Dec 23 2016 07:45 PM
Has anyone had any luck with the Polycom VVX 600 and signing into S4B when you have MFA enabled on your account? Or for that matter any polycom device? I've tried app passwords and those don't seem to work either. I haven't seen any documentaiton anywhere if this is supported or not, so just curious if anyone has any inforamtion about it and if it's not supported, when it might be.
Apr 25 2018 12:50 AM
Hi Neil,
After Jeff's steer to use the web sign in method things have been ok for me. To be fair we're only trialling this with around a dozen users. But with them all on the most recent software (5.7.1.2205 as of this post) we haven't been experiencing any sign-outs. In fact I've been impressed (and very happy) at being able to unplug my phone, hot desk to another part of the office, plug my phone in there and then have it come back up with my account signed in automatically no questions asked - perfect.
Will post again if things go off the rails, but so far so good here.
Best regards,
James
Apr 25 2018 04:31 AM
Hi James,
Thanks for this update, my handset may be a software version or two out of date, so i will update to the latest version and post back how i get on
thanks again
Neil
Oct 24 2018 07:26 PM
It is 2 years later and there is still no workable solution for these phones. It is quite unbelievable when you think that this is (or once was) such a strategic collaboration for MS and Polycom, and that they have not managed to work something out. I am the only one in my office who puts up with checking my phone in the morning and signing in again if needed, so that I can make and receive calls during the day. Everybody else resorted to using their personal cell phones. But we are paying through the nose for the E5 licenses and calling plans.
Now, over the past couple of months, things seem to have taken a turn for the worse. The latest firmware that MS is pushing down (5.8.0.12848) broke our ability to authenticate with the phones ("failed to fetch user certificate"). I suspect that this has to do with MS adding support for Teams and that this introduced a glitch. I now have to pin my firmware to the last one where web sign-in worked, which means that even if there ever is a fix for allowing MFA with app passwords on the device, I will not get it because I cannot allow the phones to upgrade the firmware .....
Is there anybody out there who deployed SFB Online with Lync handsets and can claim that it was a success? Or are the people in this thread the last few who are trying to make it work?
Oct 25 2018 04:23 AM
Oct 25 2018 04:31 PM
James,
Very exciting to hear you got it working. Are you by chance using a SfB Online account or do you host Skype yourselves locally? We host our own SfB server and I get the "failed to fetch user certificate" error when attempting to sign-in using the web sign-in method.
Thanks!
-Brad
Oct 25 2018 07:17 PM
Brad, the Web Sign-In method is currently still only available for use with Skype for Business Online accounts, not SfB Server accounts. Microsoft is working on a solution for this though, so hang tight.
Oct 26 2018 12:41 AM
Oct 26 2018 05:31 AM - edited Oct 26 2018 05:40 AM
Jeff, Web Sign-in is also the _only_ option currently available for SFB Online with MFA enabled. This is classified information, apparently, because nowhere in process of enabling (and enforcing) MFA for our users did I run into a warning that would have alerted me of this. But just the other day I found this recently updated document that clarifies it (scroll down to the table of sign-in options for various deployment scenarios):
https://docs.microsoft.com/en-us/skypeforbusiness/what-is-phone-system-in-office-365/getting-phones-...
Oct 26 2018 05:43 AM
And by the way, thank you, Jeff, for all the great information about SFB and the Polycom phones that you have assembled and curated over the years. Things would have been much more difficult for many of us without your blog.
Nov 17 2018 02:15 PM
Initiating a web sign-in from VVX-601 worked perfectly for me thanks.
Nov 19 2018 10:16 AM
Not today, sadly. Azure MFA out of service and we are completely crippled, not just the phones.
Feb 11 2019 09:20 AM - edited Feb 11 2019 09:56 AM
Is this still working for you? I am now getting an error "network is down unable to get url and pair code". I am certain that the network is not down as the username/password authentication still does not work with MFA enabled (using app password) as demonstrated by various errors that confirm connectivity.
Thanks for any info!
Feb 11 2019 01:45 PM
Aside from some occasional requests by SfB to re-authenticate, the integration with my VVX 601 on my MFA enabled O365 account is stable. Contact syncing is my problem.
@afar wrote:Is this still working for you? I am now getting an error "network is down unable to get url and pair code". I am certain that the network is not down as the username/password authentication still does not work with MFA enabled (using app password) as demonstrated by various errors that confirm connectivity.
Thanks for any info!
, argh.
Feb 11 2019 03:23 PM
It works for me. I had to pin my firmware to 5.7.1.3782 and disallow auto-upgrades.
I learned that this needs to be configured on the Skype side, not the phone. Here the PS script that I use:
Set-ExecutionPolicy RemoteSigned
Import-Module LyncOnlineConnector
$session = New-CsOnlineSession
Import-PSSession $session
Get-Module
Get-CsIPPhonePolicy
Set-CsIPPhonePolicy -EnableDeviceUpdate $false
Get-CsIPPhonePolicy
Set-CsIPPhonePolicy -EnableBetterTogetherOverEthernet $true
Get-CsIPPhonePolicy
Set-CsIPPhonePolicy -BetterTogetherOverEthernetPairingMode Auto
Get-CsIPPhonePolicy
Set-CsIPPhonePolicy -UserDialTimeoutMS 10000
Also great - the ability to change the token lifetime to the max allowed (was it 30 or 60 days?), it has become much less bothersome.
Oct 15 2019 06:25 AM
@Christian Donner Could you expand on how you extended the token lifetime please? Thanks!
Oct 16 2019 01:23 PM
@Christian Donner We are also looking out how to expand the token lifetime. Our users are getting signed out every few days. Can you provide any details on how you achieved this?
Thanks!
Oct 16 2019 01:31 PM
@CosmoDenger I wish I remembered this. Maybe https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-configurable-token-...
I will have to research but no time at the moment. It was definitely on one of the admin portals.
Oct 16 2019 01:34 PM
@Christian Donner, Thanks! I was just looking at the same thing. I'll see what I can find out and report back.