When a CA certificate is renewed, is there a process to push that out to Lync phones that have already been deployed?
I assumed that it would have been pushed down to the phones at some point by my testing suggests that Lync Phone edition only grabs the CA certificate from the cert provisioning service during the initial account setup.
So my scenario is this:
- Deployed Lync (including Lync Phone devices)
- Renewed internal CA certificate due to pending expiration
- Requested and assigned Lync server certificates using the new CA certificate
- Lync Phone devices fail to sign in and the only option on the phone is to cancel or sign-in (which fails)
- Rebooting the phone results in the same behavior
If I reset the phone while holding *# and sign in from a clean slate, I see the dialog on the phone that it's downloading the certificate and then it signs in successfully.
Surely I'm missing something. I can't believe my only option would be to do a reset on all the deployed phones in order to get them signed back into Lync after a certificate update.