Originally posted: August 29, 2014.
Updated: February 15, 2017..
I was following Polycom’s instructions and Jeff Schertz’s post on configuring an FTP Provisioning server for the Polycom VVX range. In large deployments, when you need to update and configure hundreds and thousands of phones, this is the only way to do it right.
There were two things that I struggled with when configuring this server:
- You have to build and configure an FTP server, DHCP options, AD user, download the files… etc.
- For most organizations – You’ll use an FTP on a Windows server. Jeff mentioned that the username and password for the FTP user (PlcmSpIp) would not be acceptable in many environments due to the fact that it doesn’t meet the Password complexity requirements.
So, I set up my mind to create an automated process to do all of the above, in a Windows Active Directory environment. I wanted to run a task on the soon-to-be FTP server that will save me all the hassle of configuring three different serves and downloading the software. Well, guess what – it worked!
So what is this script doing?
- It will first check if you have local Admin rights to run the script. Automatic elevation will take place if you allow it.
- It will warn you, very clearly, that you’re about to install an FTP server on this machine and create a new, granular, non-secure password policy. It will also advise that the latest Polycom firmware is downloaded from my site, and not the Polycom website (You need to accept terms and conditions there, there’s no direct download link).
- You’ll be prompted to enter the server’s FQDN, although you’re actually installing it on that server. We’ll use that later…
- It will check your Forest and Domain functional levels. This script requires that your domain functional level would be at least Windows 2008.
- It will install the following features and prerequisites:
- IIS FTP
- IIS Management Tools
- DHCP Remote Server Administration Tools
- ADDS Remote Server Administration Tools (Installed previously on Domain Functional Level tests)
- It will then install and configure a new FTP site in a dedicated VVX folder under C:\Inetpub. The FTP server will be configured to use Basic Authentication only and will authorize the user PlcmSpIp with read and write permissions. As suggested in Jeff’s post, dedicated ‘logs’ and ‘calls’ folders are created as well.
- It will then download the (currently) latest VVX firmware from my website. This normally takes 2-3 minutes, but can take longer depending on your Internet connection. If you have a proxy – it might not allow the download.
- Upon successful download of the file – the files will be unzipped to the VVX folder of the FTP and the original ZIP file will be deleted.
- The script will then ask you for your DHCP server’s FQDN, it will add DHCP option 160 and configure options 160 and 066.
- The server will then confirm that you have options 4 and 42 configured and will ask you to provide a time server IP if these options are not yet there.
- A new Active Directory Fine-Grained Password Policy named PlcmSpIpPSO that does not require Password Complexity.
- Wait for AD for 30 seconds – this has proven to be a critical pause…
- Create a new AD user named PlcmSpIp in the default User container with the description: “User for Polycom Provisioning Server – This user has a simple password policy”. You can move this user to a different location once the script is finished.
- Apply the new Fine-Grained Password Policy to this user.
- Enable the user, set its password to PlcmSpIp and set it to “Never Expires”.
That’s it, your server is good to go.
Many thanks to Guy Bachar for his help in this one.
September 3, 2014, Version 2.3.1:
– Domain and Forest Functional Level tests in beginning of script.
– No need to insert the FTP server’s name.
– DHCP test errors are no longer visible.
September 5, 2014, Version 2.4.0:
– Updated to Polycom VVX Software version 5.1.2
February 15, 2017, Version 3.0.0:
– Now downloading version 5.5.1 directly from Polycom.
– Added configuration for DHCP option 161.
Download the script here.