Shulou(Shulou.com)06/02 Report--

Problem description:

After installing Lync 2010 or Lync 2013 or SFB 2015, and updating to the latest patch, you will always encounter the following two log errors:

Constantly generate event 41025 and error 41026

Event ID 41026

Other issues that may arise are that external users cannot use whiteboards, voting, PowerPoint, and the following error messages:

We cannot connect to the server for sharing at this time.

Network problems prevent you from sharing notes and displaying the whiteboard. Please check and upload the PowerPoint file.

Cause analysis:

The current solution is to continue to generate LS data MCU events 41025 and 41026 after installing May 2017. NET Framework

Https://support.microsoft.com/kb/4023993

This issue has nothing to do with the operating system and will affect Lync Server 2010 Lync Server 2013 and Skype for Business Server 2015.

This. NET Framework update adds an additional check for certificates on enhanced key usage EKU, because all Lync SfB servers use Web server templates by default, so they only have server authentication in EKU

Workaround 1: (add registry entries to temporarily disable EKU inspection) add corresponding registry entries according to the following categories

Lync Server 2010reg add HKLM\ SOFTWARE\ Microsoft\ .net Framework\ v2.0.50727\ System.Net.ServicePointManager.RequireCertificateEKUs / v "C:\ Program Files\ Microsoft Lync Server 2010\ Web Conferencing\ DataMCUSvc.exe" / t REG_DWORD / d 0 / f

Lync Server 2013

Reg add HKLM\ SOFTWARE\ Microsoft\ .net Framework\ v4.0.30319\ System.Net.ServicePointManager.RequireCertificateEKUs / v "C:\ Program Files\ Microsoft Lync Server 2013\ Web Conferencing\ DataMCUSvc.exe" / t REG_DWORD / d 0 / f

Skype for Business Server 2015

Reg add HKLM\ SOFTWARE\ Microsoft\ .net Framework\ v4.0.30319\ System.Net.ServicePointManager.RequireCertificateEKUs / v "C:\ Program Files\ Skype for Business Server 2015\ Web Conferencing\ DataMCUSvc.exe" / t REG_DWORD / d 0 / f restart the Skype for Business Server Web conference

The following properties find the DataMCUSvc.exe path location

You can also use PowerShellStop-CsWindowsService-InputObject RTCDATAMCUStart-CsWindowsService-InputObject RTCDATAMCU

Solution 2: (request new Edge internal and front-end pool certificates using client and server authentication)

This solution requires us to request a new certificate on the edge server internal interface and on all front-end servers.

Open the Certification Authority snap-in, right-click Certificate templates, and select manage:

Now, in the Certificate Templates Console window, locate the Web Server template, right-click it, and select Duplicate Template:

In the New template window, select General and add a name:

Note: note the name of the template-WebServerClientandServer. We need to use it to apply for new certificates.

On the extension tab, select Application Policy and edit it:

Add client authentication:

Both types of authentication should exist:

Return to the Certificate Authority snap-in and right-click Certificate template > New > Certificate template to be issued:

Select a new template:

Now that we have a template with client and server authentication, we need to request a new edge server internal certificate using the recently created template.

Request-CsCertificate-New-Type Internal-Template WebServerClientandServer-FriendlyName "Edge Internal with ClientandServer Auth"-Output C:\ UCLobby\ EdgeIntCliSrv.req

Note: we can also use the-PrivateKeyExportable $true switch to allow the private key to be exported.

"in Active Directory Certificate Services, select request Certificate:"

Example: http://ca.gears.lab/certsrv/

Application for Advanced Certificate:

Submit a certificate request using a base-64-encoded CMC or PKCS#10 file, or a renewal request using an base-64-encoded PKCS#7 file.

We need to select a new certificate template and submit:

We download the new certificate and copy it to the edge server and import it:

Import and assign a new certificate on the edge server:

Import-CsCertificate-Path C:\ UCLobby\ EdgeIntCliSrv.cer

Https://technet.microsoft.com/en-us/library/gg398688.aspx

Note: if we specify-PrivateKeyExportable $in the real Request-CsCertificate we also need to add it to the imported csCertificate.

Set-CsCertificate-Type Internal-Thumbprint 335d17df1520a5e30beee96406ffa53e20805342

Https://technet.microsoft.com/en-us/library/gg398518.aspx

Also request a new certificate for the Lync/SFB front-end server with client and server authentication.

After restarting Lync / SfB Edge and front-end services, the problem should be resolved!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.