Warning: May2017 windows update break Lync 2010,2013 and Skype for Business 2015 services

This is a quick post notice since I’m still trying to analyse the cause, and more Engineers are reporting the same issue.

ISSUE

 After you install the latest Windows May2017 updates, Skype for Business 2015 will start reporting the following errors:

  • External Users reported that couldn’t use WhiteBoard, Polls, Q&A or present PowerPoint with the following errors messages:
    We can’t connect to the server for sharing right now.
    Network issues are keeping you from sharing notes and presenting whiteboards, polls and uploaded PowerPoint files.

     

  • Front-end servers: (Event ID 41026/41025) “No connectivity with any of Web Conferencing Edge Server, External Skype for Business clients cannot use Web Conferencing modality”
  • Edge servers : “Web Conferencing Server connection failed to establishOver the past 3 minutes Skype for Business Server has experienced incoming TLS connection failures 1 times(s). The error code of the last failure is 0x80072746”
    or event id 41026
    event41026-01

Cause

The issue seems to be some secure hardening on the TLS negotiation.
According to MS Support, it looks like an ‘update blooper’ on the May2017 patch:
This update adds an additional check on Enhanced Key Usage (EKU), since all Lync/ SfB Server usually use the Web Server template they will only have the Server Authentication in the EKU.

Impact and affected systems

Impact level: low. Web conferencing service (whiteboard, powerpoint presentations ).

 According to MS: “The issue has been reproduced on Lync 2010, Lync 2013 and Skype for Business 2015 on all supported server versions (2008r2, 2012, 2012r2).”

Workarounds

– uninstall the May 2017 Security and Quality rollup for the .Net Framework 4.5.2
– Request new Edge Internal certificate with the Client and Server Authentication
– On the Front Ends disable the check for the Web Conferencing Service (follow this post for details on how to do it)

Update 18th May 9:30 –  Update content based on this post (thank you Erdal for pointing me to that blog)

Update 24th May 6:30 – Updated with end-user error messages and picture. Microsoft published KB4023993 describing the issue and the workarounds described above

Advertisements

2 thoughts on “Warning: May2017 windows update break Lync 2010,2013 and Skype for Business 2015 services

  1. Moritz Löh 20/05/2017 / 18:17

    Hey Luis,

    Thanks a lot for this post. It just saved us within our S4B maintenance windows facing this exact issue.

    Best regards,
    Moritz

    • LuisR 22/05/2017 / 12:20

      I’m glad 🙂 that my post was helpful to you

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s