Skip to main content

We can’t connect to the server for presenting right now.


Issue: Skype for Business meeting features no longer function in Lync Server 2010, Lync Server 2013, or Skype for Business Server 2015 after installing Security Bulletin MS16-065.
Error message:

We can’t connect to the server for presenting right now.
An error occurred during the Skype Meeting.
Network issues are keeping you from sharing notes and presenting whiteboards, polls and uploaded Pow…
 


Problem Statement:

Above error messages that users may receive when this problem occurs after you install the Microsoft .NET Framework Security Update MS16-065 on a Front End or Standard Edition server for Lync Server 2010, Lync Server 2013, or Skype for Business Server 2015, several conferencing modalities no longer function for internal users.

The following are known modalities affected by this issue:

·       Whiteboards

·       Uploading PowerPoint Presentations

·       Sharing Notes

·       Polls

·       Q&A

This problem occurs because an information disclosure vulnerability exists in the Transport Layer Security protocol and the Secure Sockets Layer protocol (TLS/SSL) as they are implemented in the encryption component of the Microsoft .NET Framework. An attacker who successfully exploits this vulnerability can decrypt encrypted TLS/SSL traffic.

This vulnerability is fixed by the security update that's discussed in Microsoft Security Bulletin MS16-065. This update changes the way that the .NET Framework encryption component sends and receives encrypted network packets.

The changes that are introduced in this security update affect how Skype for Business, Lync, and Lync for Mac desktop clients communicate together with the Web Conferencing Service on the Front End and Standard Edition servers. These changes cause the problems that are mentioned in the problem statement section.


Workaround:

May 2016 .NET security update released by Microsoft actually breaks PowerPoint presentation and whiteboard, Sharing note, Q&A etc in Skype for Business/ Lync most of versions.

Also It has been confirmed in all server versions; 2010, 2013 and 2015. It is reproducible every time upon installing and removing the security update.

Uninstalling the 3142030 update and rebooting the server or using a regkey/reboot fixes the break, but effectively removes the security fix.

Workaround provided by Microsoft:

Warning these workarounds may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend these workarounds. However, we are providing this information so that you can implement these workarounds at your own discretion. Use these workarounds at your own risk.

Important Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.

To work around this issue, follow the guidance in the following article in the Microsoft Knowledge Base:

3155464 MS16-065: Description of the TLS/SSL protocol information disclosure vulnerability (CVE-2016-0149): May 10, 2016


Additionally, an exception must be added to be able to restart the DATAMCUSVC.exe process and the version-appropriate Web Conferencing service. Use the following examples for setting the exception in your environment.

For Skype for Business Server 2015

1.    Determine and record the path in which the DATAMCUSVC.exe file is located on the server.
Note By default, the installation path is as follows:

C:\Program Files\Skype for Business Server 2015\Web Conferencing

You can also obtain this information through the Services tool by reviewing the properties of the Skype for Business Server Web Conferencing service.

2.    Start Registry Editor. To do this, click Start, click Run, type regedit, and then click OK.Locate the following registry subkey:

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\System.Net.ServicePointManager.SchSendAuxRecord
Note If you are proactively deploying the update in advance of applying the .NET Framework security update, you must create one or more keys manually because they do not yet exist.

3.    Create the following DWORD name and value:

DWORD Name:Path_obtained_in_Step_1\DATAMCUSVC.exe
DWORD Value: 0

Important Do not include quotation marks in the DWORD name.

The new DWORD name and value should resemble the following:

DWORD Name: C:\Program Files\Skype for Business Server 2015\Web Conferencing\DATAMCUSVC.exe
DWORD Value: 0

4.    Restart the Skype for Business Server Web Conferencing service (RTCDATAMCU).

5.    Users must log in again by using their Lync or Skype for Business desktop client in order to completely resolve the problem.

For Lync Server 2013

1.    Determine and record the path in which DATAMCUSVC.exe is located on the server.
Note By default, the installation path is the following:

C:\Program Files\Microsoft Lync Server 2013\Web Conferencing

You can also obtain this information through the Services tool by reviewing the properties of the Lync Server Web Conferencing service.

2.    Start Registry Editor. To do this, click Start, click Run, type regedit, and then click OK.

3.    Locate the following registry subkey:

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\System.Net.ServicePointManager.SchSendAuxRecord
Note If you are proactively deploying the update in advance of applying the .NET Framework security update, you must create one or more keys manually because they do not yet exist.

4.    Create the following DWORD name and value:

DWORD Name:Path_obtained_in_Step_1\DATAMCUSVC.exe
DWORD Value: 0

Important Do not include quotation marks in the DWORD name.
The new DWORD name and value should resemble the following:

DWORD Name: C:\Program Files\Microsoft Lync Server 2013\Web Conferencing\DATAMCUSVC.exe
DWORD Value: 0

5.    Restart the Lync Server Web Conferencing Service (RTCDATAMCU).

6.    Users must log in again by using their Lync or Skype for Business desktop client in order to completely resolve the problem.

For Lync Server 2010

1.    Determine and record the path in which DATAMCUSVC.exe is located on the server.
Note By default, the installation path is the following:

C:\Program Files\Microsoft Lync Server 2010\Web Conferencing
you can also obtain this information through the Services tool by reviewing the properties of the Lync Server Web Conferencing Service.

2.    Start Registry Editor. To do this, click Start, click Run, type regedit, and then click OK.

3.    Locate the following registry subkey:

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\System.Net.ServicePointManager.SchSendAuxRecord
Note If you are proactively deploying the update in advance of applying the .NET Framework security update, you must create one or more keys manually because they do not yet exist.

4.    Create the following DWORD name and value:

DWORD Name:Path_obtained_in_Step_1\DATAMCUSVC.exe
DWORD Value: 0

Important Do not include quotation marks in the DWORD name.
The new DWORD name and value should resemble the following:

DWORD Name: C:\Program Files\Microsoft Lync Server 2010\Web Conferencing\DATAMCUSVC.exe
DWORD Value: 0

5.    Restart the Lync Server Web Conferencing service (RTCDATAMCU).

6.    Users must log in again by using their Lync or Skype for Business desktop client in order to completely resolve the problem.

7.    Test the meeting contact.

Thank you.

Comments

  1. Thank you kindly sir. Resolved my exact issue.

    ReplyDelete
  2. I am happy that it help you and resolved your issue.

    Regards
    Balu Ilag

    ReplyDelete
  3. Hi Balu,
    Does this apply to external conferencing or just internal? I can open whiteboard, polls, Q&A, and PP presentation internally, but an external user can't open this. They get the error We can’t connect to the server for presenting right now.

    ReplyDelete
  4. I'm getting the exact same problem. Internal users are ok, external users get the error. Removed 3142036 from FEs (2012 R2) and tried the registry keys - none have worked.

    ReplyDelete
  5. i have the same exact issue, internally is working fine, but externally no , although I removed the update

    ReplyDelete
  6. I've been using AVG protection for many years now, and I'd recommend this Anti-virus to all you.

    ReplyDelete

Post a Comment

Popular posts from this blog

Outlook Add-in for Skype meeting getting disable after restarting Outlook.

Issue: Outlook Add-in for Lync meeting getting disable after restarting Outlook.
Problem Statement: Outlook Add-ins gets install automatically when Office 2013 installs (Lync and Skype for Business clients are part of Office package). Add-ins name is Lync Meeting Scheduling Outlook Addin or Skype meeting Add-in for Microsoft Office 2013. Sometime if other add-ins conflict with Outlook add-ins then outlook add-in keep getting disabled. And user has to enable it manually after Outlook restarts. 
Resolution: By default Lync Meeting Scheduling Outlook Addin or Skype Meeting Add-in for Microsoft Office 2013 installs wit load behavior "Load at Startup". However due to some conflict users Lync or Skype add-ins load behavior get changed to loaded instead of "Load at Startup" had to re-enable Lync Meeting Add-In in each time Outlook 2013 was started as it was not set to "Load at Startup". Look at the below screenshot. Now question is how we can change load behavior …

Unable to share desktop in Skype for Business?

Unable to share desktop in Skype for Business?
You can show your entire desktop or just a program to everyone in a Skype for Business Meeting, call, or instant messaging (IM) conversation. However sometime this feature does not work and give different errors.  Error message: ·Cannot start Desktop/Application Sharing due to network issues. ·An error occurred during the screen presentation. Resolution: There are multiple thing which may affect application/desktop sharing. 1.Make sure application / desktop sharing enabled on Skype for Business / Lync Server. SfB /Lync Control Panel > Conferencing > Conferencing policy > select Global or create new policy and set enable ‘Enable application and desktop sharing’. Refer below image. 2.Make sure your Skype for Business (Lync) client is updated with latest cumulative updates. Download latest update Skype (Lync) client. 3.Update your Video and Display drivers. a.Go to Start > Control panel. b.Search for Device Manager, and then open it. c.Find V…

Unable to login to Skype for Business client?

Unable to login to Skype for Business client? In order to sign-in on Skype (Lync) you must have login credential provided to you from your organization. ·Sign-in address: bilag@orgname.com ·User name: orgname\bilag ·Password: ************
Note: Orgname.com is my SIP domain name. Here are the most common mistake people make while sign-in on Skype for Business (Lync).
1.If you have login credential however still unable to sign-in then make sure you are putting proper login credential. Below error shows when you are wrong entering your sign-in address:
2.If you are writing correct Sign-in address however getting DNS error then contact administrator/ Support team there may be a DNS resolution or configuration issue. Administrator need to verify the SfB (Lync) AutoDiscover DNS records. 3.Sometime users password may expired/ lockout: Make sure that you password is not expire and lockout. If yes then call to helpdesk and reset your password / unlock. 4.Make user to have updated Skype for Business cli…