«
»

KB974571 Crypto-API Update may break Office Communications Server 2007 R2 installations

13. October, 2009

Update: See here for Microsoft’s description of this issue KB974571

Security updates are important. And as we’re currently an evaluation setup for OCS 2007 R2, i’ve decided to install todays batch of security updates on these lesser important machines first. And after a reboot, OCS 2007 R2 was broken.

A quick view into the event log revealed that OCS 2007 R2′s evaluation license has expired. Now, this seemed very strange as i’ve installed from volume license media. I’ve the checked the media again, but they weren’t evaluation media.

Here’s the message in all it’s glory:

Event source: OCS Server
Event id: 12290
Event text: The evaluation period for Microsoft Office Communications Server 2007 R2 has expired. Please upgrade from the evaluation version to the full released version of the product.

Maybe i really did use other media to install it? I doubted myself, because that’s usually the most reasonable approach to take. The error is usually behind the keyboard.

Luckily, Microsoft has published documentation on how to upgrade an evaluation version to a full version. Unfortunately, this didn’t work, because as it appears i was running a Volume license version of OCS.

EVALTOFULL parameter cannot be used with currently installed license type Volume

At this point, i was pretty sure that this wasn’t my fault. There has been an issue with the OCS 2007 R2 Evaluation Media expiring at the wrong point in time, but apparently this has been sorted out and did never affect the full versions of OCS 2007 R2.

So i was bummed. A quick view using process monitor revealed that the licensing information was most likely to be stored here:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RtcSrv\InstallInfo\ValidationData

I created a backup of that part of the registry, and then renamed the key. I got a file not found error, and created a new key of the same type and wrote binary data of the same length into it. This yielded the following error:

The service is shutting down due to an internal error.

Error Code: 80093102 (ASN1 unexpected end of data.)

At that point, i was pretty sure what might’ve caused this – the MS Crypto API security update KB974571.

I removed the update, rebooted the machine, and OCS 2007 R2 was up and running again, without any issues.

I’ve already opened a case with Microsoft to get this sorted out.

Update:
Appears that this is an official issue: See here

Category: Windows  |  Comment (RSS)  |  Trackback

46 Comments

  1. Aaron Tiensivu's Blog:

    For now, hold off on installing KB 974571 on OCS 2007 R2 servers (and possibly R1)…

    I didn’t discover this one, so I’m just the messenger passing word on – KB 974571 (part of Patch Tuesday today – specifically related to Crypto-API/ASN1) will make OCS think it is an evaluation version that has expired. Uninstall KB 974571 and OCS wo…

    14. October, 2009, 01:52

  2. risual support blog » KB 974571 and OCS R2 eval expired error:

    [...] http://projectdream.org/wordpress/2009/10/13/kb974571-crypto-api-update-may-break-office-communicati... Categories: Uncategorized Tags: Comments (0) Trackbacks (0) Leave a comment Trackback [...]

    14. October, 2009, 02:22

  3. Waveformation » Possible Issue with KB 974571 on OCS 2007 R1/R2:

    [...] documented here, and [...]

    14. October, 2009, 04:30

  4. Zubair:

    Thank you for the insight – you saved me a lot of grief!!!

    14. October, 2009, 04:46

  5. jarod:

    very useful, thank you!

    14. October, 2009, 05:52

  6. For now, hold off on installing KB 974571 on OCS 2007 R2 servers (and possibly R1) « msunified.net:

    [...] Posted by StÃ¥le Hansen on 14/10/2009 I didn’t discover this one, so I’m just the messenger passing word on – KB 974571 (part of Patch Tuesday today – specifically related to Crypto-API/ASN1) will make OCS think it is an evaluation version that has expired. Uninstall KB 974571 and OCS works again. You will want to apply the KB once an updated patch, or an updated patch for OCS becomes available. Originally documented here. [...]

    14. October, 2009, 07:57

  7. Hayes:

    Thanks for the post – was definately helpful! Have linked from my blog.

    14. October, 2009, 08:43

  8. Speck:

    Thankyou very much :-)

    Today I found my OCS frontend Volume licensed expired!

    Your post save me a lot of time!

    bye,
    Speck

    14. October, 2009, 10:01

  9. Jodrik:

    Very very usefull. Hope to see the response from MS soon.

    14. October, 2009, 10:20

  10. Nick:

    Hi, we had the same problem tody. The rollback of the update solved it. Many thanks for your Post.
    Kind regrds
    Nick

    14. October, 2009, 11:08

  11. Chris:

    THANKS!!! This quick fix saved my butt this morning and saved me a lot of time chasing an error that made no sense! Appreciate it!

    14. October, 2009, 15:27

  12. Michel:

    Hallo, wir haben das selbe Problem heute Nachmittag nach den Updates.
    Vielen Dank für den Post.
    Gruss, Michel

    14. October, 2009, 16:11

  13. Lukasz:

    Thank you, it worked.Can Microsoft people do anything right ? Maybe stop offshoring development so actually people accredited to do the job should be doing the job.

    14. October, 2009, 16:17

  14. Moojay:

    Thank you very much. Microsoft knows how to give us hard time :)

    14. October, 2009, 16:32

  15. Colin:

    Thanks for this post. Made this a quick fix and saved me a lot of time and effort!

    14. October, 2009, 17:40

  16. Recent Security Update (KB 974571) May Cause OCS to Not Start « Inside OCS:

    [...] You can read more details about this issue here: http://communicationsserverteam.com/archive/2009/10/14/632.aspx and here KB974571 Crypto-API Update may break Office Communications Server 2007 R2 installations. [...]

    14. October, 2009, 21:08

  17. Speaking of VoIP, did you hear… » Blog Archive » KB974571 Crypto-API Update may break Office Communications Server 2007 R2 installations:

    [...] warning from Lukas Beeler’s IT Blog that KB974571 Crypto-API Update may break Office Communications Server 2007 R2 [...]

    15. October, 2009, 00:40

  18. Max:

    Many thanks for this helpful post!

    15. October, 2009, 06:28

  19. NLS:

    REALLY MAN!… THANKS!

    15. October, 2009, 10:36

  20. feroz:

    the MS Crypto API security update KB974571.

    I removed the update, rebooted the machine, and OCS 2007 R2 was up and running again, without any issues

    hi all , i would like to know how to remove this api security update. From-controlpanel-add and remove programs i try to find this update, but i could not able to find this update, my ocs server is not evaluation server.it is installed with micrsoft cd. it’s front end service is not starting. can u help me.

    15. October, 2009, 11:23

  21. David:

    Thanks, saved me a lot of time.

    15. October, 2009, 11:27

  22. feroz:

    hi all, i found the solution, i need select show update – box in add/remove programs in control panel. thanks for this post

    15. October, 2009, 11:29

  23. feroz:

    Dear all

    do not change the registry settings just unstall this psecific patch: KB974571 and reboot ocs server. it will work noraml.

    15. October, 2009, 11:50

  24. feroz:

    just unstall the the KB9744571 and reboot the ocs server, it will work normal and u can stop this issues

    Event source: OCS Server
    Event id: 12290
    Event text: The evaluation period for Microsoft Office Communications Server 2007 R2 has expired. Please upgrade from the evaluation version to the full released version of the product.

    15. October, 2009, 11:51

  25. Saul:

    Dear Lukas,

    you saved me hours of searching!

    Thanks a lot!!!

    15. October, 2009, 17:00

  26. Hi:

    Thanks. Fixed the problem.

    16. October, 2009, 03:31

  27. Priyankara:

    Hi everyone

    Same happen to me also.

    Just remove the troubled patch from ocs server & restart.

    It works as before…

    but i don’t know what microsoft do with this

    16. October, 2009, 10:43

  28. Johnty:

    Well spotted !! It happened to my system today removed the patch and away we went

    16. October, 2009, 14:16

  29. OCS Edge Servers and other servers can malfunctioning after an actualization. - Hans Avendano:

    [...] buscando en internet, se encontro una referencia http://projectdream.org/wordpress/2009/10/13/kb974571-crypto-api-update-may-break-office-communicati... [...]

    16. October, 2009, 16:23

  30. Mike S:

    I wish Microsoft would make this a bulletin. This answer fixed our issue.

    16. October, 2009, 18:02

  31. Lukas Beeler:

    Mike,

    They did. It’s just that my blog post was the first mention on the web about this issue, and thus at the top of most search results. I linked to the official MS statement of this issue at the top of my post – in bold ;)

    16. October, 2009, 18:10

  32. Crimes & Justice:

    Geez.. glad to have caught this before installing..

    Thanks

    16. October, 2009, 18:37

  33. Vince Q.:

    Thanks to your post!
    I encountered this problem today on a few deployments and was solved with the help of your post. :)

    18. October, 2009, 17:07

  34. Ivan Versluis:

    This morning we had same problem on our hosted OCS 2007 server. After removing uninstalling the patch the server the OCS service came back.

    19. October, 2009, 10:34

  35. Martijn Raaijmakers:

    Same issue on LCS 2005. Removed the update and it worked again.
    Thank you!

    19. October, 2009, 12:10

  36. Bernie Kratz:

    THANK YOU!!!!! I was pulling out my hair this morning. I knew it wasn’t an issue with an evaluation version so I naturally assumed it was something to do with updates from Friday evening. I really appreciate that you freely shared your knowledge. It made my life much easier today.

    19. October, 2009, 17:46

  37. Zorglob:

    Thank you so much!

    19. October, 2009, 19:07

  38. Erik:

    Thank you, you saved several of my clients and their OCS installations.

    20. October, 2009, 14:36

  39. Case:

    uninstalling KB 974571 did the trick!! That helped a lot thanks!

    24. October, 2009, 15:27

  40. Mahmoud:

    Thanks ,
    I faced the smae, waiting for MS to resolve !

    26. October, 2009, 10:23

  41. Hmm:

    This also breaks certificate imports on IPSwitch MoveIT Central Enterprise FTP systems.

    26. October, 2009, 16:53

  42. Kornelius Asikin:

    Hi Lukas,
    I too installed the offending KB974571 and OCS 2007 R2 is broken (only OCS Application Host service started). However, uninstalling KB974571 did not fix my OCS.

    The next error after event id 12290 is event id 12299 with the following details:

    “The service is shutting down due to an internal error.
    Error Code: C3E93C23 (SIPPROXY_E_INVALID_INSTALLATION_DATA)
    Cause: Check the previous entries in the event log for the failure reason.
    Resolution:
    Check the previous event log entries and resolve them. Restart the server. If the problem persists contact Product Support Services.”

    Any idea how to fix my broken OCS?

    28. October, 2009, 13:23

  43. Microsoft finally fixes MS09-056 OCS issue » Lukas Beeler’s IT Blog » Blog Archive:

    [...] which will fix the incorrect ASN License data – something which i already guessed about in my previous post about this issue. Category: Fillers  |  Comment (RSS) [...]

    28. October, 2009, 20:32

  44. Marc:

    I’m with everyone else here, thanks! Great post!

    4. December, 2009, 19:38

  45. Luiz I.:

    Thanks for the comment. I was expending hours looking to some dung error messages and would never find it. I “love” when MS does it to their own products.

    10. December, 2009, 18:10

  46. Bob R:

    Microsoft has provided a fix for this issue. The fix (ocsasnfix.exe) is available at http://support.microsoft.com/kb/974571 Doug Deitterick–the person whose blog is referenced in the update link above–passed information about this fix on to me.

    Good news is the fix works like a charm.

    8. January, 2010, 10:13

Leave a comment