DS) provides a single trusted, back-end repository for user accounts and network resources.
PKI (Public Key Infrastructure) uses certificates that are issued by trusted CAs (certificate authorities) to authenticate servers and to help ensure data integrity.
6
Deploying Polycom CX700 Phone within a Microsoft Office Communications Server 2007 R2 Environment
TLS (Transport Layer Security) and MTLS (Mutual Transport Layer Security) enable endpoint authentication and instant messaging (IM) encryption. Media streams are encrypted by using Secure Real-time Transport Protocol (SRTP).
These fundamental elements work together to define trusted users, servers, and connections. The resulting trust relationships provide the foundation on which the complete Microsoft Office Communications Server 2007 R2 security framework is built.

Root CA Certificate for the Polycom CX700 Phone

Microsoft Office Communications Server 2007 R2 relies on certificates to authenticate servers and to establish a chain of trust between clients and servers and among the different server roles. By default, communication between the Polycom CX700 phone and Office Communications Server 2007 R2 is encrypted by using TLS and SRTP. Therefore, the device must be able to trust certificates presented by Office Communications Server 2007 R2 servers. A means must always exist for the VoIP client to create the TLS secured connection that is required for audio communication on the network.
Publicly Hosted Certificate Authority Solution
If Microsoft Office Communications Server 2007 R2 servers use public certificates, the certificates will most likely be automatically trusted by the device, because the device contains the same list of trusted CAs as Windows CE. The table at the end of this topic lists the public certificates that are trusted by the Polycom CX700 phone.
Privately Hosted Certificate Authority Solution
Most Microsoft Office Communications Server 2007 R2 deployments use internal certificates for the internal Office Communications Server 2007 R2 server roles. In these types of deployments, the Root CA certificate must be installed from the internal CA to the device. Because you cannot manually install the Root CA certificate on the device, the certificate must be downloaded to the device through the network.
The Polycom CX700 phone downloads the certificate using the following methods:
1. The device searches for Active Directory directory objects of category certificationAuthority. If the search returns any objects, the device will use the attribute caCertificate. This attribute is assumed to hold the certificate and the device will install the certificate.
The Root CA certificate must be published in the caCertificate for the Polycom CX700 phone. To place the Root CA certificate in the caCertificate attribute, use the following command:
certutil -f -dspublish <Root CA certificate in .cer file> RootCA.
7
Deployment Guide for the Polycom CX700 IP Phone
2. If the search for Active Directory objects of category CertificationAuthority does not return any objects, or if the objects have empty caCertificate attributes, the device searches for Active Directory objects of category pKIEnrollmentService in the configuration naming context. Such objects exist if certificate AutoEnrollment was enabled in Active Directory. If the search returns any objects, it will use the dNSHostName attribute returned to reference the CA and it will then use the Web interface of the Microsoft Certificates Service to retrieve the Root CA certificate by using the HTTP GET command
http://<dNSHostname>/certsrv/certnew.p7b?ReqID=CACert&Renewa l=-1&Enc=b64
If neither of these methods succeeds, the device displays the error message “Cannot validate server certificate” and the user is unable to use the device.
Polycom CX700 Phone Certificates
The following is a list of considerations for issuing certificates to the Polycom CX700 phone.
By default, the uses Transport Layer Security (TLS) and Secure Real-time Transport Protocol (SRTP).
.
Requirement: Trust certificates presented by Office Communications
Server 2007 R2 and Exchange Server 2007 server.
Requirement: Root certification authority (CA) chain certificate
resides on the device.
No manual installation of certificate on device is possible.
Options:
Use public certificates
Preloaded public certificates on device
Use of enterprise certificates
Receive the Root CA chain from the network
Enterprise Root CA Chain
The Polycom CX700 phone can find the certificate by using either the public key infrastructure (PKI) PKI auto-enrollment object in Active Directory Domain Services or through a well-known distinguished name (DN).
Enable PKI auto-enrollment through Enterprise CA.
Device makes an LDAP request to find pKIEnrollmentService/CA
server address and eventually download the certificate over HTTP to Windows CA /certsrv site by using the users credentials.
Use certutil -f -dspublish .cer file location" RootCA to upload certificates to the Configuration NC.
8
Deploying Polycom CX700 Phone within a Microsoft Office Communications Server 2007 R2 Environment
Cn=Certificate Authorities, cn=Public Key Services, CN=Services,
cn=Configuration, dc=<AD Domain>
The LDAP request is BaseDN: CN=Configuration, dc= <Domain> Filter: (objectCategory=pKIEnrollmentService) and searched for attribute is dNSHostname. Be aware that the device downloads the certificate by using HTTP get ­http://<dNSHostname>/certsrv/certnew.p7b?ReqID=CACert&Renewal=-1 &Enc=b64.
Trusted Authorities Cache
The following table lists the public certificates that are trusted by the Polycom CX700 phone.
Vendor Certificate Name Expiry Date Key Length
Comodo AAA Certificate
Services
Comodo AddTrust External
CA Root
Cybertrust Baltimore
CyberTrust Root
Cybertrust GlobalSign Root
CA
Cybertrust GTE CyberTrust
Global Root
VeriSign Class 2 Pub lic
Primary Certification Authority
VeriSign Thawte Premium
Server CA VeriSign Thawte Server CA 12/31/2020 1024 VeriSign Comodo 1/7/2010 1000 VerSign Class 3 Public
Primary
Certification
Authority
12/31/2020 2048
5/30/2020 2048
5/12/2025 2048
1/28/2014 2048
8/13/2018 1024
8/1/2018 1024
12/31/2020 1024
8/1/2028 1024
Entrust Entrust.net
Certification
Authority (2048) Entrust Entrust.net Secure
Server Certification
Authority
9
12/24/2019 2048
5/25/2019 1024
Deployment Guide for the Polycom CX700 IP Phone
Vendor Certificate Name Expiry Date Key Length
Equilax Equifax Secure
8/22/2018 1024 Certification Authority
GeoTrust GetTrust Global CA 5/20/2022 2048 GoDaddy GoDaddy Class 2
6/29/2034 2048 Certification Authority
GoDaddy http//www.valicert.c
6/25/2019 1024 om/
GoDaddy Starfield Class 2
6/29/2034 2048 Certification Authority
10

Upgrading Polycom CX700 Phone within a Microsoft Office Communications Server 2007 R2 Environment

This chapter detailed instructions on how to upgrade Polycom CX700 IP Phone. Due to a number of issues, the upgrade may be a two-step process, which includes a hard reset of the phone to remove any pre-existing phone credentials, certificates chains, and URLs.
2
Topics in this chapter include:
Introduction
Polycom CX700 Phone Upgrade Steps - Summary
Polycom CX700 Phone Upgrade Steps - Details
A list of frequency asked questions can be found in Troubleshooting the
Polycom CX700 Phone on page 3-39.
11
Loading...
+ 39 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use