Lync / Skype for Business – Trouble to search external Skype contacts

NOTE this does not apply if you are full Skype for Business Online

As Microsoft is hardening his platforms, you may (or your end-users) have issue with Lync or Skype for Business on-premises deployment looking up for external contact (aka public federation and/or Skype consumer directories), as shown in the below screenshot.

image_thumb

This is a known issue and easy to fix.

This just means you did not have implemented (or incorrectly implemented) support for TLS 1.2

If you lookup your Lync/Skype for Business front-end server you will probably find an error with the event ID Event ID 62044.

image_thumb[1]

To fix this issue, you need to follow the documentation to enable TLS 1.2 on your Edge servers (https://docs.microsoft.com/en-us/skypeforbusiness/manage/topology/disable-tls-1.0-1.1). As this is a quite long documentation, the most important thing to enable TLS 1.2 support is as below but please read the documentation anyway Smile.

You need to create/update the following registry keys (you can save the below as a REG file), once the registry keys have been updated, restart your Edge server:

Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFrameworkv2.0.50727] “SchUseStrongCrypto”=dword:00000001 [HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFrameworkv4.0.30319] “SchUseStrongCrypto”=dword:00000001 [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoft.NETFrameworkv2.0.50727] “SchUseStrongCrypto”=dword:00000001 [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoft.NETFrameworkv4.0.30319] “SchUseStrongCrypto”=dword:00000001 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsWinHttp] “DefaultSecureProtocols”=dword:00000AA0 [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionInternet SettingsWinHttp] “DefaultSecureProtocols”=dword:00000AA0 [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2] [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Client] “DisabledByDefault”=dword:00000000 “Enabled”=dword:00000001 [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2Server] “DisabledByDefault”=dword:00000000 “Enabled”=dword:00000001