LPE Devices signing out and getting stuck on sign in

If you are seeing a sporadic issue with Polycom LPE ( Lync Phone Edition ) Devices. Where user signs out abruptly and getting stuck on sign in. And could not sign in back unless phone reset is done.

In that case when issue happens try to look at the logs what is the response phone is getting form server side. If Registration is failing with following response.

ms-diagnostics: 4172;reason="No cert found for the user"

It shows that server is not able to find certificate used by client in TLS-DSK method. As now a days users sign in form multiple devices most probably cause is that user reached max number of devices cert could be issued and cert which was issues for phone got deleted as a new device may have requested cert from server for this user.

This issue is limited to Polycom LPE devices as they could do only TLS/DSK based authentication. Other clients type could move to NTLM or Kerberos but that could not happen with LPE devices.

So that's about issue but the solution is fairly simple, it may need to increase Max endpoints per user on server side.

Max value of MaxEndpointPerUser could go to 64. It's usually not recommended to increase this value without any necessity.

/en-us/powershell/module/skype/set-csregistrarconfiguration?view=skype-ps

You could gradually increase this value in chunks instead of straight setting to 64 and see if that reduce frequency of issue or take it away.