Polycom 1725-31424-001 manual Contoso.com\userAlias instead of just Contoso\userAlias

•

Query DNS for _sipinternal._tcp. <SIPDomain>

(_sipinternal._tcp.fabrikam.com)

SRV record

•

Query DNS for _sipinternal._tcp.

(_sipinternal._tcp.fabrikam.com.contoso.com)

<SIPDomain>.<DHCPDomain> SRV record

•

Query DNS for _sip._tls. <SIPDomain> SRV

(_sip._tls.fabrikam.com)

record

•

Query DNS for _sip._tls.

(_sip._tls.fabrikam.com.contoso.com)

<SIPDomain>.<DHCPDomain> SRV record

•

Query DNS for _sip._tcp. <SIPDomain> SRV

(_sip._tcp.fabrikam.com)

record

•

Query DNS for _sip._tcp.

(_sip._tcp.fabrikam.com.contoso.com)

<SIPDomain>.<DHCPDomain> SRV record

•

Query DNS for sip.<SIPDomain> A record; IP

(sip.fabrikam.com)

address of pool is returned

8.

Polycom CX700 phone queries DNS for

(Client Hello)

poolFQDN and is returned the pool’s IP address

9.

Polycom CX700 phone initiates TLS connection

(Note: SHA2 is not supported)

to pool IP Address specifying which Ciphers are

supported

10.

Pool responds with Certificate detail; they

(Server Hello) Note: TLS connection is not

exchange keys if handshake is OK

established yet.

11.

Polycom CX700 phone queries <DHCPDomain>

(_ldap._tcp.dc._msdcs.contoso.com)

for AD LDAP service using DC provided by

DHCP

12.

Polycom CX700 phone binds to AD and looks for

(OCPE binds using Auth type SASL)

RootCA in <DHCPDomain>

13.

DC responds with RootCA details. If the Pool cert

was issued by the RootCA returned, we proceed.

14.

Polycom CX700 phone queries DNS for

(contoso.com)

<DHCPDomain> and is returned the domain’s IP

address

•

Note: this is why we sign in as

contoso.com\userAlias instead of just

contoso\userAlias.

•

This step must return a valid IP in order to find a

DC again and download the certificate chain.

15.

Polycom CX700 phone locates RootCA again in

(contoso.com)

<DHCPDomain>

16.

Polycom CX700 phone attempts HTTP request

(NTLM Auth fails)

to download RootCA cert chain using NTLM