How to Deal with Auto Provisioning Failures in Cloud PBX

Applicability

• Model: Cloud PBX
• Firmware version: any

 

Symptom

IP phones can not be provisioned by Cloud PBX successfully. 

 

Analysis

RPS, Redirection, and Provisioning Service is used by Auto-provisioning in Cloud PBX, and below is a brief introduction of its four-step working flow.

1. Register the MAC address of your IP Phone to a related RPS server through Cloud PBX.
2. Reset your IP phone & connect them to the web.
3. IP Phone automatically fetches Cloud PBX's provisioning URL from the RPS server.
4. IP Phone connects to the provisioning URL, and provisions itself.

 

Failures & Solutions

1. Firstly make sure your provisioning operation is correct. Refer to this video: How to Provision IP Phone by Yeastar Cloud PBX (Video)

 

2. Fail to register the MAC address.

Double-check the MAC of the IP phone and make sure it is filled in the newly added device of Cloud PBX correctly.

After that, the MAC address of the IP phone should be registered to its RPS server successfully.

 

3. Fail to obtain the provisioning URL from the RPS server.

Reset the phone again and make sure the IP it gets has the ability to access the public network.

Try to ping www.yeastar.com on the phone and see if it can access the public network successfully.

 

4. Fail to get the provisioning file from Cloud PBX.

Try to download the provisioning file through a web browser directly to see if the file is available.

Provisioning URL of Yealink/Vtech/Fanvil:  Provisioning Server Link/mac.cfg

Provisioning URL of Snom: Provisioning Server Link/mac.xml

  

5.  Invalid SSL Certificate of YMP.

The above three points are all good, but the auto-provisioning still fails. 

In this case, SSL certificates installed on the SBC and YMP need to be checked.

SSL-Checker Tool: https://www.sslshopper.com/ssl-checker.html  

You can apply for/renew the SSL Certificate from well-known Certification Authorities, for example, GoDaddy And then turn to Yeastar Support for the installation for SBC and YMP.  

 

6. Outdated CA certificate list on phones (For example - Yealink)

Some old Yealink models don't verify Sectigo's or other new certificate providers' certificates. The models involved:

• T27G
• T46S(T48S, T42S, T41S)
• T46U(T43U, T46U, T41U, T48U, T42U)
• T54W(T57W, T53W, T53)
• T58V(T56A)
• CP920
• CP960

Here are 2 solutions:

1) Go to upgrade your Yealink phone to a specific version to verify Sectigo certificate: Sectigo's USERTrust RSA CA is not accepted by Yealink Phones in V84 and below versions

2) Disable certificate verification on  Yealink phone.

If you don't want to upgrade or use another provider's certificate, you have to disable the 'Only Accept Trusted Certificates' option on the phones.

 

7. Other Failures

Please contact Yeastar support for further troubleshooting.