Note: Full credit goes to Adam Fowler and Benoit Hamet for finding and posting this solution! I’m just trying to make this easier to find.
So, You may run into an issue with Skype for Business 2015 or Lync 2013 where a user searches for an external Skype for Consumer contact to be presented with an error message
An error occurred during the search. Please try again, and contact your support team if the problem continues.
Or perhaps you have already done some troubleshooting and found Event ID 62044 in your FrontEnd Event log
It’s not you! It looks like the Skype for Consumer team have started hardening their servers to the TLS 1.0 vulnerability.
Lync and Skype4B 2015 edge servers do not support TLS 1.2 for Skype lookups by default. But as recommended in this article on the Skype for Business Tech Community Blog you can enable TLS 1.2 with a few registry tweaks listed in the Disable TLS 1.0/1.1 in Skype for Business Server 2015 article over on Docs.Microsoft
It’s a huge article and as long as you’re keeping everything up to date you can skip most of it.
Just copy the following to a *.reg file and run on your edge servers. Reboot and TLS 1.2 should be enabled
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727]
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319]
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols"=dword:00000AA0
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols"=dword:00000AA0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001