Installed Lync 2013 on a Windows 2012R2 server. When I login with an external Lync Client there are no photos of internal users. A validation shows that the thumbnailPhoto attribute has bin populated with images of the correct size.
If the client Connect directly to the frontend server photos are presented correctly.
An examination of the Lync Addressbook shows the addressbook files and also the photo files. The photo files are renamed jpg files exported from Active Directory. The Lync server create these PHOTO files when a client request photos of users. Since these photos are placed in the addressbook folder they are downloaded through https to the Lync Client.
Running netstat on Lync front end did not show any TCP Connection from reverseproxy server !
A network monitor show that connection are reset after half a TLS 1.2 handshake – a strong indication that there is something wrong with ssl/tls. Revalidated all sertificates and also publishing rules on F5 reverseproxy.
Used Bing to find any issues regarding TLS 1.2 and Windows 2012 R2, and yes, someone have hade the same issue. Entered registry keys as below – rebooted and now it works –
To Resolve this issue do the following:
– On the Lync 2013 server open the registry and browse to the following location: HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols
– Create the following Key under Protocol: TLS 1.2
– Create the following two Keys under TLS 1.2: Client and Server
– Create the following DWORDs under both the Client and Server Key: DisabledByDefault and Enabled
– Under both Client and Server set the following: DisabledByDefault=1 and Enabled =0
– Reboot the server.
Entering these keys Disables TLS 1.2 on the server forcing the client and server to communicate over TLS 1.1.
Often we have to troubleshoot routing and firewall rules as seen from a client on a internal client subnets. I use PSEXEC and PORTQRY from Microsoft. This will work if it is a Windows pc and I have permissions to connect to it. Run these commands from a server in the server lan
I try to check if the port is open from the client to server (10.10.10.100) :
Are you looking for a replacement for TMG now that its end is nearing. You could buy a thirdparty reverseproxy from Sophos og some appliance. The simplest solution is probably to install a Windows server 2012(R2) and add ARR module to IIS.