No ratings

Workflow Failed to Run, Failed to Publish Workflow, Workflow stuck In Progress, after applying Microsoft Update


After a .NET Security Update, Nintex Workflows no longer publish, are stuck 'In Progress', or fail to run. 

Note: This is an error in SharePoint itself and this will also impact your SharePoint Designer workflows.




Run the following PowerShell scripts (link below) on a server within your SharePoint farm to add the authorizedtype entries.

Please watch the walk-through video below to ensure the solution is applied properly:

A basic outline of the video is as follows:

1. Refer to the following link to access the two PowerShell scripts: Add-CodeDomAuthorizedType on GitHub

2. Modify both PowerShell scripts to add -IncludeNintexWorkflow where the function is called (near the end of each script). For example:

     Add-CodeDomAuthorizedType.ps1: Add-CodeDomAuthorizedType -Verbose -IncludeNintexWorkflow

Add-CodeDomAuthorizedTypeToOWSTimerConfig.ps1: Add-CodeDomAuthorizedTypeToOWSTimerConfig -ComputerName $serverNames -Verbose -IncludeNintexWorkflow

3. Run each script as an Administrator. You can do this in PowerShell, PowerShell ISE or SharePoint Management Shell. 

4. Test your workflows. If issues persist, follow through with additional manual steps in the walk-through video.

Note: If you face any issues with the script or the steps provided in the video, please reach out to Microsoft Support. 


Error Code

There are variations of the errors that occur, but the common line in regard to this issue is as follows:


Additional Information

After any of the September 2018 .NET Framework security updates to resolve CVE-2018-8421 (.NET Framework Remote Code Execution Vulnerability) are applied, SharePoint out-of-the-box workflows stop working.

This issue can also occur following SharePoint Cumulative Updates (CU) after November 2018; this and subsequent CU's attempt to counter this issue by adding authorizedtype entries in the appropriate files, but in some cases, can result in the CodeTypeReferenceExpression authorizedtype entry to be removed, surfacing the issue again. The above solution would need to be applied again.

Add-CodeDomAuthorizedType.ps1 and Add-CodeDomAuthorizedTypeToOWSTimerConfig.ps1 add the authorizedtype entries to the web.config and OWSTimer.exe.config files across your farm respectively.

In rare cases, running the following has been necessary in applying the solution successfully:
     $webapp = Get-SPWebApplication -identity http://<web app name>  

For SharePoint 2010 Farms: Relevant entries will be included in the scripts in addition to the CodeDom authorizedtype entries. Please note that these scripts have been updated over time and may include entries that were not included before.


Related Links


Version history
Last update:
‎02-03-2021 04:18 AM
Updated by: