Lync Phone Edition PIN Authentication and Cisco ACE Load Balancer – It’s About the Certificate Chain Group

This is truly the article I would have LOVED to have found when we first got the DHCP settings in for our Lync Phone Edition devices and other Lync phones, and were going crazy trying to figure out why the LPE devices were fine right after being tethered to a PC, but were not if someone logged in and out of them while disconnected and after rebooting. And that I sort of promised to write when I was raving about a certain switch.

The symptoms: Test-CsPhoneBootstrap works flawlessly. Other Lync phones can log on with extension and PIN. Your Lync Phone Edition device (in our case, the Polycom CX3000) will cheerfully log on with the extension and PIN if you’ve logged it in tethered to a PC via the PC’s Lync client first, but gives you “An account matching this phone number cannot be found. Please contact your support team” after a very quick flash of another error, “Account used is not authorized, please contact your support team” for the very same extension and PIN if you’ve logged out of the device and powered it down. I did what another admin did, taking a video on my phone, then replaying it really slowly – the time from entering the PIN to getting the final failure message was less than 4 seconds, and that was necessary to see the first failure message that briefly flashed on the screen.

Continue reading

Deploying Deskphones for Lync? You Want This Switch!

Test-CsPhoneBootstrap said that we were doing the right thing. Jeff Schertz’s guide to configuring Lync for Lync Phone Edition devices said that we were doing the right thing. Elan Shudnow’s post about Cisco switches and PIN authentication said we were doing the right thing.

But our Lync Phone Edition devices just were NOT authenticating.

One of my network guys mirrored one of the wall ports for me, and I alternated between the happily-authenticating AudioCodes 420HD and the stubborn Polycom CX3000, capturing WireShark traces I could barely read (I’ve since gotten to know the handshake process those LPE devices need way better than I ever wanted to). But what a pain.

msxfaq.de, long-time Exchange and now Lync MVP Frank Carius’ mostly-German variety shop of Lync and Exchange experience to the rescue – most specifically, his page on port mirroring. He recommends the NetGear ProSafe Plus series, the least expensive of which is the 5-port, non-PoE (Power over Ethernet) version, the GS105E. If you can read German, he explains several other options, along with exploring how you might connect to it without using Adobe AIR (and Windows) and some possible security implications of it having a default, hardcoded password to a web interface (theoretically, someone could break in and set up mirroring). If you can’t read German, it’s still good for screenshots of how to set up the port mirroring on the ProSafe Plus switches.

I, on the other hand, found the GS108PE, with 4 PoE ports and 4 regular ones to be the right balance between cost and convenience. This means up to four phones plugged in at once, and without power adapters. The non-PoE (and less expensive) versions will require you to use the phones’ power adapters. Later, if you want VLANs, VLANs you can have.

Port Mirroring Screenshot

Port Mirroring made easy – too bad about the Adobe AIR interface…

Continue reading