Hi at01.
we have had our Nintex workflows suddenly failing on our development environment. This was due to a security patch released by Microsoft for remote vulnerability. This was not explicitly installed but was done as part of an automated install as they were deemed high risk patches. I made the changes on our web.config as detailed in the post below which suggests of the how to get around this issue. MS is aware of this change and is "working" on it
again check your ULS logs if the error is the same as described in the blog post below by Andrew Glasser.
After installing .NET security patches to address CVE-2018-8421, SharePoint workflows stop working (KB 4457916/4457035)
Regards,
Shrini
Please mark answer as correct if it helps you solve your issue. Its useful for other community members trying to find a similar solution.
Hi Shrini,
Thanks so much for the quick response, i've tested some more unrelated workflows and im getting the same results which leads me to believe the link you posted may be the symptoms we are experiencing.
Once i get a reply from our suppliers as to whether the patch has been implemented ill let you know.
Thanks
Anthony
Hi Anthony,
No worries, even on our development environment we had 4 KB's applied and none of them were of the same number which were defined in the article above, but still after changing my config file (web applications one) it did fix the issue, making me believe that Microsoft probably hasn't listed down all the KB's that are affected as part of this fix. So if your suppliers do suggest that none of the KB;s were installed you are still better of to make the change and see (as its a dev environment) and see if it fixes your issue. if not you can always revert your config file!
Regards,
Shrini
Hi Guys,
Not sure if it is related to the issue you have mentioned above, I have been facing the workflow "Failed to Start" issue for last 5 days. I was also not able to publish any workflow and was getting below error:
After reaching out to Nintex support, they mentioned that the latest Microsoft Security update is causing the issue.
See the below blog for details:
https://blogs.msdn.microsoft.com/rodneyviana/2018/09/13/after-installing-net-security-patches-to-address-cve-2018-8421-sharepoint-workflows-stop-working/
After running the recommended script and restarting the server, workflows are working fine.
Hi everyone,
Just wanted to add an update to say our infrastructure team did, in fact implement the patch in question and were able to resolve the workflow issues by following the steps mentioned the article above.
Thanks
Anthony
Hi Anthony,
Would you want to mark the answer as correct so it helps other community members facing the same issue?
Regards,
Shrini
have done now
Has anyone else noticed the workflows are throwing up more errors in the workflow history since applying/fixing the .NET update?
A few of my workflows keep repeating errors before finally completing as expected, others are still in progress for much longer than before.
Thanks
Anthony
Hi Anthony,
I haven't experienced on my development environment where we have applied the patch. What kind of error messages did you receive in the workflow history? Did you have any specific error messages in the ULS logs as well?
Regards,
Shrini
Hi Shrini,
So we have a SharePoint Designer workflow on list A that runs when an item is created and creates a document set in library B. This is a well established workflow that has been running sucessfully for some time. Post update/fix when the workflow runs I am seeing these errors in the history:
Prior to the update the workflow ran sucessfully like this:
This is not the only workflow where I have observed this behaviour. In another workflow it showed the same symptoms with errors, but eventually completed successfully. It appears the update/fix implemented has had a knock on effect to the workflows.
This is the other workflow ive observed similar behaviour, but eventually completed:
I should mention i dont have access to ULS logs so cannot comment on those.
Thanks
Anthony
Hi Anthony,
Cant comment on SharePoint designer workflows, but am sure if other folks have been getting errors after applying the patch there would be quite a bit of discussions on the msdn forums.
I am assuming the workflow failed to execute after throwing these errors ? as in quite some instances I have seen before sometimes such error comes but the workflow still executes properly (case with Nintex would not be applicable to SharePoint Designer workflows)
You would have to check ULS logs for more details. Did you try republishing your workflows again?
Regards,
Shrini
This patch is noted to cause issues to SPD and Nintex workflows alike. There has been a lot of discussion on this issue in the MS support forums so a public KB is out (not a hotfix) https://support.microsoft.com/en-us/help/4465015/sharepoint-workflows-stop-after-cve-2018-8421-security-update
Hi Andrew,
That was a really very helpful post...
Part of the issue which Anthony faced was that when he made those necessary config file changes (as you put out in your blog) SPD workflows started throwing some errors. I am assuming it might not be related to this issue and could be something else or ULS should show up. Did you in your experience of this issue face any SPD workflows failing after applying this fix?
Regards,
Shrini
Actually we found the issue from SPD workflows first, then also found it for Nintex environments as well. The fix applied to both environments fixed our issue.
Ok sums up well, I also had issues with our Nintex WF's .. didnt have SPD workflows though, but your fix worked like charm
Hi Andrew,
Thanks for your input into thread aswell - really appreciated
Out of interest did you need to do an IIS reset/ SP timer service restart also after the fix? Our infrastructure team only applied the first solution (the one linked from your article that didnt include nintex) originally which seemed to fix our SP desinger workflows, but since then only one is completing successfully, but with many errors and others arent staying in progress and just creating lots of errors (as above).
I have asked the infrastructure team to review the KB you linked to earlier and implement a fix for both SP and nintex workflows. I will keep you posted on progress!
Hi everyone,
I just wanted to put an update in this thread as since my last update we have ran the script linked in article above here including the Nintex elements, did an IIS reset all on SP servers and restarted the SP timer service on all servers and our Nintex workflows are still failing on start.
I have also noted that our SP designer workflows that contain pause steps within them are not completing successfully and getting stuck in an 'error' loop which was what i was first seeing in my earlier post above. Someone in the SharePoint reddit forum had the same issue and posted his resolution here, although I have yet to test it:
https://www.reddit.com/r/sharepoint/comments/9koq2y/further_issues_around_paused_workflows_and/
We are focussing on getting the Nintex workflows working right now so i will keep this thread updated of any progress but so far:
- .NET security update is causing all Nintex workflows to fail on start and SP designer workflows that contain pause steps to not complete and throw multiple errors
- We have applied the script as suggested in the msdn blog post including the addtional lines for nintex, but nintex workflows are still failing on start
- SP desinger workflows that do not contain pause steps appear to be working after script is applied
Thanks
Anthony
Hi Anthony,
Is that with old workflows or even any new workflows that are published on Nintex does not work?
1) Try republishing the workflow to see if the error goes off?
2) Try to remove any "Pause" on Nintex workflows to see if its better?
3) Assuming you have also updated the owstimerconfig file as well? As that would directly impact all the workflows that are running by the timer service
4) Assuming you have updated the web.config for your particular web application which has these workflows, I have seen instance where in our infrastructure team modified the config file of Nintex in 15 hive rather that web,.config of the web application
5) Lastly if nothing works you should probably try rolling back the Microsoft patch and wait till the time the hotfix is released.
Regards,
Shrini
Hi Shrini,
Again thanks for getting back to me so quickly! I have just tried to republish a workflow that does not have a pause in (to action your points 1 & 2 simutaneously!) and I get the following error message when hitting publish:
In response to 3) we checked the ULS logs and the owstimerconfig and couldnt see anything untowards there. Do you think its worth updating that also? Failing that we are pretty much thinking roll back now, but thanks for the suggestion on 4) will look into that also
Will keep you posted.
Thanks
Anthony
Hi Anthony,
Looking at the error message I think you need to check on 4) above which I mentioned. I pretty much think you might not have updated the right web.config file.
If you know your web application then go to c: (or d:) inetpubwwwroot<web application> web.confi file. So if you have multiple web applications you may need to change web.config files for all those web applications and if you have multiple WFE then you would need to make changes on each of those servers.
hth.
regards,
Shrini
Well, the deleted history issue may or may not be directly related to this .NET Framework patch. We know from experience that nwadmin utility can delete history for running workflows if you don't specify explicitly which states you purge. On the other hand it's possible (these are only assumptions!) that specific operations on SPWebApplications may terminate or rollback a Nintex Database transaction that was supposed to write the missing history. We suspect that UpdateWorkflowConfigurationSettings could be such breaking operation, but in our case it was the missing piece for the puzzle.
Hi everyone,
Sorry for the radio silence on this one, in the end we rolled back the security updates and all workflows started firing again. The link Jacob Shihawu shared previously is being touted as the complete fix for this issue.
After speaking with others who have experienced this issue, some people affected running on SharePoint 2010 service pack 1 updated to SP2 which fixed the issue also.
We are planning on adding the updates back in, then following the video step-by-step instructions to see if we can finally put this to bed!
Kind regards,
Anthony
In our case, updating workflow configuration settings cache in the database resolved the issue on two farms: 2013 and 2016.