Installed Lync 2013 on a Windows 2012R2 server. When I login with an external Lync Client there are no photos of internal users. A validation shows that the thumbnailPhoto attribute has bin populated with images of the correct size.
If the client Connect directly to the frontend server photos are presented correctly.
An examination of the Lync Addressbook shows the addressbook files and also the photo files. The photo files are renamed jpg files exported from Active Directory. The Lync server create these PHOTO files when a client request photos of users. Since these photos are placed in the addressbook folder they are downloaded through https to the Lync Client.
Running netstat on Lync front end did not show any TCP Connection from reverseproxy server !
A network monitor show that connection are reset after half a TLS 1.2 handshake – a strong indication that there is something wrong with ssl/tls. Revalidated all sertificates and also publishing rules on F5 reverseproxy.
Used Bing to find any issues regarding TLS 1.2 and Windows 2012 R2, and yes, someone have hade the same issue. Entered registry keys as below – rebooted and now it works –
To Resolve this issue do the following:
– On the Lync 2013 server open the registry and browse to the following location: HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols
– Create the following Key under Protocol: TLS 1.2
– Create the following two Keys under TLS 1.2: Client and Server
– Create the following DWORDs under both the Client and Server Key: DisabledByDefault and Enabled
– Under both Client and Server set the following: DisabledByDefault=1 and Enabled =0
– Reboot the server.
Entering these keys Disables TLS 1.2 on the server forcing the client and server to communicate over TLS 1.1.
Good Luck,
Matt
