KB931125 broke Lync CMS replication and conferencing

After applying KB931125 CMS replication and conferencing broke. Apparently that pushed us over the maximum size of the trusted certifcate authorities list that the Schannel security package supports (12,228 bytes).
It was resolved by creating a registry key on all of the Lync servers and restarting IIS (iisreset /restart):
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL]
“SendTrustedIssuerList”=dword:00000000

 

Thanks to Tom and Mike for pointing us in the right direction with their forum posts.

Following are some of the event IDs from a front end’s Lync Server log:

  •  47067 LS UserPin Service
  •  61035 LS MCU Infrastructure
  •  61039 LS MCU Infrastructure
  •  61043 LS MCU Infrastructure

References:
Clients cannot make connections if you require client certificates on a Web site or if you use IAS in Windows Server 2003
http://support.microsoft.com/kb/933430

The Audio-Video Conferencing Server failed to send health notifications to the MCU factory
http://social.technet.microsoft.com/Forums/en-US/ocsconferencing/thread/506821e2-d3fe-42bd-a6dc-daed6c5f0df6

Advertisements

One thought on “KB931125 broke Lync CMS replication and conferencing

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s