Forum Discussion
Solved
Polycom VVX 600 and MFA
Has anyone had any luck with the Polycom VVX 600 and signing into S4B when you have MFA enabled on your account? Or for that matter any polycom device? I've tried app passwords and those don't seem to work either. I haven't seen any documentaiton anywhere if this is supported or not, so just curious if anyone has any inforamtion about it and if it's not supported, when it might be.
Actually, it turns out I found the steps that Scott mentioned at the following article -- http://blog.schertz.name/2016/12/polycom-ucs-5-5-for-vvx-phones/.
It looks like the new 5.5.1 software has a 'Web Sign-In' option that Scott mentioned. On my phone I chose 'Sign-In' and was given the option for 'Web Sign-in'. It stepped me through a process with a url and access code that successfully tied the phone to my account.
Now my Polycom phone is working with my Office 365 tenant with MFA enabled.
It is 2 years later and there is still no workable solution for these phones. It is quite unbelievable when you think that this is (or once was) such a strategic collaboration for MS and Polycom, and that they have not managed to work something out. I am the only one in my office who puts up with checking my phone in the morning and signing in again if needed, so that I can make and receive calls during the day. Everybody else resorted to using their personal cell phones. But we are paying through the nose for the E5 licenses and calling plans.
Now, over the past couple of months, things seem to have taken a turn for the worse. The latest firmware that MS is pushing down (5.8.0.12848) broke our ability to authenticate with the phones ("failed to fetch user certificate"). I suspect that this has to do with MS adding support for Teams and that this introduced a glitch. I now have to pin my firmware to the last one where web sign-in worked, which means that even if there ever is a fix for allowing MFA with app passwords on the device, I will not get it because I cannot allow the phones to upgrade the firmware .....
Is there anybody out there who deployed SFB Online with Lync handsets and can claim that it was a success? Or are the people in this thread the last few who are trying to make it work?- Hi Christian,
After our pilot earlier in the year we rolled it out to all our non mobile users (x80). Setup did take a lot of work to get my head round, but once we had the ftp server running, the right network settings in place and the handset config files set the way we wanted, they've been working well for us.
We also use MFA and I do experience the very occasional, "failed to fetch user certificate" error, but then next time round it will log straight in just fine (always using Web Sign-in) - not sure why (might be after disabling / re-enabling MFA on my account which I've had to do a couple of times?).
We are currently on software version: 5.8.1.6389. We needed to disable the auto-update feature though - for some reason the MS version that gets pulled down is a fair few versions behind the latest version on Polycom website, which confused me for a bit. In summary I do have a few more grey hairs from this but on reflection I would call it a success for our org. Now if only the pricing was a bit more reasonable...James,
Very exciting to hear you got it working. Are you by chance using a SfB Online account or do you host Skype yourselves locally? We host our own SfB server and I get the "failed to fetch user certificate" error when attempting to sign-in using the web sign-in method.
Thanks!
-Brad
- Thanks for this thread Ben. We have gotten some VVX 401 units in for some of our Skype PBX users (full cloud) to trial. I was also having fun and games signing in with my MFA enabled account. The next day all was well when I entered the App Password, scratching my head my colleague mentioned that it can take a while for newly created App Passwords to start working - Doh!!. Thought I'd post here in case this intel might be of use to others.
To clarify here: the VVX platform does not yet support Multi Factor Authentication (MFA) for any scenario other than the new Web-Sign In method. So while core MFA support has been included in the UCS firmware it's only currently leveraged for using the Web Sign-In process with SfB Online accounts. If requiring MFA for authentication for on-premises SfB Server-homed accounts the phone will most likely not sign-in. NTLM+TLS-DSK is still required for the phones today.
Hi everyone,
I'm having the same difficulty as others with using the Web sign in. I get it signed in ok, but then after a few days it signs itself out and then i have to go through the web sign in process again.
Anyone had any updates on this at all?
thanks
Neil
I am fighting the same problem with an VX310 as well. I have tried both the BToE method and directly via the phones web management console.
Both methods tell me my credentails are invalid when using an 'app password' with MFA configured on the account in Office 365.
Scott, I do not see the link/code that mentioned when doing the BToE setup. I am using the latest BToE from Polycom and Skype 2016. Can you provide more details on your steps?
Actually, it turns out I found the steps that Scott mentioned at the following article -- http://blog.schertz.name/2016/12/polycom-ucs-5-5-for-vvx-phones/.
It looks like the new 5.5.1 software has a 'Web Sign-In' option that Scott mentioned. On my phone I chose 'Sign-In' and was given the option for 'Web Sign-in'. It stepped me through a process with a url and access code that successfully tied the phone to my account.
Now my Polycom phone is working with my Office 365 tenant with MFA enabled.
Just got mine working tonight. I did have to do a factory reset though to get the web signin option to show up. May have been some other reset options that would have worked...but try a couple without luck and then just figured I would do a factory reset. Worked like charm! Thanks everyone for the input!
Ben, what version of Polycom UCS are you using? I have upgraded my phones to 5.5.1 and was able to login over the web. The phone will give you a code to enter along with a link. Wnen you go to the link it sets it up at the HW level. Hope this helps.
- Scott, I'm on 5.5.1 as well. Were you using BToE as well or just going straight to the IP address of the phone? If I use the IP address to access the phone in the browser I'm just given the "normal" domain, user, password boxes to type the info in. I'm not seeing a code to enter with a link :(
Thanks,
Ben
Using BToE and an app password I was able to get this configured. Just used the App Password as part of the Skype for Business Client login and it passed the creds to the VVX.
- Kyle, I'm on a mac, so unfortunately there isn't a BToE connector that I can use to go this route. I tried an app password right in the phone settings via the browser and didn't have any luck there.
- Hi Ben, I asked our Polycom representative directly two weeks ago and was told that it is on the roadmap for a future release but no date so far.
Thanks Christian!
