Skype for Business – A new diagnostic tool is available for Skype for Business
If you are running Skype for Business (either 2015 or 2019) on-premises you already know that sometime troubleshooting issues is a complicated tasks.
1 min read
NOTE this does not apply if you are full Skype for Business Online
As Microsoft is hardening his platforms, you may (or your end-users) have issue with Lync or Skype for Business on-premises deployment looking up for external contact (aka public federation and/or Skype consumer directories), as shown in the below screenshot.
This is a known issue and easy to fix.
This just means you did not have implemented (or incorrectly implemented) support for TLS 1.2
If you lookup your Lync/Skype for Business front-end server you will probably find an error with the event ID Event ID 62044.
![image_thumb[1]](https://20001872.fs1.hubspotusercontent-na1.net/hubfs/20001872/Imported_Blog_Media/image_thumb1-81.png "image_thumb[1]")
To fix this issue, you need to follow the documentation to enable TLS 1.2 on your Edge servers (https://docs.microsoft.com/en-us/skypeforbusiness/manage/topology/disable-tls-1.0-1.1). As this is a quite long documentation, the most important thing to enable TLS 1.2 support is as below but please read the documentation anyway 
.
You need to create/update the following registry keys (you can save the below as a REG file), once the registry keys have been updated, restart your Edge server:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFrameworkv2.0.50727] “SchUseStrongCrypto”=dword:00000001 [HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFrameworkv4.0.30319] “SchUseStrongCrypto”=dword:00000001 [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoft.NETFrameworkv2.0.50727] “SchUseStrongCrypto”=dword:00000001 [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoft.NETFrameworkv4.0.30319] “SchUseStrongCrypto”=dword:00000001 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsWinHttp] “DefaultSecureProtocols”=dword:00000AA0 [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionInternet SettingsWinHttp] “DefaultSecureProtocols”=dword:00000AA0 [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2] [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Client] “DisabledByDefault”=dword:00000000 “Enabled”=dword:00000001 [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Server] “DisabledByDefault”=dword:00000000 “Enabled”=dword:00000001