We have a branch site with a Lync 2010 SBA that has been in production for 2 years. We have installed all the latest server and phones updates. We recently had to swap out an Aastra phone for a hardware issue and the new phone would not login with either the USB or PIN.
I found initially that the SRV record was pointing directly to the FE at the main site which I have seen cause issues with the newer phone firmware, so I changed the SRV to point to sip.domain.com and made sure there was a sip A record pointing to the IP of the FE at the main site and that it had SIP in the cert SAN.
At first it appeared to be OK, but then I found that I could only sign in with USB for a user homed on the FE, users homed on the SBA failed. Signing in with the ext and PIN for all users fails with "cannot contact web services".
All other phones at the site that have been logged in are fine. I suspect that if I sign any of them out they will fail as well.
Any ides?