• Welcome to Support Forum: Get Support for Patch My PC Products and Services.
 

Suddenly unable to publish Applications

Started by [email protected], November 27, 2023, 10:46:42 AM

Previous topic - Next topic

[email protected]

I'm not sure exactly when this started but the PatchMyPC log is full of this message repeated for every application I have checked:

An error occurred while querying the SMSProvider for applications using source path [<path>]: The RPC server is unavailable.  [System.Runtime.InteropServices.COMException]
An error occurred while processing an Installable Application: The RPC server is unavailable.  [System.Runtime.InteropServices.COMException]


Software Updates seem to be publishing fine, though.

[email protected]

Never mind... Rebooting the server running the Publisher fixed it.

Ben Whitmore (Patch My PC)

We have seen a number of these cases since Microsoft released a Kerberos hardening patch in October. Restarting the Patch My PC service normally fixes this. Thanks

will.locke

We are having this issue as well.  However, I restarted the PMPC service yesterday then kicked off a sync and saw a number of applications successfully published.  But this morning, the e-mail report showed that Chrome published an update but didn't include any applications updated.  Checking the PatchMyPC.log file shows the same errors we were having yesterday (including in OP post).

So had the described problem, restarted PMPC service, problem resolved... for a while.  Then problem resurfaced today.

Raunak Desai (Patch My PC)

Hey Will,

Recently, we have had a few customers reach out with the same issue you are experiencing.

We believe the issue comes from a Microsoft patch, released in October, that hardens Kerberos within your environment. Ultimately, when the Patch My PC service authenticates, it is likely receiving a ticket from a non-hardened DC.

I suggest reviewing all your domain controllers to ensure they are updated with all the patches released in October. Reviewing the Windows security logs on your SMS Provider will likely highlight this issue.

There are some helpful links related to this issue, which you can find here:

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/latest-windows-hardening-guidance-and-key-dates/ba-p/3807832
https://support.microsoft.com/en-us/topic/kb5008383-active-directory-permissions-updates-cve-2021-42291-536d5555-ffba-4248-a60e-d6cbc849cde1
https://support.microsoft.com/en-us/topic/kb5020805-how-to-manage-kerberos-protocol-changes-related-to-cve-2022-37967-997e9acc-67c5-48e1-8d0d-190269bf4efb#registry5020805

Regards,
Raunak

Raunak Desai (Patch My PC)

We are looking for a long-term fix from our perspective, but I'd recommend keeping an eye on it after your subsequent monthly Microsoft OS cumulative updates.

Cody Mathis (Patch My PC)

We have a fix for this in preview, and it will also be in our next production release.