Communicator Phone Edition 2007 authentication issue RRS feed

  • Question

  • I have deployed OCS 2007 R2 in a forest that was already running OCS 2007. Both instances are co-existing just fine and my plan is to transition all users to R2 and remove old OCS from the forest. However I’m running into issue with Communicator Phone Edition running on Polycom CX700 phones (firmware 1.0.199) . Users who have been moved to OCS R2 Pool are unable to sign in to their phones and receive the following message: “Cannot sign in. You do not have necessary permissions.”

    If I move these users back to the old OCS Pool, the authentication process works just fine. The AD forest consists of a single domain.

    I check DNS for sipinternal.<SIP domain>:5061 SRV record and it is in place. DNS and DHCP are also configured and fully functional (works for the old OCS accounts). I am beating my head against the wall trying to fix this. What am I missing?

    Friday, March 20, 2009 2:38 PM

All replies

  • You must update the firmware before moving to R2 pool
    If I recall correctly you cannot use the new Update server for the old firmwares

    So you must use the Software Update Server for OCS (not an easy install)

    - Belgian Unified Communications Community : http://www.pro-exchange.be -
    Sunday, March 22, 2009 10:58 PM
  • There is difference between OCS R1 en the R2 release on how to update the firmware of the OCS Phone Ed.
    R1 uses WSUS which is indeed not a plessant configuraton, in R2 it uses the Device Update Service wich is part of the OCS FE/STD Pool.
    This method is far more easier to deploy and use.
    At the pool level you kan start the device updater, and upload the cab file that contains the firmware updates.
    This package kan be downloaded at:

    When the Phone is not able to use auto sign in it falls back to query DNS for the host records: 
    UcUpdates-r2.sipdomain.com (R2 Edition)  or UcUpdates.sipdomain.com R1), these records should point to the right server In R2 the Pool hosting the Device Update Service

    Monday, March 23, 2009 11:47 AM
  • Thanks for the feedback guys. I believe my R2 update service is properly configured and loaded with new firmware. Unfortunately my R1 update service was decommissioned a while ago before I took over this project. So now I’m stuck with a pile of phones with outdated firmware that refuse to update.

    What if I didn’t have R1 in place? Are you saying there no way to update devices with older firmware using R2? It just sounds like a Catch-22. :(


    Wednesday, March 25, 2009 12:46 AM
  • Hi everyone,

    I have the same conundrum as I never installed the OCS R1 update service in the first place.  The R2 documentation does not seem to reveal this issue. Is it even possible to upload the newer firmwares into an old R1 update server?

    Mike Stacy claims in the article http://social.microsoft.com/Forums/en-US/communicationsserversetup/thread/27b0d6e3-acac-4448-8adf-7a1655a86465 that the update service also installs an intermediate firmware before pushing the real R2 firmware.  But it is not clear to me if you do that using R1 or R2, and whether the phone is then able to recognise the R2 update service.

    There are a lot of thing to like about the Tanjay and OCS, hey I am a believer, but I still do not understand why Microsoft still keeps the logs on the Tanjay inaccessible or why we cannot update them using a USB stick or the USB cable... Seems weird to me.

    Best Regards
    Wednesday, March 25, 2009 7:42 AM
  •  Hi all,

    I don´t have an OCS R1 deployed anymore and I still have some phones with 1.0.452.0 firmware around so I basically have the same problem. A suggestion or solution would be highly appreciated.

    Best regards Edgar
    Wednesday, March 25, 2009 8:18 AM

    I have made a mistake of not configuring the R2 update service at the initial stage of R2 deployment.

    As a result, when I moved my account from R1 to R2 with the phone still logged on, the Polycom device rebooted itself 3 times and rolled back its software to 1.0.199 (1.23).  The lesson learned: don’t move accounts to R2 unless you updated firmware on all your devices.  Late last night I got R1 update service up and running (again) and hopefully it will fix the issue, but the fact remains, that the process simply doesn’t make any sense. Is there a logical explanation out there?

    Wednesday, March 25, 2009 12:55 PM
  • Monday, April 20, 2009 2:11 PM