Externally Provisioning Lync Phone Edition
I recently touched on this topic in the blog article Deploying Lync Phone Edition Devices and decided it warranted its own article as it’s commonly misunderstood that all Aries devices must be first provisioned from inside a corporate network first, but that is not the always the case. Devices with a USB interface can be provisioned and fully-utilized externally.
The process covered in this article is supported on the Polycom CX600 and CX3000 (and theoretically the Aastra 6725ip but I have not personally tested it ) devices in the Aries family, as well as the CX700 Tanjay device.
Neither the CX500 nor the 6721ip device can be used externally as they do not contain USB interfaces and thus are limited to utilizing the PIN authentication process only to connect to a Lync Server. As this method uses customized DHCP options to support PIN login they will not work on a standard Internet connection in a home office or other unmanaged external sites. These are common-area phone designed for internal-only applications and not for mass-deployment.
As long as a valid IP address is handed out to the device via DHCP and a router option is included along with at least one DNS server entry than the device has everything it needs to later connect to the Edge Server on its own.
Be aware that there are some pre-release beta and early revision Aries devices out there in the wild which may not follow these exact steps, so if you have one of these evaluation devices then the software may need to be upgraded to a newer version before it behaves the same as detailed in this article. Also note that for CX700 devices they must be on at least an OCS 2007 R2 firmware version, as older versions (e.g. 1.0.522.101) did not yet support USB tethering.
Connecting Aries Devices
I’ve tested this with both a CX600 and CX3000 (both Rev B devices running 4.0.7457.0 software) from my home office using basic Internet connectivity and no VPN or any other bridged connection. This same process has also been used with other devices in various customer locations with just Internet access and a workstation with the Lync client installed, connected to a Edge Server.
- Connect the Ethernet LAN interface to the network, and if not using Power over Ethernet (PoE) then connect the 24V DC power supply.
If desired, an out-of-the-box experience can be emulated on a device currently provisioned to truly test this process by performing either a hard reset or factory reset. (This is not required and an existing device may simply just need to have the current user signed-out by using the Switch User menu selection.)
Although the phrase “factory reset” implies that the device will be returned to original factory default settings this process does not actually return the device to a factory-shipping state. All Lync Phone Edition devices (both Tanjay and Aries families) contain two separate firmware partitions, an active partition and an inactive partition. Whenever the devices are upgraded to a new firmware they install the new version on the inactive partition and then reboot into that partition, effectively swapping the active/inactive partitions. The previous partition can be re-activated using this process to essentially roll back to the last firmware version installed.
- To perform a hard reset on a Polycom Aries device (CX500, CX600, or CX3000) simply hold down both the * and # buttons while connecting the power. Continue to hold the keys for approximately 10 seconds until the following screen appears, indicating that all user data and configuration settings will be erased.
- Or, to perform a factory reset on a Polycom Aries device (CX500, CX600, or CX3000) simply hold down both the 4 and 6 buttons while connecting the power. Continue to hold the keys for approximately 10 seconds until the following screen appears, indicating that the phone will be rolled back to the previously installed firmware version as well as erasing all settings.
- Select Yes to begin the selected process, which should normally take about 2 to 3 minutes for a hard reset
- Once the reset process is completed (or if a brand new device was used instead) the following animated screen will appear, instructing the user to press the selection key on the phone.
- After pressing the selection key the Welcome menu asks for which method to use to provision the device. As the device is not connected to the corporate internal network then Yes must be selected.
- Make sure that the Lync client is signed on a workstation and then connect the USB cable from the device to the computer. At this point the device will continue to display the animated screen below.
- As soon as the USB cable is connected though the workstation should indicate that the device drivers were successfully installed (this is automatic, and if the device was already connected to the same workstation prior then this balloon alert would not be seen).
- Immediately after the Lync client should present a new window asking for Login information for the device. Sometimes this window will not always appear on the top of the desktop so try looking at the Lync taskbar icon to see if the new window is hidden or minimized.
Enter the Active Directory user credentials for the Lync account in either NetBIOS format (DOMAIN\username) or UPN format (firstname.lastname@example.org) and click OK.
Take note that often the Lync client will pre-populate these fields with data that is incorrect (like a local workstation hostname instead of a domain name) depending on the network and Windows client configuration. The same credentials used to sign-in to the Lync client are what should be entered here.
- Back on the device screen messages should be displayed indicating that the device is locating a time server, contacting the Lync Server, and then attempting to download a certificate. In practice I have seen this process typically fail on the first attempt, resulting in the error shown below:
- If this happens, simply re-enter the password in the Logon Information Needed window on the workstation again and re-submit. The successful connection to the server will be verify by the device asking to set a phone-unlock PIN. Enter any desired PIN (e.g. 123456) and select Next. Confirm the new PIN and select Done.
At this point either the Next button can be pressed to select a Time Zone, Date and Time Formats, and a customized Ring Tone. After completing (or skipping) the setup the home screen will appear.
At this point the device can be left tethered to the workstation as all the feature will be available when in this enhanced, ‘better together’ mode. The features only available when tethered include access to individual voice mails, detailed call logs, and calendar information. This data is pulled directly from the user’s Exchange mailbox via Exchange Web Services connections which are not natively available on the device itself.
So if the USB cable is now disconnected then the basic mode features still available would be the contact list, user photos, voice mail Message Waiting Indicator (MWI), and local call logs. There will also be Conference leader options available when connected to a Lync conference.
Additionally the device can be powered off and rebooted and will still login as the same user account with needing to re-tether via USB to a workstation. This is because both the SIP Registrar FQDN (the Access Edge Server FQDN) and the windows credentials currently supplied are both cached in the phone, even after rebooting. (If a factory-reset is performed than all data is wiped and the process must be repeated). After a normal reboot (disconnect and reconnect the power source) the device will automatically login as the cached user account and immediate lock, preventing unauthorized access to the phone be someone attempting to just restart it to gain access.
If the user is later manually signed-out then the tethering process will again be required to download the certificate and cached credentials into the phone again.