Just to be safe you could just run brokerconfig.exe -r again on all clients. Or you could just script the change of the cert BrokerIP=xxx.xx.xxx.xxx (Package Builder IniFile command).
I know this post is abit old, but this is the exact issue we are having now. We used a DNS name for this purpose so that people wouldn't have issues when we changed public IP addresses. So why is this happening?
Can someone provide abit more info on the Package Builder Ini route?