Cheers chatGPT
If you're encountering issues in SCCM where packages are stuck in distribution or it appears that SCCM is not functioning as expected, the underlying problem might be related to a crash in the SMS_EXECUTIVE*process. This is a known issue on Windows Server 2022, and it is linked to a new security feature called User Shadow Stack.
This article will help you identify and resolve the issue to restore normal SCCM operations.
---
Symptoms
1. SMS_EXECUTIVE Crashes
- Upon investigation, you may find that the **smsexec.exe** process keeps crashing on your SCCM server running on Windows Server 2022.
2. Stuck Packages
- Distribution packages may get stuck indefinitely.
3. General SCCM Unresponsiveness
- SCCM may appear to be non-functional, impacting the normal operation of your environment.
---
Understanding the Cause
Windows Server 2022 introduced **User Shadow Stack**, a security feature designed to enhance protection against control-flow attacks by verifying the return address of calls on the stack. While beneficial in terms of security, this feature can interfere with certain applications, including **SCCM SMS_EXECUTIVE**, causing crashes or unexpected behavior.
For a more in-depth technical overview, you can refer to the detailed explanation in the [source article](https://blog.thomasmarcussen.com/sms_executive-crashes-on-hyper-v-due-to-usershadowstack/).
---
Verifying the Problem
To confirm that User Shadow Stack is causing the issue, you can use the following PowerShell command to check the process mitigation settings for `smsexec.exe`:
Powershell
Get-ProcessMitigation -Name smsexec.exe
This will display the mitigation settings for the `smsexec.exe` process. If **User Shadow Stack** is enabled, it will be listed here as a potential cause of the crashes.
---
Fixing the Issue
To resolve the problem, disable User Shadow Stack for the `smsexec.exe` process. Here’s how you can do this:
1. Open PowerShell as Administrator
Ensure you have administrative privileges to modify process mitigation settings.
2. Run the Following Command
```powershell
Set-ProcessMitigation -Name smsexec.exe -Disable UserShadowStack
```
3. Restart SMS_EXECUTIVE
After making the change, restart the SCCM SMS_EXECUTIVE service to apply the fix.
You can do this by running:
```powershell
Restart-Service SMS_EXECUTIVE
```
4. Verify SCCM Functionality
Check if the SCCM distribution services are now functioning correctly and that the crashes have stopped.
---
Notes
- Impact of Disabling User Shadow Stack
Disabling this security feature specifically for the `smsexec.exe` process should not significantly reduce the overall security of your server, as it only affects this one process. However, this step should be reviewed with your organization's security team if necessary.
- Monitoring
After implementing the fix, monitor your SCCM server to ensure stability and normal operations are restored.
- Future Updates
Microsoft may release updates to address this incompatibility. Keep your SCCM and Windows Server updated with the latest patches.
---
Additional Resources
- [Thomas Marcussen's Blog Post](https://blog.thomasmarcussen.com/sms_executive-crashes-on-hyper-v-due-to-usershadowstack/) – Provides a detailed explanation of the issue and underlying cause.
By following these steps, you should be able to resolve the SMS_EXECUTIVE crashes on your Windows Server 2022 and restore your SCCM environment to full functionality. If issues persist, consider reaching out to Microsoft Support for further assistance.