Lync / Skype for Business – Trouble to search external Skype contacts

NOTE this does not apply if you are full Skype for Business Online

As Microsoft is hardening his platforms, you may (or your end-users) have issue with Lync or Skype for Business on-premises deployment looking up for external contact (aka public federation and/or Skype consumer directories), as shown in the below screenshot.

image_thumb

This is a known issue and easy to fix.

This just means you did not have implemented (or incorrectly implemented) support for TLS 1.2

If you lookup your Lync/Skype for Business front-end server you will probably find an error with the event ID Event ID 62044.

image_thumb[1]

To fix this issue, you need to follow the documentation to enable TLS 1.2 on your Edge servers (https://docs.microsoft.com/en-us/skypeforbusiness/manage/topology/disable-tls-1.0-1.1). As this is a quite long documentation, the most important thing to enable TLS 1.2 support is as below but please read the documentation anyway Smile.

You need to create/update the following registry keys (you can save the below as a REG file), once the registry keys have been updated, restart your Edge server:

Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727] “SchUseStrongCrypto”=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319] “SchUseStrongCrypto”=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727] “SchUseStrongCrypto”=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319] “SchUseStrongCrypto”=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp] “DefaultSecureProtocols”=dword:00000AA0 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp] “DefaultSecureProtocols”=dword:00000AA0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client] “DisabledByDefault”=dword:00000000 “Enabled”=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] “DisabledByDefault”=dword:00000000 “Enabled”=dword:00000001

Benoit Hamet
Benoit Hamet
Benoit is working on Microsoft collaborative technologies He has been awarded as MVP for more than 12 years Currently MVP on Office 365 after being awarded on SharePoint (2011-2012) and Windows client & server (2002-2007) Speaker at various Microsoft events (TechDays, TechNet seminars) and Quest Software He works on on-premises (Active Directory, RADIUS/NPS, Exchange, Skype for Business, SharePoint, SQL, Terminal Server, Windows client and Windows Server) or online (Azure, Intune, Office 365, Exchange Online, SharePoint Online, Skype for Business Online, Teams) technologies