Shawn Harry | McAfee AV Skype for Business bug
548
post-template-default,single,single-post,postid-548,single-format-standard,ajax_fade,page_not_loaded,,qode_grid_1300,qode_popup_menu_push_text_top,qode-content-sidebar-responsive,qode-theme-ver-10.0,wpb-js-composer js-comp-ver-4.12.1,vc_responsive

McAfee AV Skype for Business bug

Symptom: The Front End service would not start due to incorrectly placed certificates in the Trusted Root container. This script https://gallery.technet.microsoft.com/LyncSkype4B-Certificate-81944851 was used to check the certificate containers and two root certificates were found incorrectly placed in the Trusted Root container.

Example output:-

Cert_Store

Resolution: The below registry key was enabled as a temporary workaround:-

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL]

“EventLogging”=dword:00000001

“ClientAuthTrustMode”=dword:00000002

McAfee have acknowledged this as a bug with the product in the following KB.

https://kc.mcafee.com/corporate/index?page=content&id=KB87705

COMODO RSA Code Signing CA
VeriSign Class 3 Code Signing 2010 CA

These certificates should be present only in the Intermediate Certification Authorities store. Removing these certificates from the Trusted Root only temporarily resolves the problem for as long as the bug is present as these certificates will be added incorrectly back into the Trusted Root which will affect Skype for Business connectivity.