Lync / Skype for Business – Trouble to search external Skype contacts

NOTE this does not apply if you are full Skype for Business Online

As Microsoft is hardening his platforms, you may (or your end-users) have issue with Lync or Skype for Business on-premises deployment looking up for external contact (aka public federation and/or Skype consumer directories), as shown in the below screenshot.

image

This is a known issue and easy to fix.

This just means you did not have implemented (or incorrectly implemented) support for TLS 1.2

If you lookup your Lync/Skype for Business front-end server you will probably find an error with the event ID Event ID 62044.

image

To fix this issue, you need to follow the documentation to enable TLS 1.2 on your Edge servers (https://docs.microsoft.com/en-us/skypeforbusiness/manage/topology/disable-tls-1.0-1.1). As this is a quite long documentation, the most important thing to enable TLS 1.2 support is as below but please read the documentation anyway Smile.

You need to create/update the following registry keys (you can save the below as a REG file), once the registry keys have been updated, restart your Edge server:

Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727] “SchUseStrongCrypto”=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] “SchUseStrongCrypto”=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727] “SchUseStrongCrypto”=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319] “SchUseStrongCrypto”=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp] “DefaultSecureProtocols”=dword:00000AA0 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp] “DefaultSecureProtocols”=dword:00000AA0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client] “DisabledByDefault”=dword:00000000 “Enabled”=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] “DisabledByDefault”=dword:00000000 “Enabled”=dword:00000001

Leave a Comment

Your email address will not be published.