Yealink Forums
Autoprovision - config file encryption problem - Printable Version

+- Yealink Forums (http://forum.yealink.com/forum)
+-- Forum: IP Phone Series (/forumdisplay.php?fid=4)
+--- Forum: Auto Provisioning (/forumdisplay.php?fid=14)
+--- Thread: Autoprovision - config file encryption problem (/showthread.php?tid=1120)



Autoprovision - config file encryption problem - oea - 12-20-2013 04:55 PM

Hi,

I try to autoprovision by using Yealink RPS service. The phone I use (T20P) can autoprovision properly when the config files are not encrypted but when I try to encrypt the config files (both common and MAC related ones) the autoprovisioning is not working?

I follow the instructions on the Yealink SIP-T2XP phones Auto Provision User Guide Rev_71_165.pdf and Yealink Configuration Encryption Tool User Guide.pdf files but cannot manage to configure properly.

I am using 9.71.0.141(RPS Enabled).rom firmware file. Is there a never RPS enabled version?

How can I troubleshoot this issue? Can anyone help me about this encryption problem?

Regards

Evren


RE: Autoprovision - config file encryption problem - Yealink Support - 12-23-2013 02:25 PM

Hi oea,

9.71.0.141 is a RPS version which can work well. My colleageue mason has reply you via email.
Please kindly test and feed back to us.


RE: Autoprovision - config file encryption problem - oea - 12-23-2013 09:18 PM

Dear Support

The RPS service work perfectly. I receive an e-mail from Mason but I already tried the Configuration Encryption tool and can Encrypt the config files. I both upload the cfg and Security.enc files to the same directory but the phone cannot receive the configuration I set. I work properly with the unencrypted config files. So the problem still persist. Please help me about the encryption issue.

Regards

Evren


RE: Autoprovision - config file encryption problem - Yealink Support - 12-24-2013 11:27 AM

Hi oea,
Please test below steps and kindly feed back to me.
Don't forget to enable "auto_provision.aes_key_in_file =1" in the CFG file before upload encryption files.
1. Add/Edit the following parameters in configuration files(not encryption). Then do auto provisioning to all phones.
-----------------------------------
#!version:1.0.0.1
auto_provision.aes_key_in_file =1
auto_provision.update_file_mode =1
-----------------------------------
2. The administrator encrypts y000000000007.cfg and MAC.cfg files and put them to the root
directory of the provisioning server.
3. Reboot the IP phone to trigger auto provisioning process. For more information, refer to Yealink IP Phones Auto Provisioning Guide.


RE: Autoprovision - config file encryption problem - oea - 12-26-2013 11:54 PM

Hi again

I set the parameters you wrote in the unencrypted y000000000007.cfg config file and this file can be uploaded to phone properly. But when I use the "Configuration Encryption Tool" and encrypt the new common and MAC config files, the phone cannot get these configuration information. There's a missing point about this encryption process. Waht kind of information I can get and share with you to solve this?

Regards

Evren


RE: Autoprovision - config file encryption problem - Yealink Support - 01-04-2014 09:48 AM

Hi oea,

Can you test non-RPS version in Yealink website?
http://www.yealink.com/Upload/T2X/20131125/9.71.0.165.zip
If you are on line, please PM me and we want to help you out via teamviwer.


RE: Autoprovision - config file encryption problem - Rus - 03-28-2018 10:07 AM

(12-24-2013 11:27 AM)Yealink Support Wrote:  Hi oea,
Please test below steps and kindly feed back to me.
Don't forget to enable "auto_provision.aes_key_in_file =1" in the CFG file before upload encryption files.
1. Add/Edit the following parameters in configuration files(not encryption). Then do auto provisioning to all phones.
-----------------------------------
#!version:1.0.0.1
auto_provision.aes_key_in_file =1
auto_provision.update_file_mode =1
-----------------------------------
2. The administrator encrypts y000000000007.cfg and MAC.cfg files and put them to the root
directory of the provisioning server.
3. Reboot the IP phone to trigger auto provisioning process. For more information, refer to Yealink IP Phones Auto Provisioning Guide.

Can I please be 100% clear since I cannot find the exact answer anywhere on the forums...

I have a boot file which calls 2 cfg files.

Do I place the auto_provision.aes_key_in_file =1 line in the .boot file or in the cfg files?
If I place the line into the cfg files, do I need to get the phone to load these in unencrypted fashion or should I encrypt the modified files and then get the phone to reload them?


RE: Autoprovision - config file encryption problem - Rus - 04-11-2018 11:03 AM

(03-28-2018 10:07 AM)Rus Wrote:  
(12-24-2013 11:27 AM)Yealink Support Wrote:  Hi oea,
Please test below steps and kindly feed back to me.
Don't forget to enable "auto_provision.aes_key_in_file =1" in the CFG file before upload encryption files.
1. Add/Edit the following parameters in configuration files(not encryption). Then do auto provisioning to all phones.
-----------------------------------
#!version:1.0.0.1
auto_provision.aes_key_in_file =1
auto_provision.update_file_mode =1
-----------------------------------
2. The administrator encrypts y000000000007.cfg and MAC.cfg files and put them to the root
directory of the provisioning server.
3. Reboot the IP phone to trigger auto provisioning process. For more information, refer to Yealink IP Phones Auto Provisioning Guide.

Can I please be 100% clear since I cannot find the exact answer anywhere on the forums...

I have a boot file which calls 2 cfg files.

Do I place the auto_provision.aes_key_in_file =1 line in the .boot file or in the cfg files?
If I place the line into the cfg files, do I need to get the phone to load these in unencrypted fashion or should I encrypt the modified files and then get the phone to reload them?

For anyone who might be interested... I have now resolved this.
I created a file called enc.cfg and amended the url on Yealink RPS Provisioining Server to point to <myprovisioningserver>/enc.cfg
enc.cfg:
#!version:1.0.0.1

static.auto_provision.aes_key_in_file=1
auto_provision.aes_key_in_file=1
static.auto_provision.server.url=<myprosioingserverurl>
static.auto_provision.reboot_force.enable =1

This tells the phone to use encrypted mode and to auto-reboot.

We know that the phones, when they reboot, will look for either a <modelref>.cfg file or <mac>.boot file to boot from.

Since the boot file cannot be encrypted but contains no sensitive information, I get the phone to boot from my <mac>.boot file.

This looks like this:
include:config "<mac>.cfg"
include:config "T23.cfg"
overwrite_mode = 1

static.auto_provision.reboot_force.enable =0

The <mac>.cfg file contains device specific configuration.
The T23.cfg file contains the account setup which is common to all T23 phones.Both of these cfg files are encrypted using the Yealink Auto Encryption tool.

The static.auto..... line tells the phone to stop auto-booting as the configuration is complete.

The encrypted files including their _Security.enc counterparts along with the Aeskey text file, are copied to my provisioning server.

When the phone is factory reset (press and hold the OK button) it first looks at the Yealink RPS service, then looks up the provisioning URL I saved there, and loads the enc.cfg file.

It cycles through loading and rebooting (for around 3 minutes) and then comes to rest with all the config loaded.

Hope this helps someone.