Solved Yealink Provisioning 15.5

Discussion in '3CX Phone System - General' started by Gab, Aug 12, 2017.

Thread Status:
Not open for further replies.
  1. Gab

    Gab

    Joined:
    Apr 23, 2016
    Messages:
    8
    Likes Received:
    2
    Recently upgraded 3CX from 12.5 to V14 without problems. Ran a couple weeks V14 and now I have upgraded to 15.5 SP1. I ran into some problems provisioning our Yealink phones and I'm looking for a little bit of help here.

    I upgraded the firmware on our phones to match the supported firmware and did a factory reset. When the phone appears in 3CX and I try to add it to an extension it doesn't do anything. I went manually into the phone and put http://IP:5000/provisioning/"randomname" and try to provision and nothing happened. Then I tested it with https://IP:5001/provisioning/"randomname" and it did the provisioning at least partially. The phone didn't pull the wallpaper like it used to. I'm using stock template.

    Any ideas?
     
  2. us1

    us1

    Joined:
    Oct 19, 2015
    Messages:
    80
    Likes Received:
    21
    Do you have a valid security certificate for your system? Version 15 and above have pretty stringent requirements around that. You can test this out by going into the web interface of the phone and disabling the requirement of trusted certificates and try reprovisioning over HTTPS again.

    I have experienced the "partial configuration" issue you're seeing and it was the security certificate which resolved it.
     
  3. Saqqara

    Saqqara Well-Known Member

    Joined:
    Mar 12, 2014
    Messages:
    1,092
    Likes Received:
    165
    As you have done an upgrade, templates on created on the fly.

    Check the folders . for filenames with the same mac code as the phones you are trying to provision and delete them - you may have old templates on the system

    Factory default the phones and try again

    Also you can not provision the phone by IP address using https, you will get security errors , as above you can disable ssl / https security on the phone

    Under provisioning tab, what is the provisioning link
     
    #3 Saqqara, Aug 13, 2017
    Last edited: Aug 13, 2017
    YiannisH_3CX and us1 like this.
  4. Gab

    Gab

    Joined:
    Apr 23, 2016
    Messages:
    8
    Likes Received:
    2
    us1:
    I used a 3CX created FQDN does that covers me on the valid security certificate part? I did go into the web interface on the phone and disabled the requirement for trusted certificates but I had the same result when re-provisioning. Another thing I noticed is that when I call an extension I no longer see the name of the person on the phone just the extension number.

    Sagara:

    I checked the folders and couldn't find any old .cfg with MAC address. There is one with all 0's. Under provisioning I see Http://IP:5000/provisioning/randomname but if I try using that it does not work (this is under each phone extension in the phone provisioning tab).


    One thing I did do under our DNS is that I pointed the FQDN that 3cx created for me (name.3cx.us) to the local IP address of the 3cx system. Should I revert it back and let it point to our public IP address?

    Appreciate all the help you guys can give me.
     
  5. YiannisH_3CX

    YiannisH_3CX Support Team
    Staff Member 3CX Support

    Joined:
    May 10, 2016
    Messages:
    6,016
    Likes Received:
    420
    Are the phones and the PBX in the same local LAN? Can you access the phones web interface from the PBX machine? I would assume yes since the phones appear in the management console as new.
    Try putting the provisioning link in a browser followed by the phones MAC address and see if you can download the config file for the phones
    Http://IP:5000/provisioning/randomname/mac.cfg use the local IP of the server to avoid DNS issues. Make sure that under the extension settings / phone provisioning the local provisioning method and the correct interface is selected. Let us know if the config file can be downloaded from browser in the LAN.

    Where the phones provisioned as remote extensions on a different installation / FQDN before? They could be bound to RPS if that is the case
     
  6. Gab

    Gab

    Joined:
    Apr 23, 2016
    Messages:
    8
    Likes Received:
    2
    Yes, phones and pbx are on the same local LAN and I can access phones web interface without a problem. When I tried doing the http://ip:5000.etc I get a 403 forbidden nginx. If I do https://IP.5001.etc then I'm able to download the file from web browser.

    Provisioning method is selected as local with the correct interface and the phones have never been provisioned as remote extensions.
     
  7. giwm

    giwm New Member

    Joined:
    Sep 27, 2016
    Messages:
    236
    Likes Received:
    41
    You shouldn't be using a public IP from internal... you're hairpinning through your firewall at that point. You may need to set up your split DNS properly or - as Yiannish stated - use the local server IP.

    If you want to set up split DNS and use that, assume the following:
    • your public FQDN is 3cx.company.com
    • your server's public IP is 11.12.13.14
    • your server's internal IP is 10.0.0.10
    Internally, you should have a DNS entry for 3cx.company.com pointing to 10.0.0.10. Then your provisioning link should be https://3cx.company.com/provisioning/randomname. I actually use an http link, as I ran into issues with PolyCom phones.

    The error with using http is interesting though... you should not have that problem.
     
  8. Gab

    Gab

    Joined:
    Apr 23, 2016
    Messages:
    8
    Likes Received:
    2
    giwm:

    That's exactly how I have it configured.
     
  9. giwm

    giwm New Member

    Joined:
    Sep 27, 2016
    Messages:
    236
    Likes Received:
    41
    You can check your nginx.conf file (for Windows: C:\Program Files\3CX Phone System\Bin\nginx\conf\) and look for a listen 80 and a listen 443. The listen 80 chunk should include an ACL allowing only internal (RFC 1918) IP addresses and loopback with a deny all at the end. If you're using a public IP, nginx won't allow connections on port 80.

    If you'd like to PM me that file, I can glance at it for you.
     
  10. Gab

    Gab

    Joined:
    Apr 23, 2016
    Messages:
    8
    Likes Received:
    2
    Yes we used public IP internally (not my decision). I had this issue with v14 that the digital receptionist stopped working when I upgraded from 12.5 and I had to edit the file manually for the system to work. When I upgraded to v15 and the digital receptionist was still working I thought I didn't need to edit the file again. I just added the network to the allow list and will reboot at noon when employees are in their break.

    I will get back with the results.
     
  11. giwm

    giwm New Member

    Joined:
    Sep 27, 2016
    Messages:
    236
    Likes Received:
    41
    If you're using the public IP, you're still hairpinning. So now your external firewall has to allow traffic it should not be allowing (and all that data now has to flow through your firewall, which is overhead you don't want, ACLs to control, etc.). Step 1 should be to stop using the public IP for internal resources.
     
  12. Gab

    Gab

    Joined:
    Apr 23, 2016
    Messages:
    8
    Likes Received:
    2
    I meant that we used a public IP for our internal network instead of the usual 192.168.1.0 10.0.0.0 or 172.16.0.0. Not using the public IP of the WAN for the phones.
     
  13. giwm

    giwm New Member

    Joined:
    Sep 27, 2016
    Messages:
    236
    Likes Received:
    41
    Ah... you mean you don't NAT? So then there's no difference in IP addresses between internal and external. So I'm confused when you said this:

     
  14. Gab

    Gab

    Joined:
    Apr 23, 2016
    Messages:
    8
    Likes Received:
    2
    Yes we do NAT. I have a Public Static IP and my Private Internal IP. I created the split DNS in the system to point the 3cx FQDN to the local IP of the system. Outside of our LAN is pointing to our Public IP.
     
  15. Gab

    Gab

    Joined:
    Apr 23, 2016
    Messages:
    8
    Likes Received:
    2
    Ok after adding our internal LAN to the conf allow list everything is working. I'm able to provision from the 3CX console and the phones are taking the configuration without any problem. Thanks everyone for the help! especially giwm.
     
    Tag user and giwm like this.
Thread Status:
Not open for further replies.