Beware of KB2756920 and KB2756921

Microsoft released KB2756920 (Windows Server 2008 R2) and KB2756921 (Windows Server 2008 R2 SP1) security patches on January 08. 2013. After the installation lot of Service Applications just stopped working. I had a problem reported with Excel Services Service Application so I started digging through ULS logs. The exception I found wasn’t really informative:

01/22/2013 15:30:43.08  w3wp.exe (0x32A4) 0x20A0 Excel Services Application   Web Front End 5240  Critical  There was an error in communicating with Excel Calculation Services http://srvsp03:32843/806754664b1f4c06a45f19fb79495599/AccessService.svc exception: Fehler [Session: User: CONTOSO\spfarmapp]

I turned on exception details for Access Service web service and tried to open the service URL in browser. Then I got the following exception:

System.InvalidOperationException: An exception was thrown in a call to a policy export extension.
Extension: System.ServiceModel.Channels.TransportSecurityBindingElement
Error: Security policy export failed. The binding contains a TransportSecurityBindingElement but no transport binding element that implements ITransportTokenAssertionProvider. Policy export for such a binding is not supported. Make sure the transport binding element in the binding implements the ITransportTokenAssertionProvider interface. —-> System.InvalidOperationException: Security policy export failed. The binding contains a TransportSecurityBindingElement but no transport binding element that implements ITransportTokenAssertionProvider. Policy export for such a binding is not supported. Make sure the transport binding element in the binding implements the ITransportTokenAssertionProvider interface.
   at System.ServiceModel.Channels.TransportSecurityBindingElement.
System.ServiceModel.Description.IPolicyExportExtension.ExportPolicy(MetadataExporter exporter, PolicyConversionContext policyContext)
   at System.ServiceModel.Description.MetadataExporter.ExportPolicy(ServiceEndpoint endpoint)

I am not sure what is introduced in these patches but if I had to guess, I would say that security got tightened too much. The fact is that these patches broke my services (and will break yours if you install them). So, I removed the patch, restarted the server and everything was working again.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s