Personalization sync failures with MS Security Update KB2656356 / MS11-100

Version 1

    Verified Product Versions

    AppSense Environment Manager 8.6AppSense Environment Manager 8.5AppSense Environment Manager 8.4AppSense Environment Manager 8.3AppSense Environment Manager 8.2AppSense Environment Manager 8.1AppSense Environment Manager 8.0

    Introduction

    Following the installation of MS Security Update KB2656356, Personalization fails with error 500.

    Personalization server diagnostic logs contain events similar to the following

    FATAL [9] 2012-01-13 20:24:47,264 [HandlerImplementation.SynchroniserHttpHandler] Exception in SynchroniserHttpHandler::HandleRequest
    System.InvalidOperationException: Operation is not valid due to the current state of the object.
    at System.Web.HttpFileCollection.ThrowIfMaxHttpCollectionKeysExceeded()
    at System.Web.HttpRequest.FillInFilesCollection()
    at System.Web.HttpRequest.get_Files()
    at ProfileService.HandlerImplementation.SynchroniserHttpHandler.ProcessRequest(HttpContext context)

    Environment Manager Debug logs show a large amount of .gz uploads (>1000) and a failure similar to the following:

    [SyncManager::HttpSync] ERROR - Sync HTTP error [500], bailing out of sync.

    IIS logs report error 500 suring sync operations (sync.aspx)

    Detail

    Microsoft Security update KB2656356 / MS11-100 (Released in December 2011) addresses a vulnerability in ASP.net which could allow a denial of service by a malicious user.

    This update enforces the maximum number of form keys, files and JSON payload members allowed in an ASP.NET request to 1000.

    If a personalization sync operation exceeds this number of data elements it will result in the operation being denied, resulting in a failure.

    For further details see

    http://support.microsoft.com/kb/2661403

    Microsoft provide the ability to control the threshold of the limitation by editing the web.config file. Details on how to do this can be found here http://support.microsoft.com/kb/2661403

    The web.config file for personalization can be found in C:\Program Files\AppSense\Environment Manager\Personalization Server

    AppSense Support recommend a backup be taken prior to any changes, and to test any configuration changes in a non-production environment.