Register Snom m9 with lync server 2010

Although snom m9 is not a certified Lync device (yet?) I thought it would be a good opportunity to try it and share the registration steps.

Snom m9 Firmware upgrade

When I got the snom phones they required a firmware upgrade before they could be used with OCS/Lync so make sure to download the latest snom m9 firmware and load it to your phone, details are here

Configure phone security settings not to validate certificates


If you are using a public Certificate on your front-end you can skip this step

Once the firmware and you have successfully registered the snom handsets with the base. Access the snom web interface using “http://snomipaddress” use the default login credentials

Username : admin
Password : password

then go to “Security” and select do not validate certificate from the option menu, we need to do this because the phone will try to check for the RootCA in its trusted root certification authorities container and it will fail to verify the Lync server certificate if this latter was issued by your internal Certificate Authority.

Configure the phone

Pick the identity to be used, identity 1 for example configure account settings for your identity as follows

Identity active:  on
Display Name:  Your display name for example “Charbel Hanna
Account: Your sip username without the sip domain name for example “charbel”
Registrar: Your sip domain name “mydomain.com”
Outbound Proxy: Your front-end server or pool FQDN, by default the phone will try use UDP port 5060 which will fail with OCS so we should mention the port and transport type for example
Sip:ocspool01.domain.local:5061;transport=tls
Authentication Name: Domain.local\username for example “lab\charbel”
Password: “userPassword”
Password (repeat): “userPassword”
Mailbox: Leave it blank it will be filled automatically later

In the SIP settings tab select Office communication Server (OCS) and enable Secure RTP

Now that’s a really cool feature in the Snom m9 that you can assign an identity to a specific handset. To do so go to the handset section under the identity that you are configuring and select the handset MAC address that you to which you want to bind it.

Remove 128bit NTLM encryption requirement

After setting all the above you should be able to login however the phone will fail to register generating the following error :

ms-diagnostics: 1000;reason=”Final handshake failed”;source=”MFA-OCSFE1.domain.local”;HRESULT=”0xC3E93EC3(SIP_E_AUTH_UNAUTHORIZED)”

This is due to the fact that windows 2008 , 2008 R2, windows 7 requires 128bit encryption for NTLM authentication by default, and the snom doesn’t use 128 bit encryption, Thus this setting should be disabled on all Lync Front-end Servers.

For more details about disable NTLM 128bit encryption requirement on windows 2008 please check the following link http://technet.microsoft.com/en-us/library/dd566199(WS.10).aspx

Check that all is fine

Now we have everything set to use snom m9 with lync you should be able resgister your account! To double check this go to Status –> registration and check for the identity number it should shows “200 ok”

That’s it for now i will share my experience using snom m9 with lync later so keep in touch

Experienced Consultant Team Lead with a demonstrated history of working in the information technology and services industry. Skilled in Azure, Skype for Business, SQL Server, Iaas, Saas, PaaS, ITIL, Microsoft Solutions, and Servers. Strong information technology professional, technology passionate.

Posted in Messaging & Collaboration Tagged with: , , , ,
5 comments on “Register Snom m9 with lync server 2010
  1. Jeffbrushie says:

    Hi
    Were you able to answer a response Group Call from Lync 2010 with the snom-M9?

    cheers

    • Ian Yates says:

      I got our new M9s working with Lync today.  I didn’t have to do this NTLM change (maybe a newer firmware fixed this issue?)…  But, the one thing I can’t make go, and it’s mainly why we bought the M9, was to answer calls from response or hunt groups.  Very frustrating.  Did you manage to solve this?

      • Charbel Hanna says:

        Hi there, sorry for the late reply, this is a known issue with the snom phones, since we need to remember these phones aren’t built for Lync but they are certified for Lync which make a difference in the whole OS and features that they support.

        for my opinion these phones are good to be used in small basic deployments where only basic telephony features are required

        regards,

        • Ian Yates says:

          Thanks for the reply – no problem with lateness – it is a blog after all, not a 24 hour support line! 🙂

          I’ve logged a message on the Snom support forums.  They claim it should work and are digging through SIP traces, etc at the moment (although it has been back and forth for a week or so).  I was hoping you’d have another pearl of wisdom that might solve our issue.  We also can’t make outgoing calls on the Snom handsets, and they don’t place nice when calling from a Snom to our Windows Lync clients or our Aastra 6725ip deskphones.  In case others who stumble across your blog have the same issues, the URL for our Snom forum discussion is http://forum.snom.com/index.php?s=e44c075b7bb140e8af8c3367d6edfe5b&showtopic=7243. 

          We’re getting by with our deskphones and software Lync clients.  The Snoms are mainly used at the moment as a “remote ringer” so if we’re away from the PCs we at least know someone is calling and can run back to pick it up on the corded phones 🙂

  2. Jeffbrushie says:

    Hi
    Were you able to answer a response Group Call from Lync 2010 with the snom-M9?

    cheers

Leave a Reply to Jeffbrushie Cancel reply

Your email address will not be published. Required fields are marked *

*