Wednesday, 10 September 2014

Vulnerabilities in Microsoft Lync Server Could Allow Denial of Service


Executive Summary
This security update resolves three privately reported vulnerabilities in Microsoft Lync Server. The most severe of these vulnerabilities could allow denial of service if an attacker sends a specially crafted request to a Lync server.
This security update is rated Important for all supported editions of Microsoft Lync Server 2010 and Microsoft Lync Server 2013. For more information, see the Affected and Non-Affected Software section.
The security update addresses the vulnerabilities by correcting the way Lync Server sanitizes user input and by correcting the way Lync Server handles exceptions and null dereferences. For more information about these vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability later in this bulletin.


Patch for Lync 2013 and Lync 2010

Friday, 13 June 2014

Lync Presence stuck on Updating...

I've recently came up with an issue where some users on a contact list would show up as stuck on "Updating..." and others would show the presence fine. It was a pool with 3x FEs and it was easy to pinpoint it was something probably related to one of the FEs.

Looking at the Event Viewer I found several errors from "LS User Services" Event ID 32042 and 30988. Event ID 32042 was complaining about not trusting the other FEs certificate, which was very odd has nothing had changed in a long time.

I had a look at the problematic FE Certificates store and found a non self-signed certificate in the Trusted Root Certification Authorities which is a problem for the Windows Server 2012 OS as per following article.

All I had to do was to remove that certificate from the container, reboot the server and things went back to normal.

From what I can gather the certificate had been in that store for quite a while but the issue only manifested itself after the server rebooted.

Now all I have to do is to find whoever stuck the certificate in that store... and beat him with a stick :)




Saturday, 3 May 2014

Move CMS

Not exactly new but I guess it's the first time I'm moving CMS without being a Domain Admin.

Technet article will tell you only need RTCUniversalServerAdmins but that's wrong. If you are not a Domain Admin you will get this error, one for each server in the pool you are moving your CMS into:

Warning: Failed to create new instance of "Server FQDN" at "LS CentralMgmt Service".

And you won't be able to Enable-CsTopology.

Re-run Enable-CsTopology with a Domain Admin account to create the instances needed. After that you will need to start the Lync Server Master Replicator Agent. In my case when I did that, I got a error in my FE saying it couldn't access the CMSFileStore file share but after stopping all the services and bringing them back the issue was gone.

Friday, 11 April 2014

Cumulative update package for Lync 2013: April 2014

Download:
Update for Microsoft Lync 2013 (KB2880474) 64-Bit Edition

Update for Microsoft Lync 2013 (KB2880474) 32-Bit Edition


Issues that the update fixes

This cumulative update resolves the following issues:
  • 2941631 Cannot drag a distribution group to change position in your contact list in Lync 2013
  • 2941639 Call forwarding to the Response Group fails in Lync 2013
  • 2941640 Desktop sharing session stops in Lync 2013 when all screen data is updated
  • 2941643 Caller cannot close the window of a transferred call in Lync 2013
  • 2941654 Update sorts and searches contacts by Furigana in Lync 2013
  • 2941658 CTRL+TAB does not work when you switch between conversation windows in Lync 2013
  • 2941682 Instant message appears using incorrect text format when the DisableRTFIM setting is enabled in Lync 2013
  • 2941659 Callee's name and detailed information is missing from the conversation history of a Lync 2013 outgoing call
  • 2941636 Search fails in Lync 2013 when non-Latin characters are used in a different case from the AD DS attributes
  • 2941635 Can’t sign in to Lync 2013 when Office 365 account UPN differs from domain account UPN
  • 2954951 Slow screen update in application sharing or desktop sharing session in Lync 2013
  • 2955577 Lync 2013 takes a long time to sign in after reconnect to the network
  • 2955579 Lync 2013 displays un-encoded texts in a toast notification or an instant message sent to another messaging client
  • 2955580 Update adds a button to show details about limited functionalities when Lync 2013 connects to a backup pool

Thursday, 13 February 2014

Wednesday, 12 February 2014

Lync 2013 Android update

Is out since last night


What's new:

  • Quickly rejoin to a Lync Meeting you just left
  • Pick up your conversations from the point you ended them.
(...) the Lync team also improved the media and audio routing for the client. The work was mainly to support new devices and newer Android OS versions, in addition to the audio flow throughout the client (handset, speaker phone and headset).

More information here

Monday, 20 January 2014

Lync 2013 and Windows Server 2012 R2

I've come across some issues with Lync 2013 and Windows Server 2012 R2 (TLS fix is applied!)

Working on a project with 2 Pools and a number of SBSs and for some reason every couple of days the users on the SBSs go into Outage Mode. After reading the logs I can see "TLS negotiation failed" and after that the SBS can't talk to the FEs anymore, can't even browse to any Web Service on that FE.

Haven't figured out what's actually wrong but rebooting the FEs seems to be the only way to fix it.

I'll post more info once I have it but for now I would stay away from 2012 R2 if you are thinking of deploying SBSs

Thursday, 9 January 2014

Lync 2010 and 2013 updates

New updates are out for Lync 2010 and 2013