Lync client constantly signs in and out

If SCHANNEL is sending a truncated list of trusted root certificate authorities to the Lync client during the TLS/SSL handshake process, this can explain why your Lync clients are randomly signing in and out.

Here’s the chain of events on more detail:

  1. The UC server passes its certificate trust list (CTL) of installed certification authority information to the UC client that requests the secure TLS connection.
  2. The CTL is truncated as per the design limitations of the Windows Server Schannel component.
  3. The UC client that requested the secure TLS connection does not receive certification authority information that matches the entries that are contained in its installed certification authority list.
  4. The TLS connection attempt fails with the error that is described in the “Symptoms” section.

To check this look in your Lync FE servers system event log for the following warning:
—-
EVENT ID: 36885
When asking for client authentication, this server sends a list of trusted certificate authorities to the client. The client uses this list to choose a client certificate that is trusted by the server. Currently, this server trusts so many certificate authorities that the list has grown too long. This list has thus been truncated. The administrator of this machine should review the certificate authorities trusted for client authentication and remove those that do not really need to be trusted.
—-

The easiest way to fix this is to configure SCHANNEL on the Lync FE’s not to send this list:

  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and then click the following registry subkey – KEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNEL
  3. On the Edit menu, point to New, and then click DWORD Value.
  4. Type SendTrustedIssuerList, and then press ENTER to name the registry entry.
  5. Right-click SendTrustedIssuerList, and then click Modify.
  6. In the Value data box, type 0 if that value is not already displayed, and then click OK.
  7. Exit Registry Editor.

You shouldn’t need to reboot the server for this to take effect.

For more information and other options on how to resolve this see Microsoft article –
http://support.microsoft.com/kb/2464556

 

Andrew Morpethhttps://ucgeek.co/author/amorpeth/
Andrew is a Modern Workplace Consultant specialising in Microsoft technologies based in Auckland, New Zealand; Andrew is a Director and Professional Services Manager at Lucidity Cloud Services and a Microsoft MVP.

Related Articles

Azure Virtual Desktop vs Windows 365

Azure Virtual Desktop and Windows 365 are both cloud-based virtual desktop technologies provided by Microsoft. In this article we'll look at some of the key Azure Virtual Desktop vs Windows 365 differences.

Phishing Awareness Training for Office 365

Phishing Awareness Training for Office 365 is available in Microsoft Defender. It can test your user's awareness of this common scamming technique and provide learning tools to help them upskill.

Azure Virtual Desktop & Windows 365 Licencing Requirements

This article details the Microsoft Azure Virtual Desktop and Windows 365 licencing requirements.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Andrew Morpethhttps://ucgeek.co/author/amorpeth/
Andrew is a Modern Workplace Consultant specialising in Microsoft technologies based in Auckland, New Zealand; Andrew is a Director and Professional Services Manager at Lucidity Cloud Services and a Microsoft MVP.

Latest Articles

Azure Virtual Desktop vs Windows 365

Azure Virtual Desktop and Windows 365 are both cloud-based virtual desktop technologies provided by Microsoft. In this article we'll look at some of the key Azure Virtual Desktop vs Windows 365 differences.

Phishing Awareness Training for Office 365

Phishing Awareness Training for Office 365 is available in Microsoft Defender. It can test your user's awareness of this common scamming technique and provide learning tools to help them upskill.

Azure Virtual Desktop & Windows 365 Licencing Requirements

This article details the Microsoft Azure Virtual Desktop and Windows 365 licencing requirements.

Azure Virtual Desktop Review

This Azure Virtual Desktop review reveals a virtual desktop solution ready for the modern workplace. It's modern, fast, and scalable.

Azure Virtual Desktop Classic vs ARM

This article takes you through some of the differences between Azure Virtual Desktop Classic vs ARM, Microsoft's upgrade to AVD.