Personalization sync failures with MS Security Update KB2656356 / MS11-100

Version 3

    Verified Product Versions

    AppSense Environment Manager 10.0AppSense Environment Manager 8.6AppSense Environment Manager 8.5AppSense Environment Manager 8.4AppSense Environment Manager 8.3AppSense Environment Manager 8.2AppSense Environment Manager 8.1AppSense Environment Manager 8.0


    Following the installation of MS Security Update KB2656356, Personalization fails with error 500.

    Personalization server diagnostic logs contain events similar to the following

    FATAL [9] 2012-01-13 20:24:47,264 [HandlerImplementation.SynchroniserHttpHandler] Exception in SynchroniserHttpHandler::HandleRequest
    System.InvalidOperationException: Operation is not valid due to the current state of the object.
    at System.Web.HttpFileCollection.ThrowIfMaxHttpCollectionKeysExceeded()
    at System.Web.HttpRequest.FillInFilesCollection()
    at System.Web.HttpRequest.get_Files()
    at ProfileService.HandlerImplementation.SynchroniserHttpHandler.ProcessRequest(HttpContext context)

    Environment Manager Debug logs show a large amount of .gz uploads (>1000) and a failure similar to the following:

    [SyncManager::HttpSync] ERROR - Sync HTTP error [500], bailing out of sync.

    IIS logs report error 500 suring sync operations (sync.aspx)


    Microsoft Security update KB2656356 / MS11-100 (Released in December 2011) addresses a vulnerability in which could allow a denial of service by a malicious user.

    This update enforces the maximum number of form keys, files and JSON payload members allowed in an ASP.NET request to 1000.

    If a personalization sync operation exceeds this number of data elements it will result in the operation being denied, resulting in a failure.

    For further details see

    Microsoft provide the ability to control the threshold of the limitation by editing the web.config file. Details on how to do this can be found here


    The web.config file for personalization can be found in following location in versions before 10.0:


    C:\Program Files\AppSense\Environment Manager\Personalization Server


    From version 10.0 onwards, the web.config file is located in the following folder:


    C:\Program Files\AppSense\Environment Manager\Personalization Server\PS


    AppSense Support recommend a backup be taken prior to any changes, and to test any configuration changes in a non-production environment.