Tales from the Crypt..oAPI Vulnerability (KB974571)

  • Article

Tales-From-The-Crypt-The-Complete-First-Season

 

 

As much as I would like to catalog the story so far around KB974571 as fiction, the truth is that it resembles more to a horror movie.

Before going any further, I would like to say that Microsoft recommends thorough testing of any software patch/hotfix before applying them in a Production environment. Having said that, I would like to invite you all to read Best Practices for Applying Service Packs, Hotfixes and Security Patches.

The above mentioned TechNet article states the following:

The basic rules are:

"The risk of implementing the service pack, hotfix and security patch should ALWAYS be LESS than the risk of not implementing it."

And,

"You should never be worse off by implementing a service pack, hotfix and security patch. If you are unsure, then take steps to ensure that there is no doubt when moving them to production systems."

Whether you’re superstitious, religious or a devoted fan of Murphy Laws, the naked truth is that sh*t happens! And that’s exactly what recently happened with OCS and the release of the security patch KB974571. For more information, please read the post from the OCS Team Blog: Urgent: Known issue under investigation with KB974571 and LCS/OCS.

But the KB974571 hotfix has another side effect that I recently experienced. Besides affecting the services of LCS/OCS, the very same patch can also prevent the installation of new OCS servers.

Recently, I was building a new demo environment, when, nearly at the end of the installation of a standard edition server, during the activation phase of the server, I got the following error:

failed

The OCS installation logs revealed the following information:

Failure
[0xC3EC796C] One or more errors occurred during execution of the wizard; the wizard was unable to complete successfully. Please check the log file for more information.

log1

After expanding the log, the error pointed out to the Activation Standard Edition Server Log.

 log2

The error in the Activation Standard Edition Server Log was:

Failure
[0xC3EC78D8] Failed to read the Office Communications Server version information. This can happen if the computer clock is not set to correct date and time.

log3

After spending some time troubleshooting the issue, with no solution in sight, I started to doubt the health of the virtual machines I was using (first) and then my sanity (last). But then, when I was on a dead end, a customer asked me to help him installing a new Edge Server. Guess what? Same error, same problem.

Since I was getting lots of noise around KB974571 (I already knew it could affect installed LCS/OCS services), I decided to uninstall that specific hotfix from the list of installed patches. That solved the problem!

uninst

Microsoft recommends to postpone installing KB974571 on any LCS 2005 / OCS 2007 /OCS 2007 R2 servers.

Microsoft is investigating this issue, and will determine the most appropriate way to address it. Customers who are not running OCS or LCS server are not affected by this known issue, and can safely ignore this issue.

Customers who have deployed the OCS or LCS product on a server should assess the risk that is involved to decide whether to install the security update on that server. These customers should revisit this Knowledge Base article often, because this article will be updated as soon as more information and a resolution are available.

[UPDATE]

There is now a fix for this issue, available through the KB974571 article. Look under the section “Resolution for the known issue”.