After applying KB2677070 (http://support.microsoft.com/kb/2677070), the System Center Data Access service or System Center Management Configuration service may fail to start with a TimeOut error.
Direct link to Microsoft article
More Information
This issue occurs because the update changes the URLs used to contact Windows Update to download the trusted and untrusted CTLs. If the old URLs were hardcoded as exceptions in the firewall or proxy, the server running the Data Access service or the Management Configuration service will fail to download the new CTLs because it can't reach the updated web address.
The workaround for this is to unblock the updated URLs in the firewall or proxy or disable CRL checking for the Data Access service and Management Configuration service.
The updated URLs are:
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
(http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab)
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
(http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab)
Open the following file in a text editor:
- for the Data Access service: Microsoft.Mom.Sdk.ServiceHost.exe.config
- for the Management Configuration service: Microsoft.Mom.ConfigServiceHost.exe.config (in SM) or cshost.exe.config (in OM)
To disable CRL checking add the following line in the <runtime> section:
<generatePublisherEvidence enabled="false"/>
Below is an example of this tag being added for System Center 2012 Operations Manager:
<runtime>
<generatePublisherEvidence enabled="false"/>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="Microsoft.EnterpriseManagement.HealthService" publicKeyToken="31bf3856ad364e35" />
<publisherPolicy apply="no" />
<bindingRedirect oldVersion="6.0.4900.0" newVersion="7.0.5000.0" />
</dependentAssembly>
<publisherPolicy apply="no" />
<probing privatePath="" />
</assemblyBinding>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="Microsoft.Mom.Common" publicKeyToken="31bf3856ad364e35" />
<publisherPolicy apply="no" />
<bindingRedirect oldVersion="6.0.4900.0" newVersion="7.0.5000.0" />
</dependentAssembly>
<publisherPolicy apply="no" />
<probing privatePath="" />
</assemblyBinding>
<gcServer enabled="true"/>
</runtime>
The next example shows the same parameter added in the configuration file for System Center Operations Manager 2007 R2:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<runtime>
<generatePublisherEvidence enabled="false"/>
<gcServer enabled="true"/>
</runtime>
The two*.config files can be found in the following directories:
-System Center Operations Manager 2007 R2: %ProgramFiles%\System Center Operations Manager 2007
-System Center Service Manager 2010: %ProgramFiles%\System Center Service Manager 2010
-System Center 2012 - Operations Manager: %ProgramFiles%\System Center 2012\Operations Manager\Server
-System Center 2012 - Service Manager: %ProgramFiles%\System Center 2012\Service Manager
-System Center Service Manager 2010: %ProgramFiles%\System Center Service Manager 2010
-System Center 2012 - Operations Manager: %ProgramFiles%\System Center 2012\Operations Manager\Server
-System Center 2012 - Service Manager: %ProgramFiles%\System Center 2012\Service Manager
Properties
Article ID: 2730040 - Last Review: October 2, 2012 - Revision: 3.0
Applies to
- Microsoft System Center 2012 Operations Manager
- Microsoft System Center Operations Manager 2007 R2
- Microsoft System Center 2012 Service Manager
- Microsoft System Center Service Manager 2010
Keywords: | kbtshoot KB2730040 |
This posting is provided "AS IS" with no warranties.
No comments:
Post a Comment