At Catapult, we have had customers experience a problem with replication between the Lync FE’s and the Edge services. You can check status by running this command:
We discovered that a MSFT patch issued in December was the culprit. (Root Certificates Optional Windows Update December 2012 – KB931125). Looks like the patch added over 300 Trusted Root CA’s to the Trusted Root List. Anything over 120 apparently stops the replication service from being successful.
Option 1: Edit the registry on the Edge server to add a DWord value, SendTrustedIssuerList, to the
key and assign it a value of 0. This will prevent schannell.dll from truncating the Root CA list from the edge server, and allow validation tests to pass.
Option 2: Open the Trusted Root CA store on the edge server. If there are more than 120 certificates, delete unnecessary certificates until there are less than 120 certs in any of the trusted CA stores.
Once we added the registry key and restarted, replication began to work again