Home / server / Questions / 445426
Accepted
TomTom
Asked: 2012-11-05 21:15:02 +0800 CST

Lync & TLS: Event 36874 - how to handle?

  • 772

Setting up a new Lync 2013 install in the Company Network I got everything nearly working except Client Login.

here seems to be a mismatch of capabilities or some Settings in the TLS area - Connection Fails, and I get quite a lot of Schannel Events 36874. EventData is:

<EventData>
  <Data Name="Protocol">TLS 1.2</Data> 
</EventData>

The General text is:

An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

There is no clear documentation how to handle it - it is related to SOME SORT of TLS encryption issues, but Windows does not even like to tell what. There SUPPOSEDLY is a GPO Setting regarding allowed encryptions, but I am not able to find it - maybe a temporary blindness, or it is well hidden.

Own CA, that all works. Servers are fresh installed 2012, and a fresh installed Windows 8 for the Client. The Domain is older (so old Default Settings in a GPO may cause this).

This is quite frustrating. Links to the Event ID on the Internet find mostly People that have the problem, no clear Information how to handle it. Anyone can point me to the right direction?

tls

1 Answers

  1. Best Answer

    I found a solution on

    http://social.technet.microsoft.com/Forums/en-US/lyncprofile/thread/41718327-203f-445f-8657-87b0a8545ead/

    from User Matt. I Quote:

    I have been working with Microsoft for a couple of weeks on this and we have identified a workaround that resolves the issue.

    To be clear on my environment: I am using Windows Server 2012 with Lync Server 2013. The issue was that the Lync 2013 Client could not login to the Lync 2013 Server while the Windows 8 Lync APP and the Lync 2010 client could log in. We were receiving a lot of SChannel error messages (36888 and 36874) in the System log indicating TLS errors 10 and 40 and SChannel errors 1205 and 1203. Basically the Lync 2013 client was unable to negotiate TLS 1.2 with the Lync 2013 Server.

    To Resolve this issue do the following:

    • On the Lync 2013 server open the registry and browse to the following location: HKLM\System\CurrentControlSet\SecurityProviders\SChannel\Protocols

    • Create the following Key under Protocol: TLS 1.2

    • Create the following two Keys under TLS 1.2: Client and Server

    • Create the following DWORDs under both the Client and Server Key: DisabledByDefault and Enabled

    • Under both Client and Server set the following: DisabledByDefault=1 and Enabled =0

    • Reboot the server.

    Entering these keys Disables TLS 1.2 on the server forcing the client and server to communicate over TLS 1.1.

    Good Luck,

    Matt

    This worked for me.

    • 4