Very common issue when the Skype for Business Edge servers are not replicating. 

To verify the replication just check it with the following command: Get-CsManagementStoreReplicationStatus

If the replication not working, the result will be: False

The topology builder’s ‘Topology’ menu will show also error for the replication:

 

Because these servers should not be joined to the Domain and should be deployed in the Perimeter network (DMZ), the necessary firewall ports could be easily blocked. To verify if the necessary port is open, just do a telnet on the port TCP 4443 from an elevated command prompt:

telnet edge.server.fqdn 4443

You can also check the Replication Web Service via browser (on eg. the Front-End server), typing the following: https://edge.server.fqdn:4443/ReplicationWebService

You should receive the metadata of the WCF service:

If your browser throw a warning for the certificate, than your replication error caused by a TLS issue and you should check your certificates on the Edge server.

If everything is working, than you just have to add the following Registry key to you Edge servers:

HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL

new DWORD (32 bit) value:

  • name = ClientAuthTrustMode  (!!! Some blogs are referring to ClientAuthenticationTrustMode, but it should be in this ‘short form’ !!!)
  • Data = 2

After the registry modification, you should restart the Edge servers and if each services are up and running again, than you can force the replication as well with the following command: Invoke-CsManagementStoreReplication -Force

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>