none
After R2 SP1 installation: SMS_State_System has errors RRS feed

  • Question

  • I installed SP1 on a existing configuration manager installation (fresh install no CU installations).

    Everything is fine, only the SMS_State_System component shows errors

    Microsoft SQL Server reported SQL message 6522, severity 16: [42000][6522][Microsoft][SQL Server Native Client 11.0][SQL Server]A .NET Framework error occurred during execution of user-defined routine or aggregate "fnReadMDMPolicyCertValidationDuration": 
    System.Data.SqlTypes.SqlTypeException: Two strings to be c

    in the statesys.log i find the following error

    *** [42000][6522][Microsoft][SQL Server Native Client 11.0][SQL Server]A .NET Framework error occurred during execution of user-defined routine or aggregate "fnReadMDMPolicyCertValidationDuration": ~~System.Data.SqlTypes.SqlTypeException: Two strings to be compared have different collation.~~System.Data.SqlTypes.SqlTypeException: ~~   at System.Data.SqlTypes.SqlString.StringCompare(SqlString x, SqlString y)~~   at System.Data.SqlTypes.SqlString.Compare(SqlString x, SqlString y, EComparison ecExpectedResult)~~   at Microsoft.SystemsManagementServer.SQLCLR.CryptoUtility.fnReadMDMPolicyCertValidationDuration(SqlString MessageText)~~. : sp_UpdateAPNSCertAlertVariable

    Can someone help me or point me in the right direction to solve this problem?

    best regards and thenk you in advance.


    • Edited by Christian Forst Tuesday, May 26, 2015 4:27 PM misspelled one word
    Tuesday, May 26, 2015 4:26 PM

Answers

  • I logged the call at Connect a few days ago and MS has commented that the issue will be fixed with the next CU. Recommend disabling the alert check box for now as enrolment occurs with this disabled.

    https://connect.microsoft.com/ConfigurationManagervnext/feedback/details/1558274/unable-to-enrol-ios-device-in-configmgr-2012-r2-sp1-when-apn-certificate-alert-expiration-is-checked


    Cheers Paul | http://sccmentor.wordpress.com

    Monday, July 20, 2015 9:18 PM
  • CU1 for SP2 and R2 SP1 is now out with the fix for this issue

    https://support.microsoft.com/en-us/kb/3074857

    The SMS_STATE_SYSTEM component has a "Critical" status, and errors that resemble the following are logged in the StateSys.log file:

    *** [42000][6522][Microsoft][SQL Server Native Client 11.0][SQL Server]A .NET Framework error occurred during execution of user-defined routine or aggregate "fnReadMDMPolicyCertValidationDuration": ~~System.Data.SqlTypes.SqlTypeException: Two strings to be compared have different collation.~~
    System.Data.SqlTypes.SqlTypeException: ~~ 
    at System.Data.SqlTypes.SqlString.StringCompare(SqlString x, SqlString y)~~
    at System.Data.SqlTypes.SqlString.Compare(SqlString x, SqlString y, EComparison ecExpectedResult)~~ 
    at Microsoft.SystemsManagementServer.SQLCLR.CryptoUtility.fnReadMDMPolicyCertValidationDuration(SqlString MessageText)~~. 
    : sp_UpdateAPNSCertAlertVariable

    This issue occurs when the SQL Server installation is using a non-English collation, and the Apple Push Notification Service (APNS) certificate that is associated with the Microsoft Intune subscription is expired.


    Cheers Paul | http://sccmentor.wordpress.com


    Tuesday, August 4, 2015 3:56 PM

All replies

  • Hello,

    Have you checked in the SQL server log ? maybe you will find something more usefull. The collation on your database has changed ?

    Tuesday, May 26, 2015 8:27 PM
  • At the end of the SQL error, you can find:

    Microsoft.SystemsManagementServer.SQLCLR.CryptoUtility.fnReadMDMPolicyCertValidationDuration(SqlString MessageText)~~. : sp_UpdateAPNSCertAlertVariable

    -----

    Do you have MDM in place and/or configured a Apple Push Notification Certificate?


    www.sccmfaq.ch

    Wednesday, May 27, 2015 11:24 AM
  • Just examine the SQL function, see what it does and try to find out, why it's failing. Also examine the SQL logs as Sebastien already suggested.

    Torsten Meringer | http://www.mssccmfaq.de

    Wednesday, May 27, 2015 6:15 PM
    Moderator
  • I have the same problem with 2 different SCCM Sites. Upgraded from SCCM 2012 R2 To SP1.

    Since i´m activated Intune support for iOS Devices (certificate) i got this error on 2 customer sites. Seems to be bigger problem with R2 SP1.

    I found no solution yet.

    This is the complete error. ConfigMgr state log snipped the output

    Microsoft SQL Server reported SQL message 6522, severity 16: [42000][6522][Microsoft][SQL Server Native Client 11.0][SQL Server]A .NET Framework error occurred during execution of user-defined routine or aggregate "fnReadMDMPolicyCertValidationDuration": 
    System.Data.SqlTypes.SqlTypeException: Two strings to be concatenated have different collation

    Alex

    Friday, May 29, 2015 9:03 AM
  • Make sure to call Microsoft support if you can reproduce that issue; otherwise you will never get a fix.

    Torsten Meringer | http://www.mssccmfaq.de

    Friday, May 29, 2015 9:36 AM
    Moderator
  • Hi Martin,

    thanks for your input. I can reproduce this error by removing and re-adding the Intune subscription in Configuration Manager. I created a fresh APN certificate on the apple site - no efforts. after adding the Intune connector the error is appearing again.

    The used SQL collation is SQL_Latin1_General_CP1_CI_AS. The SQL server is installed on the same machine as the Configuration Manager.

    @Torsten: I`ll check the SQL Logs and give you feedback.

    Thanks to all for your input.

    best regards

    Christian

    Tuesday, June 2, 2015 2:13 PM
  • we had the same error after the update auf R2 SP1

    The SQL error seems to be connected to the Alert configured in Administration --> Cloud Services --> Microsoft Intune Subscriptions --> Configure Platform --> iOS --> APNs Certificate --> "Show alert before the APNs Certificate expires"

    So i disabled this Alert and the SQL Errors gone Away. (

    After the Upgrade we also were not able to enroll any IOS devices anymore with the error : "AccountNotOnboarded" https://technet.microsoft.com/en-us/library/dn802565.aspx?f=255&MSPPError=-2147217396)
    So we registered an the APN again and a few minutes later the enrollment works again.

    After that i enabled the Alert and until now there error seems to be away.

    Maybe its enough to disable and enable the Alert, but basically it seems that R2 SP1 update crashed the APN certificate.

    Wednesday, June 3, 2015 1:52 PM
  • after removing the intune subscription the error remains on the SMS_STATE_SYSTEM component status. i`ll try to implement the intune subscription again (also the APN) and give feedback.

    best regards

    Christian

    update: the error remains after re-adding the subscription and the APN certificate.


    • Edited by Christian Forst Monday, June 8, 2015 6:09 AM misspelled one word
    Wednesday, June 3, 2015 2:59 PM
  • Well i have to correct my answer. the error is back again... :(
     we are still able to enroll IOS devices, but the device dont get any compliance baselin or Application could be delivered to the device.

    We will follow up and will make a call on Intune - it seems that the Service is not running like it should ... -  we also see Errors in the dmpdownloader.log

    ERROR: FastDownload Exception: [Microsoft.Management.Services.Common.ServiceTooBusyException: operation timed out for service: https://fef.msub05.manage.microsoft.com/StatelessConnectorService - Operation ID (for customer support): 3adf4083-8e8c-43d9-8631-3cd79ea168f0 ---> Microsoft.Management.Services.Common.ServiceTooBusyException: operation timed out for service: https://fef.msub05.manage.microsoft.com/StatelessConnectorService - Operation ID (for customer support): 3adf4083-8e8c-43d9-8631-3cd79ea168f0 ---> System.TimeoutException: operation timed out for service: https://fef.msub05.manage.microsoft.com/StatelessConnectorService - Operation ID (for customer support): 3adf4083-8e8c-43d9-8631-3cd79ea168f0~~   at Microsoft.Management.Services.OData.Client.ODataServiceContext.<FromAsyncWithCancel>d__b`1.MoveNext()~~--- End of stack trace from previous location where exception was thrown ---~~   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)~~   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)~~   at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()~~   at Microsoft.Management.Services.OData.Client.ODataServiceSearchContext`1.<ExecuteAsync>d__7.MoveNext()~~--- End of stack trace from previous location where exception was thrown ---~~   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)~~   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)~~   at Microsoft.Management.Services.OData.Client.V2ContextExecutor.<<ExecuteContextAsync>b__0>d__2.MoveNext()~~--- End of stack trace from previous location where exception was thrown ---~~   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)~~   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)~~   at Microsoft.Management.Services.OData.Client.V2ContextExecutor.<ExecuteContextAsyncInternal>d__9.MoveNext()~~--- End of stack trace from previous location where exception was thrown ---~~   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)~~   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)~~   at Microsoft.Management.Services.OData.Client.FabricServiceSession.<>c__DisplayClass1.<<ExecuteAsync>b__0>d__3.MoveNext()~~--- End of stack trace from previous location where exception was thrown ---~~   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)~~   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)~~   at Microsoft.Management.Services.OData.Client.FabricServiceSession.<ExecuteWithRetryAsync>d__12.MoveNext()~~--- End of stack trace from previous location where exception was thrown ---~~   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)~~   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebugge

    and

    ERROR: Failed to load assembly for message downloader. Exception: System.IO.DirectoryNotFoundException: Could not find a part of the path 'D:\Program%20Files\Microsoft%20Configuration%20Manager\bin\x64\MessageHandlerConfig.xml'.~~   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)~~   at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)~~   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)~~   at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)~~   at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)~~   at System.Xml.XmlTextReaderImpl.OpenUrlDelegate(Object xmlResolver)~~   at System.Threading.CompressedStack.runTryCode(Object userData)~~   at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)~~   at System.Threading.CompressedStack.Run(CompressedStack compressedStack, ContextCallback callback, Object state)~~   at System.Xml.XmlTextReaderImpl.OpenUrl()~~   at System.Xml.XmlTextReaderImpl.Read()~~   at System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace)~~   at System.Xml.XmlDocument.Load(XmlReader reader)~~   at System.Xml.XmlDocument.Load(String filename)~~   at Microsoft.ConfigurationManager.DmpConnector.MessageDownload.MessageDownloader.LoadMessageHandlers()
    but the XML is in the right path


    • Edited by RSC_phat Friday, June 5, 2015 12:06 PM submit new information
    Thursday, June 4, 2015 2:31 PM
  • after readding the APN Certificate and disabling the Warning for the Certificate Expiration the Error is gone. Now i try to enroll an iOS device. I`ll keep you updated.
    Thursday, June 11, 2015 2:30 PM
  • Jumping on with a +1 reply.

    I've got the same issue and have just tried the remove and re-add, will report back with findings.

    Regards,
    Steve


    http://systemcenter.ninja

    Thursday, June 18, 2015 12:20 PM
  • Anybody any News ?

    In Our case we should readd the apn certificate, but as expected Problem is still there...

    now we are waiting for the next Feedback from our Support engineer...

    Thursday, June 25, 2015 1:44 PM
  • another +1. since upgrading to 2012 R2 SP1 this error has appeared.
    Tuesday, June 30, 2015 6:20 AM
  • We're having this error too in dmpdownloader.log

    Devices can still enroll and they still appear in SCCM but the company portal isn't installing on Windows Phones when they connect. I'm having to email each user the .xap file to run.

    This all started after we installed SP1.

    Hoping for a hotfix soon!


    • Edited by Mark__L Tuesday, July 7, 2015 1:24 PM
    Tuesday, July 7, 2015 1:24 PM
  • Have a look at this documentation, regarding the known issue about ERROR: Failed to load assembly for message downloader:

    https://technet.microsoft.com/en-us/library/dn973021.aspx

    Reinstall the Windows Intune connector on a remote site system to a location that doesn't include spaces.

    Regards,


    Nickolaj Andersen | www.scconfigmgr.com | @NickolajA

    Tuesday, July 14, 2015 8:04 AM
  • Thanks for this hint - but reinstalling the connector means also all enrolled devices must be enrolled again - and still its not sure, if our general problem would be solved with this - so at this Point this is not an approbiate Option :)

    Also Microsoft is still investigating the error ( sended new logfiles today ;)

    I will publish any new Information - if i have some...

    Tuesday, July 14, 2015 8:53 AM
  • Hi RSC_phat,

    any news on this one? After removing and reading the certifiecate/intune role I do not have any errors. (This was

    only in a lab).

    best regards - Christian

    Thursday, July 16, 2015 2:10 PM
  • Running into this same issue.  Production environment.  Giving the fix described a go.  

    Friday, July 17, 2015 11:37 AM
  • Untick the Alert for checkbox. Wait for the next APN Expiration Alert Update Task to run (monitor in the statesys.log) and then attempt to enroll. 

    I have just done this successfully with iOS device which wouldn't enroll until I did the above procedure.


    Cheers Paul | http://sccmentor.wordpress.com

    Friday, July 17, 2015 8:46 PM
  • My SMS_State_System is now reporting as OK and looking healthy



    Cheers Paul | http://sccmentor.wordpress.com

    Friday, July 17, 2015 9:36 PM
  • I logged the call at Connect a few days ago and MS has commented that the issue will be fixed with the next CU. Recommend disabling the alert check box for now as enrolment occurs with this disabled.

    https://connect.microsoft.com/ConfigurationManagervnext/feedback/details/1558274/unable-to-enrol-ios-device-in-configmgr-2012-r2-sp1-when-apn-certificate-alert-expiration-is-checked


    Cheers Paul | http://sccmentor.wordpress.com

    Monday, July 20, 2015 9:18 PM
  • Hi Folks,

    we first assumed it was depending on the actual iOS Version 8.4 but now it started working after we disabled the alert check box and now it seems to start working again....

    so thanks to Paul - we are waiting for R2 SP1 CU1 to fix it  ;)

     

    Wednesday, July 22, 2015 10:55 AM
  • BTW I re-enabled the alert a day later and the errors started in the statesys.log. I expected to fall with iOS enrolment. I waited 24 hours and was able to enrol a device. Strange!  Anyway MS has confirmed this will be fixed regardless in a CU

    Cheers Paul | http://sccmentor.wordpress.com

    Wednesday, July 22, 2015 10:58 AM
  • I had tried the first time to link CM 2012 (R2 SP1) with Intune. I created a 30 day Demo-Account, linked it to my Office 365 Account, prepared the AD in my LAB and run into the same Errors as described above. On the iPhone in the Company Portal App only the error mesage "AccountNotOnboarded". I slso saw the SQL Errors. I thought I did something wrong with the APNs, but thanks to the hint from RSC_phat, I got it working. Disabled the Alert Checkbox, waited for the next Cycle und some minutes later I could finally register my iPhone!

    I spent some hours with troubleshooting and re-configuring without success. Hoping MS will fix that with the next CU.

    Again, many thanks to RSC_phat for the Workaround!

     

    Monday, July 27, 2015 12:56 PM
  • CU1 for SP2 and R2 SP1 is now out with the fix for this issue

    https://support.microsoft.com/en-us/kb/3074857

    The SMS_STATE_SYSTEM component has a "Critical" status, and errors that resemble the following are logged in the StateSys.log file:

    *** [42000][6522][Microsoft][SQL Server Native Client 11.0][SQL Server]A .NET Framework error occurred during execution of user-defined routine or aggregate "fnReadMDMPolicyCertValidationDuration": ~~System.Data.SqlTypes.SqlTypeException: Two strings to be compared have different collation.~~
    System.Data.SqlTypes.SqlTypeException: ~~ 
    at System.Data.SqlTypes.SqlString.StringCompare(SqlString x, SqlString y)~~
    at System.Data.SqlTypes.SqlString.Compare(SqlString x, SqlString y, EComparison ecExpectedResult)~~ 
    at Microsoft.SystemsManagementServer.SQLCLR.CryptoUtility.fnReadMDMPolicyCertValidationDuration(SqlString MessageText)~~. 
    : sp_UpdateAPNSCertAlertVariable

    This issue occurs when the SQL Server installation is using a non-English collation, and the Apple Push Notification Service (APNS) certificate that is associated with the Microsoft Intune subscription is expired.


    Cheers Paul | http://sccmentor.wordpress.com


    Tuesday, August 4, 2015 3:56 PM