Text only | Text with Images

Support Forum: Get Support for Patch My PC Products and Services

Microsoft Configuration Manager and Intune (Enterprises/Paid) => Support and General Questions (Enterprises Using ConfigMgr and Intune) => Topic started by: [email protected] on November 27, 2023, 10:46:42 AM

Title: Suddenly unable to publish Applications
Post by: [email protected] on November 27, 2023, 10:46:42 AM
I'm not sure exactly when this started but the PatchMyPC log is full of this message repeated for every application I have checked:

An error occurred while querying the SMSProvider for applications using source path [<path>]: The RPC server is unavailable.  [System.Runtime.InteropServices.COMException]
An error occurred while processing an Installable Application: The RPC server is unavailable.  [System.Runtime.InteropServices.COMException]


Software Updates seem to be publishing fine, though.
Title: Re: Suddenly unable to publish Applications
Post by: [email protected] on November 27, 2023, 10:48:41 AM
Never mind... Rebooting the server running the Publisher fixed it.
Title: Re: Suddenly unable to publish Applications
Post by: Ben Whitmore (Patch My PC) on November 27, 2023, 10:49:17 AM
We have seen a number of these cases since Microsoft released a Kerberos hardening patch in October. Restarting the Patch My PC service normally fixes this. Thanks
Title: Re: Suddenly unable to publish Applications
Post by: will.locke on November 29, 2023, 03:39:00 PM
We are having this issue as well.  However, I restarted the PMPC service yesterday then kicked off a sync and saw a number of applications successfully published.  But this morning, the e-mail report showed that Chrome published an update but didn't include any applications updated.  Checking the PatchMyPC.log file shows the same errors we were having yesterday (including in OP post).

So had the described problem, restarted PMPC service, problem resolved... for a while.  Then problem resurfaced today.
Title: Re: Suddenly unable to publish Applications
Post by: Raunak Desai (Patch My PC) on November 29, 2023, 09:35:43 PM
Hey Will,

Recently, we have had a few customers reach out with the same issue you are experiencing.

We believe the issue comes from a Microsoft patch, released in October, that hardens Kerberos within your environment. Ultimately, when the Patch My PC service authenticates, it is likely receiving a ticket from a non-hardened DC.

I suggest reviewing all your domain controllers to ensure they are updated with all the patches released in October. Reviewing the Windows security logs on your SMS Provider will likely highlight this issue.

There are some helpful links related to this issue, which you can find here:

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/latest-windows-hardening-guidance-and-key-dates/ba-p/3807832
https://support.microsoft.com/en-us/topic/kb5008383-active-directory-permissions-updates-cve-2021-42291-536d5555-ffba-4248-a60e-d6cbc849cde1
https://support.microsoft.com/en-us/topic/kb5020805-how-to-manage-kerberos-protocol-changes-related-to-cve-2022-37967-997e9acc-67c5-48e1-8d0d-190269bf4efb#registry5020805

Regards,
Raunak
Title: Re: Suddenly unable to publish Applications
Post by: Raunak Desai (Patch My PC) on November 29, 2023, 09:36:10 PM
We are looking for a long-term fix from our perspective, but I'd recommend keeping an eye on it after your subsequent monthly Microsoft OS cumulative updates.
Title: Re: Suddenly unable to publish Applications
Post by: Cody Mathis (Patch My PC) on January 04, 2024, 06:01:27 AM
We have a fix for this in preview, and it will also be in our next production release.
Text only | Text with Images