This article is a brief update to the process previously documented for Lync Server 2010.
In the event that a trusted public certificate is used this is not an issue, but this is a rare to impossible scenario as discussed in this blog article.
A public Certificate Authority will no longer issue certificates which include names which are not valid FQDNs, so requests containing short hostnames and internal namespace utilizing an invalid Top Level Domain (TLD) like .local will be denied.
Lync Phone Edition will only attempt to retrieve the root certificate from the internal, Active Directory published CA during registration attempts, it was not programmed to perform this same action automatically upon bootup.
So in this case user-intervention is required by attempting to sign-in to the Lync Server.
This little-known behavior is hardcoded into all firmware releases.
The phones are programmed to look for a specific hostname which is not typically included in the Lync topology, but if it is added manually to the environment then phones will be able to update without signing in.The device will then automatically perform a DNS query for the hostname for each domain name which may have been passed via those DHCP options.Typically the certificate issued to the Lync Front End server is from an internal private Certificate Authority, which unfortunately means the device cannot automatically download the update without intervention.This signals the intent to provide a single LPE client for both Lync platforms and not have separate 2010 or 2013 clients with different interfaces.What this all means is that to utilize any Lync Phone Edition devices with Lync Server 2013 the phone firmware may need updated to at least the CU7 release, which is version 4.0.7577.4363 / .4366 / .4372 for different device families.When a Lync Phone Edition device is powered up and receives a successful DHCP lease it will look for the commonly used DHCP Option 15 parameter which provides a single .