Where exactly does this config change needs to be made? in 000000000.cfg? or overrides?
In out inviroment I placed the
in the 000000000.cfg file as the issue appeared accross all phones/ subnets on our network. Idon't know if it is considered bestpractices but I reserve changes to the overide file for phone specfic changes. I've seen in the past people placing simular changes in a location file if a problem is isolated to a single office.
Unfortuantly I was given a lot of this information second hand, as it was the consultant in charge of the Skype demo who was able to contact Polycom support and not myself. So what I say may have been changed though the game of teliphone I got it though. "This line should skip the certificate validation test. We needed this because the root store which the phone comes preinstalled with could not validate the cert our skype servers were providing them."
There was a second workaround which was adding a certificate to the phone using the lines below
<lyncShared> <TLS sec.TLS.profileSelection.SIP="ApplicationProfile1" sec.TLS.customCaCert.1="-----BEGIN CERTIFICATE----- <Enter certificate here> ... <Several lines of certificate later> -----END CERTIFICATE-----"/> </lyncShared>
I was able to create some situations which neither of this solutions worked. However at this time the Proof of Concept work has been haulted, I'll try to update this if I get any more clarification on why I can still get these phones to fail a PIN auth.