Hi,
We are currently deploying Lync Server 2013. Before we deploy Edge and Mediation, we want Polycom CX600 phones without USB cable (thus: as common area phone, like CX500) to sign-in automatically with PIN authentication.
So far so good, but PIN authentication on the CX600 doesn't work. And all we get is this error:
"Cannot sign-in. Please verify your sign-in address, domain\user name, and password and then try again"
Once again: we are NOT using USB cables. We want the phone to do the PIN authentication, root CA download and sign-in by Ethernet.
SETUP:
Server: DC1 (win2012)
FQDN: mp-dc1.domain.local (internal=domain.local, external=domain.com)
IP: 192.168.1.5
DHCP options set, using DHCPUtil (following Jeff Schertz blog)
003 192.168.1.254
004 192.168.1.5
006 192.168.1.5
015 domain.local
042 192.168.1.5
043
001
002
003
004
005
119 domain.local
120
DNS records added (pin-point):
_ntp._udp.domain.com -> SRV port 123 UDP -> hostname: mp-dc1.domain.local.
lyncdiscoverinternal.domain.com -> A -> 192.168.1.12
lyncdiscover.domain.com -> A -> 192.168.1.12
_sipinternaltls._tcp.domain.com -> SRV port 5061 TCP -> hostname: mp-lync.domain.local.
_sip._tls.domain.com -> SRV port 443 TCP -> hostname: mp-lync.domain.local.
sipinternal.domain.com -> A -> 192.168.1.12
sip.domain.com -> A -> 192.168.1.12
Server: LyncFE (win2012), Lync Server 2013 Standard with CU feb 2013.
FQDN: mp-lync.domain.local
IP: 192.168.1.12
Primary SIP domain: domain.com
Certificates are issued on DC1, which has the AD CS role installed.
Certificate details: mp-lync.domain.local, Issued by: local.domain.domain-mp-dc1-ca
WHAT WE DID:
- We used 2 AD accounts for testing. We enabled Enterprise Voice on the accounts, gave them a number tel:+31212121212;ext=01 and ;ext=02, and a manual PIN.
- Verified that UsePinAuth is True (which is by default), but sign-in keeps failing.
- The time on the phones is correct. Firmware is latest (january 2013).
- We tried lots of phone resets bij pressing * and # when powering on. Nothing helps.
- Lync Server had rebooted several times. Doesn't help.
- on LyncFE: added REG_DWORD "SendTrustedIssuerList" value 0 in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\, rebooted, doesn't help.
- checked if the RootCA is in AD, by using: certutil -f -dspublish <Root CA certificate in .cer file> RootCA. Result: it's already there. We did this with the Root CA ONLY, not with the issued cert for the Lync services.
- One more thing: when people start Lync Client on their PC for the first time, they get a certificate warning that the server is not trusted. This is correct right? Because the cert is issued by our DC (see above).
LOGS:
DHCPUtil -EmulateClient from another server results in: Success
DHCP Server: 192.168.1.5
SIP Server FQDN: mp-lync.domain.local
Certificate prov service URL: https://mp-lync.domain.local:443/CertProv/CertProvisioningService.svc
Test-CSPhoneBootStrap with ext=01 and correct PIN results in:
Target Fqdn: mp-lync.domain.local
Target URL: https://mp-lync.domain.local:443/CertProv/CertProvisioningService.svc
Result: Success
VERBOSE: Workflow
'Microsoft.Rtc.SyntheticTransactions.Workflows.STPhoneBootstrapWorkflow'
started.
Workflow
'Microsoft.Rtc.SyntheticTransactions.Workflows.STPhoneBootstrapWorkflow'
completed in '7.46E-05' seconds.
Target server Fqdn or web service Url not provided. Will have to do DHCP
Registrar Discovery.
Workflow
'Microsoft.Rtc.SyntheticTransactions.Workflows.STPhoneBootstrapWorkflow',
succeeded.
'DHCPDiscover' activity started.
Starting DHCP registrar discovery...
Constructing a DHCP packet.
Adding DHCP option PARAMETER_REQUEST_LIST.
Successfully added DHCP option.
Adding DHCP option VENDOR_CLASS_IDENTIFIER.
Successfully added DHCP option.
Successfully constructed DHCP packet.
Trying to open an udp connection.
Remote IP : 255.255.255.255.
Local IP : 192.168.1.12.
\tCreating a new UDP client.
Udp connection successfully created.
Sending packet.
Remote IP : 255.255.255.255.
Remote Port : 67.
Packet sent successfully.
DHCP discovery message send. Waiting for DHCP servers to respond.
Data received successfully.
Remote IP : 192.168.1.5.
Remote Port : 67.
Response received for the DHCP Discovery message.
Constructing a DHCP packet from received raw data.
Extracting DHCP Options.
Successfully constructed DHCP packet.
Return value for DHCP option : SIP_SERVER.
Found registrar Fqdn : mp-lync.domain.local.
Searching for DHCP sub option : VENDOR_SPECIFIC_INFORMATION.1.
Return value for DHCP option : VENDOR_SPECIFIC_INFORMATION.
Found DHCP sub option : VENDOR_SPECIFIC_INFORMATION.1 - MS-UC-Client.
Successfully extracted sub option value.
Searching for DHCP sub option : VENDOR_SPECIFIC_INFORMATION.2.
Return value for DHCP option : VENDOR_SPECIFIC_INFORMATION.
Found DHCP sub option : VENDOR_SPECIFIC_INFORMATION.2 - https.
Successfully extracted sub option value.
Searching for DHCP sub option : VENDOR_SPECIFIC_INFORMATION.3.
Return value for DHCP option : VENDOR_SPECIFIC_INFORMATION.
Found DHCP sub option : VENDOR_SPECIFIC_INFORMATION.3 -
mp-lync.domain.local.
Successfully extracted sub option value.
Searching for DHCP sub option : VENDOR_SPECIFIC_INFORMATION.4.
Return value for DHCP option : VENDOR_SPECIFIC_INFORMATION.
Found DHCP sub option : VENDOR_SPECIFIC_INFORMATION.4 - 443.
Successfully extracted sub option value.
Searching for DHCP sub option : VENDOR_SPECIFIC_INFORMATION.5.
Return value for DHCP option : VENDOR_SPECIFIC_INFORMATION.
Found DHCP sub option : VENDOR_SPECIFIC_INFORMATION.5 -
/CertProv/CertProvisioningService.svc.
Successfully extracted sub option value.
Found web service Url :
https://mp-lync.domain.local:443/CertProv/CertProvisioningService.svc.
Disconnecting.
DHCP registrar discovery activity completed successfully.
'DHCPDiscover' activity completed in '1.0392867' seconds.
'GetRootCertChains' activity started.
Trying to download a certificate chain from web service.
Web Service Url :
http://mp-lync.domain.local/CertProv/CertProvisioningService.svc
Certificate chain downloaded successfully.
'GetRootCertChains' activity completed in '0.0174726' seconds.
'GetWebTicket' activity started.
Trying to get web ticket.
Web Service Url :
https://mp-lync.domain.local:443/WebTicket/WebTicketService.svc
Using PIN authentication with Phone\Ext : 01 Pin : 1470
GetWebTicketActivity completed.
'GetWebTicket' activity completed in '0.1313912' seconds.
'ResolveUser' activity started.
Starting ResolveUser activity using Web Ticket.
Web Service Url :
https://mp-lync.domain.local:443/CertProv/CertProvisioningService.svc
Found user : sip:Administrator@domain.com
Setting sip uri 'sip:Administrator@domain.com' back to parent workflow.
ResolveUser activity completed.
'ResolveUser' activity completed in '0.0655857' seconds.
'GetWebTicket' activity started.
Trying to get web ticket.
Web Service Url :
https://mp-lync.domain.local:443/WebTicket/WebTicketService.svc
Using PIN authentication with Phone\Ext : 01 Pin : 1470
GetWebTicketActivity completed.
'GetWebTicket' activity completed in '0.0949635' seconds.
'GetCSCertificate' activity started.
Trying to download a CS certificate for User : Administrator@domain.com
endpoint : STEpid
Web Service Url :
https://mp-lync.domain.local:443/CertProv/CertProvisioningService.svc
GetCSCertificate activity completed.
'GetCSCertificate' activity completed in '0.0774223' seconds.
'Register' activity started.
Sending Registration request:
Target Fqdn = mp-lync.domain.local
User Sip Address = sip:Administrator@domain.com
Registrar Port = No Port is provided..
Authentication Type 'Certificate' is selected.
Registration Request hit against mp-Lync.domain.local.
'Register' activity completed in '0.1528287' seconds.
'UnRegister' activity started.
'UnRegister' activity completed in '0.0194672' seconds.
VERBOSE: Workflow Instance ID '65dd273d-bdd6-48c6-a671-952104f283bc' completed.
VERBOSE: Workflow run-time (sec): 1.7027358.
The IIS Logs are showing these patterns after every PIN authentication (which fails):
2013-04-16 12:35:45 192.168.1.12 POST /CertProv/CertProvisioningService.svc/mex - 80 - 192.168.1.154 OCPhone/4.0.7577.4372+(Microsoft+Lync+Phone+Edition) - 200 0 0 2351
2013-04-16 12:35:45 192.168.1.12 POST /CertProv/CertProvisioningService.svc/anon - 80 - 192.168.1.154 OCPhone/4.0.7577.4372+(Microsoft+Lync+Phone+Edition) - 200 0 0 218
2013-04-16 12:35:47 192.168.1.12 POST /WebTicket/WebTicketService.svc/mex - 443 - 192.168.1.154 OCPhone/4.0.7577.4372+(Microsoft+Lync+Phone+Edition) - 200 0 0 667
2013-04-16 12:35:47 192.168.1.12 POST /WebTicket/WebTicketService.svc/pin - 443 - 192.168.1.154 OCPhone/4.0.7577.4372+(Microsoft+Lync+Phone+Edition) - 401 0 0 65
2013-04-16 12:35:51 192.168.1.12 POST /WebTicket/WebTicketService.svc/pin - 443 Administrator@domain.com 192.168.1.154 OCPhone/4.0.7577.4372+(Microsoft+Lync+Phone+Edition) - 200 0 0 3535
2013-04-16 12:35:52 192.168.1.12 POST /CertProv/CertProvisioningService.svc/WebTicket_Proof_SHA1 - 443 - 192.168.1.154 OCPhone/4.0.7577.4372+(Microsoft+Lync+Phone+Edition) - 200 0 0 895
2013-04-16 12:35:58 192.168.1.12 POST /CertProv/CertProvisioningService.svc/WebTicket_Proof_SHA1 - 443 - 192.168.1.154 OCPhone/4.0.7577.4372+(Microsoft+Lync+Phone+Edition) - 200 0 0 646
2013-04-16 12:37:12 192.168.1.12 POST /CertProv/CertProvisioningService.svc/mex - 443 - 192.168.1.154 OCPhone/4.0.7577.4372+(Microsoft+Lync+Phone+Edition) - 200 0 0 13
2013-04-16 12:37:12 192.168.1.12 POST /CertProv/CertProvisioningService.svc/anon - 80 - 192.168.1.154 OCPhone/4.0.7577.4372+(Microsoft+Lync+Phone+Edition) - 200 0 0 4
2013-04-16 12:37:12 192.168.1.12 POST /WebTicket/WebTicketService.svc/mex - 443 - 192.168.1.154 OCPhone/4.0.7577.4372+(Microsoft+Lync+Phone+Edition) - 200 0 0 8
2013-04-16 12:37:12 192.168.1.12 POST /WebTicket/WebTicketService.svc/pin - 443 - 192.168.1.154 OCPhone/4.0.7577.4372+(Microsoft+Lync+Phone+Edition) - 401 0 0 3
2013-04-16 12:37:13 192.168.1.12 POST /WebTicket/WebTicketService.svc/pin - 443 Administrator@domain.com 192.168.1.154 OCPhone/4.0.7577.4372+(Microsoft+Lync+Phone+Edition) - 200 0 0 247
2013-04-16 12:37:13 192.168.1.12 POST /CertProv/CertProvisioningService.svc/WebTicket_Proof_SHA1 - 443 - 192.168.1.154 OCPhone/4.0.7577.4372+(Microsoft+Lync+Phone+Edition) - 200 0 0 112
2013-04-16 12:37:13 192.168.1.12 POST /CertProv/CertProvisioningService.svc/WebTicket_Proof_SHA1 - 443 - 192.168.1.154 OCPhone/4.0.7577.4372+(Microsoft+Lync+Phone+Edition) - 200 0 0 136
2013-04-16 12:40:08 192.168.1.12 POST /CertProv/CertProvisioningService.svc/mex - 443 - 192.168.1.154 OCPhone/4.0.7577.4372+(Microsoft+Lync+Phone+Edition) - 200 0 0 12
2013-04-16 12:40:08 192.168.1.12 POST /CertProv/CertProvisioningService.svc/anon - 80 - 192.168.1.154 OCPhone/4.0.7577.4372+(Microsoft+Lync+Phone+Edition) - 200 0 0 3
2013-04-16 12:40:08 192.168.1.12 POST /WebTicket/WebTicketService.svc/mex - 443 - 192.168.1.154 OCPhone/4.0.7577.4372+(Microsoft+Lync+Phone+Edition) - 200 0 0 7
2013-04-16 12:40:08 192.168.1.12 POST /WebTicket/WebTicketService.svc/pin - 443 - 192.168.1.154 OCPhone/4.0.7577.4372+(Microsoft+Lync+Phone+Edition) - 401 0 0 2
2013-04-16 12:40:09 192.168.1.12 POST /WebTicket/WebTicketService.svc/pin - 443 Administrator@domain.com 192.168.1.154 OCPhone/4.0.7577.4372+(Microsoft+Lync+Phone+Edition) - 200 0 0 232
2013-04-16 12:40:09 192.168.1.12 POST /CertProv/CertProvisioningService.svc/WebTicket_Proof_SHA1 - 443 - 192.168.1.154 OCPhone/4.0.7577.4372+(Microsoft+Lync+Phone+Edition) - 200 0 0 192
2013-04-16 12:40:09 192.168.1.12 POST /CertProv/CertProvisioningService.svc/WebTicket_Proof_SHA1 - 443 - 192.168.1.154 OCPhone/4.0.7577.4372+(Microsoft+Lync+Phone+Edition) - 200 0 0 140
...
Please, can somebody explain why the CX600 won't sign-in using PIN?
Thank you.
We are currently deploying Lync Server 2013. Before we deploy Edge and Mediation, we want Polycom CX600 phones without USB cable (thus: as common area phone, like CX500) to sign-in automatically with PIN authentication.
So far so good, but PIN authentication on the CX600 doesn't work. And all we get is this error:
"Cannot sign-in. Please verify your sign-in address, domain\user name, and password and then try again"
Once again: we are NOT using USB cables. We want the phone to do the PIN authentication, root CA download and sign-in by Ethernet.
SETUP:
Server: DC1 (win2012)
FQDN: mp-dc1.domain.local (internal=domain.local, external=domain.com)
IP: 192.168.1.5
DHCP options set, using DHCPUtil (following Jeff Schertz blog)
003 192.168.1.254
004 192.168.1.5
006 192.168.1.5
015 domain.local
042 192.168.1.5
043
001
002
003
004
005
119 domain.local
120
DNS records added (pin-point):
_ntp._udp.domain.com -> SRV port 123 UDP -> hostname: mp-dc1.domain.local.
lyncdiscoverinternal.domain.com -> A -> 192.168.1.12
lyncdiscover.domain.com -> A -> 192.168.1.12
_sipinternaltls._tcp.domain.com -> SRV port 5061 TCP -> hostname: mp-lync.domain.local.
_sip._tls.domain.com -> SRV port 443 TCP -> hostname: mp-lync.domain.local.
sipinternal.domain.com -> A -> 192.168.1.12
sip.domain.com -> A -> 192.168.1.12
Server: LyncFE (win2012), Lync Server 2013 Standard with CU feb 2013.
FQDN: mp-lync.domain.local
IP: 192.168.1.12
Primary SIP domain: domain.com
Certificates are issued on DC1, which has the AD CS role installed.
Certificate details: mp-lync.domain.local, Issued by: local.domain.domain-mp-dc1-ca
WHAT WE DID:
- We used 2 AD accounts for testing. We enabled Enterprise Voice on the accounts, gave them a number tel:+31212121212;ext=01 and ;ext=02, and a manual PIN.
- Verified that UsePinAuth is True (which is by default), but sign-in keeps failing.
- The time on the phones is correct. Firmware is latest (january 2013).
- We tried lots of phone resets bij pressing * and # when powering on. Nothing helps.
- Lync Server had rebooted several times. Doesn't help.
- on LyncFE: added REG_DWORD "SendTrustedIssuerList" value 0 in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\, rebooted, doesn't help.
- checked if the RootCA is in AD, by using: certutil -f -dspublish <Root CA certificate in .cer file> RootCA. Result: it's already there. We did this with the Root CA ONLY, not with the issued cert for the Lync services.
- One more thing: when people start Lync Client on their PC for the first time, they get a certificate warning that the server is not trusted. This is correct right? Because the cert is issued by our DC (see above).
LOGS:
DHCPUtil -EmulateClient from another server results in: Success
DHCP Server: 192.168.1.5
SIP Server FQDN: mp-lync.domain.local
Certificate prov service URL: https://mp-lync.domain.local:443/CertProv/CertProvisioningService.svc
Test-CSPhoneBootStrap with ext=01 and correct PIN results in:
Target Fqdn: mp-lync.domain.local
Target URL: https://mp-lync.domain.local:443/CertProv/CertProvisioningService.svc
Result: Success
VERBOSE: Workflow
'Microsoft.Rtc.SyntheticTransactions.Workflows.STPhoneBootstrapWorkflow'
started.
Workflow
'Microsoft.Rtc.SyntheticTransactions.Workflows.STPhoneBootstrapWorkflow'
completed in '7.46E-05' seconds.
Target server Fqdn or web service Url not provided. Will have to do DHCP
Registrar Discovery.
Workflow
'Microsoft.Rtc.SyntheticTransactions.Workflows.STPhoneBootstrapWorkflow',
succeeded.
'DHCPDiscover' activity started.
Starting DHCP registrar discovery...
Constructing a DHCP packet.
Adding DHCP option PARAMETER_REQUEST_LIST.
Successfully added DHCP option.
Adding DHCP option VENDOR_CLASS_IDENTIFIER.
Successfully added DHCP option.
Successfully constructed DHCP packet.
Trying to open an udp connection.
Remote IP : 255.255.255.255.
Local IP : 192.168.1.12.
\tCreating a new UDP client.
Udp connection successfully created.
Sending packet.
Remote IP : 255.255.255.255.
Remote Port : 67.
Packet sent successfully.
DHCP discovery message send. Waiting for DHCP servers to respond.
Data received successfully.
Remote IP : 192.168.1.5.
Remote Port : 67.
Response received for the DHCP Discovery message.
Constructing a DHCP packet from received raw data.
Extracting DHCP Options.
Successfully constructed DHCP packet.
Return value for DHCP option : SIP_SERVER.
Found registrar Fqdn : mp-lync.domain.local.
Searching for DHCP sub option : VENDOR_SPECIFIC_INFORMATION.1.
Return value for DHCP option : VENDOR_SPECIFIC_INFORMATION.
Found DHCP sub option : VENDOR_SPECIFIC_INFORMATION.1 - MS-UC-Client.
Successfully extracted sub option value.
Searching for DHCP sub option : VENDOR_SPECIFIC_INFORMATION.2.
Return value for DHCP option : VENDOR_SPECIFIC_INFORMATION.
Found DHCP sub option : VENDOR_SPECIFIC_INFORMATION.2 - https.
Successfully extracted sub option value.
Searching for DHCP sub option : VENDOR_SPECIFIC_INFORMATION.3.
Return value for DHCP option : VENDOR_SPECIFIC_INFORMATION.
Found DHCP sub option : VENDOR_SPECIFIC_INFORMATION.3 -
mp-lync.domain.local.
Successfully extracted sub option value.
Searching for DHCP sub option : VENDOR_SPECIFIC_INFORMATION.4.
Return value for DHCP option : VENDOR_SPECIFIC_INFORMATION.
Found DHCP sub option : VENDOR_SPECIFIC_INFORMATION.4 - 443.
Successfully extracted sub option value.
Searching for DHCP sub option : VENDOR_SPECIFIC_INFORMATION.5.
Return value for DHCP option : VENDOR_SPECIFIC_INFORMATION.
Found DHCP sub option : VENDOR_SPECIFIC_INFORMATION.5 -
/CertProv/CertProvisioningService.svc.
Successfully extracted sub option value.
Found web service Url :
https://mp-lync.domain.local:443/CertProv/CertProvisioningService.svc.
Disconnecting.
DHCP registrar discovery activity completed successfully.
'DHCPDiscover' activity completed in '1.0392867' seconds.
'GetRootCertChains' activity started.
Trying to download a certificate chain from web service.
Web Service Url :
http://mp-lync.domain.local/CertProv/CertProvisioningService.svc
Certificate chain downloaded successfully.
'GetRootCertChains' activity completed in '0.0174726' seconds.
'GetWebTicket' activity started.
Trying to get web ticket.
Web Service Url :
https://mp-lync.domain.local:443/WebTicket/WebTicketService.svc
Using PIN authentication with Phone\Ext : 01 Pin : 1470
GetWebTicketActivity completed.
'GetWebTicket' activity completed in '0.1313912' seconds.
'ResolveUser' activity started.
Starting ResolveUser activity using Web Ticket.
Web Service Url :
https://mp-lync.domain.local:443/CertProv/CertProvisioningService.svc
Found user : sip:Administrator@domain.com
Setting sip uri 'sip:Administrator@domain.com' back to parent workflow.
ResolveUser activity completed.
'ResolveUser' activity completed in '0.0655857' seconds.
'GetWebTicket' activity started.
Trying to get web ticket.
Web Service Url :
https://mp-lync.domain.local:443/WebTicket/WebTicketService.svc
Using PIN authentication with Phone\Ext : 01 Pin : 1470
GetWebTicketActivity completed.
'GetWebTicket' activity completed in '0.0949635' seconds.
'GetCSCertificate' activity started.
Trying to download a CS certificate for User : Administrator@domain.com
endpoint : STEpid
Web Service Url :
https://mp-lync.domain.local:443/CertProv/CertProvisioningService.svc
GetCSCertificate activity completed.
'GetCSCertificate' activity completed in '0.0774223' seconds.
'Register' activity started.
Sending Registration request:
Target Fqdn = mp-lync.domain.local
User Sip Address = sip:Administrator@domain.com
Registrar Port = No Port is provided..
Authentication Type 'Certificate' is selected.
Registration Request hit against mp-Lync.domain.local.
'Register' activity completed in '0.1528287' seconds.
'UnRegister' activity started.
'UnRegister' activity completed in '0.0194672' seconds.
VERBOSE: Workflow Instance ID '65dd273d-bdd6-48c6-a671-952104f283bc' completed.
VERBOSE: Workflow run-time (sec): 1.7027358.
The IIS Logs are showing these patterns after every PIN authentication (which fails):
2013-04-16 12:35:45 192.168.1.12 POST /CertProv/CertProvisioningService.svc/mex - 80 - 192.168.1.154 OCPhone/4.0.7577.4372+(Microsoft+Lync+Phone+Edition) - 200 0 0 2351
2013-04-16 12:35:45 192.168.1.12 POST /CertProv/CertProvisioningService.svc/anon - 80 - 192.168.1.154 OCPhone/4.0.7577.4372+(Microsoft+Lync+Phone+Edition) - 200 0 0 218
2013-04-16 12:35:47 192.168.1.12 POST /WebTicket/WebTicketService.svc/mex - 443 - 192.168.1.154 OCPhone/4.0.7577.4372+(Microsoft+Lync+Phone+Edition) - 200 0 0 667
2013-04-16 12:35:47 192.168.1.12 POST /WebTicket/WebTicketService.svc/pin - 443 - 192.168.1.154 OCPhone/4.0.7577.4372+(Microsoft+Lync+Phone+Edition) - 401 0 0 65
2013-04-16 12:35:51 192.168.1.12 POST /WebTicket/WebTicketService.svc/pin - 443 Administrator@domain.com 192.168.1.154 OCPhone/4.0.7577.4372+(Microsoft+Lync+Phone+Edition) - 200 0 0 3535
2013-04-16 12:35:52 192.168.1.12 POST /CertProv/CertProvisioningService.svc/WebTicket_Proof_SHA1 - 443 - 192.168.1.154 OCPhone/4.0.7577.4372+(Microsoft+Lync+Phone+Edition) - 200 0 0 895
2013-04-16 12:35:58 192.168.1.12 POST /CertProv/CertProvisioningService.svc/WebTicket_Proof_SHA1 - 443 - 192.168.1.154 OCPhone/4.0.7577.4372+(Microsoft+Lync+Phone+Edition) - 200 0 0 646
2013-04-16 12:37:12 192.168.1.12 POST /CertProv/CertProvisioningService.svc/mex - 443 - 192.168.1.154 OCPhone/4.0.7577.4372+(Microsoft+Lync+Phone+Edition) - 200 0 0 13
2013-04-16 12:37:12 192.168.1.12 POST /CertProv/CertProvisioningService.svc/anon - 80 - 192.168.1.154 OCPhone/4.0.7577.4372+(Microsoft+Lync+Phone+Edition) - 200 0 0 4
2013-04-16 12:37:12 192.168.1.12 POST /WebTicket/WebTicketService.svc/mex - 443 - 192.168.1.154 OCPhone/4.0.7577.4372+(Microsoft+Lync+Phone+Edition) - 200 0 0 8
2013-04-16 12:37:12 192.168.1.12 POST /WebTicket/WebTicketService.svc/pin - 443 - 192.168.1.154 OCPhone/4.0.7577.4372+(Microsoft+Lync+Phone+Edition) - 401 0 0 3
2013-04-16 12:37:13 192.168.1.12 POST /WebTicket/WebTicketService.svc/pin - 443 Administrator@domain.com 192.168.1.154 OCPhone/4.0.7577.4372+(Microsoft+Lync+Phone+Edition) - 200 0 0 247
2013-04-16 12:37:13 192.168.1.12 POST /CertProv/CertProvisioningService.svc/WebTicket_Proof_SHA1 - 443 - 192.168.1.154 OCPhone/4.0.7577.4372+(Microsoft+Lync+Phone+Edition) - 200 0 0 112
2013-04-16 12:37:13 192.168.1.12 POST /CertProv/CertProvisioningService.svc/WebTicket_Proof_SHA1 - 443 - 192.168.1.154 OCPhone/4.0.7577.4372+(Microsoft+Lync+Phone+Edition) - 200 0 0 136
2013-04-16 12:40:08 192.168.1.12 POST /CertProv/CertProvisioningService.svc/mex - 443 - 192.168.1.154 OCPhone/4.0.7577.4372+(Microsoft+Lync+Phone+Edition) - 200 0 0 12
2013-04-16 12:40:08 192.168.1.12 POST /CertProv/CertProvisioningService.svc/anon - 80 - 192.168.1.154 OCPhone/4.0.7577.4372+(Microsoft+Lync+Phone+Edition) - 200 0 0 3
2013-04-16 12:40:08 192.168.1.12 POST /WebTicket/WebTicketService.svc/mex - 443 - 192.168.1.154 OCPhone/4.0.7577.4372+(Microsoft+Lync+Phone+Edition) - 200 0 0 7
2013-04-16 12:40:08 192.168.1.12 POST /WebTicket/WebTicketService.svc/pin - 443 - 192.168.1.154 OCPhone/4.0.7577.4372+(Microsoft+Lync+Phone+Edition) - 401 0 0 2
2013-04-16 12:40:09 192.168.1.12 POST /WebTicket/WebTicketService.svc/pin - 443 Administrator@domain.com 192.168.1.154 OCPhone/4.0.7577.4372+(Microsoft+Lync+Phone+Edition) - 200 0 0 232
2013-04-16 12:40:09 192.168.1.12 POST /CertProv/CertProvisioningService.svc/WebTicket_Proof_SHA1 - 443 - 192.168.1.154 OCPhone/4.0.7577.4372+(Microsoft+Lync+Phone+Edition) - 200 0 0 192
2013-04-16 12:40:09 192.168.1.12 POST /CertProv/CertProvisioningService.svc/WebTicket_Proof_SHA1 - 443 - 192.168.1.154 OCPhone/4.0.7577.4372+(Microsoft+Lync+Phone+Edition) - 200 0 0 140
...
Please, can somebody explain why the CX600 won't sign-in using PIN?
Thank you.