Polycom 1725-31424-001 User Manual
Page 25
Upgrading Polycom CX700 Phone within a Microsoft Office Communications Server 2007 R2 Environment
19
•
Query DNS for _sipinternal._tcp. <SIPDomain>
SRV record
(_sipinternal._tcp.fabrikam.com)
•
Query DNS for _sipinternal._tcp.
<SIPDomain>.<DHCPDomain> SRV record
(_sipinternal._tcp.fabrikam.com.contoso.com)
•
Query DNS for _sip._tls. <SIPDomain> SRV
record
(_sip._tls.fabrikam.com)
•
Query DNS for _sip._tls.
<SIPDomain>.<DHCPDomain> SRV record
(_sip._tls.fabrikam.com.contoso.com)
•
Query DNS for _sip._tcp. <SIPDomain> SRV
record
(_sip._tcp.fabrikam.com)
•
Query DNS for _sip._tcp.
<SIPDomain>.<DHCPDomain> SRV record
(_sip._tcp.fabrikam.com.contoso.com)
•
Query DNS for sip.<SIPDomain> A record; IP
address of pool is returned
(sip.fabrikam.com)
8.
Polycom CX700 phone queries DNS for
poolFQDN and is returned the pool’s IP address
(Client Hello)
9.
Polycom CX700 phone initiates TLS connection
to pool IP Address specifying which Ciphers are
supported
(Note: SHA2 is not supported)
10. Pool responds with Certificate detail; they
exchange keys if handshake is OK
(Server Hello) Note: TLS connection is not
established yet.
11. Polycom CX700 phone queries <DHCPDomain>
for AD LDAP service using DC provided by
DHCP
(_ldap._tcp.dc._msdcs.contoso.com)
12. Polycom CX700 phone binds to AD and looks for
RootCA in <DHCPDomain>
(OCPE binds using Auth type SASL)
13. DC responds with RootCA details. If the Pool cert
was issued by the RootCA returned, we proceed.
14. Polycom CX700 phone queries DNS for
<DHCPDomain> and is returned the domain’s IP
address
•
Note: this is why we sign in as
contoso.com\userAlias instead of just
contoso\userAlias.
•
This step must return a valid IP in order to find a
DC again and download the certificate chain.
(contoso.com)
15. Polycom CX700 phone locates RootCA again in
<DHCPDomain>
(contoso.com)
16. Polycom CX700 phone attempts HTTP request
to download RootCA cert chain using NTLM
(NTLM Auth fails)