How Service Manager can throw an XML spanner in the Orchestrator works

~ Brian McDermott

ToolsOne of the beautiful things about getting the whole System Center 2012 suite rather than an individual product is how you can integrate them together to make them much more than the sum of their parts. So you may have gone and set up Service Manager to integrate it with Orchestrator, and you created your runbook to automate your otherwise dull and mundane repetitive tasks. You may have created your Runbook Automation Template, your Service Request Template Offering, your Request Offering and Template, and you finally published your Request Offering to free up all that future time. You can now sit back, admire your work and relax with a cup of tea as all those manual tasks, now automated, are whizzing by and you’ve now freed up your day.

By the way, if you haven’t automated all those mundane day-to-day tasks and you would like to, take a look at these demo links to get an idea of how it is done:

http://technet.microsoft.com/en-us/video/private-cloud-demo-extravaganza-8-create-an-orchestrator-runbook-and-integrate-with-service-manager-with-system-center-2012.aspx

http://technet.microsoft.com/en-us/video/private-cloud-demo-extravaganza-9-create-self-service-request-offerings-using-the-service-catalog-with-system-center-2012

http://technet.microsoft.com/en-us/video/private-cloud-demo-extravaganza-9-create-self-service-request-offerings-using-the-service-catalog-with-system-center-2012

The problem

But then you start to get calls stating that these automated tasks are not completing anymore. You take a look in Orchestrator and you can see that the runbooks are queued up and not starting.

When you look in the RunbookService trace log (located at %ProgramData%\Microsoft System Center 2012\Orchestrator\RunbookService.exe\Logs) you see an entry similar to the following:

2014-06-17 16:41:55 [3132] 1 Exception caught in long __stdcall WorkflowContextComAdapter::OnPolicyInstanceCreated(unsigned long,wchar_t *)

WorkflowContextComAdapter.cpp(499):
<Exception>
<Type>Opalis::Exception</Type>
<Location>
void __cdecl StorageCallExecutor::throwChained(const class Opalis::Exception &)
StorageCallExecutor.cpp(42)
</Location>
<MsgCode>SCE: ActionServerStorage call failed</MsgCode>
<Prev><Exception>
<Type>Opalis::Exception</Type>
<Location>
void __thiscall ActionServerStorageDB::createPolicyInstance(const class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> > &,const class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> > &,const __int64 &,const unsigned long)
ActionServerStorageDB.cpp(262)
</Location>
<MsgCode>createPolicyInstance failed</MsgCode>
<Params>
<Param>{20957AFC-B423-4F77-932A-A0A696484EC8}</Param>
<Param>{2A8BB5F0-8AF3-4995-AA71-292F7302D628}</Param>
</Params>
<Prev><Exception>
<Type>Opalis::Exception</Type>
<Location>
void __thiscall CODBDataStore::createPolicyInstance(const class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> > &,const class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> > &,const class std::basic_string<wchar_t,struct std::char_traits<wchar_t>,class std::allocator<wchar_t> > &,__int64,unsigned long)
ODBDataStore.cpp(8018)
</Location>
<MsgCode>_com_error</MsgCode>
<Params>
<Param>IDispatch error #3092</Param>
<Param>The XML parse error 0xc00ce513 occurred on line number 1, near the XML text "<Data><Parameter><ID>{1ec1c9e6-6ac6-48bc-9ef0-3db88bc3b1f2}</ID><Value>65cd8c4a-e3c4-29de-8609-52a331539ed2</Value></Parameter><Parameter><ID>{13f6110d-9504-4070-acab-c5108111e655}</ID><Value>09:30</Value></Parameter><Parameter><ID>{b0dbe10e-f410-4f31-a91f-882cd08ed119}</ID><Value>CMR01</Value></Parameter><Parameter><ID>{bceac16c-219d-49d6-a852-6961a4fafb0b}</ID><Value>False</Value></Parameter><Parameter><ID>{800f7035-605e-4748-84d3-7d71a4325973}</ID><Value>Laptop and projector</Value></Parameter><Parameter><ID>{26b3089e-d999-46f3-8e85-a5e8ef70b286}</ID><Value>Meeting Room 5</Value></Parameter><Parameter><ID>{232fce1d-1046-4814-b5dc-4aeff84abe05}</ID><Value>Please set up laptop & projector</Value></Parameter><Parameter><ID>{4a2d82a2-a241-433a-81df-0af813161db0}</ID><Value>16:00</Value></Parameter></Data>".</Param>
<Param>-2147217900</Param>
</Params>
</Exception></Prev>
</Exception></Prev>
</Exception>

What happened?

The clues are in yellow.

When you set up your Web form for your customers/users/clients to enter the details of their service requests, they can go and type in just about anything by default. In the example above, the customer, not unreasonably, entered & instead of typing out the word and.

The problem here is that when the request is then sent through to Orchestrator as an XML packet, when Orchestrator attempts to parse it, the existence of a reserved XML character (the &) in the middle of the XML packet renders the data invalid (see http://en.wikipedia.org/wiki/List_of_XML_and_HTML_character_entity_references#Predefined_entities_in_XML).

Preventing this from happening

To prevent this from happening again, we need to prevent the customers/users/clients from entering any XML character in these forms. Educating all potential users of the portal about the need to avoid these characters would be impractical so we need to police the input and stop them from being entered at the source.

Luckily for us it is possible to do this within the Request Offering Template. To do this, open your Request Offering and select Configure Prompts and then Configure for each request offering that allows the user to enter a string.

clip_image002

Then enter the following Regular Expression to ensure that the XML reserved characters are not allowed,

^[^<>"%'&]*$

clip_image004

At this point, when a customer attempts to enter an invalid character they will not be allowed to do so and the Custom ToolTip you entered above will be displayed as shown below.

clip_image006

Once done you can get back to your cup of tea and relax once more.

And special thanks to my colleague Henry Zhu and his work on KB 2993719 which this is based upon:

2993719 – An Orchestrator runbook is not created when users submit a Service Manager service request form (http://support.microsoft.com/kb/2993719)

Brian McDermott | Escalation Engineer | Microsoft GBS Management and Security Division

Get the latest System Center news on Facebook and Twitter:

clip_image001 clip_image002

System Center All Up: http://blogs.technet.com/b/systemcenter/
System Center – Configuration Manager Support Team blog: http://blogs.technet.com/configurationmgr/
System Center – Data Protection Manager Team blog: http://blogs.technet.com/dpm/
System Center – Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/
System Center – Operations Manager Team blog: http://blogs.technet.com/momteam/
System Center – Service Manager Team blog: http://blogs.technet.com/b/servicemanager
System Center – Virtual Machine Manager Team blog: http://blogs.technet.com/scvmm

Windows Intune: http://blogs.technet.com/b/windowsintune/
WSUS Support Team blog: http://blogs.technet.com/sus/
The AD RMS blog: http://blogs.technet.com/b/rmssupp/

App-V Team blog: http://blogs.technet.com/appv/
MED-V Team blog: http://blogs.technet.com/medv/
Server App-V Team blog: http://blogs.technet.com/b/serverappv

The Forefront Endpoint Protection blog : http://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: http://blogs.technet.com/b/isablog/
The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/