During a deployment at a customer site I ran into a problem with SkypeFB Edge replication.
After adding the Edge to the topology, installing the role on the server and proper certificates, replication was failing with Event ID 1046 and Event ID 1047.
The solution was to add the following registry key:
- Open Regedit on the Edge server
- Go to HKLMSYSTEMCurrentControlSetControlSecurityProvidersSCHANNEL
- Right click and add the DWORD (ClientAuthTrustMode)
- Set the value of the DWORD to 2
- Restart the server
- On the front-end run this command and then wait 2 minutes
Additionally, when working with Microsoft support they also recommended creating these two additional keys:
SendTrustedIssuerList (Value 0) and EnableSessionTicket (Value 2).
There is an interesting troubleshooting article with tracing presented here that could also solve the problem if it was caused by a missing intermediate authority.
And while researching this problem, I came across a very thorough article on this topic that is worth translating into English: http://www.msxfaq.de/signcrypt/win2012tls.htm