Operating System Upgrade Service Release 2003.1.5asr25 (win-OS-Upgrade-K9.2003-1-5a-sr25.exe)

Release date: 17-January-2012

Document Revision 1

Microsoft provides monthly releases of security hotfixes on the 2nd Tuesday of each month.  Cisco’s monthly OS Service Release is scheduled to post on the 3rd Tuesday of each month.

Cisco will continue to test and release Microsoft hotfixes that meet our criteria for Critical hotfixes in 1 business day.  Any applicable critical hotfix released by Microsoft will be added to the Cisco IP Telephony Operating System, SQL Server, Security Updates document with and explanation about whether or not it is critical for Cisco IP Telephony servers and when it will be released by Cisco.

Caution:  Do not apply this service release with OS version 2000.4.x or previous OS release trains.  This service release is only compatible with the OS 2003.1.5x release trains.  You should apply this service release to all servers in your cluster.  This installation causes call-processing interruptions and requires a reboot.  Close all programs before proceeding including Internet Explorer to avoid conflicts with the software being installed and/or upgraded.

General Note: If the following messages are displayed during the installation, please click “OK” and continue. These will not affect this upgrade. The causes for these messages are under investigation:
            * The Instruction at "0X0cda00dd8" referenced memory at "0X0cda00dd8". The memory could not be read. Click OK to terminate the program (CSCeb31088)
            * The Instruction at "0X000000000" referenced memory at "0X000000000". The memory could not be read. Click OK to terminate the program (CSCed45218)
            * AddAnonymousWebUserAccess failure during CallManager installations (CSCed27066)

Naming Convention Change

 For operating system, SQL Server, and Cisco IP telephony application software updates, Cisco has replaced the term, support patch, with the term, service release.  Service releases provide the same functionality as support patches; that is, they provide bug fixes, etc.  

 Review the file naming convention before you apply the software update.

 <software_name>-<software version>_<sr(x)>

 <software name> equals the name of the application; <software version> equals the maintenance release; <sr(x)> equals the version of the service release

 For example, review the following file name:

 win-OS-Upgrade-K9.2000-4-2sr2.exe

 win-OS-Upgrade indicates that this file is an operating system upgrade file; K9 indicates that you download the file from the Cisco cryptographic website; 2000-4-2 indicates the operating system maintenance release version, and sr2 indicates that this file is the first version of the operating system upgrade service release.

Contents

This document contains information on the following topics.  Click the hyperlink to go directly to the section.

• Cisco Notification Tools

This section provides information about how to receive email notifications when new updates post to Cisco Connection Online.

• Information about This Service Release

This section provides general information and specifies the affected Cisco IP telephony applications, supported servers, and hotfixes that are automatically installed with this software update.

• Installing the Service Release

This section provides procedures for installing this service release on supported servers.

• Verifying Hotfixes By Using Microsoft Baseline Security Analyzer

This section provides a list of hotfixes that Microsoft Baseline Security Analyzer.  See this section if you want to verify which hotfixes exist on your server.

• Uninstalling Hotfixes

This section provides information about how to uninstall the Microsoft hotfixes.

Cisco Notification Tools

Cisco CallManager Notification Tool: Cisco has replaced the current Cisco CallManager notification tool with a new, more robust notification tool that is based on your Cisco.com profiles.  This new tool delivers email notifications for individual Cisco voice products that you select.  Follow the steps below to sign up for the Cisco Voice Technology Group Subscription Tool:

• Login with your Cisco.com account information at this link: http://www.cisco.com/cgi-bin/Software/Newsbuilder/Builder/VOICE.cgi
• Select "CallManager Cryptographic Software including OS updates" to receive notification when new operating system updates are posted.
• Select any other products updates that you wish to receive.
• Click update at the bottom of the page.

• Confirm your selections.

You may see this message at the bottom of the page: "Your Profile Currently Indicates that you do not wish to receive email from Cisco.”

To be able to receive information updates, you must update your email preferences.  Click on the link to update your email preferences (located in the Other Information section).  Click submit when you are done.  

If you have enabled email notification, you may exit now.  If you have not enabled email notification, then you will need to repeat the steps above.

This new software notification tool requires a valid Cisco.com login. If you do not currently have a Cisco.com password, please register with Cisco.com at: http://tools.cisco.com/RPF/register/register.do

Cisco PSIRT Advisory Notification Tool: This email service provides automatic notification of all Cisco Security Advisories that are released by the Cisco Product Security Incident Response Team (PSIRT).  Security Advisories, which describe security issues that directly impact Cisco products, provide a set of required actions to repair these products. To subscribe, click the following URL and perform the tasks as directed on the web page: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html#SecurityInfo

 Information about This Service Release

Review the following information before you install the service release:

• Cumulative Severity:  Important
• Description: OS Upgrade 2003.1.5a Service Release 25
• Minimum OS requirements: Fresh install of OS 2003.1.5, 2003.1.5a or a system upgraded to 2003.1.5 or 2003.1.5a
• Affected Cisco IP Telephony Applications:  All compatible versions of Cisco CallManager, Cisco IP Interactive Voice Response (IP IVR), Cisco IP Call Center Express (IPCC Express), Cisco Personal Assistant (PA), Cisco Emergency Responder (CER), Cisco Conference Connection (CCC), Cisco Customer Voice Portal (CVP), Cisco IP Queue Manager and Cisco MeetingPlace.

• Supported Servers:  All of the Cisco Media Convergence Servers (MCS) and Cisco-approved, customer-provided Compaq/HP and IBM server supported by 2003.1.5 fresh install and upgrades.  For further information see the Hardware Compatibility Matrixes at the following location:

http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_device_support_tables_list.html

• End of Life Notice: http://www.cisco.com/en/US/prod/collateral/voicesw/ps6788/vcallcon/ps556/end_of_life_notice_c51-612453.html
• Install time: < 20 Minutes per server
• Reboot required: Yes
• Replaces previously posted files: Previous 2003.1.5/2003.1.5a Service Releases
• Log File Location: C:\Program Files\Common Files\Cisco\Logs\OS

• Known Caveats: Please refer to the ‘Known Caveats’ section below.

Note:  Apply this service release to all servers in your cluster.

Caution:  This installation causes call-processing interruptions and requires a reboot.  Close ALL programs before proceeding including Internet Explorer.

This service release includes the following hotfixes and defect resolutions: 

 

Perform the following procedure to install the service release:

1.      Disable or uninstall all virus scanning software or Intrusion Detect Software (such as CSA) prior to running this installation.

2.      Download the file to a location that you will remember.

3.      Double click the executable.

4.      To acknowledge that the server runs OS version 2003.1.5 and that you are not installing the service release through Terminal Services, click Yes.  If the server does not run OS version 2003.1.5, install it before you run this service release.

5.      Files automatically extract and install on the server.

6.      After the installation finishes, it will report the number of errors detected and ask if you want to view the logfile.

7.      If there are no errors detected, you can select “No”; otherwise click yes to view the log.  There is an ERRORS section at the very end of the logfile to assist in finding the errors.

8.      Click OK to confirm the reboot

9.      Perform this procedure on all supported servers in the cluster.

10.  If you choose to do so, you can use the Baseline Security Analyzer to verify the hotfixes that are installed on each server.  See the “Verifying HotFixes By Using Baseline Security Analyzer” section.

 

Verifying HotFixes By Using Microsoft Baseline Security Analyzer

If you want to do so, you can use the Microsoft Baseline Security Analyzer utility (run c:\utils\mbsa_scan.cmd) to verify which hotfixes are installed on the server.

Microsoft Baseline Security Analyzer (MBSA)

Make sure that you review the Reason column of the MBSA report to identify whether the hotfix should be installed.  The following table shows expected results from MBSA on a fully patched system.   

Note:  The term, Note, in the Message column indicates that the utility is not able to detect whether the hotfix is installed.  Review the information in the Reason column for more information. 

Scan date: 12/13/2011 8:57 PM
Scanned with MBSA version: 2.1.2104.0
Catalog synchronization date: 2011-12-13T03:32:07Z
Security update catalog: Microsoft Update (offline)

  Security Updates Scan Results
   
        Issue:  Developer Tools, Runtimes, and Redistributables Security Updates
       Score:  Check passed
       Result: No security updates are missing.

        Current Update Compliance
       
            | MS11-025 | Installed | Security Update for Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package (KB2538242) | Important |
            | MS11-025 | Installed | Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243) | Important |

        Issue:  SDK Components Security Updates
       Score:  Check passed
       Result: No security updates are missing.

        Current Update Compliance
       
            | MS07-028 | Installed | Security Update for CAPICOM (KB931906) | Critical |

        Issue:  SQL Server Security Updates
       Score:  Check passed
       Result: No security updates are missing.

        Current Update Compliance
       
            | MS06-061 | Installed | MSXML 6.0 RTM Security Update  (925673) | Critical |
            | MS09-004 | Installed | Security Update for SQL Server 2000 Service Pack 4 (KB960082) | Important |

        Issue:  Windows Security Updates
       Score:  Check failed (non-critical)
       Result: 4 service packs or update rollups are missing.

        Update Rollups and Service Packs
       
            | 890830 | Missing | Windows Malicious Software Removal Tool - December 2011 (KB890830) |  |
            | 940767 | Missing | Windows Internet Explorer 7 for Windows Server 2003 |  |
            | 951847 | Missing | Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update (KB951847) x86 |  |
            | 944036 | Missing | Internet Explorer 8 for Windows Server 2003 |  |

        Current Update Compliance
       
            | MS09-071 | Installed | Security Update for Windows Server 2003 (KB974318) | Important |
            | MS10-097 | Installed | Security Update for Windows Server 2003 (KB2443105) | Important |
            | MS11-098 | Installed | Security Update for Windows Server 2003 (KB2633171) | Important |
            | MS10-007 | Installed | Security Update for Windows Server 2003 (KB975713) | Critical |
            | MS11-063 | Installed | Security Update for Windows Server 2003 (KB2567680) | Important |
            | MS08-046 | Installed | Security Update for Windows Server 2003 (KB952954) | Critical |
            | MS10-029 | Installed | Security Update for Windows Server 2003 (KB978338) | Moderate |
            | MS10-083 | Installed | Security Update for Windows Server 2003 (KB979687) | Important |
            | MS11-014 | Installed | Security Update for Windows Server 2003 (KB2478960) | Important |
            | MS11-005 | Installed | Security Update for Windows Server 2003 (KB2478953) | Important |
            | MS08-069 | Installed | Security Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB954430) | Important |
            | MS09-010 | Installed | Security Update for Windows Server 2003 (KB923561) | Important |
            | MS11-099 | Installed | Cumulative Security Update for Internet Explorer 6 for Windows Server 2003 (KB2618444) | Low |
            | MS10-096 | Installed | Security Update for Windows Server 2003 (KB2423089) | Important |
            | MS10-070 | Installed | Security Update for Microsoft .NET Framework 1.1 SP1, Windows Server 2003, and Windows Server 2003 R2 x86 (KB2416451) | Important |
            | MS11-078 | Installed | Security Update for Microsoft .NET Framework 1.1 SP1 on Windows Server 2003 and Windows Server 2003 R2 x86 (KB2572069) | Critical |
            | MS09-051 | Installed | Security Update for Windows Media Format Runtime 9.5 for Windows Server 2003 (KB954155) | Critical |
            | MS11-065 | Installed | Security Update for Windows Server 2003 (KB2570222) | Important |
            | MS08-007 | Installed | Security Update for Windows Server 2003 (KB946026) | Important |
            | 2633952 | Installed | Update for Windows Server 2003 (KB2633952) |  |
            | MS11-013 | Installed | Security Update for Windows Server 2003 (KB2478971) | Important |
            | MS10-082 | Installed | Security Update for Windows Server 2003 (KB2378111) | Important |
            | MS08-071 | Installed | Security Update for Windows Server 2003 (KB956802) | Critical |
            | MS11-038 | Installed | Security Update for Windows Server 2003 (KB2476490) | Critical |
            | MS09-037 | Installed | Security Update for Windows Server 2003 (KB973815) | Critical |
            | MS07-067 | Installed | Security Update for Windows Server 2003 (KB944653) | Important |
            | MS09-012 | Installed | Security Update for Windows Server 2003 (KB956572) | Important |
            | MS07-020 | Installed | Security Update for Windows Server 2003 (KB932168) | Moderate |
            | MS11-093 | Installed | Security Update for Windows Server 2003 (KB2624667) | Important |
            | MS09-041 | Installed | Security Update for Windows Server 2003 (KB971657) | Important |
            | MS09-056 | Installed | Security Update for Windows Server 2003 (KB974571) | Important |
            | MS10-013 | Installed | Security Update for Windows Server 2003 (KB975560) | Critical |
            | 914961 | Installed | Windows Server 2003 Service Pack 2 (32-bit x86) |  |
            | MS11-070 | Installed | Security Update for Windows Server 2003 (KB2571621) | Important |
            | MS08-005 | Installed | Security Update for Windows Server 2003 (KB942831) | Important |
            | MS09-046 | Installed | Security Update for Windows Server 2003 (KB956844) | Moderate |
            | MS10-019 | Installed | Security Update for Windows Server 2003 (KB979309) | Critical |
            | MS10-033 | Installed | Security Update for Windows Media Format Runtime 9.5 for Windows Server 2003 (KB978695) | Critical |
            | MS10-042 | Installed | Security Update for Windows Server 2003 (KB2229593) | Low |
            | MS10-040 | Installed | Security Update for Windows Server 2003 (KB982666) | Important |
            | MS09-057 | Installed | Security Update for Windows Server 2003 (KB969059) | Important |
            | MS09-052 | Installed | Security Update for Windows Server 2003 (KB974112) | Critical |
            | MS09-037 | Installed | Security Update for Windows Server 2003 (KB973507) | Critical |
            | MS07-017 | Installed | Security Update for Windows Server 2003 (KB925902) | Critical |
            | MS09-048 | Installed | Security Update for Windows Server 2003 (KB967723) | Important |
            | MS09-037 | Installed | Security Update for Windows Server 2003 (KB973869) | Critical |
            | MS09-073 | Installed | Security Update for Windows Server 2003 (KB973904) | Important |
            | MS10-081 | Installed | Security Update for Windows Server 2003 (KB2296011) | Important |
            | MS11-062 | Installed | Security Update for Windows Server 2003 (KB2566454) | Important |
            | MS11-037 | Installed | Security Update for Windows Server 2003 (KB2544893) | Low |
            | MS11-043 | Installed | Security Update for Windows Server 2003 (KB2536276) | Critical |
            | MS10-065 | Installed | Security Update for Windows Server 2003 (KB2124261) | Important |
            | MS11-031 | Installed | Security Update for Windows Server 2003 (KB2510587) | Critical |
            | MS10-052 | Installed | Security Update for Windows Server 2003 (KB2115168) | Critical |
            | MS10-001 | Installed | Security Update for Windows Server 2003 (KB972270) | Low |
            | MS11-032 | Installed | Security Update for Windows Server 2003 (KB2507618) | Important |
            | MS10-049 | Installed | Security Update for Windows Server 2003 (KB980436) | Critical |
            | MS08-069 | Installed | Security Update for Microsoft XML Core Services 6.0 Service Pack 2 (KB954459) | Important |
            | MS11-090 | Installed | Cumulative Security Update for ActiveX Killbits for Windows Server 2003 (KB2618451) | Critical |
            | MS11-052 | Installed | Security Update for Internet Explorer 6 for Windows Server 2003 (KB2544521) | Moderate |
            | MS11-020 | Installed | Security Update for Windows Server 2003 (KB2508429) | Critical |
            | MS08-036 | Installed | Security Update for Windows Server 2003 (KB950762) | Important |
            | MS11-075 | Installed | Security Update for Windows Server 2003 (KB2564958) | Important |
            | MS10-013 | Installed | Security Update for Windows Server 2003 (KB977914) | Critical |
            | MS08-067 | Installed | Security Update for Windows Server 2003 (KB958644) | Critical |
            | MS10-033 | Installed | Security Update for Windows Server 2003 (KB975562) | Critical |
            | MS09-012 | Installed | Security Update for Windows Server 2003 (KB952004) | Important |
            | MS09-013 | Installed | Security Update for Windows Server 2003 (KB960803) | Critical |
            | MS11-011 | Installed | Security Update for Windows Server 2003 (KB2393802) | Important |
            | MS06-078 | Installed | Security Update for Windows Media Player 6.4 (KB925398) | Critical |
            | MS09-022 | Installed | Security Update for Windows Server 2003 (KB961501) | Moderate |
            | MS11-030 | Installed | Security Update for Windows Server 2003 (KB2509553) | Important |
            | MS10-033 | Installed | Security Update for Windows Server 2003 (KB979482) | Critical |
            | MS08-076 | Installed | Security Update for Windows Server 2003 (KB952069) | Important |
            | MS09-042 | Installed | Security Update for Windows Server 2003 (KB960859) | Important |
            | MS11-087 | Installed | Security Update for Windows Server 2003 (KB2639417) | Critical |
            | MS11-042 | Installed | Security Update for Windows Server 2003 (KB2535512) | Critical |
            | MS11-071 | Installed | Security Update for Windows Server 2003 (KB2570947) | Important |
            | MS07-040 | Installed | Security Update for Microsoft .NET Framework, Version 1.1 Service Pack 1 (KB933854) | Critical |
            | MS11-029 | Installed | Security Update for Windows Server 2003 (KB2412687) | Critical |
            | MS11-097 | Installed | Security Update for Windows Server 2003 (KB2620712) | Important |
            | MS09-069 | Installed | Security Update for Windows Server 2003 (KB974392) | Important |
            | MS11-006 | Installed | Security Update for Windows Server 2003 (KB2483185) | Critical |
            | MS10-063 | Installed | Security Update for Windows Server 2003 (KB981322) | Critical |
            | MS09-040 | Installed | Security Update for Windows Server 2003 (KB971032) | Important |
            | MS11-024 | Installed | Security Update for Windows Server 2003 (KB2506212) | Important |
            | MS10-005 | Installed | Security Update for Windows Server 2003 (KB978706) | Moderate |
            | MS09-044 | Installed | Security Update for Windows Server 2003 (KB958469) | Critical |
            | MS10-019 | Installed | Security Update for Windows Server 2003 (KB978601) | Critical |
            | MS10-020 | Installed | Security Update for Windows Server 2003 (KB980232) | Critical |
            | MS10-026 | Installed | Security Update for Windows Server 2003 (KB977816) | Critical |
            | MS07-068 | Installed | Security Update for Windows Server 2003 (KB941569) | Critical |
            | MS11-033 | Installed | Security Update for Windows Server 2003 (KB2485663) | Important |
            | MS09-015 | Installed | Security Update for Windows Server 2003 (KB959426) | Moderate |
            | MS10-074 | Installed | Security Update for Windows Server 2003 (KB2387149) | Moderate |
            | MS10-062 | Installed | Security Update for Windows Server 2003 (KB975558) | Critical |
            | MS10-061 | Installed | Security Update for Windows Server 2003 (KB2347290) | Important |
            | MS11-080 | Installed | Security Update for Windows Server 2003 (KB2592799) | Important |
            | MS10-041 | Installed | Microsoft .NET Framework 1.1 SP1 Security Update for Windows Server 2003 x86 and Windows Server 2003 R2 x86 (KB979907) | Important |
            | MS10-051 | Installed | Security Update for Windows Server 2003 (KB2079403) | Moderate |
            | MS09-051 | Installed | Security Update for Windows Server 2003 (KB975025) | Critical |
            | MS09-037 | Installed | Security Update for Windows Server 2003 (KB973540) | Critical |
            | MS11-002 | Installed | Security Update for Windows Server 2003 (KB2419635) | Important |
            | MS11-095 | Installed | Security Update for Windows Server 2003 (KB2621146) | Important |
            | MS11-056 | Installed | Security Update for Windows Server 2003 (KB2507938) | Important |
            | MS08-049 | Installed | Security Update for Windows Server 2003 (KB950974) | Important |
            | MS10-084 | Installed | Security Update for Windows Server 2003 (KB2360937) | Important |
            | MS10-076 | Installed | Security Update for Windows Server 2003 (KB982132) | Critical |
            | MS07-034 | Installed | Cumulative Security Update for Outlook Express for Windows Server 2003 (KB929123) | Low |
            | MS10-099 | Installed | Security Update for Windows Server 2003 (KB2440591) | Important |
            | MS11-058 | Installed | Security Update for Windows Server 2003 (KB2562485) | Important |
            | MS09-020 | Installed | Security Update for Windows Server 2003 (KB970483) | Important |
            | MS10-030 | Installed | Security Update for Windows Server 2003 (KB978542) | Critical |

2011-12-13 20:57:56 : MBSA_Scan successfully executed
2011-12-13 20:57:56 : Successfully stopped wuauserv
[SC] ChangeServiceConfig SUCCESS
2011-12-13 20:57:56 : Success detected disabling wuauserv
2011-12-13 20:57:56 :
2011-12-13 20:57:56 : End MBSA Scan

Known Caveats

• Several security updates, such as MS07-009, MS08-069 or MS09-004 are only resolved when executing this SR AFTER the application is installed. (ie CallManager or CRS)
• CSCta89444: SQL server replication issue after applying OS patch (UCCX 7.0 systems)
• CSCtb43307: This defect is only resolved when installing this SR after any any CRS upgrade.
• CSCte18600: Manually stop the CRS Node Manager service prior to running this SR. Should the service not stop, reboot and manually stop the service prior to running this SR.

• CSCte15704: Starting with 2003.1.5aSR4, a utility is placed on the system for very specific customer configurations involving 40+ shared lines across 40+ endpoints with the endpoints also spread across multiple nodes in the cluster. See c:\utils\CSCte15704_Readme.txt for usage details. This utility not recommended for usage in a normal environment.
  

Uninstalling Hotfixes

 If you need to uninstall this OS Service Release or one of its hotfixes, follow the uninstall procedures exactly as they appear in this section.  Most hotfixes have an uninstall program provided by Microsoft, but there are caveats associated with uninstalling the hotfixes, This section provides procedures to uninstall a single hotfix and to uninstall the entire OS Service Release.

 Perform the following procedure to uninstall a single hotfix:

1.      Verify whether the hotfix can be uninstalled by checking the Uninstall Supported column of the Hotfixes That Are Included in the Service Release table.  If No displays in that column, you cannot use this procedure to uninstall the hotfix.  The only way to return the server to a state without the hotfix, is to fail back to a saved copy of the mirrored drive or rebuild the server, install the IP Telephony application, and restore the database.  If Yes displays in the Uninstall Supported column, continue with Step 2.

2.      Choose Start > Settings > Control Panel > Add/Remove Programs.  Hotfixes appear near the bottom of the Add/Remove Programs window.  Each hotfix begins with Windows 2003 Hotfix and is followed by the Microsoft Knowledge Base (KB or Q) article number.  You can use the Hotfixes That Are Included in the Service Release table to convert the security bulletin number (MS05-053) to a KB or Q number (KB896424).

3.      Select the hotfix you want to uninstall and click Change/Remove.  The Windows 2003 <hotfix number> Removal Wizard displays. 

4.      Click Next.  The steps may differ, depending on the uninstall program provided with the hotfix.  If a window appears with a message asking whether you want to uninstall the hotfix, click Yes.

5.      It’s very likely that the Inspecting Current Configuration step of the Removal Wizard will detect a list of hotfixes or programs that may be affected by removing this hotfix.  Record this list.  All the hotfixes listed will need to be re-installed and any applications listed should be checked to confirm they are still working properly.  Removing this hotfix will replace the system files it backed up with it was originally installed.  Other hotfixes or applications may be dependant on these same files.  The Removal Wizard does not know whether or not the applications or hotfixes will be affected.  It just has detected that they have been installed after the hotfix being removed was installed.  After recording the list, click Yes.

6.      Click Finish.  The server will reboots, if needed.  If you are prompted to reboot, click Yes.

7.      If the Inspecting Current Configuration step of the Removal Wizard listed any other hotfixes, reinstall those hotfixes now.  The the individual hotfix installations can be found in C:\Program Files\Cisco\Updates\2003.1.x_common.  The files will be named by their KB or Q number and should match what you have written down.  Double-click the first hotfix that is on your list of hotfixes that need to be reinstalled, and follow the prompts to install the hotfix.  Repeat this step for each hotfix you need to reinstall.  You do not need to reboot between hotfixes.  Once you have reinstalled all the hotfixes on your list, reboot the server.

8.      If the Inspecting Current Configuration step of the Removal Wizard listed any applications, confirm that they are still working properly.

Perform the following procedure to uninstall this entire OS Service Release:

1.      In order to determine what hotfixes need to be uninstalled, you need to determine what the OS level was before you applied this Service Release.  The minimum OS level for this Service Release is OS Upgrade 2003.1.3b so that is the starting point.  To determine what Service Releases where applied after OS Upgrade 2003.1.3b, use the History.log file.  Click Start > Cisco Install Logs  (C:\Program Files\Common Files\Cisco\Logs)

2.      Double-click History.log (or just History if known file extensions are hidden)

3.      Find OS Upgrade 2003.1.5 and search down the list for the last 2003.1.5SR# before the one you are trying to uninstall.  Record this Service Release number.

4.      Use the Hotfixes That Are Included in the Service Release table to find all the hotfixes installed after the Service Release recorded in the previous step.

5.      Choose Start > Settings > Control Panel > Add/Remove Programs.  Hotfixes appear near the bottom of the Add/Remove Programs window.  Each hotfix begins with Windows 2003 Hotfix and is followed by the Microsoft Knowledge Base (KB or Q) article number.  You can use the Hotfixes That Are Included in the Service ReleaseHotfixes That Are Included in the Service Release table to convert the security bulletin number (e.g. MS05-053) to a KB or Q number (e.g. KB896424).

6.      Select the hotfix you want to uninstall and click Change/Remove.  The Windows 2003 <hotfix number> Removal Wizard displays. 

7.      Click Next.  The steps may differ, depending on the uninstall program provided with the hotfix.  If a window appears with a message asking whether you want to uninstall the hotfix, click Yes.

8.      It’s very likely that the Inspecting Current Configuration step of the Removal Wizard will detect a list of hotfixes or programs that may be affected by removing this hotfix.  Record this list.  All the hotfixes listed will need to be re-installed and any applications listed should be checked to confirm they are still working properly.  Removing this hotfix will replace the system files it backed up with it was originally installed.  Other hotfixes or applications may be dependant on these same files.  The Removal Wizard does not know whether or not the applications or hotfixes will be affected.  It just has detected that they have been installed after the hotfix being removed was installed.  After recording the list, click Yes.

9.      Click Finish.  The server will reboots, if needed.  If you are prompted to reboot, click Yes.

10.  Follow steps 6 - 9 until all the hotfix you want to uninstall have been removed.

11.  If the Inspecting Current Configuration step of the Removal Wizard listed any other hotfixes, reinstall those hotfixes now.  The the individual hotfix installations can be found in C:\Program Files\Cisco\Updates\2003.1.x_common.  The files will be named by their KB or Q number and should match what you have written down.  Double-click the first hotfix that is on your list of hotfixes that need to be reinstalled, and follow the prompts to install the hotfix.  Repeat this step for each hotfix you need to reinstall.  You do not need to reboot between hotfixes.  Once you have reinstalled all the hotfixes on your list, reboot the server.

12.  If the Removal Wizard listed any applications in the Inspecting Current Configuration step, confirm that they are still working properly.

Instructions for enabling TLS for RDP connections (CSCti68522)

The following are specific instructions for a Cisco Unified Communications Manager system. (For further details on this subject matter, see MS article: KB895433 How to configure a Windows Server 2003 terminal server to use TLS for server authentication: http://support.microsoft.com/kb/895433)

1. From Internet Explorer - go to https://hostname/CCMAdmin/Main.asp  (where hostname is the local servername)
2. Accept the certificate
3. Then to permanently import it, From the IE file menu, select properties, click certificates, and then click Install Certificate and follow the prompts.
4. Bring up Terminal Services Configuration
5. Right Click on RDP-Tcp and select Properties.
6. On the Security Layer dropdown, select "SSL"
7. Click Edit button next to "Certificate" box.
8. Select Certificate, and click OK.

9. When remotely connecting from an RDP client - the client will now request to verify the certificate. 

NOTE:  RDP 5.2 and higher clients will now be required to remotely connect to the server.  Older/incompatible RDP clients may attempt to connect and then appear to hang, or just error out.