Skip Ribbon Commands
Skip to main content

Xadean's Empirical Musing


Quick Launch

Xadean's Empirical Musing > Posts > CMS Replication (XDS) Not Working Between Front End & Edge Servers After Disabling Weak Protocols & Ciphers
February 27
CMS Replication (XDS) Not Working Between Front End & Edge Servers After Disabling Weak Protocols & Ciphers

Microsoft Case #: 13231981

Created on: Thursday, February 21, 2019

Support request number: 119022124001575

Product: Skype for Business Server 2015 (on-premises)

Issue: CMS Replication (XDS) Not Working Between Front End & Edge Servers After Disabling Weak Protocols & Ciphers

Description: Output of "Get-CsManagementReplicationStatus" shows false in UpToDate field for all Edge Servers in the on-premises deployment following execution of "Invoke-CsManagementStoreReplication" PS cmdlets. LastUpdateCreation shows a date in July 2018 of last year. Skype for Business (SFB) Control Panel showing red X next to Edge Servers in Topology. After capturing a debug trace of the replication process with CLSLogger tool, observed the following error message:

TL_WARN(TF_COMPONENT) [FEPoolNAME\FEServerNAME]1E14.0AA8::02/15/2019-19:29:20.931.00002004 (XDS_File_Transfer_Agent,FileTransferTask.CopyFilesFromReplicaUsingWcf:filetransfertask.cs(755)) (0000000002FFC0E0)[FileTransferTask(6, 2/15/2019 11:26:49 AM): {TASK_NOT_STARTED, fromReplica, [FEServerNAME.fqdn, HttpsWebService, 4443], 0}] Failed to copy files from replica. Exception: [System.ServiceModel.CommunicationException: An error occurred while making the HTTP request to https:// FEServerNAME.fqdn:4443/ReplicationWebService. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host

Also noticed the following error messaging after executing "Get-CsPoolFabricState -PoolFQDN FEPoolName.FQDN" PS cmdlet:

PS C:\Users\xahmasi> Get-CsPoolFabricState -PoolFqdn FEPoolName.FQDN

Get-CsPoolFabricState : An error occurred while receiving the HTTP response to

https:// FEServerName.FQDN /LiveServer/UserPinManagement/FabricManagement/. This could be due to the service endpoint

binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server

(possibly due to the service shutting down). See server logs for more details.

At line:1 char:1

+ Get-CsPoolFabricState -PoolFqdn FEPoolName.FQDN

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+ CategoryInfo : InvalidOperation: (:) [Get-CsPoolFabricState], CommunicationException

+ FullyQualifiedErrorId : Error getting fabric state. For details, see inner exception.,Microsoft.Rtc.Management.H


Root Cause: The Windows Communications Framework (WCF) does not by default use TLS 1.1 or 1.2.  Instead, it uses TLS 1.0 and RC4 ciphers (specifically TLS_RSA_WITH_RC4_128_SHA).  These weak protocols (i.e. SSL 2.0/3.0 and TLS 1.0) and ciphers (i.e. RC2, RC4, DES, and 3DES) had been disabled due to governance compliance.

Resolution: In order to fix, under following keys for all the version key listed like V1.0, V2.0.50727,v3,v4.0.30319, create key "SchUseStrongCrypto" (type DWORD, value 1):



After adding this key to and rebooting all Edge / Front End Servers and executing invoke-CsManagementReplicationStatus, the UpToDate status on all Edge / Front End Servers is showing True and there is a green check next to all Edge  / Front End Servers in the Skype for Business Control Panel under Topology.






Re: CMS Replication (XDS) Not Working Between Front End & Edge Servers After Disabling Weak Protocols & Ciphers

Thanks -- spent hours googling for a replication issue and this was the answer. Not found anywhere else!
 on 3/21/2020 8:11 PM

Applied same security hardening for Edge servers only

Applied same security for Edge servers only - Do we need to still apply the reg key fix for front end server or only my Edge servers where security has been hardened.
 on 10/10/2020 12:31 PM

Yeezy Slides Yeezy Official Website Yeezy Shoes Yeezy Supply Yeezy Shoes Yeezy Shoes Adidas Yeezy Yeezy Slides Adidas Yeezy Yeezy 350 Yeezy Official Website Yeezy Official Website Louis Vuitton Louis Vuitton Outlet Louis Vuitton Louis Vuitton Outlet Louis Vuitton Louis Vuitton Outlet Louis Vuitton Louis Vuitton Outlet Yeezy Shoes Yeezy Supply Yeezy Slides Yeezy Supply Yeezy 350 Yeezy Shoes Yeezy Slides Adidas Yeezy Yeezy Adidas Yeezy Supply Adidas Yeezy Yeezy 2024 Yeezy Supply Yeezy Supply Yeezy Slides Yeezy 350 Yeezy Official Yeezy Shoes Yeezy Official Yeezy Supply Yeezy Shoes Yeezy 350 Yeezy Slides Yeezy Supply Yeezy Official Yeezy Slides Yeezy Official Yeezy 350 Yeezy Official Website Yeezy Official Website Yeezy Shoes Yeezy Official Website Yeezy Supply Yeezy 350 Yeezy Shoes Adidas Yeezy Yeezy Slides Adidas Yeezy Yeezy Slides Omega Watches Moncler Outlet  ルイヴィトン vuitton iphone15 proケース

Tags:Yeezy Shoes,Yeezy,Yeezy Supply,Adidas Yeezy,Yeezy Slides
 on 6/12/2024 11:05 AM

yeezy Yeezy Slides Yeezy 350 Yeezy Official Site Yeezy Supply Yeezy Slides Official Website Yeezy 350 Yeezy Foam Runner Yeezy Slides Yeezy Shoes Yeezy Supply Yeezy Foam Runner Yeezy Shoes Yeezy Supply Yeezy Slides Yeezy Slides Yeezy Yeezy Slides Website Yeezy Yeezy Shoes Yeezy Yeezy Slides Yeezy Shoes For Women Yeezy yeezy 500 Yeezy Slides 2022 Yeezy Outlet Yeezy Supply Website Yeezy Store Yeezy Supply Yeezy Slides Price Adidas Yeezy Official Website
 on 6/16/2024 11:03 PM

Add Comment


Body *