Update Rollup 3 for System Center 2022 Orchestrator

Introduction 

This article describes the issues that are fixed in Update Rollup 3 for Microsoft System Center Orchestrator 2022. This article also contains the installation instructions for this update.  

Issues that are fixed 

• Read Line activity returns the same input for lines containing fewer than 12 characters opposed to static literal string.

• Read line activity does not replace special characters with XML safe equivalents.

• Service Account credentials persist in Security tab of activities.

• Monitor Event Log activity runs successfully without crashing.

• Activities persist custom separators while configuring Run behavior for the activity.

• GET api/ActivityInstances returns the expected value as opposed to empty result.

• Send platform event activity persisted to the database and is visible in Events tab of the Runbook Designer.

• Activity names are correctly displayed on the Runbook Tester canvas and log view area instead of identifiers.

• Run SSH Command will not work with the latest version of Linux machines, which have newer cipher requirements. To run SSH command, download the latest binary of plink.exe from the official website (x64 version may be used). The binary should be renamed to SshClient.exe and placed at path C:\Program Files\Common Files\Microsoft System Center 2012\Orchestrator\Extensions\Support\SSH 

• Jobs in active state are visible in Active Jobs in Web Console.

• Query database activity error Failed to load extension has been fixed.

• Re-create Orchestrator keys by following the steps mentioned here using the SQL script. Download the SQL script, open SQL Server Management Studio, connect to your Orchestrator database, and execute the script. The script also resolves permission issues that arise when installing the Management Server role or service using a different service account from the Runbook Server role or service. It also addresses missing permissions related to the Operator role, which can cause the WebAPI to return incomplete results for certain requests (http://localhost:81/api/Folders, http://localhost:81/api/Runbooks). Furthermore, it fixes visibility problems where Runbooks fail to appear in the web console.

Other Improvements and Features 

• Orchestrator 2022 supports the latest and most secure .NET8 (LTSC). 
  Due to breaking changes in .NET 8, connection to SQL server uses Encrypt=true by default.
  
  Following are the three ways to proceed when Web API gives 500 as error:
  
  - (Recommended) Install a valid certificate on the server. Note that this is an involved process and requires obtaining a certificate and ensuring it is signed by an authority trusted by the client. 
  
  - If the server has a certificate, but it is not trusted by the client, then TrustServerCertificate=True to allow bypassing the normal trust mechanism.
  Navigate to web.config present at C:\Program Files\Microsoft System Center\Orchestrator\WebApi add the following:
  <environmentVariable name="Database__TrustServerCertificate" value="true"/>
  
  - Explicitly add Encrypt=False to the connection string:
  Navigate to web.config present at C:\Program Files\Microsoft System Center\Orchestrator\WebApi add the following:
  <environmentVariable name="Database__Encrypt" value="false"/>

• Orchestrator supports Group Managed Service Accounts (gMSA) for the Orchestrator services.

• Orchestrator 2022 supports TLS 1.3 protocol.

Known issues 

• Runbooks that aren't inside any folder (root runbooks) aren't shown on the navigation pane.
  Workaround: Move root runbooks to a folder.

• Job form requires output parameter also.
  Workaround: Use any string as value, it will be overwritten by the runbook execution with the output.

• Orchestrator Remoting Service and Runbook Server Monitor Service don’t exit cleanly.
  Description: The oremoting and omonitor services can't be stopped using Service kill.
  Workaround: Kill the service process manually using Task Manager or by using the following command: 
  
  Windows Command Prompt
  taskkill /f /pid {pid of the service}​​​​​​​

How to obtain Update Rollup 3 for System Center Orchestrator 2022 

Important: Before you install this update, make sure .NET8 is installed.

Update packages for Orchestrator are available from Microsoft Update or by manual download.​​​​​

Installation instructions for Orchestrator Update Rollup 

Download the update packages that Microsoft Update provides for each computer. Microsoft Update provides the appropriate updates according to the components that are installed on each computer. Or manually download from the Microsoft Update Catalog.  

To manually install the update packages, run the following command from an elevated command prompt: 

msiexec.exe /p <packagename> 

For example, to install the System Center 2022 UR3 package for Orchestrator Management Server (KB 5059072), run the following command: 

msiexec.exe /l*v  "sco-mgmt-server-update-log.txt" /p KB5059072_Microsoft.SystemCenter.Orchestrator.ManagementServer_x64.msp 

After the Orchestrator updates are installed, reconfigure the Orchestrator database by using the existing database according to these guidelines.​​​​​​​ 

Uninstalling UR2 

• The Runbook Server, Runbook Designer, and Management Server UR2 packages can be uninstalled using Control Panel > Add or Remove Programs > View installed Updates

• The Web API UR package can’t be uninstalled. We recommend uninstalling the Web API and reinstalling it with the SCO 2022 RTM installer.

• The Web Console package can be uninstalled by invoking the following command from an Administrator PowerShell:

msiexec /l*v <uninstall-logfile.txt> /package '{C6E4AF6F-8EB1-462B-96A2-47929D6E8DD5}' /uninstall '{<patch_code>}' MSSCORCH_SERVICES_ACCOUNT='1' MSSCORCH_SERVICES_PASSWORD='1' MSSCORCH_WEBAPI_URL=<webapi_url> 

The webapi_url should be the full URL (including the port) of the Web API endpoint.