The UPLINX Remote Phone Control Tool retrieves the screenshot from a remote Cisco phone of its web page and displays the screen of the phone within the tool.
In order to obtain a screenshot from the remote phone, the Remote Phone Control Tool needs to send authentication credentials with each command to the phone's internal web server. The phone validates the username and password supplied by forwarding the credentials in an authentication request to an Authentication Server. The Authentication Server is configured either for all phones in the CUCM's Enterprise Parameter or in the phone's configuration on CUCM in the (secure) Authentication URL setting. The Authentication Server can be the Cisco CUCM server, SingleWire InformaCast or similar 3rd party servers that implement this feature.
The effective Authentication URL being used by a Cisco phone can be viewed on the phone's web page, as per the Check Phone Configuration section.
How Authentication works
The phone uses the following Authentication URL settings configured on CUCM using the value from the highest priority URL:
1.Phone: Secure Authentication URL, if the value has been set [highest priority] ( generally, this is empty and not used )
2.Phone: Authentication URL, if the value has been set (in general, this is empty and is not used )
3.Enterprise Parameters: Secure Authentication URL (this is set by default but does not work ) Explanation: By default, the phone authentication URLs are not set, so the Enterprise parameters are used. Please note that since CUCM version 8.6 and the introduction of Security By Default (SBD) there is an 'Enterprise Parameters > Secure Authentication URL' set with https that requires a valid certificate to be applied to the CUCM server and DNS in order for the URL to work from all phones. With a default install, no valid certificate is present and all authentication requests will fail since the phone will be using the https:// setting of the Enterprise Parameters > Secure Authentication URL.
4.Enterprise Parameters: Authentication URL (this is only used if the Secure Authentication URL parameter does not contain a value )
To resolve errors, there are 4 options available:
1.(Recommended) Clear the Enterprise Parameters > Secure Authentication URL (i.e. set it to empty) as per above screenshot and then reboot the phone(s).
2.Change the https prefix held against Enterprise Parameters > Secure Authentication URL to http (without the s for secure) and then set the Port to 8080 (do not use the default of 8443 as this is intended for https only).
3.Apply a Valid certificate to CUCM and ensure to confirm that all phones use the DNS. Certificates require the URL Hostname to match the Hostname of the certificate.
4.Use the Remote Phone Control Tool Built-in authentication. This requires that either the Authentication URL held in the Enterprise Parameters (for all phones) or the Authentication URL within a phone's Authentication URL is set to the Remote Phone Control Tool URL. (Use this if any CUCM Authentication fails).
Note: Changing the Authentication URL requires a phone reboot.
|