January 2022 CU for SharePoint Server 2019 is available for download

The product group released the January 2022 Cumulative Update for SharePoint Server 2019 product family. SharePoint Server 2019 is patched with a language dependent and a language independent fix.

The KB article for January 2022 CU will be available at the following Location in a couple of hours:

  • KB 5002109 – January 2022 Update for SharePoint Server 2019 (language independent)
    This is also a security update!
  • KB 5002108 – January 2022 Update for SharePoint Server 2019 (language dependent)
    This is also a security update!

The downloads for January 2022 CU are available through the following links:

Important: It is required to install both fixes (language dependent and independent) to fully patch a SharePoint server. This applies also to servers which do not have language packs installed. The reason is that each SharePoint installation includes a language dependent component together with a language independent component. If additional language packs are added later (only) the language dependent fix has to be applied again.

It is irrelevant which language you pick on the drop down in download center. Even the language dependent fixes are all in the same package for all languages.

After installing the fixes you need to run the SharePoint 2019 Products Configuration Wizard on each machine in the farm. If you prefer to run the command line version psconfig.exe ensure to have a look here for the correct options.

Please ensure to have a look at the SharePoint Patching Best Practices before applying new fixes.

 
SharePoint 2019 January 2022 CU Build Number:

Language independent fix: 16.0.10382.20004
Language dependent fix: 16.0.10382.20004

 
Related Links:

16 Comments


  1. My Site Host built-in pages cannot be opened after applying 16.0.10382.20004 to on-prem SP 2019 farm, it seems that caused by web.config update

    Reply

    1. Hi Xiaodong, if you need assistance to resolve this issue I would recommend to open a support case with Microsoft.

      Reply

  2. After Applying this CU, configure incoming email settings disappeared from Lib/List settings…

    Reply

    1. Hi Vishnu,
      I haven’t heard about this issue and if this is an important issue for you I would recommend to open a support case to get this investigated.
      Cheers,
      Stefan

      Reply

  3. After applying these patches Host Named Site collections seem to have broken Web Parts, getting the following error: Web Part Error: This page has encountered a critical error. Contact your system administrator if this problem persists. Correlation ID: 38e91aa0-cdb9-c0a6-823d-07c2a47f41f8.

    Has anyone else ran into this issue? Path based sites don’t seem to be affected? very strange.

    Reply

  4. Hello,

    Should I be concerned with the issue that this patch has. The issue is below:

    Known issues in this update
    Most users cannot access Web.config files in Microsoft SharePoint Server. The affected group of users does not include farm administrators, local administrators, or members who are managed by the system. For more information, see Users cannot access Web.config files in SharePoint Server (KB5010126).

    I want to double check of that before I go ahead and install the patch on my production environment.

    Thank you Stefan

    Reply

    1. Thanks Osamah,

      Very important information!

      Since this update, all our add-ins (apps) stopped working. (Both the add-ins from the SharePoint store and our own SharePoint provider hosted apps.)
      After adding the necessary permissions to the web.config file, everything works again.

      They should have tested this much better before releasing this update 🙁

      Reply

      1. Hi Johan,
        this sounds unexpected. Its also unclear to me why an add-in would require access to the web.config file.
        I would recommend to open a support case to ensure that this can be investigated.
        Cheers,
        Stefan

        Reply

        1. Hi Stefan,

          I think this makes sense…

          For example:
          Our SP sites running under web application ‘www.contoso.com’.
          Our apps are running under a different web application ‘apps.contoso.com’.
          (every web application has his own application pool account)

          Before the update, http://www.contoso.com‘s application pool account automatically had read permissions on apps.contoso.com’s web.config through the ‘wss_wpg’ security group. -> OOTB config.

          Since the update, the http://www.contoso.com‘s application pool account can no longer connect to apps.contoso.com because the group wss_wpg has been removed from the web.config file.

          I added the ‘wss_wpg’ group again in my test en quality environment and everything works like before.

          The only problem that we have now is that we need to install this update first in production and only then we have the option to disable this new ‘feature’ with powershell.
          (SkipUpdateWebConfigFilePermission = $true)

          And if you have a large SharePoint farm with a lot of web applications, it’s take a while to change all this security settings on all the web.config files.

          Regards,

          Johan

          Reply

    2. Forgot to mention…
      The update has removed the security group ‘WSS_WPG’ from the web.config.

      Reply

      1. Johan, were you seeing 403s before you resolved this? Can you post the line which you used in web.config to resolve. Thanks

        Reply

        1. Hi Viddy,

          I didn’t see any 403’s and didn’t made an update to the web.config content. I added only the necessary permissions to the file.

          Regards

          Reply

          1. Thanks Johan, Stefan. I can see that the file has all the relevant permissions required so still looking into the cause of the 403s across 3 our of 4 servers. I will most likely raise a ticket.


  5. Hey everyone, this restriction of web.config permission intent to protect the sensitive information inside web.config from accidentally leak to unauthorized person.

    Would like to understand, why web.config need to be accessed by the add-ins?

    Reply

  6. Hi Steve,

    Check my reply to Stefan.

    Meanwhile I did the test again. I removed the ‘wss_wpg’ security group from my ‘apps’ web application web.config file and I have the same problem again when opening an add-in from my SP site hosted on another web application.

    Regards,

    Johan

    ULS log:

    Name lookup failure in derived cache for [Name:Microsoft.SharePoint.MarketPlace.OfficeProxy.OfficeProxySettings],[Parent:5a616947-5275-456f-bbad-4bb1cadd104a], [type:fe82c892-e329-4459-9d4f-6d8e354c614c []]. Stack Trace: at Microsoft.SharePoint.Administration.SPConfigurationDatabase.GetObject(String name, Guid parentId, Type type)
    at Microsoft.SharePoint.Administration.SPConfigurationDatabase.Microsoft.SharePoint.Administration.ISPPersistedStoreProvider.GetObject(String name, Guid parentId, Type type)
    at Microsoft.SharePoint.Administration.SPPersistedObject.GetChild[T](String name)
    at Microsoft.SharePoint.Marketplace.OfficeProxy.OfficeProxySettings.<>c__DisplayClass3.b__2()
    at Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunElevated secureCode)
    at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(WaitCallback secureCode, Object param)
    at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(CodeToRunElevated secureCode)
    at Microsoft.SharePoint.Marketplace.OfficeProxy.OfficeProxySettings.GetOfficeProxySettings(Boolean useInitializationSettings)
    at Microsoft.SharePoint.Marketplace.OfficeProxy.OfficeServiceUrls.CheckForBaseUrlOverride()
    at Microsoft.SharePoint.Marketplace.OfficeProxy.OfficeServiceUrls.Init()
    at Microsoft.SharePoint.Marketplace.OfficeProxy.OfficeServiceUrls.GetWebserviceProperty(String key)
    at Microsoft.SharePoint.Marketplace.OfficeProxy.OfficeServiceUrls.GetWebserviceUrl(OfficeServiceUrlType type)
    at Microsoft.SharePoint.Marketplace.OfficeProxy.OfficeProxy.MakeRequestAppDetails(String billingMarket, String contentMarket, String appId, Boolean detailsPageRender)
    at Microsoft.SharePoint.Marketplace.OfficeProxy.OfficeProxy.GetAppDetails(SPWeb web, String billingMarket, String contentMarket, String appId, Boolean detailsPageRender, SPAppMetadataDetail& appDetails)
    at Microsoft.SharePoint.WebControls.SPAppError.CreateAppSupportControl()
    at Microsoft.SharePoint.WebControls.SPAppError.CreateChildControls()

    Reply

Leave a Reply to Johan Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.