Microsoft – Snake biting its own tail

How important is it to have an update release properly tested before releasing?

Probably Microsoft overlooked the fact while releasing the patch ( KB 2756920) on 8th of January 2013. The Patch was released to rectify the vulnerability existed in Dot net framework 3.5.1 as mentioned at http://technet.microsoft.com/en-us/security/bulletin/ms13-004. This vulnerability allowed the attacker to raise the privilege level (Privilege escalation).

There are many products including Microsoft Exchange 2010, Share Point, Dot net based applications and so on that depend upon the “Windows communication foundation” Component of dot net framework.

As most of the critical systems including Microsoft Exchange 2010 and Share point hosted on Server 2008 have automatic updates turned on it was the start of the bad days for the system administrators.

Though the patch successfully strengthened the security aspect it actually ended up screwing the entire system. Many servers hosting critical services on IIS went down or started showing abnormal behavior. Share point threw “Token not available” error disallowing the user the access to the portal.

I came across one of such system hosting Microsoft Exchange 2010. The System showed a typical issue with “outlook web access” (OWA). The users were not able to delete the mails from any folder as well as move them to other folders. This didnt happen with Outlook client but only Web access. Certainly it had something to do with IIS.

The Logs displayed some issue with the Security Tokens

.BuildExtendedProtectionPolicy(ExtendedProtectionTokenChecking tokenChecking, ExtendedProtectionFlags flags,)

Quiet understandably as tokens are essential part in privilege escalation the patch was supposed to do something with the Security tokens. While doing so it ended up errors in passing the tokens probably. Therefore what i could understand is that the rights of deleting a mail were not passed on to the relevant processes.

The Log displayed in my case read as shown at the end of this article with the “EventID 3″ Followed by the Event ID 108. It showed similar errors on Sharepoint as well.

On careful analysis and lots of googling we could understand what has happened. The immediate idea was to uninstall the hotfix. Later on I could find the solution in form of another patch released by Microsoft (http://support.microsoft.com/kb/2801728″).

Unfortunately the Security update released for dot net 3.5.1 installs automatically and rarely system admins get to know the real issue to be with dot net framework. (In my case i spent a lot of time going through the configurations). The Patch that can address issues caused by dot net update is to be downloaded and installed manually from “http://support.microsoft.com/kb/2801728″. This means that once automatic update is done and the issue arises the entire thing is left with the sysadmin to resolve.

I really dont see any reason why both the patches cant be included in a single pack. Probably microsoft can answer this better.

Am still not done exploring this. Will come back if possible once I find more about it.

Till than all I can do is hope the system administrator to get to this page or some other reference to get the solution for the problem caused by “THE MICROSOFT SOLUTION”

 

Exchange 2010 Eroor

 

My Log Event ID 3 Read:

WebHost failed to process a request.
Sender Information: System.ServiceModel.ServiceHostingEnvironment+HostingManager/8628710
Exception: System.ServiceModel.ServiceActivationException: The service ‘/EWS/exchange.asmx’ cannot be activated due to an exception during compilation.  The exception message is: Method not found: ‘System.String System.ServiceModel.Activation.Iis7Helper.ExtendedProtectionDotlessSpnNotEnabledThrowHelper(System.Object)’.. —> System.MissingMethodException: Method not found: ‘System.String System.ServiceModel.Activation.Iis7Helper.ExtendedProtectionDotlessSpnNotEnabledThrowHelper(System.Object)’.
at System.ServiceModel.WasHosting.MetabaseSettingsIis7V2.WebConfigurationManagerWrapper.BuildExtendedProtectionPolicy(ExtendedProtectionTokenChecking tokenChecking, ExtendedProtectionFlags flags, List`1 spnList)
at System.ServiceModel.WasHosting.MetabaseSettingsIis7V2.WebConfigurationManagerWrapper.GetExtendedProtectionPolicy(ConfigurationElement element)
at System.ServiceModel.WasHosting.MetabaseSettingsIis7V2.ProcessWindowsAuthentication(String siteName, String virtualPath, HostedServiceTransportSettings& transportSettings)
at System.ServiceModel.WasHosting.MetabaseSettingsIis7V2.CreateTransportSettings(String relativeVirtualPath)
at System.ServiceModel.Activation.MetabaseSettingsIis.GetTransportSettings(String virtualPath)
at System.ServiceModel.Activation.MetabaseSettingsIis.GetAuthenticationSchemes(String virtualPath)
at System.ServiceModel.Channels.HttpChannelListener.ApplyHostedContext(VirtualPathExtension virtualPathExtension, Boolean isMetadataListener)
at System.ServiceModel.Channels.HttpsChannelListener.ApplyHostedContext(VirtualPathExtension virtualPathExtension, Boolean isMetadataListener)
at System.ServiceModel.Channels.HttpsTransportBindingElement.BuildChannelListener[TChannel](BindingContext context)
at System.ServiceModel.Channels.BindingContext.BuildInnerChannelListener[TChannel]()
at Microsoft.Exchange.Services.Wcf.MessageEncoderWithXmlDeclarationBindingElement.BuildChannelListener[TChannel](BindingContext context)
at System.ServiceModel.Channels.BindingContext.BuildInnerChannelListener[TChannel]()
at System.ServiceModel.Channels.Binding.BuildChannelListener[TChannel](Uri listenUriBaseAddress, String listenUriRelativeAddress, ListenUriMode listenUriMode, BindingParameterCollection parameters)
at System.ServiceModel.Description.DispatcherBuilder.MaybeCreateListener(Boolean actuallyCreate, Type[] supportedChannels, Binding binding, BindingParameterCollection parameters, Uri listenUriBaseAddress, String listenUriRelativeAddress, ListenUriMode listenUriMode, ServiceThrottle throttle, IChannelListener& result, Boolean supportContextSession)
at System.ServiceModel.Description.DispatcherBuilder.BuildChannelListener(StuffPerListenUriInfo stuff, ServiceHostBase serviceHost, Uri listenUri, ListenUriMode listenUriMode, Boolean supportContextSession, IChannelListener& result)
at System.ServiceModel.Description.DispatcherBuilder.InitializeServiceHost(ServiceDescription description, ServiceHostBase serviceHost)
at System.ServiceModel.ServiceHostBase.InitializeRuntime()
at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.ServiceHostingEnvironment.HostingManager.ActivateService(String normalizedVirtualPath)
at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath)
— End of inner exception stack trace —
at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath)
at System.ServiceModel.ServiceHostingEnvironment.EnsureServiceAvailableFast(String relativeVirtualPath)
Process Name: w3wp
Process ID: 9312

 

 

About the author

boonlia

boonlia tagged this post with: , , Read 7 articles by

6 Comments

  1. Krunal says:

    Mate, i never leaved a feedback before. You can say this would be my first one on net, even though i am IT manager. Your above solution have given new life. Trying with all sort of things (almost restored the server), then i found above solution.

    Million Thanks

  2. Adams says:

    Hey there, just became alerted to your blog through Google, and found that it’s truly informative. I will be grateful if you continue this in future. Many people will be benefited from your writing. Cheers!

  3. Atul Dangi says:

    Great Man, You are God. You really saved my job. I was struggling for same since couple of days. No where on internet I found solution for this except here.
    Thanks a Ton.

  4. boonlia boonlia says:

    Thanks for Appreciation :)

Leave a Reply to Atul Dangi Cancel reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>