No connectivity with any of Web Conferencing Edge Servers when you install May 2017 .NET Framework Update on a Skype/Lync Front End Server

2017-12-08T12:00:21+00:00 June 16th, 2017|Azure, Cloud, Skype|

Had an interesting one recently where we installed the May 2017 Windows updates on our test Skype environment and screen sharing no longer worked.

skype error

When investigating we were seeing the following error in the event logs on our Skype front end server:

Skype .net error

After uninstalling the updates, the issue was resolved.

skype edge issue resolved 2

We raised this with Microsoft who advised that it was a known issue for Lync Server 2010, Lync Server 2013 and Skype for Business Server 2015. The issue is caused by the .NET framework updates which are (depending on the OS of your servers):

Windows Server 2008 R2
KB4014504 (Lync Server 2010 only)
KB4014579 (Lync Server 2010 only)
KB4014514
KB4014599

Windows Server 2012
KB4014513
KB4014597

Windows Server 2012 R2
KB4014512
KB4014595

Windows Server 2016
KB4019472

The reason for this issue is because these .NET framework updates introduce an additional check on the Enhanced Key Usage on certificates. As Lync/Skype server certificates use the Web Server template by default your Internal Edge certificate will only have Server Authentication in it’s EKU.

skype certificate

This issue can be resolved by requesting a new certificate from your CA for your Internal Edge certificate by also including Client Authentication in the certificates EKU.

skype certificate new

You can do this by copying/duplicating the Web Server template in your CA and on the copied template, simply add Client Authentication in addition to Server Authentication. Then request a new certificate using your copied template.

new template for cert

Then simply assign your new certificate in the deployment wizard for the Edge server.

skype wizard

Hope that helps! đŸ™‚