Despite the aforementioned measures, on September 5th, several thousand customers experienced call failures, leading to the premature suspension of the test. Since the prior test was suspended early, on September 19th (starting 9 AM UTC) Microsoft will perform an additional 24h test where all Microsoft SIP endpoints will be switched over to use the new certificates.
If your Session Border Controllers (SBCs) are not properly configured with the new Certificate Authority (CA) your Direct Routing incoming and outgoing calls will fail.
Action needed: Check your SBC(s) or check with your Direct Routing provider to confirm they have added the relevant certificates to your SBC(s) and tested your SBC(s). The New CA must be added in your SBC configuration and old Baltimore CA must be retained; do not replace the old CA.
New Transport Layer Security (TLS) certificates used by Microsoft SIP interfaces will use a different Root Certificate Authority (CA):
Common Name of the CA: DigiCert Global Root G2 Thumbprint (SHA1): df3c24f9bfd666761b268073fe06d1cc8d4f82a4
The new CA certificate can be downloaded directly from DigiCert titled: DigiCert Global Root G2
Following the test scheduled for September 19th, Microsoft will enforce the CA change requirement starting on October 3, 2023.
More information: What's New Direct Routing - Microsoft Teams | Microsoft Learn