Showing posts with label Windows Server 2012 R2. Show all posts
Showing posts with label Windows Server 2012 R2. Show all posts

Thursday, May 18, 2017

WannaCrypt - Missing KB's?

After this weeks WannaCrypt fiasco I found a couple posted scripts for scanning a domain to check if servers had the necessary patches installed to mitigate against the vulnerability. After patching a couple of systems that the scripts said were vulnerable I found that they kept reporting that the patches were missing. Upon reviewing Get-Hotfix and doing a stare and compare at what was showing as having been installed via the "View Update History" I noticed that there were missing KB's.

The output from Get-Hotfix, you can see there are only 6 KB’s that start with KB40…





If I look at the Update History on the server I see there are some missing ones:





After a bit of research I found that this post on TechNet from Mervyn Zhang:

Windows Update and Office update are separated in two catalogs. Get-hotfix which leverage Win32_QuickFixEngineering only lists Windows updates. Starting with Windows Vista, Win32_QuickFixEngineering returns only the updates supplied by Component Based Servicing (CBS). These updates are not listed in the registry. Updates supplied by Microsoft Windows Installer (MSI) or the Windows update site (http://update.microsoft.com) are not returned by Win32_QuickFixEngineering. For your information:  Understanding Component-Based Servicinghttp://blogs.technet.com/askperf/archive/2008/04/23/understanding-component-based-servicing.aspx

 I then devised the following script that searched the Windows Update Agent COM Object for all KB's installed on a system including rollups and CU's. To download the script grab it from TechNet:


https://gallery.technet.microsoft.com/Search-Domain-For-Specific-4b6388e9




Posted by at No comments:
Labels: , , , , ,

Tuesday, May 24, 2016

Conferencing Modalities No Longer Function - MS16-065

Microsoft recently published a KB article related to a security bulletin MS16-065:

Symptoms
After you install the Microsoft .NET Framework Security Update MS16-065 on a Front End or Standard Edition server for Lync Server 2010, Lync Server 2013, or Skype for Business Server 2015, several conferencing modalities no longer function for internal users.

For a complete list of the .NET Framework updates that can cause this problem, see the Microsoft Security Bulletin MS16-065 - Important topic on the Microsoft TechNet website.

The following are known modalities affected by this issue:
·         Whiteboards
·         Uploading PowerPoint Presentations
·         Sharing Notes
·         Polls
·         Q&A

The error messages that users may receive when this problem occurs include the following:
·         We can’t connect to the server for presenting right now.
·         Network issues are keeping you from sharing notes and presenting whiteboards, polls and uploaded Pow…
·         An error occurred during the Skype Meeting.


I ran into this but it was not immediately apparent to which KB's this correlates to so I thought I would list out the ones that will cause this behavior and save someone else some time hunting:

 Server 2008 R2:
KB3142024
KB3142033
KB3142037

 Server 2012:
KB3142025
KB3142032
KB3142035

 Server 2012 R2:
KB3142026
KB3142030
KB3142036

Update:


This also breaks the Lync Web App in Lync Server 2010 which is not documented in the KB at the time of this post. You will also need to add the following reg keys in [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\System.Net.ServicePointManager.SchSendAuxRecord]:

 DWORD Name: C:\Program Files\Microsoft Lync Server 2010\OCSMCU\Web Meeting Conferencing\MeetingMCUSvc.exe
DWORD Value: 0

 DWORD Name: C:\Windows\System32\inetsrv\w3wp.exe
DWORD Value: 0

 Then restart the RTCMEETINGMCU service as well as perform an IISReset.
Posted by at No comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)