Skype Web Components Server Error

Good day all,

Been having a strange issue regarding TLS and Web Components Server Errors since deploying a new single server.

There is currently 2 single servers on the topology and moving a user from one FE server to the other seems to not always work, especially if they are coming via the EDGE server. On most login requests we receive the below errors in the even logs:

{

An unhandled exception was encountered.

Service: WebTicketService, exception details: System.ComponentModel.Win32Exception (0x80004005): The client and server cannot communicate, because they do not possess a common algorithm
at System.Net.SSPIWrapper.AcquireCredentialsHandle(SSPIInterface SecModule, String package, CredentialUse intent, SecureCredential scc)
at System.Net.Security.SecureChannel.AcquireCredentialsHandle(CredentialUse credUsage, SecureCredential& secureCredential)
at System.Net.Security.SecureChannel.AcquireClientCredentials(Byte[]& thumbPrint)
at System.Net.Security.SecureChannel.GenerateToken(Byte[] input, Int32 offset, Int32 count, Byte[]& output)
at System.Net.Security.SecureChannel.NextMessage(Byte[] incoming, Int32 offset, Int32 count)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost)
at Microsoft.Rtc.Internal.WebServicesAuthFramework.RemoteCertificateResolver.ResolveCertificate(HostAddress hostAddress, Int32 port, ICollection`1 allowedNameList)
at Microsoft.Rtc.Internal.WebServicesAuthFramework.WebTicketRemoteSecurityTokenStore.ResolveAndCache(String key, HostAddress hostName, Int32 port, ICollection`1 allowedNameList)
at Microsoft.Rtc.Internal.WebServicesAuthFramework.WebTicketRemoteSecurityTokenStore.GetSigningTokenByIssuer(HostAddress hostAddress, Int32 port, ICollection`1 allowedNameList)
at Microsoft.Rtc.Internal.WebServicesAuthFramework.WebTicketRemoteSecurityTokenStore.EnsureIssuerSecurityToken(HostAddress machineAddress, Int32 port, ICollection`1 allowedNameList)
at Microsoft.Rtc.Internal.WebServicesAuthFramework.WebTicketKeyStore.EnsureIssuerSecurityToken(Uri issuerUri)
at Microsoft.Rtc.Internal.WebTicketService.WebTicketService.BeginIssueToken(Message rstMessage, AsyncCallback callback, Object state)
at AsyncInvokeBeginBeginIssueToken(Object , Object[] , AsyncCallback , Object )
at System.ServiceModel.Dispatcher.AsyncMethodInvoker.InvokeBegin(Object instance, Object[] inputs, AsyncCallback callback, Object state)
at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage11(MessageRpc& rpc)
at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet).
Cause: Application error. Please look through the exception details for more information.
Resolution:
Restart the server. If the problem persists contact product support.}

Restart obviously didnt resolve this issue.

Checking the system logs, I see the following schannel errors:

A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

When I checked the TLS settings on the FE (which is where I get all these errors above) with inetcpl.cpl I see that only TLS 1.2 is ticket.

Looking at the EDGE server, there is no apparent error that is causing this.

We just added the new servers to the SRV and A Record DNS entries, so this shouldnt be an issue.

The EDGE has the below schannel errors:
An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The TLS connection request has failed.

Not sure if this could cause any issues though as the working environment has the same errors as the above.