- The remote federated client is located on the America Online (AOL) network
- The Lync Server Access Edge service is hosted on the Windows Server 2008 operating system
For more information about Windows Server 2008 and its implementation of AES, review the following Microsoft TechNet documentation:
TLS/SSL Cryptographic Enhancements
Note The workaround that is listed here is to address just the issue that is described in the Symptoms and Cause sections. Other connectivity issues with the AOL PIC can display symptoms that resemble the one this KB article contains.
Follow these steps to configure the Windows Server 2008 server that is hosting the Lync Server Edge Server Access Edge service to prioritize the use of the TLS_RSA_WITH_RC4_128_MD5 cypher suite by using the server computer's local Group Policy. These steps will make sure that the correct cypher suite is used for TLS connections with remote AOL PIC provider's access edge service.
From the console of the Windows Server 2008 server that is hosting the Lync Server Edge Server Access Edge service:
- Click Start.
- Type gpedit.msc into the Search window.
- Right-click the gpedit icon in the Search details pane, and then select Run as administrator, to open an instance of the Local Group Policy Editor with local administrative permissions.
- Expand the Computer Configuration node that is listed under the Local Computer Policy.
- Expand the Administrative Templates node, and then expand the Network node.
- Locate and select the SSL Configuration Settings node.
- Right-click the SSL Cypher Suite Order policy in the details pane of the Local Group Policy Editor, and then chose Edit from the pop-up menu.
- Select the Enabled option on the SSL Cipher Suite Order dialog box.
- In the window that is labeled SSL Cypher Suites:, right-click, and then select Select all from the pop-up menu.
- Right-click the selected text in the SSL Cypher Suites: window, and then select copy from the pop-up menu.
- Paste the list of SSL cypher suites into an open text document. For example, the notepad.exe Text Editor
Note The SSL cypher suite information is in a comma delimited format. Each cypher suite entry will end with a comma (,) to the right side of it. You must make sure that the SSL cypher suite list remains in a strict comma delimited format.
- Locate the TLS_RSA_WITH_RC4_128_MD5 entry within the text document and use the cut and paste features of the Text Editor to move the TLS_RSA_WITH_RC4_128_MD5 entry to the beginning of the SSL cypher suites list. Make sure that the TLS_RSA_WITH_RC4_128_MD5 entry is followed with a comma, and that any additional commas are removed from the list.
Note If the TLS_RSA_WITH_RC4_128_MD5 cypher suite is listed within the first five cypher suite(s) descriptors in the list then this is not the cause of your TLS connectivity issue with the AOL PIC.
- Use the Text Editor to select the edited SSL cypher suite list, and then copy it to the Windows clipboard.
- Paste the contents of the Windows clipboard (the edited SSL cypher suite list) completely over the existing information that is in the SSL Cypher Suites: window. This replaces the pre-existing SSL cypher suite information by using the updated SSL cypher suite list that will begin with TLS_RSA_WITH_RC4_128_MD5.
- Make sure that the Enabled option is selected for the SSL Cypher Suite policy, and then click the OK button.
- This policy update requires a restart of the Windows Server 2008 server that is hosting the Lync Server Edge Server Access Edge service.
Set up certificates for the external edge interface for Lync Server 2013
For more information about how Windows Server 2012 manages SSL and TLS cypher suite negotiation, review the Microsoft TechNet documentation listed here:
What's New in TLS/SSL (Schannel SSP) in Windows Server and Windows
For more information about how Windows Server computers and Windows client computers manage SSL and TLS cypher suites, review the Microsoft TechNet documentation listed here:
245030 How to restrict the use of certain cryptographic algorithms and protocols in Schannel.dll
ID članka: 2991537 - Poslednji pregled: 13.08.2014. - Verzija: 1