Security Update for Microsoft .NET Framework 2.0 (KB928365) broke MOSS 2007

After this week's security updates installed themselves and kindly rebooted our server (yes we normally turn these off but this one got through), we discovered that our internal Microsoft Office SharePoint Server 2007 was no longer working.

After narrowing the problem down to Security Update for Microsoft .NET Framework 2.0 (KB928365), we determined that somewhere along the line SharePoint was not loading properly. IIS was happily serving up basic HTML pages, but when we tried to hit even the Sharepoint Central Administration page, all we got was a 404 error. The Event Log normally has some sign that something is wrong, it may not give you the detail but at least it mentions something. However, in this case there was nothing at all other than Search Crawler failures.

Just as we were starting to think we were going to have to go down the usual, install/re-install, fiddle with some settings then install again route, on a whim I decided to check the Web Service Extension settings in IIS Manager. As it happens I was rewarded with a surprisingly simple fix. It turns out that something in the 7/10/2007 security update patch process managed to disable ASP.NET v2.0.50727 – exactly the thing that MOSS needs to work. So, just the click of one button set everything right as we were back up and running again.

I love security. :-S

For anyone else that has hit this problem just go to IIS Manager:

Click on "ASP.NET v2.0.50727" in the right-hand pane, and click the Allow button. All you should see is the status changing as below.

That's it. Now go hit that Sharepoint URL again and you should be rewarded with success.

If that worked for you then I'm glad I could help. If not, I'm sorry but that's the wonderful world of security updates for you...

Feedback

# re: Security Update for Microsoft .NET Framework 2.0 (KB928365) broke MOSS 2007

Thanks for publishing this. You just saved me possibly hours of time tracking this down. 7/16/2007 7:38 AM | Larry

# re: Security Update for Microsoft .NET Framework 2.0 (KB928365) broke MOSS 2007

Thanks for the fix - Now the question is why would MS release an update that disables ASP.NET on production servers!? 7/20/2007 12:44 AM | John

# re: Security Update for Microsoft .NET Framework 2.0 (KB928365) broke MOSS 2007

How about for IIS 5.1? 7/23/2007 4:53 PM | Chris

# re: Security Update for Microsoft .NET Framework 2.0 (KB928365) broke MOSS 2007

we decided to deinstall the hotfix after we recieved several http 403 errors after installing the hot fix. Very strange, trying to upload a single file results in http 403 while trying to upload more than pne file will work without problems. Both use upload.aspx the last with extra paramters (multiple upload=1). 8/27/2007 7:09 AM | Tobi

# re: Security Update for Microsoft .NET Framework 2.0 (KB928365) broke MOSS 2007

For me, the 403s only began after the application pool recycled, and it worked fine for sites that did not have forms based authentication. It took me hours to fix this anyhow even after I knew what the issue was, but more because of my desire to find the root cause and a way to fix it without removing the security patch. There's a WSS patch from 9-5-2007 that fixes the issue once and for all, but beware it requires a schema update so make sure your server is nice and clean. I posted deatils of my struggle at http://thomascarpe.com/Lists/Posts/Post.aspx?ID=11 but it's definitely good to see you found specifics on what configuration setting was causing the issue - I'd just assumed it was CAS, or maybe there was more than one problem with the July patch for .net? :-) 9/14/2007 7:07 AM | Thomas Carpe

# re: Security Update for Microsoft .NET Framework 2.0 (KB928365) broke MOSS 2007

very good 9/8/2008 11:00 PM | demona9321

# re: Security Update for Microsoft .NET Framework 2.0 (KB928365) broke MOSS 2007

张家界Tourism is the Holy Land，Go张家界旅游Appreciate张家界风光 9/11/2008 7:10 PM | Tourism

Web

This blog

Mark Carroll's Blog