I spent quite a bit of time troubleshooting the interaction of Tanjay to Exchange CAS server recently only to find out from Jens that wildcard certificates are not supported.
So, for those of you out there who have a wildcard certificate (*.domain.com) on your CAS server, you must re-issue it before implementing OCS/UM with Tanjay phones.
I typically use the following command when creating the request:
New-ExchangeCertificate -DomainName mail.domain.com, autodiscover.domain.com, mbxserver1.domain.local -FriendlyName Exchange_CAS_SAN_Cert -GenerateRequest:$True -Keysize 1024 -path c:\exch-san.req -privatekeyExportable:$true
Having the "autodiscover" name in the SAN is also required for the Tanjay phone to connect to the CAS server. Don't forget to create an "A" record as well for these names.