DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 2745448 - Last Review: January 22, 2013 - Revision: 3.1

Symptoms

Assume that you apply the update that is described in Microsoft Knowledge Base (KB) article 2677070  (http://support.microsoft.com/kb/2677070/ ) on a computer that is running Microsoft SQL Server Reporting Services (SSRS). When you try to start SSRS, you receive a time-out error, and event ID 7000 and event ID 7009 are logged in the Application log.

Additionally, event ID 1530 is logged, and information that resembles the following is logged in the Application log:

Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: <Event Time>
Event ID: 1530
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: <SSRS Server Name>
Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
15 user registry handles leaked from \Registry\User\S-1-5-21-1234567890-123456789-1234567890-123456:
Process 1234 (\Device\HarddiskVolume5\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe) has opened key \REGISTRY\USER\S-1-5-21-1234567890-123456789-1234567890-123456
Process 1234 (\Device\HarddiskVolume5\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe) has opened key \REGISTRY\USER\S-1-5-21-1234567890-123456789-1234567890-123456
Process 1234 (\Device\HarddiskVolume5\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe) has opened key \REGISTRY\USER\S-1-5-21-1234567890-123456789-1234567890-123456
Process 1234 (\Device\HarddiskVolume5\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe) has opened key \REGISTRY\USER\S-1-5-21-1234567890-123456789-1234567890-123456
Process 1234 (\Device\HarddiskVolume5\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe) has opened key \REGISTRY\USER\S-1-5-21-1234567890-123456789-1234567890-123456
Process 1234 (\Device\HarddiskVolume5\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe) has opened key \REGISTRY\USER\S-1-5-21-1234567890-123456789-1234567890-123456\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1234 (\Device\HarddiskVolume5\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe) has opened key \REGISTRY\USER\S-1-5-21-1234567890-123456789-1234567890-123456\Software\Microsoft\SystemCertificates\Disallowed
Process 1234 (\Device\HarddiskVolume5\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe) has opened key \REGISTRY\USER\S-1-5-21-1234567890-123456789-1234567890-123456\Software\Microsoft\SystemCertificates\Root
Process 1234 (\Device\HarddiskVolume5\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe) has opened key \REGISTRY\USER\S-1-5-21-1234567890-123456789-1234567890-123456\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 1234 (\Device\HarddiskVolume5\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe) has opened key \REGISTRY\USER\S-1-5-21-1234567890-123456789-1234567890-123456\Software\Microsoft\SystemCertificates\trust
Process 1234 (\Device\HarddiskVolume5\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe) has opened key \REGISTRY\USER\S-1-5-21-1234567890-123456789-1234567890-123456\Software\Policies\Microsoft\SystemCertificates
Process 1234 (\Device\HarddiskVolume5\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe) has opened key \REGISTRY\USER\S-1-5-21-1234567890-123456789-1234567890-123456\Software\Microsoft\SystemCertificates\My
Process 1234 (\Device\HarddiskVolume5\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe) has opened key \REGISTRY\USER\S-1-5-21-1234567890-123456789-1234567890-123456\Software\Microsoft\SystemCertificates\CA
Process 1234 (\Device\HarddiskVolume5\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe) has opened key \REGISTRY\USER\S-1-5-21-1234567890-123456789-1234567890-123456\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1234 (\Device\HarddiskVolume5\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe) has opened key \REGISTRY\USER\S-1-5-21-1234567890-123456789-1234567890-123456\Control Panel\International

Note The placeholder <Event Time> represents the time when the event happens. The placeholder <SSRS Server Name> represents the SSRS server name.

Cause

This issue occurs because of an inability to retrieve trusted and untrusted certificate trust lists (CTLs). If the system does not have access to Windows Update, either because the system is not connected to the Internet or because Windows Update is blocked by firewall rules, the network retrieval times out before the service can continue its startup procedure. In some cases, this network retrieval time-out may exceed the service startup time-out of 30 seconds. If a service cannot report that startup completed after 30 seconds, the service control manager (SCM) stops the service.

The URLs to update the CTL changed with this update. Therefore, if previous URLs were hard-coded as exceptions in the firewall or proxy, or if there is no Internet access on the computer, the CTL cannot be updated.

To download the latest CTLs, use the following updated URLs:  

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

Workaround

To work around this problem, configure the computer so that the network does not retrieve trusted and untrusted CTLs. To do this, use one of the following methods:

Method 1

Validate that boundary firewalls, router access rules, or downstream proxy servers allow systems that have update 2677070 installed to contact Microsoft Update. For more information about this requirement, see the following article in the Microsoft Knowledge Base. (This includes the URLs that the CTL update accesses.) 
2677070  (http://support.microsoft.com/kb/2677070/ ) An automatic updater of revoked certificates is available for Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2

Method 2

Change the Group Policy settings. To do this, follow these steps:
  1. Under the Computer Configuration node in the Local Group Policy Editor, double-click Policies.
  2. Double-click Windows Settings, double-click Security Settings, and then double-click Public Key Policies.
  3. In the details pane, double-click Certificate Path Validation Settings.
  4. Click the Network Retrieval tab, click to select the Define these policy settings check box, and then click to clear the Automatically update certificates in the Microsoft Root Certificate Program (recommended) check box.
  5. Click OK, and then close the Local Group Policy Editor.

Method 3

Modify the registry. To do this, follow these steps.

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756  (http://support.microsoft.com/kb/322756/ ) How to back up and restore the registry in Windows
  1. Click Start, click Run, type regedit in the Open box, and then click OK.
  2. Locate and then select the following registry subkey:
    HKLM\Software\Policies\Microsoft\SystemCertificates
  3. Right-click AuthRoot, select New, and then click DWORD.
  4. Type DisableRootAutoUpdate , and then press Enter. 
  5. Right-click DisableRootAutoUpdate, and then click Modify.
  6. In the Value data box, type 1, and then click OK.
  7. On the File menu, click Exit.

Method 4

Increase the default service time-out.

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756  (http://support.microsoft.com/kb/322756/ ) How to back up and restore the registry in Windows
To increase the default service time-out, follow these steps:
  1. Click Start, click Run, type regedit in the Open box, and then click OK.
  2. Locate and then select the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control
  3. Right-click Control, point to New, and then click DWORD.
  4. In the New Value box, type ServicesPipeTimeout, and then press Enter. 
  5. Right-click ServicesPipeTimeout, and then click Modify.
  6. Click Decimal, type the number of milliseconds that you want to wait until the service times out, and then click OK.
    For example, to wait 60 seconds before the service times out, type 60000.
  7. On the File menu, click Exit, and then restart the computer.

More information

For more information about the Windows root certificate program, certificates, certificate trust, and the certificate trust list, see the "More Information" section of the following article article in the Microsoft Knowledge Base:
2677070  (http://support.microsoft.com/kb/2677070/ ) An automatic updater of revoked certificates is available for Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2

Applies to
  • Microsoft SQL Server 2005 Reporting Services
  • Microsoft SQL Server 2008 R2 Reporting Services
  • Microsoft SQL Server 2008 Reporting Services
Keywords: 
kbsurveynew kbtshoot kbexpertiseadvanced KB2745448
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support