CM issues with MS13-052 KB2840628
Update from Microsoft on this issue: http://blogs.technet.com/b/configmgrteam/archive/2013/07/17/issues-reported-with-ms13-052-kb2840628-and-configmgr.aspx
Ah, the importance of testing patches! I was up with John Nelson until 4:30 on Wednesday night trying to figure out why the CM07 clients couldn't get content. Evidently, one of the .NET patches this month causes issues.
CM07 only:
We found that this update was causing errors in the MP_Location.log - clients couldn't get location data to find DPs.
CMPDBConnection::ExecuteSQL(): ICommandText::Execute() failed with 0x80040E14
CHandleLocationRequest::CreateReply failed with error (80040e14).
Uninstalling the patch from our Server 2008 R2 MPs and rebooting them cleared the issue up. And actually, if you stop SQL before uninstalling the patch, you won't have to reboot (just remember to start it again). Also, this may affect only MP replicas since I have not heard of other people having the issue.
We also found it to kill the ability to generate a snapshot on the primary sites and removed it from them as well.
For CM12:
Microsoft is hearing reports about this patch too. Here is what they had to say about it so far.
Issue 1:
Database replication between sites (CAS/Primary/Secondary) with SQL 2012 will fail.
The rcmctrl.log file on the failing site(s) will contain entries similar the following://
Launching 2 sprocs on queue ConfigMgrDRSQueue and 0 sprocs on queue ConfigMgrDRSSiteQueue. SMS_REPLICATION_CONFIGURATION_MONITOR
The asynchronous command finished with return message: [A .NET Framework error occurred during execution of user-defined routine or aggregate "spDRSActivation": ~~System.TypeInitializationException: The type initializer for 'System.Data.SqlClient.SqlConnection' threw an exception. ---> System.TypeInitializationException: The type initializer for 'System.Data.SqlClient.SqlConnectionFactory' threw an exception. ---> System.TypeInitializationException: The type initializer for 'System.Data.SqlClient.SqlPerformanceCounters' threw an exception. ---> System.MethodAccessException: Attempt by method 'System.Configuration.TypeUtil.CreateInstanceRestricted(System.Type, System.Type)' to access method 'System.Diagnostics.SwitchElementsCollection..ctor()' failed. ---> System.Security.SecurityException: Request failed... [truncated for readability]
//
Temporary workarounds
While investigation continues into the best long term solution, the following short term changes can be made to unblock customers in this state:
In SQL Management Studio on the affected server, change the Permission set to Unrestricted for the MessageHandlerService Assembly. This is done in the Assembly properties via:
SQL Server -> Databases -> (Site Database) -> Programmability -> Assemblies -> MessageHandlerService
Once the change is made, replication between sites should automatically recover within 5-10 minutes.
Issue 2:
Software Update Point synchronization may fail at the end of the sync process. The WSyncMgr.log will have entries similar to the following://
error 14: SQL Error Message Failed to generate documents:A .NET Framework error occurred during execution of user-defined routine or aggregate "fnGenerateLanternDocumentsTable": ~~System.TypeInitializationException: The type initializer for 'System.Data.SqlClient.SqlConnection' threw an exception. ---> System.TypeInitializationException: The type initializer for 'System.Data.SqlClient.SqlConnectionFactory' threw an exception. ---> System.TypeInitializationException: The type initializer for 'System.Data.SqlClient.SqlPerformanceCounters' threw an exception. ---> System.MethodAccessException: Attempt by method 'System.Configuration.TypeUtil.CreateInstanceRestricted(System.Type, System.Type)' to access method 'System.Diagnostics.SwitchElementsCollection..ctor()' failed. ---> System.Security.SecurityException: Request failed... [truncated for readability]
//
Temporary Workarounds
Similar to Issue 1, the SMSSQLCLR assembly Permission Set can be changed to Unrestricted. From SQL Management Studio:
SQL Server -> Databases -> (Site Database) -> Programmability -> Assemblies -> SMSSQLCLR
Patch Uninstall
Uninstalling KB2840628 has been reported to resolve all issues.
However, removal of a security patch should not be a blanket recommendation; instead anyone that wishes to uninstall until a permanent solution is found should assess the risk of exposure in their own environment. Details on the security vulnerability can be found here:
https://technet.microsoft.com/en-us/security/bulletin/MS13-052
- Created on .