(03-28-2018 10:07 AM)Rus Wrote: (12-24-2013 11:27 AM)Yealink Support Wrote: Hi oea,
Please test below steps and kindly feed back to me.
Don't forget to enable "auto_provision.aes_key_in_file =1" in the CFG file before upload encryption files.
1. Add/Edit the following parameters in configuration files(not encryption). Then do auto provisioning to all phones.
-----------------------------------
#!version:1.0.0.1
auto_provision.aes_key_in_file =1
auto_provision.update_file_mode =1
-----------------------------------
2. The administrator encrypts y000000000007.cfg and MAC.cfg files and put them to the root
directory of the provisioning server.
3. Reboot the IP phone to trigger auto provisioning process. For more information, refer to Yealink IP Phones Auto Provisioning Guide.
Can I please be 100% clear since I cannot find the exact answer anywhere on the forums...
I have a boot file which calls 2 cfg files.
Do I place the auto_provision.aes_key_in_file =1 line in the .boot file or in the cfg files?
If I place the line into the cfg files, do I need to get the phone to load these in unencrypted fashion or should I encrypt the modified files and then get the phone to reload them?
For anyone who might be interested... I have now resolved this.
I created a file called enc.cfg and amended the url on Yealink RPS Provisioining Server to point to <myprovisioningserver>/enc.cfg
enc.cfg:
#!version:1.0.0.1
static.auto_provision.aes_key_in_file=1
auto_provision.aes_key_in_file=1
static.auto_provision.server.url=<myprosioingserverurl>
static.auto_provision.reboot_force.enable =1
This tells the phone to use encrypted mode and to auto-reboot.
We know that the phones, when they reboot, will look for either a <modelref>.cfg file or <mac>.boot file to boot from.
Since the boot file cannot be encrypted but contains no sensitive information, I get the phone to boot from my <mac>.boot file.
This looks like this:
include:config "<mac>.cfg"
include:config "T23.cfg"
overwrite_mode = 1
static.auto_provision.reboot_force.enable =0
The <mac>.cfg file contains device specific configuration.
The T23.cfg file contains the account setup which is common to all T23 phones.Both of these cfg files are encrypted using the Yealink Auto Encryption tool.
The static.auto..... line tells the phone to stop auto-booting as the configuration is complete.
The encrypted files including their _Security.enc counterparts along with the Aeskey text file, are copied to my provisioning server.
When the phone is factory reset (press and hold the OK button) it first looks at the Yealink RPS service, then looks up the provisioning URL I saved there, and loads the enc.cfg file.
It cycles through loading and rebooting (for around 3 minutes) and then comes to rest with all the config loaded.
Hope this helps someone.