The System Center Data Access Service fails to start after applying KB2677070
Article ID: 2730040 - View products that this article applies to.
After applying KB2677070 (http://support.microsoft.com/kb/2677070), the System Center Data Access Service may fail to start with a Timeout error.
This issue occurs because the update changes the URLs used to contact Windows Update to download the trusted and untrusted CTLs. If the old URLs were hardcoded as exceptions in the firewall or proxy, the server running the Data Access Service will fail to download the new CTLs because it can't reach the updated web address.
The workaround for this is to ublock the updated URLs in the firewall or proxy or disable CRL checking for the Data Access Service.
The updated URLs are:
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
To disable CRL checking for the Data Access Service, open Microsoft.Mom.Sdk.ServiceHost.exe.config in a text editor and add the following line in the <runtime> section:
<generatePublisherEvidence enabled="false"/>
Below is an example of this tag being added for System Center 2012 Operations Manager:
<runtime>
<generatePublisherEvidence enabled="false"/>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="Microsoft.EnterpriseManagement.HealthService" publicKeyToken="31bf3856ad364e35" />
<publisherPolicy apply="no" />
<bindingRedirect oldVersion="6.0.4900.0" newVersion="7.0.5000.0" />
</dependentAssembly>
<publisherPolicy apply="no" />
<probing privatePath="" />
</assemblyBinding>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="Microsoft.Mom.Common" publicKeyToken="31bf3856ad364e35" />
<publisherPolicy apply="no" />
<bindingRedirect oldVersion="6.0.4900.0" newVersion="7.0.5000.0" />
</dependentAssembly>
<publisherPolicy apply="no" />
<probing privatePath="" />
</assemblyBinding>
<gcServer enabled="true"/>
</runtime>
The next example shows the same parameter added in the configuration file for System Center Operations Manager 2007 R2:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<runtime>
<generatePublisherEvidence enabled="false"/>
<gcServer enabled="true"/>
</runtime>
Microsoft.Mom.Sdk.ServiceHost.exe.config is found in the following directories (where x is the drive on which Operations Manager is installed):
Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use
The workaround for this is to ublock the updated URLs in the firewall or proxy or disable CRL checking for the Data Access Service.
The updated URLs are:
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
(http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab)
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
(http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab)
To disable CRL checking for the Data Access Service, open Microsoft.Mom.Sdk.ServiceHost.exe.config in a text editor and add the following line in the <runtime> section:
<generatePublisherEvidence enabled="false"/>
Below is an example of this tag being added for System Center 2012 Operations Manager:
<runtime>
<generatePublisherEvidence enabled="false"/>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="Microsoft.EnterpriseManagement.HealthService" publicKeyToken="31bf3856ad364e35" />
<publisherPolicy apply="no" />
<bindingRedirect oldVersion="6.0.4900.0" newVersion="7.0.5000.0" />
</dependentAssembly>
<publisherPolicy apply="no" />
<probing privatePath="" />
</assemblyBinding>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="Microsoft.Mom.Common" publicKeyToken="31bf3856ad364e35" />
<publisherPolicy apply="no" />
<bindingRedirect oldVersion="6.0.4900.0" newVersion="7.0.5000.0" />
</dependentAssembly>
<publisherPolicy apply="no" />
<probing privatePath="" />
</assemblyBinding>
<gcServer enabled="true"/>
</runtime>
The next example shows the same parameter added in the configuration file for System Center Operations Manager 2007 R2:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<runtime>
<generatePublisherEvidence enabled="false"/>
<gcServer enabled="true"/>
</runtime>
Microsoft.Mom.Sdk.ServiceHost.exe.config is found in the following directories (where x is the drive on which Operations Manager is installed):
· System Center Operations Manager 2007 R2: x:\Program Files\System Center Operations Manager 2007
· System Center 2012 - Operations Manager: x:\Program Files\System Center 2012\Operations Manager\Server
· System Center 2012 - Operations Manager: x:\Program Files\System Center 2012\Operations Manager\Server
Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use
(http://go.microsoft.com/fwlink/?LinkId=151500)
for other considerations.Article ID: 2730040 - Last Review: July 9, 2012 - Revision: 2.0
APPLIES TO
- Microsoft System Center 2012 Operations Manager
- Microsoft System Center Operations Manager 2007 R2
Keywords: | kbtshoot KB2730040 |
This posting is provided "AS IS" with no warranties.
No comments:
Post a Comment