Friday, December 3, 2010

Tanjay sign-in issue after renewing OCS 2007 R2 certificates

It was that time of the year again when our OCS certificates were to expire and to add to that, our root certificates was expiring as well. My colleague and I went on to renew our root certificate (see this post for more information about renewing the root certificate: http://terenceluk.blogspot.com/2010/08/renewing-subordinate-certificate.html).

What was interesting about this year’s certificate renewal routine was that we noticed that after going through the procedures we had documented, all of our Tanjays were signed out as such:

01122010224

If we were to initiate a sign in, we would see the following loop:

  1. Signing in…
  2. Downloading certificate…
  3. Installing certificate…

… back to the sign in screen.

01122010230

01122010228

01122010227

01122010224

I verified with my colleague that we republished the root CA’s new certificate as shown in the following blog post: http://blogs.technet.com/b/jenstr/archive/2007/11/17/how-to-make-the-root-ca-certificate-available-for-office-communicator-2007-phone-edition.aspx. I also asked if we’ve tried hard resetting the phones to see if that will force the Tanjay to download the new certificate properly and while I was told that we’ve tried it already, I went ahead to do it again.

Once I did a hard reset of my phone, it started to work. My suspicion is that the hard reset my colleague tried was done before we had republished the root certificate. Not that this is a great solution if you had 5000 phones but since I did not have time to further investigate, we just had everyone do a hard reset of their phone to fix the problem.

No comments: