locked
CX-700 certificate problem : cannot validate server certificate RRS feed

  • Question

  • I have receive my new CX-700 phones

     

    Here are some infos:

     

    I have setup the Software Update Server

    I have an NTP in place

    I have an Entreprise CA up and running

    Autoenrollment is working fine.

    CPE is connected in the same subnet has the servers

     

    I have verified the Certificate is availabe :

    http://<dNSHostname>/certsrv/certnew.p7b?ReqID=CACert&Renewal=-1&Enc=b64

     

    I boot up the phone.  It then goes into a loop and finish up with : "Cannot validate server certificate"

     

    This is really anyoing.

    I have read almost every simple post.

     

    And yes I am trying to log-in with domain\username  and not  userame@domain

     

     

    Thanks for any help...

    Friday, August 15, 2008 12:04 PM

Answers

All replies

  • Maybe you have outdated firmware - in that case you may be able to exit into Windows CE and import your root CA cert using an USB stick. Afterwards you could sign in and get a firmware update.

     

    There are other possibilities. Have a look at the deplyment guide:

     

    http://www.microsoft.com/downloads/details.aspx?familyid=ED9C55C3-51C9-46D0-B48A-D72BBE129B63&displaylang=en

     

    Johann

     

    Friday, August 15, 2008 1:31 PM
  •  

    I know that since Tanjay went RTM, WINS server is no longer required, but... you never know...

     

    I have your setup with WINS implemented and my phone updated within the first 10 min.

     

     

    Drago

    Friday, August 15, 2008 4:07 PM
  • I'm having the exact same problem and I know all the required infrastructure components are in place.
    I'm running version 1.0.522.101 firmware and yeah, no dice.
    Tuesday, August 26, 2008 11:59 PM
  • I know that you mentioned that you are already using domain\username. But have you tried the domain's FQDN?

     

    I posted a blog about this when I had the same issue.

     

    https://blogs.pointbridge.com/Blogs/mcgillen_matt/Pages/Post.aspx?_ID=34

     

    so you would need to log in with "my.domain.com\jdoe" not just domain\jdoe.

     

    Regards,

    Matt

     

     

    Tuesday, September 2, 2008 7:07 PM
  • LOL

    It did solve the problem....

     

    That is hilarious..

     

    Thanks ...

     

    Tuesday, September 2, 2008 7:09 PM
  • Sweet! Yah, that "feature" drove me nuts for a couple days. Glad it's working now Smile

     

    Regards,

    Matt

     

     

    Tuesday, September 2, 2008 7:11 PM
  • Yeah I had the exact same problem, it was doing my head in. 
    It was only till I did a packet trace of traffic coming in and out of the Tanjay that I discovered it was trying to find the SRV records for a DC based on the domain prefix (e.g. DOMAIN\username) and failing because there was no DNS zone of just "domain".

    After I changed the login username to domain.com\username, the phone found the DC, downloaded the cert chain to the trusted root and signed in successfully.
    Even adding a domain suffix search list to DHCP didn't fix this up. It's a bit of an issue I think because most people are familar with the NetBIOS name of the domain followed by the username e.g. domain\username in most scenarios when authenticating.
    Wednesday, September 10, 2008 5:58 AM