Lync Edge server stopped replicating CMS

At some time Lync edge server stopped replicating changes in configuration. Also a “get-csmanagementstorereplicationstatus” show False on Edge server.

Investigation shows that the firewall has not changed and you can telnet from frontend to edge on port 4443.

Alse got the same error in systemlog on edge server :

Description: When asking for client authentication, this server sends a list of trusted certification authorities to the client. The client uses this list to choose a client certificate that is trusted by the server. Currently, this server trusts so many certification authorities that the list has grown too long. This list has thus been truncated. The administrator of this machine should review the certification authorities trusted for client authentication and remove those that do not really need to be trusted. 

The reason for this is the http://support.microsoft.com/kb/931125 update. This resulted in a trusted root ca list of 357 items. Solution is to configure server to not send trusted ca list to client (in this case another server).

Add registry key : (Method 3 : http://support.microsoft.com/kb/2464556🙂
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL

Value name: SendTrustedIssuerList
Value type: REG_DWORD
Value data: 0 (False)

Then I did a “invoke-csmanagementstorereplication” just to verify that replication now occurs.

 

Leave a Reply