Configuring DHCP Options to Enable Sign-in for IP Phones
Topic Last Modified: 2012-06-21
The Aastra 6725ip desk phone, HP 4120 IP Phone (desk phone), and Polycom CX600 IP desk phone are the new IP desk phones for Lync Server. Unlike the older Polycom CX700 IP desk phone, a user cannot enter his or her user name and password on the phone to sign in. This is because there is no alphanumeric keypad on the new phones. Instead, the phone uses Dynamic Host Configuration Protocol (DHCP) options query results during the startup process to identify and connect to Lync Server. A user can then enter his or her phone number or extension and authentication personal identification number (PIN) on the phone, and the phone will be able to connect to Lync Server. This authenticates the user and allows him or her to sign in.
To enable phones to discover Lync Server and to connect, ensure that the following options are set up on the organization’s DHCP servers.
43 (vendor class ID: MS-UC-Client)
Lync Server pool certificate provisioning service URL
*Specify the internal URL in the form https://lyncsvrWebPoolFQDN:443/CertProv/CertProvisioningService.svc.
Fully qualified domain name (FQDN) for the certification authority (CA) pool Registrar
*Specify the FQDN of the pool that will be the first logon server for the phone. Typically this is a Director pool. If you don’t deploy a Director pool, this is the Front End pool FQDN.
43 (vendor class ID: CPE-OCPHONE)
Virtual local area network (VLAN) ID
If you do not use a VLAN for unified communications (UC), or if you use Link Layer Discovery Protocol (LLDP)-enabled switches in the enterprise to provide VLAN IDs, do not set this option.
Note that option 43 is not an independent option. Depending on the vendor class ID it is configured for, the option might have different values. The client identifies the vendor for which it wants the information as option 60 in the DHCP request.
This option needs to be configured only in an intranet-only environment or a PIN authentication scenario to resolve the time server address.
For a central location that is typically serviced by a data center, configure the DHCP options on the DHCP servers in the data center. For branch sites where a Survivable Branch Appliance is deployed, you can configure a DHCP server, if it is available in the branch, or enable Lync Server DHCP. When Lync Server DHCP is enabled, Lync Server replies back to the DHCP options queries for DHCP options 120 and 43. Note that Lync Server DHCP is not a full DHCP server. It does not provide leases. It provides only the options described in the previous table.
Option 120 contains the Lync Server Registrar pool FQDN servers that Lync Server clients can connect to. For example, if contoso.com is the SIP Server, the value for option 120 would be as follows: 0 7 ‘e’ ‘x’ ‘a’ ‘m’ ‘p’ ‘l’ ‘e’ 3 ‘c’ ‘o’ ‘m’. Note that Lync Server supports encoding only types “0” and “1.”
|For more details about Options 120 and 43, see Obtaining Values of DHCP Options by Using DHCPUtil.exe.|
Add DHCPUtil.exe and DHCPConfigScript.bat on a network share that can be accessed from the DHCP server.
On the DHCP server, run the following at the command prompt:
\\<FileShare>\DHCPUtil.exe -SipServer <Lync Server Pool FQDN > -WebServer <Lync Server Internal Web FQDN> -RunConfigScript.
The Lync Server internal web FQDN is the FQDN of the web components that run on the Lync Server Front End pool. This is typically specified by using Topology Builder as part of pool properties. If you do not use Domain Name System (DNS) load balancing for the pool, the Lync Server internal web FQDN is the same as the Lync Server pool FQDN.
Validate that the DHCP options entries were created and that a client computer can discover Lync Server by running DHCPUtil.exe -EmulateClient on the client computer. If it returns without errors, the entries were created correctly.
Currently this can be run only when there is one active network adapter.
DHCPConfigScript.bat essentially does the following:
netsh dhcp server add optiondef 120 UCSipServer Binary 0 comment="Sip Server FQDN" netsh dhcp server set optionvalue 120 Binary <value of option 120> netsh dhcp server add class MSUCClient "UC Vendor Class Id" "MS-UC-Client" 1 netsh dhcp server add optiondef 1 UCIdentifier Binary 0 Vendor=MSUCClient comment="UC Identifier" netsh dhcp server set optionvalue 1 Binary vendor=MSUCClient <value of sub-option 1> netsh dhcp server add optiondef 2 URLScheme Binary 0 Vendor=MSUCClient comment="URL Scheme" netsh dhcp server set optionvalue 2 Binary vendor=MSUCClient <value of sub-option 2> netsh dhcp server add optiondef 3 WebServerFqdn Binary 0 Vendor=MSUCClient comment="Lync Server Internal Web Fqdn" netsh dhcp server set optionvalue 3 Binary vendor=MSUCClient <value of sub-option 3> netsh dhcp server add optiondef 4 WebServerPort Binary 0 Vendor=MSUCClient comment="Lync Server Internal Web Fqdn Port" netsh dhcp server set optionvalue 4 Binary vendor=MSUCClient <value of sub-option 4> netsh dhcp server add optiondef 5 CertProvRelPath Binary 0 Vendor=MSUCClient comment="Cert Prov Relative Path" netsh dhcp server set optionvalue 5 Binary vendor=MSUCClient <value of sub-option 5>