- This topic has 2 replies, 3 voices, and was last updated 2 years, 4 months ago by
.
-
Posts
-
We have been made aware that recent Windows Security Updates (KB5005568, KB5005613) can cause MyID Server installations to become non-functional.
Please refer to the following product notification for more information MyID-Product-Notification-Windows-Security-Updates-causing-failures-on-MyID-Server.pdf
Intercede Support have received a number of queries in respect of other operating systems and what to do if the update has already been installed. The general advice is as follows.
- If the update has not yet been installed then hold off installing it until we have investigated it and formulated a solution/workaround to the problems it can create.
- If the update HAS been installed but there are no apparent problems then we see no need to uninstall it. We do however suggest that you maintain increased vigilance and watch out for any problems with DCOM / MSDTC.
- If the update HAS been installed and problems are occurring as a result then raise a support case via the normal means by sending an email via the normal channel.
To be clear, where this problem has arisen it has been catastrophic and rendered MyID inoperative. This is why we have chosen to alert everyone about this problem proactively. The main bullet point here is that the problem will not be subtle or intermittent.
Conversely, we’ve had a couple of reports of customers that do have this installed and have not seen any problems. We are investigating what the differences might be.
Other operating systems;
- For Windows 2016, we have been made aware of KB5005573. However we have had no reports of any issues with this update. The general advice as above stands for this operating system.
- For Windows 2008 we are not aware of any equivalent update since this operating system is now End of Life since January 14th 2020.
Once we have a workaround or solution it will be published on the Intercede Customer Portal. You can subscribe to MyID Announcements via our Customer Portal when you sign in with your Rapid ID. Simply go to the Announcement page and click on “Subscribe” next to the SEARCH button.
We would like to update you with further information about this issue. This has proven to be a very challenging problem for us to reproduce, and extensive testing has taken place against a range of deployment configurations of MyID including split application, web and database tiers, web tiers in DMZ configurations and different combinations/permutations of Distributed Component Object Model (DCOM) configuration both with and without ‘DCOM hardening’ (KB500442) enabled.
Overall, we can be certain that many customers have applied these Windows server updates and not experienced any problem. Two customers had been affected but both were able to be resolved by reconfiguring DCOM settings on MyID Servers. In one case, the database server was affected but not other application server tiers.
Intercede advise that should any further problem occur on installing windows updates, that MSDTC security configuration is verified to be in line with the information in your MyID product documentation in section Installation and Configuration Guide > Preparing your system > Timeouts, limits and other settings > MSDTC security configuration*.
The System Interrogation Utility can also be used to verify these settings (tests SIU-083, SIU-084, SIU-218). Please see Intercede product documentation* for guidance on using this utility.
If further problems persist, please create a support ticket quoting reference SUP-354.
* Links provided are for MyID PIV v12.1 product documentation, please see equivalent sections in documents applicable to your product version on the Intercede customer portal
- The forum ‘MyID Announcements’ is closed to new topics and replies.