-
×InformationNeed Windows 11 help?Check documents on compatibility, FAQs, upgrade information and available fixes.
Windows 11 Support Center. -
-
×InformationNeed Windows 11 help?Check documents on compatibility, FAQs, upgrade information and available fixes.
Windows 11 Support Center. -
- HP Community
- Poly Phones
- Desk and IP Conference Phones
- Can't get DHCP 43 Override and Pin Auth working with UCS5.3

Create an account on the HP Community to personalize your profile and ask a question

06-26-2015 02:47 PM
I've followed Brennon's article http://www.ucprimer.com/tech-blog/deploying-lync-enterprise-voice-phones-without-dhcp, and am pointing my STS-UTI directly at a Lync 2013 server running Windows 2012 R2. In my situation t's https://lync-03.domain.com:443/CertProv/CertProvisioningService.svc We're using public certificates on the server, but I exported the roots and intermediates regardless and installed them as Application CA 1, 2, and 3. Still, when I attempt to pin authenticate I get the following:
0626154056|cfg |5|00|Prm|Parameter reg.x.auth.useLoginCredentials requested type 2 but is of type 7
0626154056|so |4|00|[soRegistrationC] Login Credentials valid causing SoRegEventLine Changed
0626154056|cfg |4|00|Web|[cfgSaProcessRequestC::signInToLync] Successfully updated the PIN Auth Login credentials
0626154100|sip |*|00|dhcpOption120LyncQuery numList [2]
0626154100|utilm|4|00|uBLFUnCompressed: File /ffs0/Config/Local/WebTicket/0/certProvSvc.mex doesn't exist or is empty
0626154100|utilm|4|00|uBLFUnCompressed: File /ffs0/Config/Local/WebTicket/0/certProvSvc.mex doesn't exist or is empty
0626154101|app1 |*|00|SoRegistrationEventLineChanged - success lineIndex 0 RegListSize 0
0626154101|app1 |*|00|SoRegistrationEventLast - new AppRegLineC, Default user
0626154101|sip |*|00|Sip Register Usr:VVX310 Dsp:VVX 310 Auth:'Using Login Cred' Inx:0
0626154115|tickt|5|00|soWebticketGetAllUserInfo: soWebTicketPinAuthGetRootCertChain Failed
0626154115|tickt|5|00|[MsgSoWebTicketSignWithPinAuth]: PIN Auth Failed
I see the line "soWebTicketPinAuthGetRootCertChain Failed" but I don't really understand what it's trying to tell me. I thought at first it might be a trust issue, which is why I imported the root and intermediates as seperate certs.
Can someone help me decipher what it's trying to tell me is failing?
Solved! Go to Solution.
Accepted Solutions

06-26-2015 03:39 PM
Nevermind, figured it out. Sometimes it just helps to talk it out.
I saw this in the log:
0626160151|tickt|3|00|soWebTicketServersGet: getRootCertChain URL is //lyncfeint.domain.com/CertProv/CertProvisioningService.svc/anon
hack prepended http: to the getRootCertChains URL
and realized that port 80 was blocked though the hardware load balancer while 443 was allowed. That was my issue. Problem solved.

06-26-2015 03:07 PM
I upped the logging levels to debug and received this if it helps:
0626160146|cfg |5|00|Prm|Parameter reg.x.auth.useLoginCredentials requested type 2 but is of type 7
0626160146|so |4|00|[soRegistrationC] Login Credentials valid causing SoRegEventLine Changed
0626160146|cfg |4|00|Web|[cfgSaProcessRequestC::signInToLync] Successfully updated the PIN Auth Login credentials
0626160150|sip |*|00|dhcpOption120LyncQuery numList [2]
0626160150|tickt|0|00|soWebTicket: msg 7002 0 22 e86028
0626160150|tickt|0|00|[MsgSoWebTicketSignWithPinAuth]: Pin Sign With Ext/Pin In Device Flash
0626160150|tickt|1|00|soWebticketGetAllUserInfo:input parameters user index 0, Extension 67324 server https://lync-03.ad.domain.com:443/CertProv/CertProvisioningService.svc UUID 41251496-6342-53e9-9513-4652e9c5acf0
0626160150|utilm|4|00|uBLFUnCompressed: File /ffs0/Config/Local/WebTicket/0/certProvSvc.mex doesn't exist or is empty
0626160150|tickt|1|00|soWebTicketServersGet: request URI is https://lync-03.ad.domain.com:443/CertProv/CertProvisioningService.svc/mex
0626160150|tickt|1|00|Provisioning:Cipher suite = RSA:!EXP:!LOW:!NULL:!MD5:@STRENGTH
0626160150|tickt|1|00|soWebTicketServersGet: Got response 0 code 200
0626160150|tickt|0|00|Got response 0 code 200 data:
[HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 16599
Content-Type: text/xml; charset=UTF-8
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-MS-Server-Fqdn: lync-03.ad.domain.com
X-Powered-By: ASP.NET
Date: Fri, 26 Jun 2015 21:01:50 GMT
<?xml version="1.0" encoding="utf-8"?><wsdl:definitions name="CertProvisioningService" targetNamespace="http://schemas.microsoft.com/OCS/AuthWebServices/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:wsx="
0626160150|tickt|2|00|doXmlParsingForErrorCode: stripped pResponse is:
<?xml version="1.0" encoding="utf-8"?><wsdl:definitions name="CertProvisioningService" targetNamespace="http://schemas.microsoft.com/OCS/AuthWebServices/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsa10="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmln
0626160150|tickt|3|00|soWebTicketServersGet: WebTicketAddress is https://lyncfeint.domain.com/WebTicket/WebTicketService.svc
0626160150|tickt|3|00|soWebTicketServersGet: getRootCertChain URL is //lyncfeint.domain.com/CertProv/CertProvisioningService.svc/anon
0626160150|tickt|3|00|soWebTicketServersGet: webticket proof service URL is https://lyncfeint.domain.com/CertProv/CertProvisioningService.svc/WebTicket_Proof_SHA1
0626160150|tickt|2|00|soWebTicketPinauthGetRootCertChain: SpecialInterop_Lync2010 detected
0626160150|tickt|2|00|soWebTicketPinauthGetRootCertChain: autoProvision location is 6
0626160150|tickt|2|00|soWebTicketPinauthGetRootCertChain: Cert is not available at 6
0626160150|utilm|4|00|uBLFUnCompressed: File /ffs0/Config/Local/WebTicket/0/certProvSvc.mex doesn't exist or is empty
0626160150|tickt|1|00|soWebTicketServersGet: request URI is https://lync-03.ad.domain.com:443/CertProv/CertProvisioningService.svc/mex
0626160150|tickt|1|00|Provisioning:Cipher suite = RSA:!EXP:!LOW:!NULL:!MD5:@STRENGTH
0626160151|app1 |*|00|SoRegistrationEventLineChanged - success lineIndex 0 RegListSize 0
0626160151|app1 |*|00|SoRegistrationEventLast - new AppRegLineC, Default user
0626160151|sip |*|00|Sip Register Usr:VVX310 Dsp:VVX 310 Auth:'Using Login Cred' Inx:0
0626160151|tickt|1|00|soWebTicketServersGet: Got response 0 code 200
0626160151|tickt|0|00|Got response 0 code 200 data:
[HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 16599
Content-Type: text/xml; charset=UTF-8
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-MS-Server-Fqdn: lync-03.ad.domain.com
X-Powered-By: ASP.NET
Date: Fri, 26 Jun 2015 21:01:51 GMT
<?xml version="1.0" encoding="utf-8"?><wsdl:definitions name="CertProvisioningService" targetNamespace="http://schemas.microsoft.com/OCS/AuthWebServices/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:wsx="
0626160151|tickt|2|00|doXmlParsingForErrorCode: stripped pResponse is:
<?xml version="1.0" encoding="utf-8"?><wsdl:definitions name="CertProvisioningService" targetNamespace="http://schemas.microsoft.com/OCS/AuthWebServices/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsa10="http://www.w3.org/2005/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmln
0626160151|tickt|3|00|soWebTicketServersGet: WebTicketAddress is https://lyncfeint.domain.com/WebTicket/WebTicketService.svc
0626160151|tickt|3|00|soWebTicketServersGet: getRootCertChain URL is //lyncfeint.domain.com/CertProv/CertProvisioningService.svc/anon
0626160152|tickt|3|00|soWebTicketServersGet: webticket proof service URL is https://lyncfeint.domain.com/CertProv/CertProvisioningService.svc/WebTicket_Proof_SHA1
0626160152|tickt|1|00|soRootCertGet: hack prepended http: to the getRootCertChains URL
0626160205|tickt|2|00|[PpsHybridC]: OnEvSipOnFetchRootCert soRootCertGet returned Failure
0626160205|tickt|5|00|soWebticketGetAllUserInfo: soWebTicketPinAuthGetRootCertChain Failed
0626160205|tickt|5|00|[MsgSoWebTicketSignWithPinAuth]: PIN Auth Failed

06-26-2015 03:39 PM
Nevermind, figured it out. Sometimes it just helps to talk it out.
I saw this in the log:
0626160151|tickt|3|00|soWebTicketServersGet: getRootCertChain URL is //lyncfeint.domain.com/CertProv/CertProvisioningService.svc/anon
hack prepended http: to the getRootCertChains URL
and realized that port 80 was blocked though the hardware load balancer while 443 was allowed. That was my issue. Problem solved.