While in the midst of a Lync Server upgrade to Lync Server 2013 I encountered an issue where incoming calls would fail if Simultaneous Ring was enabled. This seemed particularly odd, since outbound calls were successful, and inbound would work if Sim Ring was off.
Poking through the Lync Server event log, I found a collection of errors, including:
Event ID 32042
Log Name: Lync Server
Source: LS User Services
Date: 10/15/2013 4:02:05 AM
Event ID: 32042
Task Category: (1006)
Level: Error
Keywords: Classic
User: N/A
Computer: LyncFE01.contoso.local
Description:
Invalid incoming HTTPS certificate.
Subject Name: LyncFE01.contoso.local Issuer: Contoso-CA
Cause: This can happen if the HTTPS certificate has expired, or is untrusted. The certificate serial number is attached for reference.
Resolution: Please check the remote server and ensure that the certificate is valid. Also ensure that the full certificate chain of the Issuer is present in the local machine.
And
Event 61045
Log Name: Lync Server
Source: LS MCU Infrastructure
Date: 10/15/2013 4:02:20 AM
Event ID: 61045
Task Category: (1022)
Level: Error
Keywords: Classic
User: N/A
Computer: LyncFE01.contoso.local
Description: The DATAMCU was not able to stay connected to the Front End over the C3P channel (HTTPS Connection).
The Web Conferencing Server failed to send C3P notifications to the focus at https:// LyncFE01.contoso.local:444/LiveServer/Focus.
Cause: The Front End may not be running correctly or may be unreachable over the network (broken HTTPS connection) from the MCU. Unavailability of The C3P channel affects conference controls, and can also prevent users from joining, starting conferences.
Resolution: Verify that the Front End server is running correctly and that network connectivity and an HTTPS Connection can be established between the MCU and the Front End server.
These errors pointed me to: https://docs.microsoft.com/en-US/SkypeForBusiness/troubleshoot/server-configuration/event-32402-61045-front-end
It turns out that Windows Server 2012 R2 handles TLS session caching differently than Windows Server 2012. The workaround is to disable Session Ticket TLS Optimization. Here’s how:
- Open Regedit
- Locate the following registry subkey:
HKLMSystemCurrentControlSetControlSecurityProvidersSchannel
- Add a New DWORD (32-bit) value.
- Name: EnableSessionTicket
- Value: 2
- Exit the registry editor.
- Restart Lync Services from the Lync Server Management Shell.
- Stop-CsWindowService
- Start-CsWindowsService
Shane Skriletz, PEI