PIN Authentication works using the Test-CsPhoneBootstrap cmdlet but fails on Lync devices
Recently I decided to 'play' with my Lync devices by moving them to a dedicated voice VLAN on my network. After doing so, I noticed I was unable to use PIN authentication. I found this extremely odd especially since I had just told a fellow colleague how simple the PIN process was. From the Lync 2010 servers the Test-CsPhoneBootstrap cmdlet was passing with a code of Success making me even more perplexed. Digging a bit deeper into the issue, I noticed that the phones authenticating using a PIN as well as my CX700 phones were taking a significant amount of time at boot while they were acquiring their time.
Comparing my two VLANs nothing stood out until I remembered I did not allow the new VLAN Internet access (why should the phones need to go out to the Internet after all?). Well, as it turns out, they were getting their time service from time.windows.com come even though my Windows domain controllers were configured as NTP servers and their SRV records existed in DNS.
The solution was quite simple and all devices benifited from a faster boot time. Within DHCP there is a standard option, 042 NTP Servers, which I configured with mydomain controllers as the defined values. As soon as I added this option, the phones received their time nearly instantly and PIN authentication worked as expected.