Stephanie News, Dell USB Drivers, Android Devices, Charging, Apple, Nokia Flash File, Samsung Galaxy

Jumat, 06 Desember 2013

SChannel Errors on Lync Server Preventing Client Logon

SChannel Errors on Lync Server Preventing Client Logon - with the rapid development of today's technology we must enrich our knowledge of gadgets, because every day there are many new gadgets that are made with advantages, in blogs Stephanie News we will meriview many gadgets from various brands ranging from the specification and its price .. Now we will discuss first about SChannel Errors on Lync Server Preventing Client Logon please see our explanation to finish:

Articles : SChannel Errors on Lync Server Preventing Client Logon
full Link : SChannel Errors on Lync Server Preventing Client Logon

You can also see our article on:


SChannel Errors on Lync Server Preventing Client Logon

I was at a client setting up a brand-spanking new Lync 2013 deployment on Windows 2012.  I was setting up two pools in two datacenters. The server deployment went without a hitch and we got everything up and running in no time flat. However, we could not sign on with a Lync 2013 client to either pool.  The client just complained it couldn't log on. 

Looking at the server event logs, we saw numerous SChannel errors as below:
Event ID: 36874 - TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
Event ID: 36888 - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 1205.
Looking around for solutions on the web, I came across these two apparent gems:
http://social.technet.microsoft.com/Forums/lync/en-US/41718327-203f-445f-8657-87b0a8545ead/lync-2013-client-signin-issue-with-lync-2013-server?forum=lyncprofile (Look towards the bottom for the answer)
and
http://www.logicspot.net/index.php?id=50

If you don't feel like reading the aforementioned links, the answer was to use Regedit to disable TLS 1.2 on the Lync front-ends. This was the solution provided by MS Support. Sure enough, doing that fixed the problem, but as noted in the links above, this broke Windows Update.  To get Windows Update to work, you would have to remove the registry entry, restart the server, run Windows Update, re-add the registry entry and reboot the server once more.

Since this was a brand-new Lync deployment on brand new Windows 2012 servers, I had a hard time believing this was the only fix for the problem. Since the problem was affecting two independent pools, I figured there must be some common feature shared between them causing the issue. After much flailing about, I turned my attention to the recently installed Windows Certificate Authority installation. Another consultant had installed a CA for the company in preparation for Lync.

Comparing against known good installations, we noticed the signature hash algorithm used for the root certificate was SHA512, but other working deployments used SHA256 or lower. We reissued the root certificate using SHA256, and installed new certificates on the Lync front-ends using this hash algorithm. After a server restart, clients were able to log on successfully, and the SChannel errors went away.

I'm not a cryptography expert, so I'm not exactly sure why SHA512 caused issues with TLS 1.2. Poking around the Internet gave me the impression that SHA512 and TLS 1.2 just don't work together (but damned if I can find where I saw that again).

Regardless, this just goes to show that even if a workaround provided by Microsoft themselves might solve an issue, it doesn't necessarily mean its the right way to do it.



we feel the information SChannel Errors on Lync Server Preventing Client Logon that's all.

hopefully the information SChannel Errors on Lync Server Preventing Client Logon that we have conveyed can provide benefits for you and all visitors of this blog, if any criticism and suggestions please comment.

you just read SChannel Errors on Lync Server Preventing Client Logon if this article is considered useful and you want to bookmark and share it please use the link https://stephaniefulke.blogspot.com/2013/12/schannel-errors-on-lync-server.html and what if you want other information look for another page in this blog.

Tag :
Share on Facebook
Share on Twitter
Share on Google+
Tags :

Related : SChannel Errors on Lync Server Preventing Client Logon

1 komentar:


  1. pug puppies for sale,pug puppies for sale near me
    teacup pugs for sale,teacup pugs,teacup pug puppies for sale,teacup pug for sale near me,pug for sale near me,pug puppies for sale under,teacup pugs,pug puppies near me,teacup pugs,teacup pug puppies for sale,pug puppy for sale,mini pug,baby pugs for sale,pug breeders near me,pugs puppies for sale,black pug puppies for sale,miniature pug,pug puppies,pugs for sale near me,pugs for sale near me,pugs puppies,teacup pug puppies for sale,pugs for sale,baby pugs for sale
    Pug pupies for sale
    pug puppies for sale near me
    pug puppy for sale near me
    teacup puppies for sale near me
    Pug puppies for sale
    pugs for sale
    french bulldog puppies for sale
    French Bulldog Puppy for sale near me

    BalasHapus