During your daily Skype for Business Server health-check you might have seen a lot of Event 41026 on your Skype for Business environment and are now searching for a solution.

Full error message as seen in the event log:

Log Name:      Lync Server
Source:        LS Data MCU
Date:          20.06.2017 09:03:34
Event ID:      41026
Task Category: (1018)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      front01.emea.int.contoso
Description:
No connectivity with any of Web Conferencing Edge Servers. External Skype for Business clients cannot use Web Conferencing modality.

Cause: Service may be unavailable or Network connectivity may have been compromised.
Resolution:
Verify all Web Conferencing Edge Services in the topology are running, and network connectivity is available.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="LS Data MCU" />
    <EventID Qualifiers="50170">41026</EventID>
    <Level>2</Level>
    <Task>1018</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2017-06-20T07:03:34.000000000Z" />
    <EventRecordID>999996</EventRecordID>
    <Channel>Lync Server</Channel>
    <Computer>front01.emea.int.contoso</Computer>
    <Security />
  </System>
  <EventData>
  </EventData>
</Event>

You external users also might have reported that they couldn’t use WhiteBoard, Polls, Q&A or present PowerPoint and they got the following error messages:

  • We can’t connect to the server for sharing right now.
  • Network issues are keeping you from sharing notes and presenting whiteboards, polls and uploaded PowerPoint files.

The issue is related to the may .NET Framework Rollup update as the update adds an additional check to the certificate on Enhanced Key Usage (EKU) [more infos can be found here]. Unfortunately all Lync/SfB Server by default use a Web Server template which will only have the Server Authentication in the EKU.

Solution:

Use a proper SSL certificate as mentioned in the Microsoft article.

Workaround 01:

As mentioned in the Microsoft article you can disable this feature (but this would limit the security, so this is only a workaround) via:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319]
"RequireCertificateEKUs"=dword:00000000

After that restart the "Skype for Business Server Web Conferencing" (RTCDATAMCU) service.

 

Update 2017-05-24:

Microsoft discovered that issue (see here and here) and provided the following info'

During your daily Skype for Business Server health-check you might have seen a lot of Event 41026 on your Skype for Business environment and are now searching for a solution.

Full error message as seen in the event log:

Log Name:      Lync Server
Source:        LS Data MCU
Date:          20.06.2017 09:03:34
Event ID:      41026
Task Category: (1018)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      front01.emea.int.contoso
Description:
No connectivity with any of Web Conferencing Edge Servers. External Skype for Business clients cannot use Web Conferencing modality.

Cause: Service may be unavailable or Network connectivity may have been compromised.
Resolution:
Verify all Web Conferencing Edge Services in the topology are running, and network connectivity is available.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="LS Data MCU" />
    <EventID Qualifiers="50170">41026</EventID>
    <Level>2</Level>
    <Task>1018</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2017-06-20T07:03:34.000000000Z" />
    <EventRecordID>999996</EventRecordID>
    <Channel>Lync Server</Channel>
    <Computer>front01.emea.int.contoso</Computer>
    <Security />
  </System>
  <EventData>
  </EventData>
</Event>

You external users also might have reported that they couldn’t use WhiteBoard, Polls, Q&A or present PowerPoint and they got the following error messages:

  • We can’t connect to the server for sharing right now.
  • Network issues are keeping you from sharing notes and presenting whiteboards, polls and uploaded PowerPoint files.

The issue is related to the may .NET Framework Rollup update as the update adds an additional check to the certificate on Enhanced Key Usage (EKU) [more infos can be found here]. Unfortunately all Lync/SfB Server by default use a Web Server template which will only have the Server Authentication in the EKU.

Solution:

Use a proper SSL certificate as mentioned in the Microsoft article.

Workaround 01:

As mentioned in the Microsoft article you can disable this feature (but this would limit the security, so this is only a workaround) via:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\v4.0.30319]
"RequireCertificateEKUs"=dword:00000000

After that restart the "Skype for Business Server Web Conferencing" (RTCDATAMCU) service.

 

Update 2017-05-24:

Microsoft discovered that issue (see here and here) and provided the following info's now to cover the issue:

Workaround 02:

Create a Certificate Template that includes Client Authentication and Server Authentication as an Enhanced Key Usage as mentioned in article 4023993.

 

Workaround 03:

Add a registry entry to exclude the DataMCU process from the new certificate validation process that occurs after you install the .NET Framework update.

Reg ADD HKLM\SOFTWARE\Microsoft\.NETFramework\v4.0.30319\System.Net.ServicePointManager.RequireCertificateEKUs /v “C:\Program Files\Skype for Business Server 2015\Web Conferencing\DataMCUSvc.exe” /t REG_DWORD /d 0 /f

After that restart the "Skype for Business Server Web Conferencing" (RTCDATAMCU) service.

Leave your comments

Post comment as a guest

0

Comments

    • No comments found