Sign-in and query errors after you install MS15-104 Security update for Microsoft Lync Server 2013 (Web Components Server)

Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect the computer.
Symptoms
After you install security update 3080353 that is documented in security bulletin MS15-104, you experience one or more of the following symptoms in Microsoft Lync Server 2013:

  • Users can't sign in to your dial-in page. This page has a URL that resembles the following:

  • Lync Mobile clients can't sign in.
  • External clients can't sign in.
  • Address book web queries fail.
  • Users are prompted for credentials for some web services after they sign in internally to Lync desktop clients.

Additionally, the following event may be logged in the Application log on your Lync Server 2013 Front End server:

Log Name: Application
Source: System.ServiceModel 4.0.0.0
Date: 9/10/2015 2:34:33 PM
Event ID: 3
Task Category: WebHost
Level: Error
Keywords: Classic
User: NETWORK SERVICE
Computer: MTKLYF35.contoso.inc

Description:

WebHost failed to process a request.

Sender Information: System.ServiceModel.ServiceHostingEnvironment+HostingManager/44624228

Exception: System.ServiceModel.ServiceActivationException: The service '/WebTicket/WebTicketService.svc' cannot be activated due to an exception during compilation. The exception message is: Method not found: 'Microsoft.Rtc.Management.Config.Settings.Web.MobilePreferredAuthType Microsoft.Rtc.Management.Config.Settings.Web.WebServiceSettings.get_MobilePreferredAuthType()'.. ---> System.MissingMethodException: Method not found: 'Microsoft.Rtc.Management.Config.Settings.Web.MobilePreferredAuthType Microsoft.Rtc.Management.Config.Settings.Web.WebServiceSettings.get_MobilePreferredAuthType()'.

at Microsoft.Rtc.Internal.WebTicketService.WebTicketServiceHostFactory.CreateServiceHost(Type serviceType, Uri[] baseAddresses)

at System.ServiceModel.Activation.ServiceHostFactory.CreateServiceHost(String constructorString, Uri[] baseAddresses)

at System.ServiceModel.ServiceHostingEnvironment.HostingManager.CreateService(String normalizedVirtualPath, EventTraceActivity eventTraceActivity)

at System.ServiceModel.ServiceHostingEnvironment.HostingManager.ActivateService(ServiceActivationInfo serviceActivationInfo, EventTraceActivity eventTraceActivity)

at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath, EventTraceActivity eventTraceActivity)

--- End of inner exception stack trace ---

at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath, EventTraceActivity eventTraceActivity)

at System.ServiceModel.ServiceHostingEnvironment.EnsureServiceAvailableFast(String relativeVirtualPath, EventTraceActivity eventTraceActivity)

Process Name: w3wp

Process ID: 4620

Resolution
Warning This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.

Security update 3080353 requires that the latest Lync Server 2013 cumulative update (July 2015 cumulative update 5.0.8308.920 for Lync Server 2013) is installed on the computer. However, the installation of KB 3080353 is not blocked if the July 2015 cumulative update is not already installed on the system. 

To resolve this problem, uninstall security update 3080353, install the July 2015 cumulative update, and then reinstall security update 3080353.

If you cannot immediately update to the July 2015 Lync Server 2013 cumulative update, you can block installation of security update 3080353 in Windows Update. To do this, follow these steps:

  1. Open Control Panel (or Control Panel Desktop App in Windows Server 2012).
  2. Click System and Security, and then click Windows Update.
  3. Click <x> important updates are available, where <x> represents the actual number of listed updates.
  4. In the list, locate KB3080353, and then clear the check box for that update.
  5. Right-click the update, and then click Hide update.

    Note The update name and check box will now appear unavailable.

    User Account Control permission  If you are prompted for an administrator password or for confirmation, type the password, or provide confirmation.
To make the update available again, follow these steps:

  1. In the Windows Update item in Control Panel, click Restore hidden updates.
  2. Select the checkbox for KB3080353, and then click Restore.

    Note After you click Restore, Windows Update runs a new check for updates.

If you install Lync security updates by using the Cumulative Server Update Installer (LyncServerUpdateInstaller.exe), the installer should prompt you to install the correct prerequisites. A new version of LyncServerUpdateInstaller.exe is shipped together with the security update.
More information
Security update 3080353 (MS15-104: Security update for Microsoft Lync Server 2013 (Web Components Server): September 8) can be installed without previously installing the required July 2015 cumulative update 5.0.8308.920 for Lync Server 2013.

Security update 3080503 may be offered through Windows Update even if you have configured Windows Update to prevent Lync Server application updates.
Status
Microsoft is researching this problem and will post more information in this article when the information becomes available.
Properties

Article ID: 3098577 - Last Review: 09/28/2015 16:10:00 - Revision: 1.1

Microsoft Lync Server 2013

  • kbsurveynew KB3098577
Feedback