Update MS14-055: Vulnerabilities in Lync Could Allow Denial of Service, DoS (September 2014)

From MS14-055:


Why was this bulletin revised on September 15, 2014?

Microsoft revised this bulletin to address a known issue that prevented users from successfully installing security update 2982385 for Microsoft Lync Server 2010. Microsoft is investigating behavior associated with the installation of this update, and will update this bulletin when more information becomes available. As an added precaution, Microsoft has removed the download links to the 2982385 security update.

No Comments »

MS14-055: Vulnerabilities in Lync Could Allow Denial of Service, DoS (September 2014)

Microsoft Patch Tuesday this month 9.9.2014 (Sep 2014) highlights an IMPORTANT security bulletin MS14-055* (KB2990928) that affects various components in both Lync Server 2013 and Lync Server 2010.

  • KB2982390 MS14-055: Description of the security update for Microsoft Lync Server 2013 (Web Components Server): September 9, 2014
  • KB2986072 MS14-055: Description of the security update for Microsoft Lync Server 2013 (Server): September 9, 2014
  • KB2982389 MS14-055: Description of the security update for Microsoft Lync Server 2013 (Response Group Service): September 9, 2014
  • KB2992965 MS14-055: Description of the security update for Microsoft Lync Server 2013 (Core Components): September 9, 2014
  • KB2982385 MS14-055: Description of the security update for Microsoft Lync Server 2010: September 9, 2014
  • KB2982388 MS14-055: Description of the security update for Microsoft Lync Server 2010 (Response Group Service): September 9, 2014

This aggregated severity rating has a maximum security impact listed as “Denial of Service” and “Information Disclosure”. Only applicable security patches need to be deployed (in any sequence) i.e. apply the RGS patch only when RGS is installed on your system.

Of note … Continue Reading »

No Comments »

Lync SIP and SMTP Email Addresses - Same or Different (and How to Check)?

Not a must but certainly recommended as a design best practice is to match the (Lync) SIP address to that of the primary SMTP (email) address. A properly Lync enabled user via Lync Server Control Panel or Management Shell will have the msRTCSIP-PrimaryUserAddress AD attribute automatically populated. This must match the SipAddress attribute with a similar entry in the proxyAddresses multi-value attribute (the sip: prefix is important but not case).

With PowerShell, Get-CsUser returns an attribute WindowsEmailAddress. As it corresponds to the Active Directory attribute mail, checking for the same entry with the SMTP: prefix in proxyAddresses against SipAddress is one way to verify that all required attributes match up. The smtp prefix must be in capital letters to designate the primary SMTP Email address.

No Comments »

Update Digest II: Lync Server 2013 Cumulative Update (Aug 2014)

You may come across another Aug 2014 cumulative update 5 for Lync Server 2013 as described in the listed KB Article:

August 2014 Cumulative Update 5.0.8308.738 for Lync Server 2013 (Front End Server and Edge Server)
http://support.microsoft.com/kb/2937310
version 5.0.8308.738

The download link provided in KB2937310 in fact brings you to the same CU5 “Lync Server 2013 Cumulative Update KB 2809243″ (link) so you’re essentially covered.

In case you missed it …..

Continue Reading »

No Comments »

Update Digest: Lync 2013 Cumulative Update (Aug 2014)

August 2014 update for Lync 2013 (KB2881070)

  • Prerequisites
    - MSO (KB2883052, August 2014)
    - MSORES (KB2817624, September 2013)
    - IDCRL (KB2817626, September 2013)
    - Lynchelp (2881083, August 2014)
  • Download lync2013-kb2881070-fullfile-x..-glb.exe (x86, x64)

Keywords: patch, hotfix, update, rollup package, lync cumulative update (Lync 2013), lync client,  security, cu update, mise à jour, cu, update rollup, RU (release update)

Technorati tags: Microsoft Lync Server/Client

No Comments »

Move-CsUser DCOM Operation Failed -2147467259 (Lync Server 2013)

To move a Lync-enabled user from one Front-End pool to another, you execute Move-CsUser -Target fe02pool.swissitpro.ch and were greeted with the failure message:

Distributed Component Object Model (DCOM) operation begin move away failed.
+ CategoryInfo          : InvalidResult: (:) [Move-CsUser], MoveUserException
+ FullyQualifiedErrorId : FAILED::MoveRetry,Microsoft.Rtc.Management.AD.Cmdlets.MoveOcsUserCmdlet
+ PSComputerName        : fe02pool.swissitpro.ch

Distributed Component Object Model (DCOM) operation RollbackMoveAway failed “-2147467259″.
+ CategoryInfo          : InvalidResult: (:) [Move-CsUser], MoveUserException
+ FullyQualifiedErrorId : FAILED::MoveRetry,Microsoft.Rtc.Management.AD.Cmdlets.MoveOcsUserCmdlet
+ PSComputerName        : fe02pool.swissitpro.ch

Distributed Component Object Model (DCOM) operation begin move away failed.
+ CategoryInfo          : InvalidOperation: (CN=user01,OU=…C=swissitpro,DC=ch:OCSADUser) [Move-CsUser], MoveUserException
+ FullyQualifiedErrorId : MoveError,Microsoft.Rtc.Management.AD.Cmdlets.MoveOcsUserCmdlet
+ PSComputerName        : fe02pool.swissitpro.ch

Continue Reading »

No Comments »

Update Digest: Lync Server 2013 Cumulative Update (Aug 2014)

Lync Server 2013

  • “CU5″ 2809243 Updates for Lync Server 2013
    - Lync Server 2013 Cumulative Update KB2809243
    - version 8308.738 (download)
    - covers Lync Server Standard and Enterprise Edition Front-End Pools, all other server roles including Persistent Chat and administrative tools
  • Installation steps 1 to 5
    - to apply to Lync Server 2013 RTM (5.0.8308.0)
  • Only steps 1 and 2 are required if previous cumulative updates as listed are installed:
    - January 2014 cumulative update (5.0.8308.577)
    - October 2013 cumulative update (5.0.8308.556)
    - July 2013 cumulative updates (5.0.8308.420)
    - February 2013 cumulative updates (5.0.8308.291)

Technorati tags: Microsoft Lync Server/Client

No Comments »

Lync Server 2013/2010 Enable- or Move-CsUser? (PowerShell)

Simple enough yet can be confusing to be confronted with the listed error when you try to enable a user for Lync using Enable-CsUser:

Enable-CsUser : Cannot move user in enable operation. Use the Move user cmdlet instead.
At C:\Program Files\Common Files\Microsoft Lync Server 2013\Modules\dlee\ Lyncutil.psm1:226 char:34
+                     Enable-CsUser <<<<  -Identity $prop.DistinguishedName `
+ CategoryInfo : InvalidOperation: (:) [Enable-CsUser], InvalidOperationException
+ FullyQualifiedErrorId : ProcessRecord,Microsoft.Rtc.Management.AD.Cmdlets.EnableOcsUserCmdlet

Continue Reading »

No Comments »

Lync Server 2013/2010 Pool Expansion/Scale Out (Network Load Balancing)

Introduced in Lync Server 2010, the optional but recommended DNS Load Balancing (DNS-LB) feature offers simpler setup, configuration and administration of SIP and media traffic compared to Hardware Load Balancing (HLB). The latter continues to be mandatory for the handling of http/s traffic in a Front-End Enterprise Edition, Director or Edge server pool comprising of 2 or more machines (in the pool).

Using Lync Topology Builder, you add machines in order to expand and scale-out an existing Lync server pool (= configuration changes on a Front End). Besides …

Continue Reading »

No Comments »

Set-CsClientPin: User is homed on a server that is not supported by this cmdlet

To change the PIN of a Common Area Phone, you went ahead to execute the following on a Lync Server 201x Front-End:

Set-CsClientPin : User desmond.lee@domaino.com is homed on a server that is not supported by this cmdlet.
At line:1 char:1
+ Set-CsClientPin -Pin 0000 -Identity “…
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : InvalidOperation: (sba01.domaini.com:String) [Set-CsClientPin], ManagementException
+ FullyQualifiedErrorId : User desmond.lee@domaino.com is homed on a server that is not supported by this cmdlet.,Microsoft.Rtc.Management. UserPinService.SetOcsUserPinCmdlet

Looking at the error message, the FQDN of the Front-End server appears valid and is operational.

Continue Reading »

No Comments »

Next »