Skip to main content

Lync Server 2013 on Windows Server 2012 R2

By March 5, 2014November 13th, 2020Blog, Hot Technology Topics, Lync Server 2013

While in the midst of a Lync Server upgrade to Lync Server 2013 I encountered an issue where incoming calls would fail if Simultaneous Ring was enabled. This seemed particularly odd, since outbound calls were successful, and inbound would work if Sim Ring was off.

Poking through the Lync Server event log, I found a collection of errors, including:

Event ID 32042

Log Name: Lync Server

Source: LS User Services

Date: 10/15/2013 4:02:05 AM

Event ID: 32042

Task Category: (1006)

Level: Error

Keywords: Classic

User: N/A

Computer: LyncFE01.contoso.local

Description:

Invalid incoming HTTPS certificate.

Subject Name: LyncFE01.contoso.local Issuer: Contoso-CA

Cause: This can happen if the HTTPS certificate has expired, or is untrusted. The certificate serial number is attached for reference.

Resolution: Please check the remote server and ensure that the certificate is valid. Also ensure that the full certificate chain of the Issuer is present in the local machine.

And

Event 61045

Log Name: Lync Server

Source: LS MCU Infrastructure

Date: 10/15/2013 4:02:20 AM

Event ID: 61045

Task Category: (1022)

Level: Error

Keywords: Classic

User: N/A

Computer: LyncFE01.contoso.local

Description: The DATAMCU was not able to stay connected to the Front End over the C3P channel (HTTPS Connection).

The Web Conferencing Server failed to send C3P notifications to the focus at https:// LyncFE01.contoso.local:444/LiveServer/Focus.

Cause: The Front End may not be running correctly or may be unreachable over the network (broken HTTPS connection) from the MCU. Unavailability of The C3P channel affects conference controls, and can also prevent users from joining, starting conferences.

Resolution: Verify that the Front End server is running correctly and that network connectivity and an HTTPS Connection can be established between the MCU and the Front End server.

These errors pointed me to: https://support.microsoft.com/kb/2901554/en-us

It turns out that Windows Server 2012 R2 handles TLS session caching differently than Windows Server 2012. The workaround is to disable Session Ticket TLS Optimization. Here’s how:

  1. Open Regedit
  2. Locate the following registry subkey:

HKLMSystemCurrentControlSetControlSecurityProvidersSchannel

  1. Add a New DWORD (32-bit) value.
  2. Name: EnableSessionTicket
  3. Value: 2
    1. Exit the registry editor.
    2. Restart Lync Services from the Lync Server Management Shell.
    3. Stop-CsWindowService
    4. Start-CsWindowsService

Shane Skriletz, PEI

Leave a Reply