CX-700 certificate problem : cannot validate server certificate RRS feed

  • Question

  • I have receive my new CX-700 phones


    Here are some infos:


    I have setup the Software Update Server

    I have an NTP in place

    I have an Entreprise CA up and running

    Autoenrollment is working fine.

    CPE is connected in the same subnet has the servers


    I have verified the Certificate is availabe :



    I boot up the phone.  It then goes into a loop and finish up with : "Cannot validate server certificate"


    This is really anyoing.

    I have read almost every simple post.


    And yes I am trying to log-in with domain\username  and not  userame@domain



    Thanks for any help...

    Friday, August 15, 2008 12:04 PM


All replies

  • Maybe you have outdated firmware - in that case you may be able to exit into Windows CE and import your root CA cert using an USB stick. Afterwards you could sign in and get a firmware update.


    There are other possibilities. Have a look at the deplyment guide:






    Friday, August 15, 2008 1:31 PM

    I know that since Tanjay went RTM, WINS server is no longer required, but... you never know...


    I have your setup with WINS implemented and my phone updated within the first 10 min.




    Friday, August 15, 2008 4:07 PM
  • I'm having the exact same problem and I know all the required infrastructure components are in place.
    I'm running version 1.0.522.101 firmware and yeah, no dice.
    Tuesday, August 26, 2008 11:59 PM
  • I know that you mentioned that you are already using domain\username. But have you tried the domain's FQDN?


    I posted a blog about this when I had the same issue.




    so you would need to log in with "my.domain.com\jdoe" not just domain\jdoe.






    Tuesday, September 2, 2008 7:07 PM
  • LOL

    It did solve the problem....


    That is hilarious..


    Thanks ...


    Tuesday, September 2, 2008 7:09 PM
  • Sweet! Yah, that "feature" drove me nuts for a couple days. Glad it's working now Smile






    Tuesday, September 2, 2008 7:11 PM
  • Yeah I had the exact same problem, it was doing my head in. 
    It was only till I did a packet trace of traffic coming in and out of the Tanjay that I discovered it was trying to find the SRV records for a DC based on the domain prefix (e.g. DOMAIN\username) and failing because there was no DNS zone of just "domain".

    After I changed the login username to domain.com\username, the phone found the DC, downloaded the cert chain to the trusted root and signed in successfully.
    Even adding a domain suffix search list to DHCP didn't fix this up. It's a bit of an issue I think because most people are familar with the NetBIOS name of the domain followed by the username e.g. domain\username in most scenarios when authenticating.
    Wednesday, September 10, 2008 5:58 AM