Geoprocessing service instances crash after installing Windows patches on Microsoft Windows Server 2008 R2 or Windows 7

Description

After installing the following Windows patches on Server 2008 R2 or Windows 7, geoprocessing service instances crash on ArcGIS Server (regardless of release version):

• 2018-01 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB4056894)
• Cumulative security update for Internet Explorer (KB4056568)
• January 3, 2018 Security-Only Update (KB4056897)
• February 13, 2018—KB4074598 (Monthly Rollup)

Note:
Microsoft's monthly security rollup patches are cumulative. Future patches may include contents of the patches listed above. Please contact Esri Technical Support if encountering issues described in this article but the patches listed above are not installed.

An error (code #8273) is generated in the ArcGIS Server logs during the creation of SOC processes:

Service Failed to start
Utilities.Printingtools.GPServer:
MACHINENAME.DOMAIN.COM
Service containing process crashed for "SERVICENAME.GPServer". Please see if an error report was generated in 'C:\arcgisserver\logs\MACHINENAME.DOMAIN.COM\errorreports'. To send an error report to Esri, compose an e-mail to ArcGISErrorReport@esri.com and attach the error report file.​

Note:
Please note that although an error is returned, the error report file is not generated.

Cause

The geoprocessing service issue is an indirect consequence involving the patches listed above for Windows Server 2008 R2 and Windows 7, which were released to address processor security vulnerabilities known as Meltdown and Spectre. However, this issue is not directly caused by the Meltdown and Spectre vulnerabilities. Esri has been investigating the issue with Microsoft, and is releasing patches to address the issue. 

A blog outlining Meltdown and Spectre Processor Vulnerabilities includes Esri's recommendations for ArcGIS deployments and provides a number of references for vulnerability and vendor specific notices. A blog on Esri's software patches released for the issue was also published and contains additional information. Both of these blogs will be updated with new information as it is released.

Workaround

Patches for this issue are available at the link below as they are released for ArcGIS (for) Server versions 10.6, 10.5.1, 10.5, 10.4.1, 10.4, 10.3.1, 10.3, 10.2.2, or 10.2.1:

• Download: ArcGIS Server Geoprocessing Service Startup Patch

If running ArcGIS for Server 10.2.1 or later on Windows Server 2008 R2 or Windows 7, check the ArcGIS Server Geoprocessing Service Startup Patch page to determine if the patch corresponding to the version of ArcGIS Server installed has been released. If so, download and install the patch, and follow the instructions on the page. It is highly encouraged to check that all geoprocessing services are functioning correctly once the patch is installed. If any geoprocessing services are still not functioning, stop and start the service manually from ArcGIS Server Manager.

If your organization is impacted by this defect or another vendor patch is interfering with ArcGIS deployment, please contact Esri Technical Support.

If there are questions or concerns about handling these vulnerabilities in an ArcGIS deployment, please contact Esri’s Security Standards & Architecture Team to report a security concern.