Oh man that is some bug…. Create an ou like ;drop table; ?? Who would have thought, SQL injection through OU!
Sent from my Windows 10 phone From: Steve Whitcher<mailto:[email protected]> Sent: den 1 augusti 2016 14:59 To: [email protected]<mailto:[email protected]> Subject: Re: [mssms] SQL errors in AD Discovery component logs after 1606 update Thank you for confirming it. Your reply also reminded me to check the actual log files for these, instead of just looking at the component status messages from the console. In the log file, it's very clear that this error is coming up when the OU with an apostrophe in the name is being processed. I've logged the issue on connect. https://connect.microsoft.com/ConfigurationManagervnext/feedback/details/3000206/sql-errors-during-ad-system-group-discoveries-when-ou-name-contains-apostrophe Thanks! Steve On Fri, Jul 29, 2016 at 5:35 PM, s kissel <[email protected]<mailto:[email protected]>> wrote: Could be a bug. This appears first: *** [42000][102][Microsoft][SQL Server Native Client 11.0][SQL Server]Incorrect syntax near '='. SMS_AD_SYSTEM_DISCOVERY_AGENT 7/29/2016 5:15:01 PM 8824 (0x2278) And then the actual red error: ERROR: LogDiscoveryStatsDetail - Failed to update ADDiscoveryStatsDetail table SMS_AD_SYSTEM_DISCOVERY_AGENT 7/29/2016 5:15:01 PM 8824 (0x2278) I also tested in an R2 SP1 instance and did not see the problem. Regards -S ________________________________ From: [email protected]<mailto:[email protected]> Date: Fri, 29 Jul 2016 09:55:48 -0500 Subject: Re: [mssms] SQL errors in AD Discovery component logs after 1606 update To: [email protected]<mailto:[email protected]> Any chance someone with a working lab environment on 1606 would be willing to try reproducing this? (I know, I know, I should have one. It's on my list to get back to someday, but we've been short staffed for a while now and I haven't had the time for rebuilding our lab environment.) It shouldn't take much. Just Add an apostrophe to the name of an OU containing computers and/or security groups, and check for the errors after an AD Group Discovery or System Discovery cycle runs. I can go through and remove apostrophes in AD, but I'm hesitant to start renaming OU's without knowing for sure that is the problem. On Wed, Jul 27, 2016 at 12:14 PM, Steve Whitcher <[email protected]<mailto:[email protected]>> wrote: I noticed today that I've got a couple of components with warnings appearing repeatedly in the logs, beginning just after I installed the 1606 update. The components with warnings are: SMS_AD_SYSTEM_DISCOVERY_AGENT SMS_AD_SECURITY_GROUP_DISCOVERY_AGENT Both components show the first message below, while the second message only appears for the security group discovery agent. Message ID 619 Microsoft SQL Server reported SQL message 102, severity 15: [42000][102][Microsoft][SQL Server Native Client 11.0][SQL Server]Incorrect syntax near 's'. Please refer to your Configuration Manager documentation, SQL Server documentation, or the Microsoft Knowledge Base for further troubleshooting information. Message ID 619 Microsoft SQL Server reported SQL message 105, severity 15: [42000][105][Microsoft][SQL Server Native Client 11.0][SQL Server]Unclosed quotation mark after the character string ' '. Please refer to your Configuration Manager documentation, SQL Server documentation, or the Microsoft Knowledge Base for further troubleshooting information. A quick search leads me to this article, which indicates an apostrophe somewhere is causing the error. I'm going to start digging through collections that have been modified recently to see if an apostrophe might have been added somewhere, but the timing and the fact that it's a different component showing the error makes me doubt I'll find anything there. I know that we have at least 1 OU with an apostrophe in the name. (I didn't name the OU, it pre-dates me.) Since this started right after the server came back up from the upgrade, I wonder if anything was changed with AD discovery in 1606 that would cause an apostrophe in AD to suddenly be an issue. . . Steve
