MrKernel Network

UPDATE: http://www.mrkernel.net/?p=27#more-27

I got a hold of a few OCPE devices. Both the Polycom CX700 http://www.polycom.com/usa/en/products/voice/desktop/cx/communicator_cx700.html and the LG-Nortel 8540 http://www.nortel.com/8540. As anyone who has tried to connect them to Office Communication Server (OCS) 2007 knows, the first thing you must do is get the CA certificate on the phones. Being that they are RTM firmware the official ways of doing this are http://blogs.technet.com/jenstr/archive/2007/11/17/how-to-make-the-root-ca-certificate-available-for-office-communicator-2007-phone-edition.aspx. This works fairly slick except, in my experience, when the phone is not on the same subnet of a domain controller. When the OCPE is factory defaults and on different subnet from a domain controller it is unable to download the certificate. The error I get is “Cannot download certificate because domain is not accessible.”

Doing a packet trace I see that the OCPE does a broadcast for the domain in attempt to find it, it does not use DNS to find the domain. If I put the OCPE on the same subnet as a Domain Controller it downloads the certificate, and once that is done I am able to move it to another subnet. Great I thought it sucks that I can’t figure out how to deploy a phone on a non Domain Controller subnet but at least I have a workaround. I have since then deployed an OCPE Update Server. Guess what, when a phone gets upgraded it loses its CA Certificate. The login and PIN/Fingerprint are retained put not the Certificate. So the phone is no longer able to register. So what could I do to get this to work? Well, back in Windows NT4.0 when you needed to access a Domain Controller on a different subnet what did you use? Well WINS of course. But surely a newly engineered device in 2008 would not be able to utilize WINS. Guess what it does, I fired up a WINS service on one of my boxes, added the ip address to the DHCP scope of the OCPE and vola, certificate downloaded. So this really bugs me, I haven’t used WINS since before 2000, does Microsoft honestly expect its customers to deploy a WINS infrastructure just for an OCPE  deployment? If anyone else has had different or similar experience with the OCPE and different subnets please let me know. I will post a solution if I find one.