Overview

Recently, a customer came to us with an urgent issue: all their SharePoint workflows had stopped working overnight. Aside from a few recent server updates, the customer had not made any changes to their SharePoint environment.

One of our consultants performed initial troubleshooting using the error message and identified the root cause of the issue. Following a recent .NET Framework security update, several .NET types used by SharePoint workflows that were not previously required are now required.

.Net Framework

This article from the .NET Blog addresses more information on the security updates for CVE-2018-8421 – Windows Remote Code Execution Vulnerability.

Microsoft Support

This article from Microsoft Support provides a more thorough technical explanation of why SharePoint out-of-the-box workflows stopped working.

SharePoint Workflow Error Message

Microsoft.SharePoint.SPException: 

<Error> 

<CompilerError Line=”-1″ Column=”-1″ Text=”Type System.CodeDom.CodeBinaryOperatorExpression is not marked as authorized in the application configuration file.” /> 

<CompilerError Line=”-1″ Column=”-1″ Text=”Type System.CodeDom.CodeBinaryOperatorExpression is not marked as authorized in the application configuration file.” /> 

<CompilerError Line=”-1″ Column=”-1″ Text=”Type System.CodeDom.CodeBinaryOperatorExpression is not marked as authorized in the application configuration file.” /> 

<CompilerError Line=”-1″ Column=”-1″ Text=”Type System.CodeDom.CodeBinaryOperatorExpression is not marked as authorized in the application configuration file.”/> 

</Error>

Solution & Explanation

The reason that all the customer’s workflows had stopped working is that this issue affects any web application that relies on the newly-required .NET types. The fix is to add the newly required types to each web application’s configuration file. This is most easily accomplished via the PowerShell script provided by Microsoft in the support article mentioned above.

In addition, if your organization is running workflows on the central admin web application, then its configuration file must be updated manually. The PowerShell script does not update the central admin web application. 

Updates – especially security updates – are extremely important to the health and well-being of any SharePoint farm. In general, the best practice is to first apply updates in a testing environment in order to ensure that no existing functionality is affected. Accidents do happen, however – and that’s where SharePoint support specialists such as Total Solutions can help.

Because our consultants live and breathe SharePoint, our customers rely on us to keep their SharePoint farm up to date and healthy. If you have questions or issues with your SharePoint Workflows, feel free to set-up an appointment to talk to one of our consultants today!