PortiBlog

Issues on SharePoint caused by .NET security updates after installing July 2018 Windows Server updates

30 juli 2018

This week we encountered issues with a customer environment running SharePoint 2013 on which the July 2018 server security updates were installed. The issue was that User Profiles where no longer being crawled correctly. This caused issues such as new profiles not being indexed and profiles which were removed from the User Profile Service that were not removed from the search index.

Microsoft has already confirmed these issues and is working on a solution: https://support.microsoft.com/en-ae/help/4345913/access-denied-errors-after-installing-july-2018-security-rollup-update

The issue manifested itself the following way:

  1. In the Crawl log of the Content Source which crawls your MySites and User Profiles (sps3s://<URLtoSite>) the following error was found:
  2. Reviewing the errors showed the following error:
  3. Checking the ULS Logs confirmed these errors with the Microsoft Post:
  • mssearch.exe (0x118C) 0x203C SharePoint Server Search Crawler:Gatherer Plugin cd11 Warning The start address sps3s://<URLtoSite> cannot be crawled. Context: Application 'Search_Service_Application', Catalog 'Portal_Content' Details: Class not registered (0x80040154)
  • A component required for crawling this type of content is not registered with this application server. View the event logs for more information. (SearchID = XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX)

As described in the Microsoft article this is caused by the the .NET Security updates release in July 2018. Below you find an overview of the related updates. Keep in mind that server versions have different versions of the patches (and thus unique KB numbers) and it also depends on which .NET framework version is installed on the server.

Windows Server 2012
Microsoft .NET Framework 3.5:
KB4338421
KB4338610

Microsoft .NET Framework 4.5.2:
KB4338416
KB4338601

Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2:
KB4338418
KB4338604

Windows Server 2012 R2
Microsoft .NET Framework 3.5:
KB4338424
KB4338613

Microsoft .NET Framework 4.5.2:
KB4338415
KB4338600

Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2:
KB4338419
KB4338605

Windows Server 2016
Microsoft .NET Framework 3.5 en Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2:
KB4338814
KB4345418

For more information on which KB applies to which .NET/server version please see the security bulletin from Microsoft: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356. You can also find information regarding the updates for other operating systems (in case you didn't install SharePoint on one of the above Operating Systems).

The issue can be resolved by doing the following:

  1. Uninstall all the relevant .NET updates as listed above of all SharePoint servers in the farm.
  2. Reboot of all SharePoint Servers in the farm.
  3. Incremental/Full crawl on the Mysite Content Source.

Of course it would be best not to install these updates in the first place until a fix on the updates is released by Microsoft.

Update: Microsoft has release fixes for this issue! Please look at the bottom of this post.

Note (Updated):

The Microsoft article states that these patches may cause another issue when visiting SharePoint sites as well. Users may get the following error message when visiting a SharePoint site:

HTTP 403 message: "The Web Site declined to show this webpage" HTTP 403

We now have encountered this issue (thanks Neal) on a SharePoint 2007 farm which is currently being phased out and migrated to a new environment. The resolution was to remove the applicable .NET updates from the systems and this resolved the issue!

Released fixes by Microsoft:

It seems Microsoft has released new versions of the .NET Security updates on 30 July. Applying these updates should also resolve any issues you may have. You can find more information on these updates here:

https://support.microsoft.com/en-ae/help/4345913/access-denied-errors-after-installing-july-2018-security-rollup-update (same article als mentioned earlier in this post).

These updates need to be manually applied on affected systems however (they most likely will end up in rollup updates for .NET). You find these updates here:

Windows Server 2012
Microsoft .NET Framework 3.5: https://support.microsoft.com/en-ae/help/4346742/update-for-net-framework-3-5-sp1-on-windows-server-2012-kb-4346742-jul
Microsoft .NET Framework 4.5.2: https://support.microsoft.com/en-ae/help/4346739/update-for-net-framework-4-5-2-on-windows-server-2012-kb-4346739-july
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2: https://support.microsoft.com/en-ae/help/4346405/update-for-net-framework-4-6-4-6-1-4-6-2-4-7-4-7-1-and-4-7-2-on-window

Windows Server 2012 R2
Microsoft .NET Framework 3.5: https://support.microsoft.com/en-ae/help/4346745/update-for-net-framework-3-5-sp1-on-windows-8-1-rt-8-1-and-server-2012
Microsoft .NET Framework 4.5.2: https://support.microsoft.com/en-ae/help/4346408/update-for-net-framework-4-5-2-on-windows-8-1-and-server-2012-r2-kb-43
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2: https://support.microsoft.com/en-ae/help/4346406/update-for-net-framework-4-6-4-6-1-4-6-2-4-7-4-7-1-and-4-7-2-on-window

Windows Server 2016
Microsoft .NET Framework 3.5 en Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2: https://support.microsoft.com/en-ae/help/4346877/windows-10-update-kb4346877

Submit a comment