Wednesday, July 17, 2013

SQL errors after installing 2840628, (MS13-052)

There have been several reports of failures in the ConfigMgr environment shortly after installing this update. 

Scenario:
Server 2008  / 2008 R2
SQL 2012  / SQL 2012 SP1
ConfigMgr 2012 installed.
 KB 2840628, (MS13-052) .NET 4 update installed.



This update replaces (http://support.microsoft.com/kb/2656405/ )    MS12-034:


From Microsoft:


 
Issue 1: Configuration Manager 2012

Database replication between sites (CAS/Primary/Secondary) with SQL 2012 will fail.

The rcmctrl.log file on the failing site(s) will contain entries similar the following:

//

Launching 2 sprocs on queue ConfigMgrDRSQueue and 0 sprocs on queue ConfigMgrDRSSiteQueue. SMS_REPLICATION_CONFIGURATION_MONITOR

The asynchronous command finished with return message: [A .NET Framework error occurred during execution of user-defined routine or aggregate "spDRSActivation": ~~System.TypeInitializationException: The type initializer for 'System.Data.SqlClient.SqlConnection' threw an exception. ---> System.TypeInitializationException: The type initializer for 'System.Data.SqlClient.SqlConnectionFactory' threw an exception. ---> System.TypeInitializationException: The type initializer for 'System.Data.SqlClient.SqlPerformanceCounters' threw an exception. ---> System.MethodAccessException: Attempt by method 'System.Configuration.TypeUtil.CreateInstanceRestricted(System.Type, System.Type)' to access method 'System.Diagnostics.SwitchElementsCollection..ctor()' failed. ---> System.Security.SecurityException: Request failed… [truncated for readability]

//

Temporary workarounds

While investigation continues into the best long term solution, the following short term changes can be made to unblock customers in this state:

In SQL Management Studio on the affected server, change the Permission set to Unrestricted for the MessageHandlerService Assembly. This is done in the Assembly properties via:

SQL Server -> Databases -> (Site Database) -> Programmability -> Assemblies -> MessageHandlerService

Once the change is made, replication between sites should automatically recover within 5-10 minutes.


Issue 2: Configuration Manager 2012

Software Update Point synchronization may fail at the end of the sync process. The WSyncMgr.log will have entries similar to the following:

//

error 14: SQL Error Message Failed to generate documents:A .NET Framework error occurred during execution of user-defined routine or aggregate "fnGenerateLanternDocumentsTable": ~~System.TypeInitializationException: The type initializer for 'System.Data.SqlClient.SqlConnection' threw an exception. ---> System.TypeInitializationException: The type initializer for 'System.Data.SqlClient.SqlConnectionFactory' threw an exception. ---> System.TypeInitializationException: The type initializer for 'System.Data.SqlClient.SqlPerformanceCounters' threw an exception. ---> System.MethodAccessException: Attempt by method 'System.Configuration.TypeUtil.CreateInstanceRestricted(System.Type, System.Type)' to access method 'System.Diagnostics.SwitchElementsCollection..ctor()' failed. ---> System.Security.SecurityException: Request failed… [truncated for readability]

//

Temporary Workarounds

Similar to Issue 1, the SMSSQLCLR assembly Permission Set can be changed to Unrestricted. From SQL Management Studio:

SQL Server -> Databases -> (Site Database) -> Programmability -> Assemblies -> SMSSQLCLR


Issue 3: Configuration Manager 2007 <Unconfirmed>

Client location requests for content do not return any Distribution Points. The MP_Location.log on the Management Point will have entries similar to the following:

//

CMPDBConnection::ExecuteSQL(): ICommandText::Execute() failed with 0x80040E14

CHandleLocationRequest::CreateReply failed with error (80040e14).

//

Temporary Workarounds

We are still working to reproduce this internally. In the meantime, the same procedure noted in Issue 2 above should work around the issue.


Patch Uninstall


Uninstalling KB2840628 has been reported to resolve all issues.

However, removal of a security patch should not be a blanket recommendation; instead anyone that wishes to uninstall until a permanent solution is found should assess the risk of exposure in their own environment. Details on the security vulnerability can be found here: