There have been several reports of failures in the ConfigMgr environment shortly after installing this update.
Scenario:
Server 2008 / 2008 R2
SQL 2012 / SQL 2012 SP1
ConfigMgr 2012 installed.
KB 2840628, (MS13-052) .NET 4 update installed.
This update replaces (http://support.microsoft.com/kb/2656405/ ) MS12-034:
From Microsoft:
Scenario:
Server 2008 / 2008 R2
SQL 2012 / SQL 2012 SP1
ConfigMgr 2012 installed.
KB 2840628, (MS13-052) .NET 4 update installed.
This update replaces (http://support.microsoft.com/kb/2656405/ ) MS12-034:
From Microsoft:
Issue 1:
Configuration Manager 2012
Database
replication between sites (CAS/Primary/Secondary) with SQL 2012 will
fail.
The
rcmctrl.log file on the failing site(s) will contain entries similar the
following:
//
Launching 2 sprocs
on queue ConfigMgrDRSQueue and 0 sprocs on queue
ConfigMgrDRSSiteQueue.
SMS_REPLICATION_CONFIGURATION_MONITOR
The asynchronous
command finished with return message: [A .NET Framework error occurred during
execution of user-defined routine or aggregate "spDRSActivation":
~~System.TypeInitializationException: The type initializer for
'System.Data.SqlClient.SqlConnection' threw an exception. --->
System.TypeInitializationException: The type initializer for
'System.Data.SqlClient.SqlConnectionFactory' threw an exception. --->
System.TypeInitializationException: The type initializer for
'System.Data.SqlClient.SqlPerformanceCounters' threw an exception. --->
System.MethodAccessException: Attempt by method
'System.Configuration.TypeUtil.CreateInstanceRestricted(System.Type,
System.Type)' to access method
'System.Diagnostics.SwitchElementsCollection..ctor()' failed. --->
System.Security.SecurityException: Request failed… [truncated for
readability]
//
Temporary
workarounds
While
investigation continues into the best long term solution, the following short
term changes can be made to unblock customers in this
state:
In SQL
Management Studio on the affected server, change the Permission set to
Unrestricted for the MessageHandlerService Assembly. This is done in the
Assembly properties via:
SQL Server -> Databases ->
(Site Database) -> Programmability -> Assemblies ->
MessageHandlerService
Once the
change is made, replication between sites should automatically recover within
5-10 minutes.
Issue 2:
Configuration Manager 2012
Software
Update Point synchronization may fail at the end of the sync process. The
WSyncMgr.log will have entries similar to the following:
//
error 14: SQL Error
Message Failed to generate documents:A .NET Framework error occurred during
execution of user-defined routine or aggregate
"fnGenerateLanternDocumentsTable": ~~System.TypeInitializationException: The
type initializer for 'System.Data.SqlClient.SqlConnection' threw an exception.
---> System.TypeInitializationException: The type initializer for
'System.Data.SqlClient.SqlConnectionFactory' threw an exception. --->
System.TypeInitializationException: The type initializer for
'System.Data.SqlClient.SqlPerformanceCounters' threw an exception. --->
System.MethodAccessException: Attempt by method
'System.Configuration.TypeUtil.CreateInstanceRestricted(System.Type,
System.Type)' to access method
'System.Diagnostics.SwitchElementsCollection..ctor()' failed. --->
System.Security.SecurityException: Request failed… [truncated for
readability]
//
Temporary
Workarounds
Similar to
Issue 1, the SMSSQLCLR assembly Permission Set can be changed to Unrestricted.
From SQL Management Studio:
SQL Server -> Databases ->
(Site Database) -> Programmability -> Assemblies ->
SMSSQLCLR
Issue 3:
Configuration Manager 2007 <Unconfirmed>
Client
location requests for content do not return any Distribution Points. The
MP_Location.log on the Management Point will have entries similar to the
following:
//
CMPDBConnection::ExecuteSQL():
ICommandText::Execute() failed with 0x80040E14
CHandleLocationRequest::CreateReply
failed with error (80040e14).
//
Temporary
Workarounds
We are
still working to reproduce this internally. In the meantime, the same procedure
noted in Issue 2 above should work around the issue.
Patch
Uninstall
Uninstalling KB2840628 has been
reported to resolve all issues.
However,
removal of a security patch should not be a blanket recommendation; instead
anyone that wishes to uninstall until a permanent solution is found should
assess the risk of exposure in their own environment. Details on the security
vulnerability can be found here:
https://technet.microsoft.com/en-us/security/bulletin/MS13-052
Update: Microsoft has released a blog about the topic so watch here for changes:
http://blogs.technet.com/b/configmgrteam/archive/2013/07/17/issues-reported-with-ms13-052-kb2840628-and-configmgr.aspx
Update: Microsoft has released a blog about the topic so watch here for changes:
http://blogs.technet.com/b/configmgrteam/archive/2013/07/17/issues-reported-with-ms13-052-kb2840628-and-configmgr.aspx
