NOTE this does not apply if you are full Skype for Business Online
As Microsoft is hardening his platforms, you may (or your end-users) have issue with Lync or Skype for Business on-premises deployment looking up for external contact (aka public federation and/or Skype consumer directories), as shown in the below screenshot.
This is a known issue and easy to fix.
This just means you did not have implemented (or incorrectly implemented) support for TLS 1.2
If you lookup your Lync/Skype for Business front-end server you will probably find an error with the event ID Event ID 62044.
To fix this issue, you need to follow the documentation to enable TLS 1.2 on your Edge servers (https://docs.microsoft.com/en-us/skypeforbusiness/manage/topology/disable-tls-1.0-1.1). As this is a quite long documentation, the most important thing to enable TLS 1.2 support is as below but please read the documentation anyway .
You need to create/update the following registry keys (you can save the below as a REG file), once the registry keys have been updated, restart your Edge server:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFrameworkv2.0.50727] “SchUseStrongCrypto”=dword:00000001 [HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFrameworkv4.0.30319] “SchUseStrongCrypto”=dword:00000001 [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoft.NETFrameworkv2.0.50727] “SchUseStrongCrypto”=dword:00000001 [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoft.NETFrameworkv4.0.30319] “SchUseStrongCrypto”=dword:00000001 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsWinHttp] “DefaultSecureProtocols”=dword:00000AA0 [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionInternet SettingsWinHttp] “DefaultSecureProtocols”=dword:00000AA0 [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2] [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Client] “DisabledByDefault”=dword:00000000 “Enabled”=dword:00000001 [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Server] “DisabledByDefault”=dword:00000000 “Enabled”=dword:00000001