Following the installation of MS Security Update KB2656356, Personalization fails with error 500.
Personalization server diagnostic logs contain events similar to the following
FATAL  2012-01-13 20:24:47,264 [HandlerImplementation.SynchroniserHttpHandler] Exception in SynchroniserHttpHandler::HandleRequest
System.InvalidOperationException: Operation is not valid due to the current state of the object.
at ProfileService.HandlerImplementation.SynchroniserHttpHandler.ProcessRequest(HttpContext context)
Environment Manager Debug logs show a large amount of .gz uploads (>1000) and a failure similar to the following:
[SyncManager::HttpSync] ERROR - Sync HTTP error , bailing out of sync.
IIS logs report error 500 suring sync operations (sync.aspx)
Microsoft Security update KB2656356 / MS11-100 (Released in December 2011) addresses a vulnerability in ASP.net which could allow a denial of service by a malicious user.
This update enforces the maximum number of form keys, files and JSON payload members allowed in an ASP.NET request to 1000.
If a personalization sync operation exceeds this number of data elements it will result in the operation being denied, resulting in a failure.
For further details see
Microsoft provide the ability to control the threshold of the limitation by editing the web.config file. Details on how to do this can be found here http://support.microsoft.com/kb/2661403
The web.config file for personalization can be found in following location in versions before 10.0:
C:\Program Files\AppSense\Environment Manager\Personalization Server
From version 10.0 onwards, the web.config file is located in the following folder:
C:\Program Files\AppSense\Environment Manager\Personalization Server\PS
AppSense Support recommend a backup be taken prior to any changes, and to test any configuration changes in a non-production environment.