Environment
Novell ZENworks Patch Management Server 6.4 SP2 Update 4 (version 6.4.2.1592)
Situation
After installing Critical Security Bulletin MS11-100 (Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420) on the ZPM 6.4 SP2 server, certain pages return Internal Server Error
Also, data exceptions may be encountered when creating and editing custom groups, using filters, managing the Mandatory Baseline and changing the number of devices to view.
Error:
Your Novell ZENworks Patch Management Server has experienced an internal server error. An exception occured while performing the requested operation. To continue, please restart your previous task. If you continue to receive this message, please contact your administrator for assistance Also, data exceptions may be encountered when creating and editing custom groups, using filters, managing the Mandatory Baseline and changing the number of devices to view.
Error:
Resolution
As outlined in the Microsoft KB article
http://support.microsoft.com/kb/2661403
On the ZPM server, in the registry, create a DWORD
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ASP.NET\1.1.4322.0,MaxHttpCollectionKeys and set the valuedata to 1500 (decimal). Close and re-open the browser, and restart the session.
On the ZPM server, in the registry, create a DWORD
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ASP.NET\1.1.4322.0,MaxHttpCollectionKeys and set the valuedata to 1500 (decimal). Close and re-open the browser, and restart the session.
Additional Information
Through MS11-100, Microsoft has introduced an undocumented appSetting that affects websites running under .NET Framework to reduce the possibility of a hash DOS attack. Since the ZPM 6.4 web configuration does not contain this appSetting, parts of the website containing large sets of elements will encounter exceptions due to the new security enhancement.