I think i know the answer to this one, but i'd just like a quick sanity check before i change anything..

When updating the firmware on our CX600 or CX3000 series phones (common area phones), the device reboots and then comes up with the error "Certificate web service cannot be found. Please contact your support team."  It stops at the "Enter your extension or phone number" screen.  Usually it requires two or three attempts at entering the extension and pin before it logs in.  We've got several dozen of these phones spread out over a large area, so it isn't practical for us to run around and try to re-login every phone after a firmware update.

I ran Test-CsPhoneBootstrap for one of the effected devices.  Here's what i got...

From what i've read, this can be fixed by running the command "set-CsRegistrarConfiguration EnableDHCPServer $true".  My question is; Is it really that simple?  Do i run the risk of breaking anything by enabling this?  We use GoDaddy certs internally, not an internal authority. Not sure if that impacts anything.

Thanks in advance!

You should only run that command if you want to enable the Lync DHCP server. To be honest not many people do as they choose to configure their own DHCP server with the Options that Lync phone edition needs. Have you configured your own DHCP server with these options?

http://technet.microsoft.com/en-us/library/gg425854.aspx

I *think* we did correctly.  But i'd need to double-check.  (I didn't set it up personally.)  BTW, i just ran DHCPUtil -EmulateClient and got this..

I'm assuming "Failure = 1" isn't good.  Is it the "unrelated packet" that's causing the problem?

"Certificate web service cannot be found. Please contact your support team."

This error refers to "Lync certificate service" and "cannot be found" because DHCP does not supply the certificate provisioning URL.

You say that login is successful after multiple attempts and so, we can draw a conclusion that at least one DHCP server was configured properly. If you have more that one DHCP server in the environment, make sure you configure all accordingly, since you cannot be sure which server the device will hit next time.

Also, when you enable Lync server to serve as DHCP for common area phone sign-in purposes, keep in mind it will work only within the broadcast domain i.e. if the server is on 192.168.0.1/24, devices on 192.168.1.1/24 will not work.

.

Drago

Hi,

Please check the following blogs to troubleshoot your issue.

http://www.confusedamused.com/tags/phone/,

http://blog.schertz.name/2012/03/troubleshooting-lync-phone-edition-issues/.

If it is no luck for you, please use Lync Logging Tool to collect more information.

• Marked as answer by Lisa.zhengMicrosoft contingent staff, Moderator Monday, October 08, 2012 2:19 AM
• Unmarked as answer by blinkyjesus Tuesday, October 09, 2012 12:49 PM

Neither of those links helped.  I'm currently working with a Lync engineer to resolve.  Presently we're collecting traces which may or may not get forwarded to microsoft.

I have seen this error before.  When it happens, I just re-run the script to configure DHCP and it fixes it.  Someone the DHCP options get corrupted and have to be reloaded.

Hi John.  We re-ran the script too, working with our Lync engineer.  Didn't resolve it.  We're actually seeing many more errors now;

"Sign-in Error - Account used is not authorized. Please contact your support team."

"Sign-in canceled due to internal error. Please try again."

"An account matching this phone number cannot be found. Please contact your support team."

Eventually they log back in after re-entering the extension and PIN one or two (or three) times.

Hi, did you ever get this resolved? I seem to be having the same kind of issues...

Thanks!

It never got resolved i'm afraid.  We had multiple people from Microsoft working on it over an extended period of time, but they never found an solution.

So, on we go to Lync 2013!

Thanks for letting me know! It tuns out that we had one phone doing the same thing and showing "Sign-in Error - Account used is not authorized. Please contact your support team". We would reset it and would add the account again. It would take forever and then login. Then 20 minutes later the same message again... Turns out we swapped the network cable with another one and problem solved... No idea why it did not like the cable... a computer connected to the same phone worked fine and had network access... go figure... weird... 

I'm going to make a prediction that the new cable is a red herring.  We found that periodically the phones would work well through several reboots; no errors of any kind.  ..But then the errors would come back.  We discovered this annoyance after we had switched network jacks on one of the phones.  It came up without any errors and we thought "it works! weird that it had something to do with the jack."  A few days later the phone was power cycled and the errors came back.  From that point on, anytime we made a change we rebooted the phone at least 10 or 20 times consecutively.  We'd get a few consecutive "clean" boots, but eventually one of those reboots would spawn the errors.

I hope it works for you, but i'd keep my eye on it.

Thanks, my coworker went on site and switch them. He just came back this afternoon. Thanks for the extra details... If it comes back then I guess, like you, we will speed up migration to Lync 2013 indeed...