SFB on PCs works great. Problem with mobile Android, iOs.
We have deployed SFB servers in our internal network. 3 Front-end servers. 3 back-end servers. 1 EDGE server in DMZ with proxy. Active directory servers and own CA. Certificates are added. 1 year ago we tryed to deploy EDGE. And we did it, but at that time some users are could sign in from mobile , but some users could not. Tryed to fix that, but could not, so we postponed for later. And now we made enother EDGE. renew topology, added certificate to edge. Users signed in normaly, exept "one user". In a few days internal certificates on internal spool servers are expired. Main certificate, and front-end servers certificates. We renew them using the same attributes, but SAN has 1 record wich is not in old certificate, it has been added automaticaly, and that dns record is exists in DNS pool. And after that some users cannot sign in, who could sign in before. (By the way that "one user" is still cannot sign in). If need more information (log file from client mobile cell, any other information) I will provide all needed information.