Skype for business Event ID 1047 LS File Transfer Agent

During a deployment at a customer site I ran into a problem with SkypeFB Edge replication.

After adding the Edge to the topology, installing the role on the server and proper certificates, replication was failing with Event ID 1046 and Event ID 1047.

The solution was to add the following registry key:

  1. Open Regedit on the Edge server
  2. Go to HKLMSYSTEMCurrentControlSetControlSecurityProvidersSCHANNEL
  3. Right click and add the DWORD (ClientAuthTrustMode)
  4. Set the value of the DWORD to 2
  5. Restart the server
  6. On the front-end run this command and then wait 2 minutes
    invoke-CSManagementStoreReplication

Additionally, when working with Microsoft support they also recommended creating these two additional keys:

SendTrustedIssuerList (Value 0) and EnableSessionTicket (Value 2).

References:

https://lyncdude.com/2015/09/23/skype-for-business-event-id-1047-ls-file-transfer-agent/

and

https://social.technet.microsoft.com/Forums/lync/en-US/19e2d5f0-5d3f-4c2f-a8ea-b0a851bb30ac/file-transfer-agent-cannot-get-replication-status-from-replica-replicator-agent-on-edge-eventid-1047?forum=sfbfr

There is an interesting troubleshooting article with tracing presented here that could also solve the problem if it was caused by a missing intermediate authority.

https://ocsguy.com/2011/09/07/troubleshooting-cms-replication/

And while researching this problem, I came across a very thorough article on this topic that is worth translating into English: http://www.msxfaq.de/signcrypt/win2012tls.htm