Swyx Phonebook Does Not Longer Work with Older Yealink Phones (T4, CP9x0)

The information in this article applies to the following products:

• Yealink Desktop Phone T41S
• Yealink Desktop Phone T42S
• Yealink Desktop Phone T46S
• Yealink Desktop Phone T48S
• Yealink Conference Phone CP920
• Yealink Conference Phone CP960
• Swyx/SwyxON
• Microsoft Windows Server

Summary

After updating the Microsoft Windows Server operating system of a Swyx installation, the access to the Swyx phonebook does no longer work on certain Yealink phones.

The following describes which Yealink phones are affected and how the usual functionality can be restored.

Information

Why does the Swyx phonebook no longer work on some Yealink T4 desktop / CP 9X0 conference phones after an update of the Windows operating system?

The Swyx platform uses the Windows LDAP service ADLDS to provide the Swyx phonebook for Yealink phones. With one of the latest operating system updates, Microsoft now requires TLS1.2 for its services, which also excludes the use of outdated MD5 -based signature algorithms.

Communication between the phone and LDAP server is secured using one-way TLS. In contrast to an mTLS connection, the client certificate does not really play a role here. Nevertheless, the Yealink phone also sends its client certificate to the LDAP server during the negotiation process. If an algorithm based on MD5 is used here, the LDAP server aborts the connection set-up due to the outdated certificate, although this is not necessary.

As a result, a corresponding telephone no longer has access to the server-side global directory of the Swyx platform.

Which Yealink phones are affected?

All Yealink phones of the T4 series and the conference phones CP 920/960, which were produced before January 1, 2019, are affected.

Unfortunately, these phones cannot be distinguished externally from devices with a more recent production date. A non-functioning Swyx phonebook is a good indication, but certainty can only be obtained by checking the algorithm used.

This is described in detail in a related article: Is a Yealink T4xS or CP9x0 phone suitable for the SwyxON feature RemoteConnector for Yealink?

How can I still use the Swyx phonebook on these phones?

This actually unnecessary behavior of the phone during a one-sided TLS negotiation can be prevented by a corresponding device-side provisioning parameter.

With the introduction of flexible provisioning parameters for Yealink as of Swyx 13.29, these parameters can only be provisioned to the phones that are actually affected.

Instructions for formatting the provisioning file and how it can then be uploaded to the Swyx Control Center can be found in the Swyx Online Help: User-specific configuration of multiple phones.

Formatting the mac.cfg configuration file

At the end of this article you will find a sample provisioning file containing the relevant parameters. You can use this file or, if a specific provisioning file is already used on the server, add the two parameters and the ##--boundary--- comment.

Notes on the ##--boundary--- comment: It is recommended to distribute the parameters at device level, i.e. by specifying the MAC addresses of the phones concerned. However, depending on the number of phones installed, it may also be more efficient to address all T4 models. However, this also affects all newer T4 models connected to the server and is therefore not recommended for operation in mixed environments.

##--boundary---mode:default---models:SIP-T48S,SIP-T46S,SIP-T42S,SIP-T41S,SIP-CP920,SIP-CP960

or

##--boundary---mode:default---devices:MAC805ec07ffff1,MAC805ec07ffff2

Please delete the unwanted ##--boundary--- line from the mac.cfg file or copy the desired lines into an existing file and then upload the file.

After uploading the cfg file, the affected telephones are provisioned immediately and then restarted once. Therefore, if necessary, wait until a quieter business time before uploading the file and/or inform your users beforehand.