Really trying hard to get auto provisioning on my own

[kidjake28]

Hi everyone,

I'm new to fusionpbx and I really really like it. However I've been busting my butt to try and get my polycom's to auto provision. I think I have covered all bases but I still can't get it to work. I would really appreciate it if someone would take the time to help me out.

Let me explain what I have and what I've done.

What I have:
1) FusionPBX configured for Multi Domain (I wanted to play with multi domains)
2) Polycom SoundPoint IP330 (sip software:3.3.5.0247 / bootrom: 4.3.1.0440)


What I have done:
1) Created a domain DOMAIN.LOCAL (not real name)
2) I have a domain A record domain.local pointing to FusionPBX.
3) I've created an extension 200 and device as per Marks video

4) I have DHCP options 66 and 160 with 'http://192.168.1.1/app/provision', I've also tried 'http://192.168.1.1/provision'
5) I've enabled provision in default settings.
6) I've changed http_auth_disable=true and enable=true (just to eliminate yet another variable)
7) I've created a Polycom\3.x provision file $mac.cfg file following these instructions: http://www.pbxforums.com/threads/provision-polycom-template-3-x.605/
8) I've disabled fail2ban (don't worry there is a firewall in front of this all).
9) I check the ports and they are all accessible (http/https/5060/5080)

Using the GUI, if I go to the polycom device that I created, I can download the 000XXXXXXXXX.cfg from FILES.

If I tail the nginx access.log and error.log I get:

2017/12/01 04:41:09 [error] 384#0: *11513 open() "/var/www/fusionpbx/app/provision/2345-12200-001.bootrom.ld" failed (2: No such file or directory), client: 192.168.1.30, server: fusionpbx, request: "GET /app/provision/2345-12200-001.bootrom.ld HTTP/1.1", host: "192.168.1.1"

==> access.log <==
192.168.1.30 - - [01/Dec/2017:04:41:09 +0000] "GET /app/provision/2345-12200-001.bootrom.ld HTTP/1.1" 404 168 "-" "FileTransport PolycomSoundPointIP-SPIP_330-UA/4.3.1.0440"

==> error.log <==
2017/12/01 04:41:09 [error] 384#0: *11514 open() "/var/www/fusionpbx/app/provision/bootrom.ld" failed (2: No such file or directory), client: 192.168.1.30, server: fusionpbx, request: "GET /app/provision/bootrom.ld HTTP/1.1", host: "192.168.1.1"

==> access.log <==
192.168.1.30 - - [01/Dec/2017:04:41:09 +0000] "GET /app/provision/bootrom.ld HTTP/1.1" 404 168 "-" "FileTransport PolycomSoundPointIP-SPIP_330-UA/4.3.1.0440"
192.168.1.30 - - [01/Dec/2017:04:41:09 +0000] "GET /app/provision/000XXXXXXXXX.cfg HTTP/1.1" 200 24 "-" "FileTransport PolycomSoundPointIP-SPIP_330-UA/4.3.1.0440"
192.168.1.30 - - [01/Dec/2017:04:41:13 +0000] "PUT /app/provision/000XXXXXXXXX-boot.log HTTP/1.1" 405 172 "-" "FileTransport PolycomSoundPointIP-SPIP_330-UA/4.3.1.0440"

==> error.log <==
2017/12/01 04:41:31 [error] 384#0: *11518 open() "/var/www/fusionpbx/app/provision/2345-12200-001.bootrom.ld" failed (2: No such file or directory), client: 192.168.1.30, server: fusionpbx, request: "GET /app/provision/2345-12200-001.bootrom.ld HTTP/1.1", host: "192.168.1.1"

==> access.log <==
192.168.1.30 - - [01/Dec/2017:04:41:31 +0000] "GET /app/provision/2345-12200-001.bootrom.ld HTTP/1.1" 404 168 "-" "FileTransport PolycomSoundPointIP-SPIP_330-UA/3.3.5.0247"

==> error.log <==
2017/12/01 04:41:32 [error] 384#0: *11519 open() "/var/www/fusionpbx/app/provision/bootrom.ld" failed (2: No such file or directory), client: 192.168.1.30, server: fusionpbx, request: "GET /app/provision/bootrom.ld HTTP/1.1", host: "192.168.1.1"

==> access.log <==
192.168.1.30 - - [01/Dec/2017:04:41:32 +0000] "GET /app/provision/bootrom.ld HTTP/1.1" 404 168 "-" "FileTransport PolycomSoundPointIP-SPIP_330-UA/3.3.5.0247"
192.168.1.30 - - [01/Dec/2017:04:41:32 +0000] "GET /app/provision/000XXXXXXXXX.cfg HTTP/1.1" 200 24 "-" "FileTransport PolycomSoundPointIP-SPIP_330-UA/3.3.5.0247"

==> error.log <==
2017/12/01 04:41:32 [error] 384#0: *11520 open() "/var/www/fusionpbx/app/provision/000XXXXXXXXX-phone.cfg" failed (2: No such file or directory), client: 192.168.1.30, server: fusionpbx, request: "GET /app/provision/000XXXXXXXXX-phone.cfg HTTP/1.1", host: "192.168.1.1"

==> access.log <==
192.168.1.30 - - [01/Dec/2017:04:41:32 +0000] "GET /app/provision/000XXXXXXXXX-phone.cfg HTTP/1.1" 404 168 "-" "FileTransport PolycomSoundPointIP-SPIP_330-UA/3.3.5.0247"

==> error.log <==
2017/12/01 04:41:32 [error] 384#0: *11522 open() "/var/www/fusionpbx/app/provision/000XXXXXXXXX-web.cfg" failed (2: No such file or directory), client: 192.168.1.30, server: fusionpbx, request: "GET /app/provision/000XXXXXXXXX-web.cfg HTTP/1.1", host: "192.168.1.1"

==> access.log <==
192.168.1.30 - - [01/Dec/2017:04:41:32 +0000] "GET /app/provision/000XXXXXXXXX-web.cfg HTTP/1.1" 404 168 "-" "FileTransport PolycomSoundPointIP-SPIP_330-UA/3.3.5.0247"

==> error.log <==
2017/12/01 04:41:35 [error] 384#0: *11523 open() "/var/www/fusionpbx/app/provision/000000000000-license.cfg" failed (2: No such file or directory), client: 192.168.1.30, server: fusionpbx, request: "GET /app/provision/000000000000-license.cfg HTTP/1.1", host: "192.168.1.1"

==> access.log <==
192.168.1.30 - - [01/Dec/2017:04:41:35 +0000] "GET /app/provision/000000000000-license.cfg HTTP/1.1" 404 168 "-" "FileTransport PolycomSoundPointIP-SPIP_330-UA/3.3.5.0247"

==> error.log <==
2017/12/01 04:41:36 [error] 384#0: *11524 open() "/var/www/fusionpbx/app/provision/000XXXXXXXXX-license.cfg" failed (2: No such file or directory), client: 192.168.1.30, server: fusionpbx, request: "GET /app/provision/000XXXXXXXXX-license.cfg HTTP/1.1", host: "192.16.1.1"

==> access.log <==
192.168.1.30 - - [01/Dec/2017:04:41:36 +0000] "GET /app/provision/000XXXXXXXXX-license.cfg HTTP/1.1" 404 168 "-" "FileTransport PolycomSoundPointIP-SPIP_330-UA/3.3.5.0247"
192.168.1.30 - - [01/Dec/2017:04:41:36 +0000] "GET /app/provision/000XXXXXXXXX-directory.xml HTTP/1.1" 200 24 "-" "FileTransport PolycomSoundPointIP-SPIP_330-UA/3.3.5.0247"
192.168.1.30 - - [01/Dec/2017:04:41:36 +0000] "GET /app/provision/000000000000-directory.xml HTTP/1.1" 200 96 "-" "FileTransport PolycomSoundPointIP-SPIP_330-UA/3.3.5.0247"
192.168.1.30 - - [01/Dec/2017:04:41:41 +0000] "PUT /app/provision/000XXXXXXXXX-app.log HTTP/1.1" 405 172 "-" "FileTransport PolycomSoundPointIP-SPIP_330-UA/3.3.5.0247"

 

[kidjake28]

Well after that long winded post I believe I figured it out.

So for the public sake my issue was with #4 of What I have done.

The DHCP option should be 'http://<domain name>/app/provision' and not IP ADDRESS.

That seemed to do the trick. The phone registers.

Now my problem is that the time/date is flashing on the handset???

 

[Ryan]

I too am currently trying to provision Polycom headsets, VVX410. Yeah, you're right on the DHCP option. The domain name from the request is used to lookup the domain in the database. This is to support multitanency. You could probably work around that with a nginx rewrite if needed.

I'm using the 5.x template on my VVX410s. The default NTP is pool.ntp.org. It just worked for me out of the box aside from the timezone.

 

[kidjake28]

Thanks for the reply...I actually spoke to soon. It was late at night and I had manually provisioned the phone (which I forgot that I did).

I know I still had to change the dhcp option but I still can't seem to get it to register.

That's why the date was flashing...it didn't actually pull the .cfg file.

Oh well back to the drawing board.

 

[DigitalDaz]

The domain filter is there as an extra layer of security this is why you need to put domain rather than IP, this can be changed either in default settings but it is advisable to have it on.

Are you sure the phone did not get the config and you have another problem?

The reason I ask this is that the ones that are the important ones, I believe, received a 200OK:

192.168.1.30 - - [01/Dec/2017:04:41:09 +0000] "GET /app/provision/000XXXXXXXXX.cfg HTTP/1.1" 200 24 "-" "FileTransport PolycomSoundPointIP-SPIP_330-UA/4.3.1.0440"
192.168.1.30 - - [01/Dec/2017:04:41:36 +0000] "GET /app/provision/000XXXXXXXXX-directory.xml HTTP/1.1" 200 24 "-" "FileTransport PolycomSoundPointIP-SPIP_330-UA/3.3.5.0247"
192.168.1.30 - - [01/Dec/2017:04:41:36 +0000] "GET /app/provision/000000000000-directory.xml HTTP/1.1" 200 96 "-" "FileTransport PolycomSoundPointIP-SPIP_330-UA/3.3.5.0247"

There is another potential issue here though and that is that there is a fail2ban rule to block bruteforce attempts that blocks on a 404 and that could possible be kicking in here and banning your phone.

After a provision attempt can you do an:

iptables -L

and see if this is the case

 

[DigitalDaz]

Also, please obfuscate your MAC addresses when posting in the forums, these are valuable information for the hacker, anyone with the mac and provisioning server URL can potentially grab your config unless its on a lan. I have done it for you in this thread.

 

[kidjake28]

Thank you so much Daz.

I didn't realize the mac address could be used in that matter and yes it's actually on a LAN.

So I ran a tpcdump to wireshark capturing http traffic and it does actually look like the device IS getting the config file but when I capture 5060 this is what I get.

 

[DigitalDaz]

a 403 usually means bad password, are you sure they invite is in the correct domain?

 

[kidjake28]

Okay so I've been screwing around with this that I don't remember what was what. So I deleted the device, extension, put back everything the way I had it when I first posted this message (except for the dhcp option which I kept it at 'http://domain.local/app/provision'. I also rest the handset back to factory default.

So this is what I see/examined during the whole provision process.

1) The endpoint boots up, it gets a valid ip address.
2) I believe it receives the proper dhcp option as observed in the wireshark it request the .cfg file and gets the xml file in response.


3)If I expand the last line of the above wireshark (http/xml) this is what I get. The reg.1.server.1.address definitely specifies the domain which resolves to the internal fusionpbx machine (verified).


4) Now when I capture wireshark data for port 5060, I literally get nothing?? No requests from the handset.

So I'm at a loss here. It's obvious that the handset is getting the xml but something is either wrong with the xml that it's making the request to the fusion server. Because it's an ip330 I can't really look at the log files.

So I'm going to go to my office and grab an ip550 so that I can look at the log files on that machine.

 

[kidjake28]

I've been doing some more work and I think I've pinpointed the problem but don't know why or how to fix it.

Okay so what I've been able to figure out is that provisioning seems to be working. At least what it's supposed to do.

The MAC.CFG gets sent to the handset as noted above yet the config file (xml) does not get applied to the handset.

Let me explain:
So I logged onto the ip550 set entered in all the LINE information to get the handset to register. It did.
I then EXPORTED the config file (WEB-CONFIG). I wiped out the phone and imported the config file to see if it would register. It did.

I then copied the contents of the config file (including the sip.1.server.auth_password) to the polycom3.x file/{$mac}.cfg file that I had created previously (deleted the contents that was previously there). All now had was the the static information that I had exported to configure and register the phone.

I checked the file by downloading the mac.cfg file under devices and I checked by going to http://domain.local/app/provision/mac.cfg, it all looked good.

I then manually entered into the phone web config and set the provisioning server manually (http://domain.local/app/provision). As soon as I confirmed the setting I can see the phone accessing the mac.cfg file (tail -f access.log error.log) yet the phone still does not apply the configuration.

And this is where I am stumped. Please any help would be greatly appreciated.

 

[kidjake28]

Answer found:

The mac.cfg file is NOT supposed to contain any configuration settings (verified by Polycom).

This file is meant to contain the location of the specific config files to keep the root clean. Examples are given in the 00000000.cfg file

<?xml version="1.0" standalone="yes"?>
<!-- Default Master SIP Configuration File-->
<!-- For information on configuring Polycom VoIP phones please refer to the -->
<!-- Configuration File Management white paper available from: -->
<!-- http://www.polycom.com/common/docum...n_file_management_on_soundpoint_ip_phones.pdf -->
<!-- $RCSfile$ $Revision: 135826 $ -->
<APPLICATION APP_FILE_PATH="sip.ld" CONFIG_FILES="" MISC_FILES="" LOG_FILE_DIRECTORY="" OVERRIDES_DIRECTORY="" CONTACTS_DIRECTORY="" LICENSE_DIRECTORY="">

<APPLICATION_SPIP300 APP_FILE_PATH_SPIP300="sip_213.ld" CONFIG_FILES_SPIP300="phone1_213.cfg, sip_213.cfg"/>
<APPLICATION_SPIP500 APP_FILE_PATH_SPIP500="sip_213.ld" CONFIG_FILES_SPIP500="phone1_213.cfg, sip_213.cfg"/>
<APPLICATION_SPIP301 APP_FILE_PATH_SPIP301="sip_318.ld" CONFIG_FILES_SPIP301="phone1_318.cfg, sip_318.cfg"/>
<APPLICATION_SPIP501 APP_FILE_PATH_SPIP501="sip_318.ld" CONFIG_FILES_SPIP501="phone1_318.cfg, sip_318.cfg"/>
<APPLICATION_SPIP430 APP_FILE_PATH_SPIP430="sip_327.ld" CONFIG_FILES_SPIP430="phone1_327.cfg, sip_327.cfg"/>
<APPLICATION_SPIP600 APP_FILE_PATH_SPIP600="sip_318.ld" CONFIG_FILES_SPIP600="phone1_318.cfg, sip_318.cfg"/>
<APPLICATION_SPIP601 APP_FILE_PATH_SPIP601="sip_318.ld" CONFIG_FILES_SPIP601="phone1_318.cfg, sip_318.cfg"/>
<APPLICATION_SSIP4000 APP_FILE_PATH_SSIP4000="sip_318.ld" CONFIG_FILES_SSIP4000="phone1_318.cfg, sip_318.cfg"/>
</APPLICATION>


So my next question is how old is the polycom provisioning module?

 

[EasyBB]

The mac.cfg file is NOT supposed to contain any configuration settings (verified by Polycom).

I use my own provisioning files (full split files supplied by Polycom) and yes, no config settings in the main file.

<?xml version="1.0" standalone="yes"?>
<!-- Default Master SIP Configuration File-->
<!-- For information on configuring Polycom VoIP phones please refer to the -->
<!-- Configuration File Management white paper available from: -->
<!-- http://www.polycom.com/common/documents/whitepapers/configuration_file_management_on_soundpoint_ip_phones.pdf -->
<!-- $RCSfile$  $Revision: 155255 $ -->
<APPLICATION APP_FILE_PATH="sip.ld"
    CONFIG_FILES="sip-basic_[PHONE_MAC_ADDRESS].cfg,reg-basic_[PHONE_MAC_ADDRESS].cfg,applications-[PHONE_MAC_ADDRESS].cfg,device-[PHONE_MAC_ADDRESS].cfg,features-[PHONE_MAC_ADDRESS].cfg,site-[PHONE_MAC_ADDRESS].cfg"
    MISC_FILES=""
    LOG_FILE_DIRECTORY="logs"
    OVERRIDES_DIRECTORY="overrides"
    CONTACTS_DIRECTORY="contacts"
    LICENSE_DIRECTORY="lic"
    USER_PROFILES_DIRECTORY="profiles"
    CALL_LISTS_DIRECTORY="calls">
</APPLICATION>

So my next question is how old is the polycom provisioning module?

I don't really understand this question.

 

[kidjake28]

Well it seems that the provision editor for the polycom files only creates one config file mac.cfg.
If you actually look at the {$mac}.cfg file, it contains ALL the phone settings (i.e. registration information etc).
However according to polycom this file MUST NOT contain any configuration information ONLY information of where to find the actual config files for the proper endpoint.
This way it keeps the root folder clean so that you can put the various config files in their proper folders.

So with each endpoint there should be mutiple config files for that machine.
mac.cfg
mac-reg.cfg
mac-phone.cfg
mac-directory.xml

So this is where my confusion lies. Why doesn't the provisioning module create these separate files?
My assumption was that is was an old implementation and perhaps at one point Polycom did include configuration settings in the mac.cfg file.

 

[Mike Loiterman]

192.168.1.30 - - [01/Dec/2017:04:41:32 +0000] "GET /app/provision/000XXXXXXXXX-phone.cfg HTTP/1.1" 404 168 "-" "FileTransport PolycomSoundPointIP-SPIP_330-UA/3.3.5.0247"

This is the key line. In my experience, the polycom phones would not provision until I told the provision server to send {$mac}-phone.cfg. I just can't remember where that I did that though. I will search through my configuration files to see where that was initially commented out.

 

[kidjake28]

I tried manually pulling (macofphone)-phone.cfg and there was no such file. Does fusion generate such file?

 

[richarda]

I'm having issues getting Polycoms to provision as well. Any update?

 

[richarda]

I was able to manually provision them, but not auto provision.

 

[EasyBB]

I'm having issues getting Polycoms to provision as well. Any update?

What do you see in NGINX access log?