Skype for Business – A new diagnostic tool is available for Skype for Business
If you are running Skype for Business (either 2015 or 2019) on-premises you already know that sometime troubleshooting issues is a complicated tasks.
1 min read
cubesys : Jan 14, 2020 12:00:00 AM
NOTE this does not apply if you are full Skype for Business Online
As Microsoft is hardening his platforms, you may (or your end-users) have issue with Lync or Skype for Business on-premises deployment looking up for external contact (aka public federation and/or Skype consumer directories), as shown in the below screenshot.
This is a known issue and easy to fix.
This just means you did not have implemented (or incorrectly implemented) support for TLS 1.2
If you lookup your Lync/Skype for Business front-end server you will probably find an error with the event ID Event ID 62044.
To fix this issue, you need to follow the documentation to enable TLS 1.2 on your Edge servers (https://docs.microsoft.com/en-us/skypeforbusiness/manage/topology/disable-tls-1.0-1.1). As this is a quite long documentation, the most important thing to enable TLS 1.2 support is as below but please read the documentation anyway .
You need to create/update the following registry keys (you can save the below as a REG file), once the registry keys have been updated, restart your Edge server:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFrameworkv2.0.50727] “SchUseStrongCrypto”=dword:00000001 [HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFrameworkv4.0.30319] “SchUseStrongCrypto”=dword:00000001 [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoft.NETFrameworkv2.0.50727] “SchUseStrongCrypto”=dword:00000001 [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoft.NETFrameworkv4.0.30319] “SchUseStrongCrypto”=dword:00000001 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsWinHttp] “DefaultSecureProtocols”=dword:00000AA0 [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionInternet SettingsWinHttp] “DefaultSecureProtocols”=dword:00000AA0 [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2] [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Client] “DisabledByDefault”=dword:00000000 “Enabled”=dword:00000001 [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Server] “DisabledByDefault”=dword:00000000 “Enabled”=dword:00000001
If you are running Skype for Business (either 2015 or 2019) on-premises you already know that sometime troubleshooting issues is a complicated tasks.
It has been announced some time ago already, Skype for Business Online is being retired on July 31, 2021.
As announced in early November 2020, support for old versions of TLS (TLS 1.0 and TLS 1.1) and ciphers (3DES cipher suite) are going to be deprecated...