October 24 Update – The MS09-56: Vulnerabilities in CryptoAPI could allow spoofing article has been updated with a Known Issues section and FIX for the LCS and OCS product. That article is the authorized content as it requires the proper groups to coordinate and confirm the data published.
Microsoft has released official information that is indeed a problem with OCS and LCS systems. Check out the updated article with known issues here: MS09-56: Vulnerabilities in CryptoAPI could allow spoofing
I didn’t discover this one, so I’m just the messenger passing word on – KB 974571 (part of Patch Tuesday today – specifically related to Crypto-API/ASN1) will make OCS think it is an evaluation version that has expired. Uninstall KB 974571 and OCS works again. You will want to apply the KB once an updated patch, or an updated patch for OCS becomes available. Originally documented here.
The issue is currently being escalated, but until a fix can be found, delaying the install of KB974571 is recommended. Check here for updates: http://communicationsserverteam.com/archive/2009/10/14/632.aspx
Thanks to Aaron Tiensivu for the heads up: http://blog.tiensivu.com/aaron/archives/1905-For-now,-hold-off-on-installing-KB-974571-on-OCS-2007-R2-servers-and-possibly-R1.html
One thought on “For now, hold off on installing KB 974571 on OCS 2007 R2 servers (and possibly R1)”
[…] Posted by Ståle Hansen on 09/04/2010 I have experienced this issue in my latest OCS deployments now and want to share this information. This issue happens after installing the january cumulative updates serverside. This issue is not related to the CryptoAPI issue described here: https://msunified.net/2009/10/14/for-now-hold-off-on-installing-kb-974571-on-ocs-2007-r2-servers-and-… […]