Weekly IT Newsletter – September 8-12, 2014

Read the rest of this entry

MS14-055: Vulnerabilities in Lync could allow denial of service: September 9, 2014

Microsoft released an update to Lync Server 2013 (Build 8308.803) that address vulnerabilities in Lync Server which can cause denial of service.

This update replaces CU5 (Build 8308.738 which released in August 2014).

General Information

Executive Summary

This security update resolves three privately reported vulnerabilities in Microsoft Lync Server. The most severe of these vulnerabilities could allow denial of service if an attacker sends a specially crafted request to a Lync server.

This security update is rated Important for all supported editions of Microsoft Lync Server 2010 and Microsoft Lync Server 2013. For more information, see the Affected and Non-Affected Software section.

The security update addresses the vulnerabilities by correcting the way Lync Server sanitizes user input and by correcting the way Lync Server handles exceptions and null dereferences. For more information about these vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability later in this bulletin.

Recommendation.  Customers can configure automatic updating to check online for updates from Microsoft Update by using the Microsoft Update service. Customers who have automatic updating enabled and configured to check online for updates from Microsoft Update typically will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates from Microsoft Update and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

For administrators and enterprise installations, or end users who want to install this security update manually (including customers who have not enabled automatic updating), Microsoft recommends that customers apply the update at the earliest opportunity using update management software, or by checking for updates using the Microsoft Update service. The updates are also available via the download links in the Affected Software table later in this bulletin.

See also the section, Detection and Deployment Tools and Guidance, later in this bulletin.

Knowledge Base Article
  • Knowledge Base Article: 2990928
  • File Information: Yes
  • SHA1/SHA2 hashes: Yes
  • Known issues: Yes

Microsoft releases September 2014 update for Lync 2013 (KB2889860)

Source:

Download:

Fixes:

  • When you sign in to Lync 2013 by using an Office 365 account, Lync 2013 prompts you for Open Authorization (OAuth) credentials.
    Note To resolve this issue, you must also install the following update KB2881001:
  • 2881001 September 9, 2014 update for Office 2013 (KB2881001)
  • After you install updates KB2889860 and KB2881001, Lync 2013 will enable Active Directory Authentication Library Single Sign-On (ADAL SSO) in an Office 365 environment.
  • 2881001 Bad password count is incremented when Lync 2013 VDI plug-in pairs with a Lync 2013 client
  • 2992447 Lync 2013 crashes when a user switches shared desktop from full-screen view to actual size
  • 2992448 Desktop sharing or application sharing issues during a conversation in Lync 2013

Known Issues:

After you install this update, you may experience the issues that are described in the following Microsoft Knowledge Base articles:

  • 2898357 Screen readers cannot read aloud keystrokes during a Lync 2013 application or desktop sharing session in Windows
  • 2932389 Persistent Chat file transfer fails between an external user and an internal user in Lync 2013

Weekly IT Newsletter – September 1-5, 2014

Read the rest of this entry

Polycom releases UC software 5.1.2 for VVX and SoundStructure

Links:

There are no new or enhanced features for this release but there is a list of a lot of issues resolved:

  • In the Lync environment, the phone now works fine and no longer causes any reboot when the Infoblox DHCP server is configured and selected with Option 43.
  • After you hold and resume a call, the phone no longer causes any delay in audio play out.
  • In a BToE scenario, transferring a call to a mobile phone from the Lync client no longer causes any issue.
  • The phone now upgrades software using the HTTPS provisioning method without any issue and no longer shows any certificate errors.
  • The phone now searches for LDAP over SSL using FQDN and no longer uses IP address.
  • The phone is now able to input ASCII characters when you press the Star (*) or Pound (#) key when searching for contacts in the Contact Directory.
  • The phone now joins the DMA VMR using the Sonic SBC without any issues.
  • The phone stays in the registered state when it receives BENOTIFY during Security Association expiry.
  • The 34th line on the phone now registers even after a configuration update.
  • The configuration setting feature.usb.power.enabled was created to power on or off all the USB ports.
  • Added support for the phone background image lockdown feature.
  • The phone no longer breaks up audio on the speakerphone in a half-duplex audio scenario.
  • In a Lync environment, unanswered federation calls are now directed to the voicemail without any issues.
  • In some customer Lync environments, the phone no longer has issues during centralized conference scenarios.
  • The phone now retrieves 911 location information from the Lync 2013 Server using Chassis and Port ID TLV values from LLDP.
  • The phone now queries for the GetLocation request for E911 information when the setting LocationRequired: no is set under the Lync 2013 Location Policy.
  • In a Lync environment, the phone displays the contact card without any issue when the Lync client is connected remotely.
  • Upgraded ICE stack.
  • The phone now accepts the Non Microsoft DHCP server provisioned Option 43 and is able to sign into the phone using PIN Authentication.
  • A new user can now sign-in to the phone without any issue when the boot server is unreachable.
  • In a BLF scenario, the phone now fails over to the secondary server when the primary server is unavailable due to an outage.
  • TCP failover is now optimized and reaches the secondary server within a reasonable amount of time (as per the configuration).
  • The phone no longer sends subscribe messages to the server after the first reboot when the feature is disabled.
  • XML notifications on the phone no longer causes RTP cutoff for a considerable period.
  • The phone now sends only six Get/Put requests to the server after receiving the 302 redirect message.
  • In a metaswitch environment, transferring and ending a call before the other party answers the call no longer causes any issue.
  • XML notifications no longer affect the performance of audio or notifications on the phone.
  • The phone now successfully pings an IP address with leading zeroes without any issue.
  • For an External DNS query, the phone no longer sends the port number when using FQDN: PORT or IPADDRESS: PORT in the syslog server address field.
  • The phone browser no longer deletes or removes the configured URL.
  • Polling and configuration updates only happen after hanging up the active call on the phone.
  • The boot log on the phone now displays the application software version without any issue.
  • The phone no longer sends any reinvites after 200OK for BYE.
  • Upgraded the Open SSL libraries, which address some security issues.
  • In the French language, corrected the “Vendredi Dernier” string on the phone’s interface.
  • The phone no longer displays warning symbols on random authentication when configured with 802.1X intermittent.
  • The phone now attempts to register a second line when you log into your user profile without any issue.
  • In a BLF scenario, the phone no longer causes any memory leak issues when the maximum number of monitored lines is configured.
  • In a Hoteling scenario, the hotel guest is now removed from the phone’s interface after hanging up the call when the hotel host is disabled on the server during an active call.
  • The phone’s web interface no longer displays VLAN filtering option.
  • In a SCA scenario, the caller now hears a fast busy tone when the phone gets the 503 response to the invite.
  • The phone now displays all accents correctly without any issue on extension labels.
  • The phone no longer causes any issue while trying to move the position of the custom configured soft keys.
  • The phone now loads background Images (~4sec) on Expansion Modules from the specified URL on the phone’s web interface without any issue.
  • The Lines soft key is now displayed on the call transfer screen (applies to VVX 300, 310, 400, and 410).
  • The phone now displays the BLF soft keys when using the Color Expansion Module with the Watch Buddy feature.
  • In a Shared Call Appearance scenario, trying to establish a four-way conference with calls on different line appearances is now available on a single key.
  • In a Shared Call Appearance scenario, the phone now displays all remotely held calls when there are two call appearances and call per line key is set to 1.
  • The phone no longer displays the Conference soft key when call.localConferenceEnabled is set to 0 (applies to all VVX phones except for the VVX 1500).
  • The phone displays a Conference soft key, and the message “Service Unavailable” displays on the status bar when pressed (applies to VVX1500).
  • The format specifiers in logging are now printed with the actual data.
  • The phone now displays the "Limited Functionality" message when it receives an unavailable user-service-state.
  • The phone now displays the date in the top left corner for all languages.
  • The call history screen on the phone now displays the configured 24 hours’ time format for all languages.
  • The phone now displays the correct icon for the BLF monitored lines.

Platforms Supported:

  • Polycom® VVX® 300/310
  • Polycom® VVX® 400/410
  • Polycom® VVX® 500
  • Polycom® VVX® 600
  • Polycom® VVX® Camera
  • Polycom® VVX® 1500
  • Polycom® VVX® 1500 C
  • Polycom® VVX® 1500 D
  • Polycom® VVX® Expansion Modules
  • SoundStructure™

Microsoft releases post Exchange 2013 CU6 fixes for restoring the Hybrid Node in EAC and the failing databases in co-existence environment with Exchange 2007

After Microsoft released Cumulative Update 6 for Exchange Server 2013 last week, a bug was discovered by Jeff Guillet as for Exchange Hybrid customers and their ability to manage Online mailboxes by using EAC.

Today Microsoft released a new support KB that describe the problem:

Exchange Online mailboxes cannot be managed by using EAC after you deploy Exchange Server 2013 CU6

The support KB is followed by a script which fixes the described issue and can be download from the following link:

Exchange Online mailboxes cannot be managed in Exchange Server 2013 CU6

After you install Microsoft Exchange Server 2013 Cumulative Update 6, the Hybrid node in Exchange Admin Center (EAC) no longer functions correctly. This prevents administrators from being able to administer Exchange Online Mailboxes from an On-Premises server.

Please be aware that the fix is resting the IIS service, therefore it is highly recommended not to apply it during business hours.

Another fix that Microsoft released is for Co-existence between Exchange 2013 and Exchange 2007 but unfortunately it requires you to contact Microsoft support for the hotfix:

Exchange Server 2013 databases unexpectedly fail over in a co-existence environment with Exchange Server 2007

Weekly IT Newsletter – August 25-29, 2014

Read the rest of this entry

Polycom VVX FTP Provisioning Server Creation Script

Originally posted on y0av. With a zero.:

There’s a really long name for a rather-short post!

I was following Polycom’s instructions and Jeff Schertz’s post on configuring an FTP Provisioning server for the Polycom VVX range.
In large deployments, when you need to update and configure hundreds and thousands of phones, this is the only way to do it right.

There were two things that I struggled with when configuring this server:

  • You have to build and configure an FTP server, DHCP options, AD user, download the files… etc.
  • For most organizations – You’ll use an FTP on a Windows server. Jeff mentioned that the username and password for the FTP user (PlcmSpIp) would not be acceptable in many environments due to the fact that it doesn’t meet the Password complexity requirements.

So, I set up my mind to create a automated process to do all of the above, in a Windows Active Directory environment.
I wanted…

View original 459 more words

Microsoft releases Exchange Updates Rollups – August 2014

Released: Cumulative Update 6 for Exchange Server 2013

  • Source
  • KB 2961810
  • Download
  • Language Packs Download
  • Fixes:
    • 2991934 Duplicate mailbox folders after migration to Exchange Server 2013
    • 2988229 Hybrid Configuration wizard error “Subtask CheckPrereqs execution failed” for Exchange Server 2013
    • 2986779 EMS takes a long time to execute the first command in an Exchange Server 2013 Cumulative Update 5 environment
    • 2983512 RPC Client Access service crashes on an on-premises Mailbox server in an Exchange Server 2013 hybrid environment
    • 2983426 AutodiscoverSelfTestProbe fails when external URL is not set for EWS virtual directory in Exchange Server 2013
    • 2983423 AutodiscoverSelfTestProbe fails when external URL is not set for ECP virtual directory in Exchange Server 2013
    • 2983422 The ServerWideOffline component is set to Inactive after Exchange Server 2013 prerequisite check fails
    • 2983207 “532 5.3.2″ NDR when you send an email message to a hidden mailbox in an Exchange Server 2013 environment
    • 2983066 Removed Default or Anonymous permission for Outlook folders cannot be restored in an Exchange Server 2013 environment
    • 2982769 “Topology service cannot find the OWA service” when you perform an eDiscovery search in Exchange Server 2013
    • 2982763 Mail-enabled public folder accepts email messages from unauthorized users in an Exchange Server 2013 environment
    • 2982762 OAB generation arbitration mailbox can be removed or disabled in an Exchange Server 2013 environment
    • 2982760 The Enter key submits duplicate sign-in forms to Outlook Web App in an Exchange Server 2013 environment
    • 2982759 You cannot access the archive mailbox of a delegated user after enabling MAPI over HTTP
    • 2982017 Incorrect voice mail message duration in an Exchange Server 2013 environment
    • 2981835 You cannot add attachments, delete or move many email messages in bulk in Outlook Web App
    • 2981466 MAPI/CDO client cannot connect to Exchange Server 2013
    • 2977279 You cannot disable journaling for protected voice mail in an Exchange Server 2013 environment
    • 2975599 Exchange Server 2010 public folder replication fails in an Exchange Server 2013 environment
    • 2975003 Calendar item body disappears in Outlook online mode in an Exchange Server 2013 environment
    • 2974339 OAB generation fails if FIPS is used in an Exchange Server 2013 environment
    • 2971270 Blank page after you sign in to Exchange Server 2013 EAC (formerly ECP)
    • 2970040 Folder Assistant rule does not work correctly in an Exchange Server 2013 environment
    • 2965689 EAS device cannot sync free/busy status if an item is created by EWS in an Exchange Server 2013 environment
    • 2963590 Message routing latency if IPv6 is enabled in Exchange Server 2013
    • 2961715 “Something went wrong” error in Outlook Web App may show an incorrect date
    • 2958434 Users cannot access mailboxes in OWA or EAS when mailbox database is removed

Released: Update Rollup 7 for Exchange Server 2010 Service Pack 3

  • Source
  • KB 2961522
  • Download
  • Fixes:
    • 2983261 “HTTP 400 – Bad Request” error when you open a shared mailbox in Outlook Web App in an Exchange Server 2010 environment
    • 2982873 Outlook Web App logon times out in an Exchange Server 2010 environment
    • 2980300 Event 4999 is logged when the World Wide Web publishing service crashes after you install Exchange Server 2010 SP3
    • 2979253 Email messages that contain invalid control characters cannot be retrieved by an EWS-based application
    • 2978645 S/MIME option disappears when you use Outlook Web App in Internet Explorer 11 in an Exchange Server 2010 environment
    • 2977410 Email attachments are not visible in Outlook or other MAPI clients in an Exchange Server 2010 environment
    • 2976887 eDiscovery search fails if an on-premises Exchange Server 2010 mailbox has an Exchange Online archive mailbox
    • 2976322 Assistant stops processing new requests when Events in Queue value exceeds 500 in Exchange Server 2010
    • 2975988 S/MIME certificates with EKU Any Purpose (2.5.29.37.0) are not included in OAB in Exchange Server 2010
    • 2966923 Domain controller is overloaded after you change Active Directory configurations in Exchange Server 2010

Released: Update Rollup 14 for Exchange Server 2007 Service Pack 3

Weekly IT Newsletter – August 18-22, 2014

Read the rest of this entry

Weekly IT Newsletter – August 11-15, 2014

Read the rest of this entry

Script: Exchange Certificates Report

I’ve recently created a script (with the help of @y0avb) which generates an HTML report for Certificates in a Lync environment.
Since Certificates are widely been used in almost every Microsoft environment, we’ve decided to modify the script a bit and add the same functionality for Exchange.

The following script will query for every Exchange 2010/2013 server in the Environment and pull the following information on every Certificates which is assigned to an Exchange Service:

  • Services Assigned
  • Issuer
  • Thumbprint
  • Subject Name
  • Issue Date
  • Expiration Date
  • Self Signed or Not
  • Subject Alternative Names
  • Expires In (Days)

Script Features:

  • The script pulls the information from every server by using Get-Exchange Server cmdlet
  • The script support Exchange Certificates assignment awareness, meaning it only pull the certificates assigned to Exchange services
  • The Script query every exchange server in the environment which is Exchange 2010/2013
  • Certificates which are about to expire in the next 30 days will be colored in Red, Certificates which will expire in the next 60 days will be colored in orange
  • The script can also be configured to send email as well as being a scheduled task in order to be notified on a weekly/monthly basis.

The current caveats in this version of the script

  • Does not pull Exchange EDGE Certificates information
  • Does not pull Exchange 2007 Certificates Information

Version Control:

  • 0.1 – August-13-2014 – Initial Version for connecting Internal Exchange Servers

Output:

Download:

Microsoft releases August 2014 update for Lync 2013 Client (KB2881070)

Source:

http://support.microsoft.com/kb/2881070

Download:

This update resolves the following issues:

  • 2985514 Lync 2013 signs out and then signs in every 30 minutes
  • 2985513 Lync 2013 crashes when you manipulate a pivot table field during an Excel worksheet presentation
  • 2985512 Error “Event ID from source Lync cannot be found” instead of event logs from Lync 2013 appears in Event Viewer
  • 2981755 Cannot join a meeting by using Lync 2013 when the ACP MCU services are running on multiple front-end servers
  • 2981754 Cannot send CER data when a user cannot join meetings in Lync 2013
  • 2981753 Lync 2013 meeting issues after you install Lync Meeting Add-in for Office 2013
  • 2981752 Cannot select audio device during a VoIP call in Lync 2013 when a user is enabled for RCC
  • 2981751 Lync 2013 does not display telephone number of an Outlook 2010 contact in the contact card
  • 2981750 An update enables Lync 2013 users to select the default unselected check boxes for saving instant message and call logs
  • 2981749 Artifacts remain in chat input area in Lync 2013 after an instant message is sent
  • 2981748 Lync 2013 dials the number that calls are forwarded to instead of the last dialed number
  • 2981747 A user’s work number is listed in the “Forward Calls To” list in Lync 2013
  • 2981746 Cannot paste data from a webpage to Lync 2013 conversation window
  • 2981745 Can’t join online meeting that is created in a non-federated organization by using Lync 2013
  • 2981743 Can’t sign in to Lync 2013 by using a cached certificate in Lync online hybrid deployment
Operating-Quadrant

System Center and IT Operations

stefanroth.net

Things about System Center and Cloud...

Michael S. Collier's Blog

Microsoft development, Azure and more fun stuff!

IT based Communications

a different Unified Communications site

LyncNumbers.net

Enterprse Voice tips and scrips

Steve Goodman's Exchange & Office 365 Blog

The weblog of an Microsoft MVP and IT Pro specialising in Exchange, Lync, Office 365. Guides, Tutorials, How-Tos and commentary.

The Little Things

It's always the little things that get you in IT

System Center Solutions

A blog with notes from the field.

JC's Blog-O-Gibberish

Microsoft Lync and Exchange info, and things I can't remember

Exchange Server Share

... Information sharing on Exchange Server ...

D(one) IT

IT Tips, Tricks & Such

dmunified

UC and beyond

The Lync Dude

Lync is not a thing, Lync is the "Thing" that connect you with Everything

y0av. With a zero.

Lync, UM and the universe around it - Yoav Barzilay's blog

Michael 'Van Hybrid' / Van Horenbeeck

My personal trash of thoughts about Unified Communications and stuff

Just A UC Guy

Blogging about the UC world

Follow

Get every new post delivered to your Inbox.

Join 108 other followers