Recently I had a situation where there is no OS-based (Windows/Linux) DHCP server, however DHCP service is running only in Switch(es).
IP Phones require DHCP Option 43 in order for them to be able to locate Lync/SFB server's Certificate Provisioning Service, download and install the Root CA's certificate automatically.
I have had to provide DHCP Option 43 Hex value to network engineers so that they can configure it in Switch(es).
The easiest way to retrieve it is:
- Go to the folder path where DHCPUtil.exe is and run the following command;
PS C:\Program Files\Common Files\Microsoft Lync Server 2013> .\DHCPUtil.exe -sipserver lyncserver.thetnaing.com
Output
SIP Server FQDN : lyncserver.thetnaing.com
Certificate Provisioning Service URL : https://lyncserver.thetnaing.com:443/CertProv/CertProvisioningService.svc
Option 120:
00096570736C796E63303109657073696C6F6E6871056C6F63616C00
Vendor Class Identifier: MS-UC-Client
Option 43 (for vendor=MS-UC-Client):
Full Option 43 value (Length: 184) : 010C4D532D55432D436C69656E740205687474707303196570736C796E6330312E657073696
C6F6E68712E6C6F63616C040334343305252F4365727450726F762F4365727450726F766973696F6E696E67536572766963652E737663
sub-option 1 <UC Identifier>: 4D532D55432D436C69656E74
sub-option 2 <URL Scheme>: 6874747073
sub-option 3 <Web Server FQDN>: 6570736C796E6330312E657073696C6F6E68712E6C6F63616C
sub-option 4 <Port>: 343433
sub-option 5 <Relative Path for Cert Prov>: 2F4365727450726F762F4365727450726F766973696F6E696E67536572766963652E
737663
2. Provide your DHCP Option 43 Hex value you got it from output above to network engineers.
010C4D532D55432D436C69656E740205687474707303196570736C796E6330312E657073696
C6F6E68712E6C6F63616C040334343305252F4365727450726F762F4365727450726F766973696F6E696E67536572766963652E737663
Now the IP Phones are able to locate, download and install the root certificate automatically and successfully.
It's worth to take note that "PIN Authentication" menu appears only after you configured DHCP Option 43.
