Select the product you need help with

System Center Data Access or Management Configuration services fail to start after applying KB2677070

Article ID: 2730040 - View products that this article applies to.

Summary

After applying KB2677070

(http://support.microsoft.com/kb/2677070)

, the System Center Data Access service or System Center Management Configuration service may fail to start with a TimeOut error.

Back to the top | Give Feedback

This issue occurs because the update changes the URLs used to contact Windows Update to download the trusted and untrusted CTLs. If the old URLs were hardcoded as exceptions in the firewall or proxy, the server running the Data Access service or the Management Configuration service will fail to download the new CTLs because it can't reach the updated web address.

The workaround for this is to unblock the updated URLs in the firewall or proxy or disable CRL checking for the Data Access service and Management Configuration service.

The updated URLs are:

http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab

(http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab)

http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab

(http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab)

Open the following file in a text editor:
- for the Data Access service: Microsoft.Mom.Sdk.ServiceHost.exe.config
- for the Management Configuration service: Microsoft.Mom.ConfigServiceHost.exe.config (in SM) or cshost.exe.config (in OM)

To disable CRL checking add the following line in the <runtime> section:

<generatePublisherEvidence enabled="false"/>

Below is an example of this tag being added for System Center 2012 Operations Manager:

<runtime>
<generatePublisherEvidence enabled="false"/>
      <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
        <dependentAssembly>
          <assemblyIdentity name="Microsoft.EnterpriseManagement.HealthService" publicKeyToken="31bf3856ad364e35" />
          <publisherPolicy apply="no" />
          <bindingRedirect oldVersion="6.0.4900.0" newVersion="7.0.5000.0" />
        </dependentAssembly>
        <publisherPolicy apply="no" />
        <probing privatePath="" />
      </assemblyBinding>
      <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
        <dependentAssembly>
          <assemblyIdentity name="Microsoft.Mom.Common" publicKeyToken="31bf3856ad364e35" />
          <publisherPolicy apply="no" />
          <bindingRedirect oldVersion="6.0.4900.0" newVersion="7.0.5000.0" />
        </dependentAssembly>
        <publisherPolicy apply="no" />
        <probing privatePath="" />
      </assemblyBinding>
      <gcServer enabled="true"/>
    </runtime>

The next example shows the same parameter added in the configuration file for System Center Operations Manager 2007 R2:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
    <runtime>
<generatePublisherEvidence enabled="false"/>
        <gcServer enabled="true"/>
    </runtime>

The two*.config files can be found in the following directories:

-System Center Operations Manager 2007 R2: %ProgramFiles%\System Center Operations Manager 2007
-System Center Service Manager 2010: %ProgramFiles%\System Center Service Manager 2010
-System Center 2012 - Operations Manager: %ProgramFiles%\System Center 2012\Operations Manager\Server
-System Center 2012 - Service Manager: %ProgramFiles%\System Center 2012\Service Manager

Back to the top | Give Feedback

Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use

(http://go.microsoft.com/fwlink/?LinkId=151500)

for other considerations.

Back to the top | Give Feedback