As outlined in this previous article a wide array of Polycom phones are now supported directly with Skype for Business Online in Office 365. In the past dealing with device updates has been covered in several articles for the different device families and models. These same concepts still generally apply when using the devices with Skype for Business Online but the configuration and management is slightly different.
While separate provisioning servers can still be utilized with the various 3PIP devices, the guidance across all of the previous articles is focused on traditional on-premises deployments of Lync and Skype for Business server platforms. But what about the growing number of environments where none of those components exist and literally everything outside of the clients and end-user devices are simply leveraging the Office 365 cloud platform?
This article addresses these online-only tenants with guidance on how to manage IP phone firmware without using any additional management solutions. Keep in mind that in the future some of these management tasks may become even easier as with Microsoft’s recent acquisition of some portions of Event Zero’s UC Commander platform as that could materialize into more direct control of Polycom UCS configuration parameters inside of the Office 365 administration portals.
Background
With the introduction of official support for Qualified IP Phones in the online platform there arose a need to offer some sort of firmware management capability that resembles what the existing Lync and Skype for Business server installations already offered. This is handled by the native Device Update service which is already part of Skype for Business Server. The main difference though is that while the on-premises server platform the configuration is performed through a combination of Control Panel setting and Management Shell cmdlets, Office 365 administrators only have access to settings exposed in the online Administration Portal. There is a limited subset of cmdlets defined for online tenants which do not match the vast array of on-premises server cmdlets.
Office 365 administrators today are given control of only a few IP Phone-specific options which includes the ability to disable the default in-band firmware updates behavior. Microsoft controls what firmware version this will be so an administrator can only control whether or not they want the officially approved and supported firmware automatically deployed to their VVX phones, which is enabled by default. It is not possible to select or upload a desired version using the device update service in Office 365 like an on-premises deployment offers. To utilize any version other than the currently approved release the automatic update behavior must manually be disabled.
Default Behavior
At the time this article was written only the Polycom VVX IP phones will automatically receive device updates when registered with a Skype for Business Online user account. The Trio 8800 conference phone, which is part of the same core Unified Communications Software (UCS) family, does not yet receive updates from the Skype for Business Online device update server. Lync Phone Edition devices also do not receive firmware updates when registered directly to Skype for Business Online.
As outlined in Adam Jacob’s article earlier this year a pair of new cmdlets were added to the Skype for Business Online PowerShell Module for controlling some behavior of the IP Phones. These new Get-CsIPPhonePolicy and Set-CsIPPhonePolicy cmdlets are only available using the online management shell.
- Using Skype for Business Online Management Shell issue the Get-CsIPPhonePolicy cmdlet to review the following default configuration for any Office 365 tenant. Note that the EnableDeviceUpdate parameter is set to True by default.
Get-CsIPPhonePolicy
When a VVX phone is registered with a user account in this online tenant running at least the minimum required 5.4.0A firmware version it will automatically check with the device update server when signing in or booting up with previously entered cached credentials.
Shortly after a successful registration the phone may display a message that a new firmware update is available. This will happen if the phone is currently running a version which does not exactly match the version that Microsoft currently has published on their servers. As is always the case with the device update process it does not matter if existing version is older or newer, meaning the phone can upgrade or downgrade based on its version compared to the version advertised by the server.
So if the phone has detected that a different version is available on the server then an alert notification message will be shown on the Warnings screen, which is reported on the Alert icon on the top-left corner of the home screen.
For example the phone used to capture these screenshots is a VVX 601 running the most recent 5.4.4.3041 version of software supported for on-premises Lync and Skype for Business environments.
Understand that Microsoft publishes only the most recently qualified version for Skype for Business Online. While updated versions are released for Skype for Business on-premises deployments often not every individual release goes through the complete online qualification process. The point here is that the most current version that is both qualified and fully supported by Microsoft and Polycom is what should be used on O365-registered phones. Leaving the device update service enabled is currently the best practice for keeping the phones on that specific approved version.
As shown above the qualified version at the time of writing this article is 5.4.1.17653 which is a few releases older than the 5.4.4.3041 version currently installed on this specific phone.
So what will happen here is that as soon as this phone is left inactive for 15 minutes (900 seconds) it will automatically begin the process of installing the approved firmware version from the server, effectively downgrading the device to the older, approved version. Also note that the Reboot button on the above screen can be used to immediately trigger the update process as apposed to waiting for the inactivity timeout to be reached.
The Lync Device Update menu shown below can be used to see the last time the phone checked in with the device update service.
Home > Settings > Status > Diagnostics > Lync Device Updates
Disable Device Updates
To allow phone to run on a different version then the device update behavior can be disabled by editing the online IP phone policy that Polycom UCS devices natively understand.
Configure Policy
- Using the Skype for Business Online Management Shell issue the following Set-CsIPPhonePolicy cmdlet to change the device update behavior.
Set-CsIPPhonePolicy -EnableDeviceUpdate $false
- Then run the Get-CsIPPhonePolicy cmdlet to verify the change has been applied to the policy. The following cmdlet example simply shows how to filter out the other parameters.
Get-CsIPPhonePolicy | Select-Object EnableD* | fl
As with any policy changes the registering device will not see this immediately. There are several factors at play impacting how quickly a currently registered phone would pick up the new setting. Typically within 8 hours policy changes are refreshed throughout all clients, but a manual reboot of the phone can help expedite this. Given that this change is applied to a massive and mostly uncharted cloud provider environment it typically takes a few minutes for that change to propagate amongst the tenants home pool.
Testing has shown that waiting about 15 minutes after applying the policy change above is sufficient before rebooting a phone. Because the default update timeout is also 15 minutes make sure to interact with the phone at least once to reset that timer to prevent the device from updating itself before picking up the new setting.
Obviously this approach works if one is prepared for this but most likely the phones have already flipped to the undesired version and when looking for a solution this blog article was found. So more likely the phone is already been downgraded and the timing is not really critical. Simply disable the update service, wait until the phones have picked up the policy change, and then upgrade them to the desired version using any of the supported methods.
Validate Endpoint Configuration
To verify that the phone has picked up the new configuration after rebooting and re-registering to Skype for Business Online there are a few items which can be checked.
- The notification of an available device update will no longer appear on the phone’s home screen nor in the Warnings window.
- The Lync Device Updates menu is now hidden and will no longer be shown under the Diagnostics menu.
- The ‘device.prov.lyncDeviceUpdateEnabled’ parameter will be set to ‘0’ to indicate that it is disabled.
While the first two items can easily be seen directly on the phone to be absolutely sure that device updates has been disabled on the device configuration parameters can be viewed using the following procedure.
- Connect to the web management UI on the phone. If it is disabled then enable it and reboot the phone, as shown in the Enable Web Server section of this past article.
- Sign in using the defined Admin password (456 by default) and then browse to the Utilities > Import & Export Configuration menu.
- Expand the Export Configuration section and then select Device Settings from the drop-down menu.
- Click Export and save the file. Once downloaded open the Export_device_settings.cfg file. These files are easiest to navigate using an XML Editor like XML Notepad, but any text editor/viewer will work.
- Scroll down towards the bottom of the file and look for the device.prov.LyncDeviceUpdate* section of parameters.
- Check the value of the device.prov.lyncDeviceUpdateEnabled parameter. As shown below a defined value of 0 indicates that the device updates are disabled which the phone did receive in-band during the last registration attempt.
Configure Individual Phones
As mentioned earlier it is recommended to leave these device updates services enabled to insure the phones are always running on the latest approved build. But in the event that a different version needs to be installed on all phones then the process above can be used.
If only looking to prevent one or a few phones from upgrading for the purposes of testing other firmware versions then it is better to disable the update capability directly on the phone instead of on the server which currently only supports a single Global policy that applies to all users in the specific O365 tenant.
- Create a new txt file called DisableLyncUpdate.cfg and copy/paste in following text:
<?xml version=”1.0″ encoding=”utf-8″ standalone=”yes”?>
<PARAMETERS device.set=”1″ device.prov.lyncDeviceUpdateEnabled.set=”1″ device.prov.lyncDeviceUpdateEnabled=”0″ lync.provisionDeviceParams.enabled=”0″ />
- Using the process shown in the previous step access the web management UI and from the Utilities > Import & Export Configuration menu Import the file that was created in the previous step into the phone.
The first two parameters must be set to 1 in order to write changes to any phone parameters in the device settings partition. The last two parameters will then disable device updates in addition to ignoring any device parameters currently being provisioned in-band during the SfB registration process. Obviously changing only the device update parameter would not be sufficient as the next time the phone applies the client policy settings then it will simply revert back to the server-provisioned behavior. Setting the lync.provisionDeviceParams.enabled parameter to 0 makes sure that does not happen
It is important to note though that setting this parameter to ‘0’ will actually disable more than just device updates as the phone will also ignore all of the following parameters controlled by the Set-CsIPPhonePolicy cmdlet:
“EnableDeviceUpdate”
“IPPhoneAdminPasswd”
“LocalProvisioningServerAddress”
“LocalProvisioningServerUser”
“LocalProvisioningServerPassword”
“LocalProvisioningServerType”
To configure the alternative scenario of disabling updates on the client policy and then enabling them for a few individual phones then simply change the device.prov.lyncDeviceUpdateEnabled values to ‘1’.
Good Article Jeff – thanks. Another option for administrators is utilizing a traditional ftp server for firmware updates as well as configuration options for the UC software. For me, being able to control specific features and parameters within the UC files is important as it provides much more control than just firmware updates. A couple of follow up questions: Any thoughts on UC commander as a management tool? My understanding is this is available to Microsoft customers with cloud deployments of SfB.
Another rudimentary challenge with enterprise scale IP phones and O365 is something I am hoping Polycom has on the horizon: support for a proxy server so the phones can actually reach O365. I haven’t validated this with VVX, but for the Trio 8800 web proxy servers are not supported….yet.
I am wondering if either Polycom or Microsoft(via acquisition of UC Commander have developed support for a proxy server which would enable handsets to be provisioned to Cloud PBX/O365 en-masse.
I am looking to automate( as much as possible) the deployment of Polycom VVX sets in a Cloud Connector Edition/Cloud PBX scenario
Any guidance is much appreciated.
This is an area where you’ll likely see more options as a cloud offering, but nothing is available yet.
Hello!
Is it possible to connect Polycom 8800 Trio outside office network. With Skype For Business Enterprise
Yes (assuming you have Edge deployed). You can register from anywhere that a Skype for Business client can.
Hi Jeff,
we logged into Polycom VVX 600 phone using SFB Online user but we are not getting firmware upgrade from SFB Online Server.
To receive updates through SfB Online services, we make sure to configure the phone policy using the command below:
Set-CsIPPhonePolicy -EnableDeviceUpdate $True
Current Polycom version: 5.4.1.18405
The error message we are getting from the phone’s log is as follow:
|4|00|DevUpdt|LyncDeviceUpdateHttpRequest: using webticket failed m_CurlReturn [0] m_ResCode[500]
0829175104|
Microsoft has periodically disabled or removed the published firmware over time for a variety of reasons. this should be working at this point but if it doesn’t make sure to check the provided download URL in the logs and you may see that it’s null (meaning the image was been temporarily withheld).
Dear Jeff
I have Two trio 8800.
I implemented all the settings which are described above.
and I’m still getting following errors:
0214125440|cfg |5|00|Prm|Parameter dialplan.x.lyncDigitmap.timeOut requested type 0 but is of type 2
214125838|copy |4|00|Configuration of URL failed
0214125840|mr |4|00|MrProvUploadFileHandler::HandlePut: Error tranferring res 1 8 file /enc.0004f2fe20c9-5.5.2.11217-core.tUtilWDog.6.1515848212.gz.tar.gz
0214125840|copy |4|00|Configuration of URL failed
0214125841|mr |4|00|MrProvUploadFileHandler::HandlePut: Error tranferring res 1 8 file /enc.0004f2fe20c9-5.5.2.11217-core.tUtilWDog.6.1515848212.gz.tar.gz
0214125841|copy |4|00|Configuration of URL failed
0214125842|mr |4|00|MrProvUploadFileHandler::HandlePut: Error tranferring res 1 8 file /enc.0004f2fe20c9-5.5.2.11217-core.tUtilWDog.6.1515848212.gz.tar.gz
0214125842|copy |4|00|Configuration of URL failed
0214125843|mr |4|00|MrProvUploadFileHandler::HandlePut: Error tranferring res 1 8 file /enc.0004f2fe20c9-5.5.2.11217-core.tUtilWDog.6.1515848212.gz.tar.gz
can you please comment somehow ?
It appears you have a malformed parameter but I can’t really guess from those few log errors.
Hi Jeff – just a quick note to say thanks for this very well-written post about disabling device updates. It was so well pitched, all of my questions answered, and you made sense of the (initially baffling) problem I was having about VVX phones downgrading themselves to a state where CAP (common area phone) is actually not supported. Surely an own-goal for MS, bringing out support and licensing for common area phone, but defaulting to a firmware on Polycom phones that *doesn’t* support Common Area Phone?! Oh well – looks like this will resolve it for me!
We do hace exactly the same issue.
Today they still publish old software !
I created a support incident and did the trick to disable auto firmware upgrades/downgrades.
Hi Jeff,
Hoping you can help as I’m having problems with our Eagle Eye Mini camera as it does not display a view when making a Skype for Business call, it just comes up with a Black screen?.
The recipient can be seen but the caller from our RealPresence PolyCom Trio 8800 is not displaying. We initially set this up and it was working perfectly however it looks likt it has downgraded due to the auto update Skype fo Business function – I have since loaded the .cfg file to disable the update but the camera is still not functioning – I’ve contacted the PolyCom support desk and their response is to replace the camera?.
Do you have any suggestions – we have reset the camera which comes up and we briefly get a clear picture of the office where the Trio Unit is and can see the caller but then it just goes Black again after a couple of seconds?.
Any help you can provide would be greatly appreciated.
Regards,
Pete
Hi Jeff,
We had an identical issue on one Trio/Visual+ setup which Polycom support didn’t get anywhere diagnosing, other than suggesting an RMA which came back with the same issue.
After many weeks of head scratching, we compared configs between working and non-working rooms and found that on this particular Trio, a whole bunch of the camera options (I forget which, but from memory things like video.camera.contrast, video.camera.brightness, video.camera.focus.range) were all set at 0. We set these back to default, and everything started working again.
Wondering if there’s perhaps a bug or if something go screwed as part of the downgrade process.
If you’re still having issues, I would definitely recommend starting there.
C
This literally saved our bacon.
We had spun up the polycom cloud management for the phones and started pushing the Microsoft required firmware updates required for 15 Jan 2020.
The phones were getting the firmware from the cloud server but then immediately getting upgrade notices for the older firmware (5.9.0). We had to hunt a bit to find where it was coming from. In the phone logs you could see the lync.microsoft server address with that firmware advertising it. The end result was the phones would upgrade to 5.9.5 and login to skype and get the command to reboot with 5.9.0. then get the command from polycom cloud to go to 5.9.5 again on next reboot. A vicious loop.
We set the enabledeviceupdate policy to disable and that has solved our problem.