TopBanner

Using Lync Server CsClientPolicyEntry for Inband snom Setting Provisioning for IP Phones

image

What if you could provisiong snom specific settings like ringer tone, buttons and a myriad of other snom settings using standard Powershell and native Lync Server functionality? (no additional provisioning servers to install or learn) With snom’s new use of the native Lync Server csClientPolicyEntry cmdlet this is now possible.

Lync Phone Edition has never had the ability to change user/device setting (example: default ringer, screen contrast, etc) from Lync Server policies. Ever since Lync Qualified IP Phones have been available this unresolved challenge has required additional servers to provision Lync Qualified IP Phone settings centrally and made 3PIP phones feel like “black sheep” devices to Lync admins. In the case of snom there is snomtastic and polycom has their own method of pushing out settings.

Interestingly Lync Server has a built-in feature, for some versions already, that can brilliantly address this problem: CsClientPolicyEntry cmdlet. This commandlet allows a Lync admin to add additional custom vendor specific settings to any CsClientPolicy. Microsoft has used this as a kind of “back door” method to push less used & esoteric settings to official Lync clients  but it can be used just as well to push any vednor specific setting to Lync Qualified devices.

Overview of How CsClientPolicyEntry Works

csClientPolicyEntry allows you to use csClientPolicy’s to send vendor specific devices settings to snom UC Edition devices. This means that using totally native Lync and powershell you can provision vendor specific settings inside and outside your Lync Edge. No additional provisioning servers required.

How to Use CsClientPolicyEntry to Configure snom Settings

For this example we will change the “Global” CsClientPolicy. (NOTE: obviously you would only want to do this in a lab; ONLY push settings out to small group of phone first for testing!)

First, find the snom setting you want to set. A snom setting will look something like:

  • answer_after_policy!

A great way to construct a setting is to login into the snom web UI, change a setting and click “Apply” and then view settings screen to see what setting changed and what its value is. (shown below)

image

The name you will use for the setting is the above prefixed with snom_ and the trailing ! removed to look like:

  • answer_after_policy!: becomes snom_answer_after_policy

Now run this powershell against the CsClient policy you want to change:

$x = New-CsClientPolicyEntry –Name snom_answer_after_policy -Value always
Set-CsClientPolicy –Identity Global –PolicyEntry @{Add=$x}

To test if you setting was success run:
Get-CsClientPolicy -Identity Global

image

Sure enough, our new CsClientPolicyEntry is there.

If we add more than one CsClientPolicyEntry, it will look something like the below:

image

To remove a setting:

$x = New-CsClientPolicyEntry -Name answer_after_policy -Value always
Set-CsClientPolicy –Identity Global –PolicyEntry @{Remove=$x}


Using Replace instead of Add or Remove, will replace all current Names/Values with the new one(s) you add. I suspect in most cases an admin will not want to use Replace, but you can read more here: http://blogs.technet.com/b/nexthop/archive/2011/07/25/haiku159.aspx

More Technical Detail on How Inband Provisioning Works

It appears that the in band provisioning is pulled from Lync Server when the endpoint reregisters. At this time all in band setting will be sent to the endpoint in the SIP Subscribe (re-register) as XML in SIP.

What can you do to trigger a re-register? Reboot the device or (in snom phones) click re-register (either via phoneUI or webUI) on the appropriate identity. You can also wait for reregister to happen. (30minutes default?)

That alternative is waiting patiently. Like many other things in Lync Server, this will not happen immediately. Below are (what appear to be to me) the default resubscribe timing in Lync for various login types:

Registering and Subscribing (min 1200 secs)

  • Pin Authentication – provision on every 4hrs (minimum getting settings/re-subscribe is 20minutes)
  • NTLM  w/ AD account -  provision once 1hr on the hr (300-900sec)  (minimum getting settings/re-subscribe is 20minutes?)
  • NTLM w/Contact only  - unknown
How to See csClientPolicyEntry’s for a Given Policy When There Are A Lot of Entries?

cls
$a = Get-CsClientPolicy -Identity Global
$a.PolicyEntry | ft name,value -AutoSize

Powershell To Add csClientPolicyEntry’s Based on snom Settings File

We have written a Powershell script that makes adding csClientPolicyEntry very easy. The steps:

  • Change the settings in the snom phone you want tweaked
  • copy these settings into a text file (example of settings file show below, and you can copy this right out of snom web UI)
  • run the below Powershell

Sample snom settings text file contents (2 lines below):

user_ringer1!: Ringer3
fkey3!: presence <sip:sampleuser@sampledomain.com>


### PowerShell Script Starts Here ###
$pathandfile = "c:\settings.txt"
$policyname = "Test_User_Policy"

### Don’t change the below vars ###

$textfile = get-content $pathandfile
$prefix = "snom_"

##############################
# remove old settings first
##############################

foreach ($i in $textfile) {

$pos = $i.IndexOf(" ")
$lyncname = $i.Substring(0, $pos)
$lyncvalue = $i.Substring($pos+1)


$x = New-CsClientPolicyEntry –Name ($prefix + $lyncname.Replace("!:","")) -Value $lyncvalue
Set-CsClientPolicy –Identity $policyname –PolicyEntry @{remove=$x}
}

##############################
# add settings
##############################

foreach ($i in $textfile) {

$pos = $i.IndexOf(" ")
$lyncname = $i.Substring(0, $pos)
$lyncvalue = $i.Substring($pos+1)


$x = New-CsClientPolicyEntry –Name ($prefix + $lyncname.Replace("!:","")) -Value $lyncvalue
Set-CsClientPolicy –Identity $policyname –PolicyEntry @{add=$x}
}
Write-Host Completed Loading Inband Settings into $policyname ClientPolicy on Lync Server.
### PowerShell Script Ends Here ###

How to Remove csClientPolicyEntry’s That Have Been Pushed to snom Phones

To remove settings pushed to a group of snom phones you need to take the following steps:

  • Set the snom settings back to default values using the above powershell command
    • you can get snom default values by resetting values on a snom phone and checking the value via the web UI settings page
      • csclientpolicyentry does not allow VALUE to be $Null
  • Wait and verify affected phones get the new, default setting(s)
  • create a snom setting file with settings you want to remove
  • Now remove the csClientPolicyEntry’s using the below PowerShell

 

### PowerShell Script Starts Here ###
$pathandfile = "c:\settings_to_remove.txt"
$policyname = "Test_User_Policy"

### Don’t change the below vars ###

$textfile = get-content $pathandfile
$prefix = "snom_"

##############################
# remove old settings first
##############################

foreach ($i in $textfile) {

$pos = $i.IndexOf(" ")
$lyncname = $i.Substring(0, $pos)
$lyncvalue = $i.Substring($pos+1)


$x = New-CsClientPolicyEntry –Name ($prefix + $lyncname.Replace("!:","")) -Value $lyncvalue
Set-CsClientPolicy –Identity $policyname –PolicyEntry @{remove=$x}
}

### powershell ends here ###

Several Ways to Provision snom Device Settings

Below we compare various methods of provisioning snom phones and the pros and cons:

Feature snomtastic csclientpolicyentry
push reboot device yes no
push device reset yes no
show device IP yes yes, Lync Monitoring*
show device FW yes yes, via Powershell
Works outside edge no yes
can provision fkey0 no yes
provision via PowerShell no yes
per endpoint setting policies yes no
per user setting policies unknown yes
utilize existing csclientpolicy no yes
     
Additional Maintenance    
requires additional server yes no
requires importing/AD sync yes no
source click here read more

* Lync Monitoring Server 2013 has added IP address to underlying SQL tables. click here

Other Stuff/Limitations/Etc
  • We have tested 1 csClientPolicy with 160 csClientPolicyEntry settings successfully.
  • We have tested 1 csClientPolicyEntry with a Value that was 930 characters long.
  • What if you want to change a setting to “not set” or back to defaults? csClientPolicyEntry doesn’t seem to accept NULL
    • You need to know the default value and then explicitly set it to that (and optionally remove the setting from csclientpolicyentry if no longer of interest)
  • You can have only 1 group of csClientPolicyEntry settings per user. There is not a way to have 1 Lync user who has 3 different phones with a different settings going to the different phones using csclientpolicyentry method of provisioning settings. (you would need to use snomtastic or snom Active method). Another way of saying this is that csclientpolicyentry is per user, not per device.
  • While csClientPolicyEntry can strictly speaking, send settings to a single device, it is not optimized for this scenario. So using csClientPolicyEntry method for sending settings valid for 1 user is awkward. (say a button configuration valid for one user)
  • 2nd Identity in snom devices does not seem support in-band provisioning [reported]
  • There is no way for csClientPolicyEntry to pass user specific values/device specific variables
    • for example: you want to have a group of phones in one csclientpolicy but you want an IP Phone setting assigned a device specific variable (MAC,IP) or Lync user specific (Username, LineURI, etc)
  • NOTE: Before rolling out large group of phones you will want to test additional load this puts on your servers
Snom Explanation Slide Deck

 

Additional Provisioning Option: Inband + Out of Band
  • it allows bridging out from inband provisioning to out of band, if needed or even to TR-069 based solutions
  • simply by placing XML config. and FW config files on the Lync IIS (like described in SIP to UC guide) and direct the phones inband  to it, you can realize location aware FW Updates (in SBA sites) or
  • address the need for “roaming” F-Key’s:  User A logs in with User level CS-Policy F-Key’s provided out of band, next shift comes and A logs out B logs in with its individual Fkeys (inband directed, out of band programmed)
Pros and Cons of csClientPolicyEntry to Manage IP Phones

snom UC Edition’s use of csClientPolicyEntries is pure genius: It allows you to manage snom devices using Lync Server’s built in functionality and Powershell, the settings are pushed in-band so this works on devices inside and outside your Lync Edge and it requires no additional poorly understood/supported provisioning servers.

Lync Server, and csClientPolicy entry by extension, focus’ on a user centric approach to management. This serves well in many cases but not in some cases where you have 1 user and several devices that need to have different device settings.  In this case you are forced to choose between different user or same setting.

csClientPolicyEntry can technically push snom button settings just like any other setting, but is not optimal because of csClientPolicy’s “clumsiness” at/not designed for pushing user/devices specific settings.

Conclusion

Once again, snom UC Edition’s use of csClientPolicyEntries is pure genius: It allows you to manage snom devices using Lync Server’s built in functionality and Powershell, the settings are pushed in-band so this works on devices inside and outside your Lync Edge and it requires no additional poorly understood and supported provisioning servers. I want to thank Jan Boguslawski, Technical Product Manager of UC Edition at snom, for conceptualizing and designing this feature. snom UC Edition’s use of csClientPolicyEntry marks the first time Lync admins can push out IP Phone preferences (ringers, language, etc)  directly and efficiently from Lync Server.

This may just be the feature that makes snom UC Edition & Lync Qualified devices more optimized than Lync Optimized devices.
 

snom Slide Deck by Jan Boguslawski on csClientPolicyEntry: click here
{End}

http://wiki.snom.com/FAQ/Can_I_control_my_snom_phone_remotely
http://192.168.1.187/line_login.htm?RE-REGISTER:1=Re-register
http://blogs.technet.com/b/dodeitte/archive/2011/05/11/how-to-get-the-last-time-a-user-registered-with-a-front-end.aspx

CsClientPolicyEntry is used in corner cases:
http://ucken.blogspot.com/2013/05/viewing-extensions-in-lync-client.html

snomtastic: http://snomtastic.codeplex.com/

200 ok

http://www.diffchecker.com

default for fkeys = line

snom Setting Permissions:
http://wiki.snom.com/Features/Mass_Deployment/Setting_Files/XML/Flags
Change
any snom setting using an URL: http://wiki.snom.com/FAQ/Can_I_set_single_phone_settings_via_HTTP_requests

More sophisticated change Powershell:

### PowerShell Script Starts Here ###
$pathandfile = "c:\settings.txt"
$policyname = "Global"

### Don’t change the below vars ###

$textfile = get-content $pathandfile
$prefix = "snom_"
cls

##############################
# remove old settings first
##############################

Write-Host Any Warnings that follow indicate new clientpolicyentry settings...

foreach ($i in $textfile) {

$pos = $i.IndexOf(" ")
$lyncname = $i.Substring(0, $pos)
$lyncvalue = $i.Substring($pos+1)


$x = New-CsClientPolicyEntry –Name ($prefix + $lyncname.Replace("!:","")) -Value $lyncvalue
Set-CsClientPolicy –Identity $policyname –PolicyEntry @{remove=$x}
}

##############################
# add settings
##############################

foreach ($i in $textfile) {

$pos = $i.IndexOf(" ")
$lyncname = $i.Substring(0, $pos)
$lyncvalue = $i.Substring($pos+1)


$x = New-CsClientPolicyEntry –Name ($prefix + $lyncname.Replace("!:","")) -Value $lyncvalue
Set-CsClientPolicy –Identity $policyname –PolicyEntry @{add=$x}
}


Write-Host Completed Loading Inband Settings into $policyname ClientPolicy on Lync Server.
### PowerShell Script Ends Here ###

Write-Host New PolicyEntries for $policname
$a = Get-CsClientPolicy -Identity $policyname
$a.PolicyEntry | ft name,value -AutoSize


$cu = (get-csuser -filter {clientpolicy -eq $policyname}  | Format-Table samaccountname, clientpolicy).count
$cc = (Get-CsCommonAreaPhone  -filter {clientpolicy -eq $policyname} | ft name,clientpolicy).count

Write-Host This client policy affected $cu users.
Write-Host This client policy affected $cc common area phones.


Write-Host ---
Write-Host Done.

8 comments:

  1. Great news snom are surprising us with new features as always , very informative article, thank you matt

    ReplyDelete
  2. You'll want to be careful when using the replace option. Other things, like the photo URL option for the clients, are stored in client policy entries. See http://www.lynclog.com/2013/11/lync-2013-client-and-and-pictures-from.html for more info.

    ReplyDelete
  3. Great point to underscore. should i have a more dire warning than the one I do?

    Also, remember our scope in this article is ONLY csClientPolicyEntry, not the csClientPolicy iteself. Thanks!

    ReplyDelete
  4. I have been a regular visitor of this site and I love reading blogs posted here.They are truly very well written,precise and to the point.

    Windows Thin Client & Citrix Thin Client

    ReplyDelete
  5. I am using snom 870 and having some issues thank you for sharing this as I am right now at a place where I can not get any support at business point.

    ReplyDelete
  6. Any chance this will be coming to the Polycom VVX series devices as well?

    ReplyDelete
  7. Hi Matt, what are the parameters in the policy minimum needed to provision a snom phone?

    ReplyDelete
  8. to permit a snom phone sign in to Lync remotely

    ReplyDelete