Category Archives: Windows

Lync client will not show contact photos when external.

Installed Lync 2013 on a Windows 2012R2 server. When I login with an external Lync Client there are no photos of internal users. A validation shows that the thumbnailPhoto attribute has bin populated with images of the correct size.

If the client Connect directly to the frontend server photos are presented correctly.

An examination of the Lync Addressbook shows the addressbook files and also the photo files. The photo files are renamed jpg files exported from Active Directory. The Lync server create these PHOTO files when a client request photos of users. Since these photos are placed in the addressbook folder they are downloaded through https to the Lync Client.

Running netstat on Lync front end did not show any TCP Connection from reverseproxy server !

A network monitor show that connection are reset after half a TLS 1.2 handshake – a strong indication that there is something wrong with ssl/tls. Revalidated all sertificates and also publishing rules on F5 reverseproxy.

Used Bing to find any issues regarding TLS 1.2 and Windows 2012 R2, and yes, someone have hade the same issue. Entered registry keys as below – rebooted and now it works –

To Resolve this issue do the following:

– On the Lync 2013 server open the registry and browse to the following location: HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols

– Create the following Key under Protocol: TLS 1.2

– Create the following two Keys under TLS 1.2: Client and Server

– Create the following DWORDs under both the Client and Server Key: DisabledByDefault and Enabled

– Under both Client and Server set the following: DisabledByDefault=1 and Enabled =0

– Reboot the server.

Entering these keys Disables TLS 1.2 on the server forcing the client and server to communicate over TLS 1.1.

Good Luck,


How to test network routing from remote Lync client.

Often we have to troubleshoot routing and firewall rules as seen from a client on a internal client subnets. I use PSEXEC and PORTQRY from Microsoft. This will work if it is a Windows pc and I have permissions to connect to it. Run these commands from a server in the server lan

I try to check if the port is open from the client to server ( :

\\clientpc.domain.local -c portqry.exe
-n -P TCP -e 443

If this fails I will run a tracert from the client to the server IP (

\\clientpc.domain.local tracert -h 8 -d

Replacement for TMG reverse proxy.

Are you looking for a replacement for TMG now that its end is nearing. You could buy a thirdparty reverseproxy from Sophos og some appliance. The simplest solution is probably to install a Windows server 2012(R2) and add ARR module to IIS.

To install this module you would use the
Microsoft Web Platform Installer

All information you will need are at the IIS web site :

“User Profile Service failed the logon”

Got this error when I tried to log on to a Windows 2008R2 server. I have never logged on to this server before, so it was not that my profile could have been deleted.

Solution to this was that there was a file within the default profile that was missing som permissions.

In this senario it was “C:\Users\Default\AppData\Local\Microsoft\Exchange Server\v14\Configuration3648_100.sqm”

Logged on with local administrator account.

Added “users” and “everyone” the Read permissions.

Now I could log on with my own admin account.