After KB5002624, 2010 workflow is getting "failed on start" SP 2016 on-premise

UnderwoodMarlene-1858 75 Reputation points
2024-09-24T14:50:22.6766667+00:00

After installing the September patches, including KB5002624, workflow is getting error "failed on start". KB5002624 has a known workflow issue. https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-sharepoint-enterprise-server-2016-september-10-2024-kb5002624-db6c8b15-b9e8-4fa5-a34a-b99a0341271e

  • You might experience an issue in which SharePoint workflows can't be published because the unauthorized type is blocked. This issue also generates event tag "c42q0" in SharePoint Unified Logging System (ULS) logs. To work around this issue, register the safe types in the Web.config file. You can look for event tag "c42q0" in ULS logs to find the blocked type. If the type and assembly are safe, add the type to the authorized list in the Web.config file. For example: <System.Workflow.ComponentModel.WorkflowCompiler> <authorizedTypes>     
      <targetFx version="v4.0">         
      
      
        <authorizedType Assembly="Microsoft.SharePoint.WorkflowActions, Version=16.0.0.0, Culture=neutral, PublicKeyToken=null" Namespace="Microsoft.SharePoint.WorkflowActions.WithKey" TypeName="*" Authorized="True" />     
      
      
      </targetFx>    
    
    </authorizedTypes>
    

I attempted to recompile the WF and received an error "Unexpected error on server associating the workflow". Found error c42q0 in the ULS log file: Potentially malicious xoml node: for a column with a LookupFunction.

Does the recommended change need to be made to just the web.config for the SharePoint Workflow Manager?

SharePoint 2016 on-premise using SharePoint Workflow Manager

SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
11,004 questions
SharePoint Workflow
SharePoint Workflow
SharePoint: A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.Workflow: An orchestrated and repeatable pattern of business activity, enabling data transformation, service provision, and information retrieval.
613 questions
{count} votes

Accepted answer
  1. Ling Zhou_MSFT 19,945 Reputation points Microsoft Vendor
    2024-09-25T02:03:15.96+00:00

    Hi @UnderwoodMarlene-1858,

    Thank you for posting in this community.

    It is true that there is no indication in the documentation whether it is SharePoint Server Web.config or SharePoint Workflow Manager Web.config. But as far as I know, SharePoint Workflow Manager doesn't seem to have Web.config file.

    So, I think that since there is no special indication in the document, it should be a modification of SharePoint Server Web.config.

    Here are the locations of SharePoint Server Web.config:

    User's image

    I strongly recommend that you make a backup of your files before modifying SharePoint Server Web.config to avoid problems.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

2 additional answers

Sort by: Most helpful
  1. Stefan Goßner 656 Reputation points Microsoft Employee
    2024-10-08T06:22:20.0866667+00:00

    Just to highlight on one aspect of the initial question: Only SP2010 workflows are affected. SP2013 workflows are not.

    Workflow Manager is not used with SP2010 workflows - only with SP2013.

    So Workflow Manager is irrelevant here.

    All changes have to be applied in the web.config of the SharePoint Server and potentially in the owstimer.exe.config for workflows that get compiled inside the SharePoint Timer Service.


  2. Patterson, Maureen 0 Reputation points
    2024-11-27T02:04:26.9866667+00:00

    I would like to implement this fix, but can someone explain exactly where this line should go in the web.config files? ... (Edit: Nevermind.. I see it now).

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.