For future reference, disabling TLS 1.2 on your Lync 2013 standard edition frontend will break your ability to update windows server 2012. You’ll end up w/ error 80240437 that’s pretty damn useless. Meanwhile, manual installation of cumulative updates work, and your other (mediation, edge, monitor, etc) roles all work and patch fine, just your frontend is f’d. Hopefully you stumble across this technet post and look at the second to last post before you go down the rabbit hole. A light bulb will go off and you’ll remember the registry hacks you applied from here several months ago. To patch your server, you’ll need to disable the reg hacks by re-enabling TLS 1.2 (set disable to 0), running windows update, then re-enable the registry hacks. Afterwards, grab some rye and curse Microsoft.