18 Mar McAfee AV Skype for Business bug
Symptom: The Front End service would not start due to incorrectly placed certificates in the Trusted Root container. This script https://gallery.technet.microsoft.com/LyncSkype4B-Certificate-81944851 was used to check the certificate containers and two root certificates were found incorrectly placed in the Trusted Root container.
Example output:-
Resolution: The below registry key was enabled as a temporary workaround:-
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL]
“EventLogging”=dword:00000001
“ClientAuthTrustMode”=dword:00000002
McAfee have acknowledged this as a bug with the product in the following KB.
https://kc.mcafee.com/corporate/index?page=content&id=KB87705
COMODO RSA Code Signing CA
VeriSign Class 3 Code Signing 2010 CA
These certificates should be present only in the Intermediate Certification Authorities store. Removing these certificates from the Trusted Root only temporarily resolves the problem for as long as the bug is present as these certificates will be added incorrectly back into the Trusted Root which will affect Skype for Business connectivity.