cancel
Showing results for 
Search instead for 
Did you mean: 

fix zero-touch provisioning of desk phones

JoshT
Listener

How can I fix zero-touch provisioning on our hundreds of new-in-box vvx250 polycom phones?

 

Some auto-provision on first boot, as advertised.

Some fail and must be factory reset.  After the factory reset some will auto-provision correctly.

Many require assisted provisioning.  This requires us to log into the phone's web page and manually enter the provisioning URL, clear out the username/pass, and set DHCP to static.

 

My goal is to avoid assisted provisioning.  Is there a way to take the config of a phone and quickly flash it to another phone?  Can we do that in bulk?

12 REPLIES 12

aaroncoffman
Attendee | Zoom Employee
Attendee | Zoom Employee

 

@JoshT , 

 

Good day!  I hope you are well. 

 

As you indicated, Zero Touch Provisioning (ZTP) will be the best way to provisioning all of your Poly handsets.  

I would recommend opening a support ticket on one or two of the handsets that are failing the ZTP process which is requiring you to step through the assisted provisioning process.  It would be best to make sure the root cause of the issue is understood. 

 

There may be another viable option for you if all of your devices share the same manufacturer and if you have control of the DHCP server. 

 

Zoom has a single URL per manufacturer which would eliminate the need for the assisted provisioning and bypass the ZTP process that appears to be failing for you. 

 

The URLs are as follows: 

AudioCodes - https://provpp.zoom.us/api/v2/pbx/provisioning/audiocodes

Poly - https://provpp.zoom.us/api/v2/pbx/provisioning/polycom

Yealink - https://provyp.zoom.us/api/v2/pbx/provisioning/yealink

This info was pulled from here: https://support.zoom.us/hc/en-us/articles/360033223411#h_01F65FEPTABPHZERDMF84NBET6

 

Keep in mind, using one of the above URLs is only supported by the corresponding manufacturer, which is why it would be best to ensure ZTP is working properly.  Not all devices are supported with this method, though the VVX-250 certainly should be. 

 

If you have a ticket, feel free to direct message me with the number and I'll see if I can assist. 

 

Does Zoom have any document explaining how to configure DHCP options for Poly VVX-series phones to force registration to https://provpp.zoom.us/api/v2/pbx/provisioning/polycom ?

 

 

3 years later and Zero touch still doesn't work, I get about 2 out of 5 actually work rest need lots of touching. Did you ever find DHCP options?

aaroncoffman
Attendee | Zoom Employee
Attendee | Zoom Employee

Scheived, 

 

There are many factors in play with Poly handsets when it comes to ZTP.  Here are a few items that may be worth a look: 

  • DNS - if the device isn't getting DNS from the DHCP server, it won't be able to "find" the provisioning servers.
  • NTP - if the date on the phone is way off, this could result in a failed attempt to reach provisioning servers as the devices won't "trust" the certificates in the provisioning process.  Verify the NTP server is accessible from the device. 
  • Firewall - As Eliot alluded to, there are a number of ports/IPs that required for ZTP, not only from Poly, but Zoom as well. 
  • PCAP - it would be a great step to grab a packet capture of the traffic as you could identify where the breakdown is in conjunction with the device logs.
  • DHCP Options - 66 and 161 may be used.  Using these options is not supported by Zoom. 

 

I hope this helps.  

 

If you go the PCAP route, feel free to post it here and we may be able to offer some insight. 

 

Warm Regards, 

Aaron

I found ZTP to be too unreliable, only about 2/3 of the phone provision. I've added the URL for DHCP option 66 and since then it's been fine all are provisioning now. 

Hi @aaroncoffman ,

I've been struggling with a similar issue regarding a Yealink EOL device (T27P).

I have been practically begging Zoom Support to provide me with the SIP credentials required for manual provisioning. Please refer to ticket TS0522912.

We, as admins, understand the risks and limitations of manual provisioning. Why isn't there an admin option to enable to "other" brand option, which consequently shall provide us with everything needed for manual provisioning?

Zoom's policy of providing support five years after the vendor's EOL is indeed admirable. However, sometimes we need more than five years. It would be perfectly understandable if Zoom would ask us to confirm we understand the risks, limitations, lack of support, and other consequences of using a device more than five years after its EOL. This is not just eco-friendly and sustainable, it's also cost-effective to many companies that aren't happy to replenish their entire hardware inventory every X years. We'd like to have the option to replace hardware when it has indeed reached its physical EOL, i.e. not working.

Thanks

Eliot
Community Champion | Zoom Partner
Community Champion | Zoom Partner

hi lh-ol,

 

a little info on yealink sip-t27p that might be helpful to you.

 

Zoom phone requires tls 1.2.  also required are digital certs.

Encryption for Zoom Phone - Zoom Support

Assisted provisioning URLs - Zoom Support

 

Most recent firmware for sip-t27p is t27p-45.83.0.160 from 2023-09-13.

Yealink Support

According to yealink community, firmware 45.83.0.160 supports tls 1.2.

TLS compatibility matrix (yealink.com)

 

According to link below, yealink sip-t27p went end of life 2/1/2018.  At 2/1/2024, Yealink offers no support.

SIP-T27P (yealink.com)

 

thanks,  eliot

 

Hi Eliot,

Many thanks for this feedback.

I have already tried every option possible for ZTP, assisted provisioning, etc. I think that by now the only option left is to try manual provisioning. As you mentioned, this model does meet the security requirements of ZP.

The problem is that I don't have the "other" option under the Brand dropdown menu when setting up a new device under the ZP admin menu. I have been trying to ask Zoom support to enable this feature, but it's not happening 😞

Do you have any ideas about how to make T27P work with ZP?

Thanks

Eliot
Community Champion | Zoom Partner
Community Champion | Zoom Partner

hi lh-ol,

 

here is a screen shot of the what i see on add device.  on my screen, 'other' is under 'yealink'.

Eliot_0-1707230822390.png

i seem to remember that i was trying to use generic provisioning a few years ago for a grandstream phone.  while it worked, i needed to update the digital certificates and the functions were very limited.  now zoom supports some grandstream phones including zero touch provisioning.

 

i do not have any experience with sip-t27p.  yealink originally (2018) recommended sip-t27g as replacement for sip-t27p.  i have a few yealink sip-t46u and t54w which work well.  

 

you might try choosing sip-t27g as the model number on the add device screen.  this probably will not work because yealink uses different firmware for this phone.

 

if you successfully provision the sip-t27p as 'other', you would only get very basic functionality, i.e. make and receive calls.  

 

another approach is to trade in your sip-t27p for a sip-t27g for more up to date desk phone.

the sip-t27g (also eol), but zoom certified, is listed by one dealer at $55 refurbished.  you may be able to reduce you cost from any trade in.

Yealink SIP-T29G Executive IP Gigabit Phone (SIP-T29G) (pcliquidations.com)

 

your selection of various alternatives may be influenced by factors such as how do you handle lack of security patches, lack of patches to fix problems, what functionality do you need and how many of these sip-t27p desk phones you have.

 

sorry i cannot be more helpful.

 

thanks,  eliot

aaroncoffman
Attendee | Zoom Employee
Attendee | Zoom Employee

@LH-OL - I don't believe the Zoom Support team typically enables this functionality.  Please work with your account team to get the "other" or "generic device provisioning" enabled for your account. 

Thanks @aaroncoffman .

I'll surely reach out to the accounts team. Can you please confirm if such a manual provisioning will indeed result is a very limited user experience? 

Eliot
Community Champion | Zoom Partner
Community Champion | Zoom Partner

hi josh

 

one of my clients had a similar issues.

 

for ztp, poly phones need to connect to poly.   check that the phones have access whatever subnet they may on.  in one case ztp at one location worked but not at another.   the issue was solved with a change to access control list.

Required Ports and Trusted IP Addresses and Hosts (polycom.com) 

 

in real time, zoom connects to poly to provide the mac addresses that a zoom phone admin enters.  the mac addresses are hex addresses containing 0-9 and a-f.  you should not do a copy and paste of the mac because what you copy may contain special characters.  you should manually enter the mac addresses.

Managing phones and devices – Zoom Help Center

 

best

 

eliot