File Transfer Agent cannot send replication data to Replica Replicator on Edge

twitterlinkedinmail

Environment:

In the environment we have deployed the follow servers:

Skype for Business Server 2015 Front-End Enterprise Pool

Skype for Business Server 2015 Edge Enterprise Pool

Operating System: Server 2012 R2

Issue:

We have opened all the necessary ports from the FE servers to the Edge servers and we can telnet from the FE Pool servers to the Edge servers on TCP port 4443. When we check the event logs on the FE server we see the below errors:

Front End Server:

Skype for Business Server 2015, File Transfer Agent cannot send replication data to Replica Replicator on Edge

EdgeReplicationError-FE

Skype for Business Server 2015, File Transfer Agent cannot get replication status from Replica Replicator Agent on Edge
Edge machine: Edge01.domain.ca
Exception: System.ServiceModel.Security.MessageSecurityException: The HTTP request was forbidden with client authentication scheme ‘Anonymous’. —> System.Net.WebException: The remote server returned an error: (403) Forbidden.
at System.Net.HttpWebRequest.GetResponse()
at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
— End of inner exception stack trace —
Server stack trace:
at System.ServiceModel.Channels.HttpChannelUtilities.ValidateAuthentication(HttpWebRequest request, HttpWebResponse response, WebException responseException, HttpChannelFactory`1 factory)
at System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory`1 factory, WebException responseException, ChannelBinding channelBinding)
at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Microsoft.Rtc.Xds.Replication.Common.IReplicationWebService.DownloadFiles(String senderFqdn, String sourceDirPath, String tempDirPath)
at Microsoft.Rtc.Xds.Replication.FileTransfer.FileTransferTask.CopyFilesFromReplicaUsingWcf(String fromDir, String tmpDir, String toDir)
Cause: Service may be unavailable or Network connectivity may have been compromised.
Resolution:
Verify that Replica Replicator Agent service is running on the Edge machine, network connectivity is available and TLS is configured correctly. For details, see http://support.microsoft.com/kb/2464556

 

Edge Server

EdgeReplicationError-Edge

Resolution:

I tried adding the SendTrustedIssuerList REG_DWORD , Value 0 registry key into HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL but that did not fix the issue.

EdgeReplicationError-RegKeys

I checked the local computer certificate store on the Edge Server and found that there were Intermediate Certificates in the Trusted Root Certification Authorities Store. I ensured that the Intermediate certificates were in the Intermediate Certification Authorities Store and then deleted them from the Trusted Root Certification Authorities Store then stopped and started the services on the edge server

  • Stop-CSWindowsService
  • Start-CSWindowsService

Then checked the event logs on the FE pool and it started to replicate the data over to the edge server.

twitterlinkedinmail

Leave a Reply

Your email address will not be published. Required fields are marked *

*