Polycom VVX 411 Signing out Users at Random

Brass Contributor

Hello,

We are about to roll out Polycom VVX411 phones using SfB but in our testing users are getting logged out seemingly randomly between 7-30 days.  They do get an error "Exchange authentication failed. Sign out and sign in again." on their Polycom phones about 1-2 hours before the phone actually logs them out. We are running Polycom UC Software version 5.9.3.2857

 

We have MFA enabled for our end users also.  We are using SfB and Exchange online, nothing on-prem. 

 

Has anyone seen or fixed this issue in their environment?

Thanks!

15 Replies

Update: I have a ticket open with Microsoft and Polycom for this issue.  At this point they are just pointing fingers at each other.  I'll update everyone if we find a solution. 

Hi @CosmoDenger 

 

If you are using MFA, web sign-in is required.

 

Ref: https://documents.polycom.com/bundle/ucs-sfb-dg-5-9-0/page/c-ucs-sfb-web-sign-in-for-skype-for-busin...

 

Web Sign In supports Multi-Factor Authentication (MFA) on polycom phones. If you are using MFA, you must use Web Sign In as the user sign-in method with Polycom phones.

 

For more information on configuring Office 365, see Microsoft's Configure Azure Multi-Factor Authentication Settings.

 

@DamianCastillo, absolutely.  We have no problems signing in.  The issue is that our users are signed out automatically every 7 days.  I have two cases open with Microsoft and no one can figure out what to change to prevent the sign outs. 

@CosmoDenger I am also facing the same problem with onprem skype/exchange2016. 

 

Polycom phone can login successfully to EWS and then after few days getting error message "Warning Authentication failed re-enter password to access the Calendar"

 

Please let me know if you found any solution. 

Hello @CosmoDenger 

 

Are you still having the same issue? usually, that kind of error can be found in the logs of the phones.

 

You can try checking this Poly community post:

https://community.polycom.com/t5/VoIP-SIP-Phones/FAQ-How-can-change-Logging-Levels-or-use-Syslog/td-...

 

I would recommend you to enable these ones for exchange issues:

app1=2 , pps=2 , sip=debug, so=2 , auth=debug  nisvc= debug  pgui= debug  curl=1

 

and for registration issues:

app1=2 , pps=1 , sip=debug, so=2 , auth=debug  nisvc= debug  tls= debug  curl=1

 

Also, you may confirm that the consent its being applied by your O365 Admin:

https://techcommunity.microsoft.com/t5/skype-for-business-blog/oauth-2-0-and-third-party-application...

 

That would give you an idea.

 

(Y) :D 

 

Hello @Deleted 

 

First of all, try to contact your service provider or Poly account manager (Where did you buy the devices?) They will try to help you or point into the right direction in order to resolve your problem.

 

As my previous comment usually that kind of exchange error can be found in the logs of the phones.

 

You can try checking this Poly community post:

https://community.polycom.com/t5/VoIP-SIP-Phones/FAQ-How-can-change-Logging-Levels-or-use-Syslog/td-...

 

I would recommend you to enable these ones for exchange issues:

app1=2 , pps=2 , sip=debug, so=2 , auth=debug  nisvc= debug  pgui= debug  curl=1

 

Since you are using an On-premise infrastructure you may review the release notes and admin guide of the device model and software version that these devices are currently running:

General voip

https://support.polycom.com/content/support/north-america/usa/en/support/voice.html

 

VVX 401/411

https://support.polycom.com/content/support/north-america/usa/en/support/voice/business-media-phones/vvx401-411.html

 

Also, you can review the following post about Microsoft services in 3rd party devices like Poly ones:

https://techcommunity.microsoft.com/t5/skype-for-business-blog/oauth-2-0-and-third-party-application...

 

I hope all this info helps you.

 

Unfortunately, we still don't have a solution.  I have had a ticket open with Microsoft for approx. 3 months now and I think they have ghosted me.  This sign out happens on Polycom and Audiocodes phones. We have done all the logging suggested by Microsoft and they confirmed the issue is on their end but cannot provide a resolution.  We are a cloud only deployment. 

@CosmoDenger  Thanks for responding to my message.

 

Actually I already taken the debug log and found below error :

 

'ews' Service CSoapTransaction network error = Host requires authentication (204)

New credentials needed for accessing Exchange Web Services, deactivating to wait for new credentials

 

then it start showing "Warning Authentication failed re-enter password to access the Calendar" message on screen and to fix that We just need to signout and signin again, then it start working again. But after few days shows same error message again.

 

 

 

 

@CosmoDenger We are experiencing the same issue but with our vvx50x phones.  Hope they find a solution soon.

@JoeWilker, no such luck.  They closed the ticket on me without a resolution or my consent.  When I tried to re-open it, they stopped responding.  Our next move is to hope that the CCX 400 with Teams won't have this issue. 

Anybody ever find the cause of this issue of VVXs logging out of ? I don't know that any of them are seeing any Exchange error messages or not.

@BrandonJ365 

 

In our case it was the conditional access policy.  The only way we could work around it was to exclude Exchange online and SfB from the conditional access policy for phone users.  Now we are moving to CCX 400 phones and it doesn't seem to be an issue with the Teams phones.  

 

I'm also pushing for this because we need a way to just assign phones to users.  I get the mobility aspect of allowing users to sign in to any phone they are near, but that just isn't the case in our environment. https://microsoftteams.uservoice.com/forums/555103-public/suggestions/43453338-assign-users-directly...

 

Thanks for the response! I wish you luck on the CCXs. We've got a large number of Trio C60s and it hasn't been pretty. There are a lot of bugs and churn in this space on the MS side. With CA in place, according to Microsoft, they must be InTune enrolled. We have over 300 C60s, all on the same code, all being covered by the same config in InTune. At least 50 have yet to enroll in InTune like they should. 80 or so are showing non-compliant for no apparent reason other than they haven't checked in since they were enrolled (they should check in every 24 hours). And out of all of them, less than 40 are checking in daily like they are supposed to. Oh yeah....we are fighting logout issues with them. Also having some instances where there's no dial-pad on the phone (another open case with MS).

There's a long thread about Teams native phone issues since the latest code that came a few months back here:
https://techcommunity.microsoft.com/t5/microsoft-teams/teams-phone-device-refuse-login-with-1449-1-0...