Windows Update December 2012–KB931125 Causes issues with Lync replication

We have had customers experience a problem with replication between the Lync FE’s and the Edge services. You can check status by running this command:


We discovered that a MSFT patch issued in December was the culprit. (Root Certificates Optional Windows Update December 2012 – KB931125). Looks like the patch added over 300 Trusted Root CA’s to the Trusted Root List. Anything over 120 apparently stops the replication service from being successful.


Option 1:  Edit the registry on the Edge server to add a DWord value, SendTrustedIssuerList, to the


key and assign it a value of 0.  This will prevent schannell.dll from truncating the Root CA list from the edge server, and allow validation tests to pass.

Option 2:  Open the Trusted Root CA store on the edge server.  If there are more than 120 certificates, delete unnecessary certificates until there are less than 120 certs in any of the trusted CA stores.

Once we added the registry key and restarted, replication began to work again

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s