Netmeeting Remote Desktop Sharing does not work after upgrading SMS clients to SMS 2003 SP3

  • Article

UPDATE (10/10): There's a fix available for this issue available per Knowledge Base article 941820 .   You can download this fix without having to contact product support by requesting it at this site:

https://support.microsoft.com/contactus2/emailcontact.aspx?scid=sw;en;1410&WS=hotfix .

  ======

UPDATE (9/17): Just a quick update to let you know that a fix is being provided to customers today for final verification, and if all goes well should be available as a standard hotfix within the next 7-10 days. As soon as it's ready I'll post another update here.

======

It looks like there's an issue where an upgrade of an SMS 2003 client to Service Pack 3 will cause NetMeeting Remote Desktop Sharing to fail.  A fix is coming and a workaround is below, but here are some details about why the issue occurs:

Background

The SMS 2003 SP3 client backs up its Signing and Encryption certificates to the local machine personal certificates store.  This is required to have our certificates persist an OS upgrade from XP to Vista, and versions of the SMS client prior to SP3 do not perform this backup process.  NetMeeting Remote Desktop Sharing (the only NetMeeting component affected) is coded to use the first certificate it finds in the personal certificate store for Client Authentication.  The first certificate found by Netmeeting is the SMS Signing certificate which will not work for Client Authentication, thus Netmeeting Remote Desktop Sharing (RDS) will now fail.  The service will stay paused, and even when started isn’t enabled. 

Workaround

The immediate term workaround is to delete the SMS certificates from the personal certificate store prior to starting RDS.  This can be done with certutil.exe as follows:

certutil –delstore My SMS

The workaround above has no known ill effect on SMS and allows RDS to start normally.  In some cases you may first need to restart conf.exe and mnmsrvc.exe – the Remote Desktop Service.  Don’t restart CCMExec at this time because CCMExec will recopy the SMS certificates back to the personal store when it starts. The downside to this workaround is that the process requires admin rights, and must be executed prior to starting up each individual RDS session.  Other remote control/connection tools such as SMS Remote Control, Remote Desktop (for XP and up), or 3rd party remote control tools are all unaffected by this.

Resolution

The current plan, subject to further code review and testing, is to release a code change for the SMS client that permits disabling the SMS certificate backup process via a registry key. Once the client side hotfix is applied, the default behavior for Windows 2000 machines is to not back up the certificates, to check for them in the machine personal store, and to remove them if present.  This can optionally be set for all clients as well, so this fix will effectively cover all supported operating systems.

If the plan changes significantly from this I'll be sure to let everyone know as soon as possible.

Additional Information

  • When will the hotfix be ready? 

The blog will be updated either once the fix is available, or once we are at the point of giving a firmer ETA.

  • Will there be a charge for the hotfix?

No – this is a fix being made to SMS 2003, which is still within the standard support phase. 

  • Will the hotfix be on the new self help hotfix download page? 

We will post that to the KB & blog once the decision is made.  That hotfix download web page is:

https://support.microsoft.com/contactus2/emailcontact.aspx?scid=sw;en;1410&WS=hotfix

  • Why isn’t there a NetMeeting fix being released, isn’t this really a NetMeeting issue? 

Yes it is, but fixing Netmeeting requires operating system specific releases.  For Windows 2000, which bears the greatest impact of the issue, that means customers must have an extended hotfix support agreement that allows for the possibility to pay for a hotfix.  More information on such agreements are located here:

https://support.microsoft.com/lifecycle

For Windows XP and later operating systems, there are simply too many workarounds available when compared to the overall impact of the problem.  Remote Desktop/Remote Assistance/Remote Control can be used in the place of NetMeeting RDS for these operating systems. These can be used in combination with the ability to delete the certificates as needed.

Because of this, we see a need for more effective relief for our customers and as a result we intend a change from the SMS side to provide relief.

- J.C. Hornbeck