In the last couple of days we got several reports from customers which experienced an issue after installing April 2023 CU for SharePoint Server 2016 on servers which are running Windows Server 2012 R2.
Background information
April 2023 CU includes the new AMSI security feature for SharePoint (see here for details). AMSI relies on functionality in the Windows operating system which is available in Windows Server 2016 and later. Earlier Windows versions lack the required functionality to enable AMSI which causes the relevant functionality released with April 2023 CU to fail if the operating system is older than Windows Server 2016.
A fix for this issue has been released with June 2023 CU for SharePoint Server 2016.
Mitigation
To mitigate the issue the affected module needs to be removed from the IIS configuration.
This can be done using the following steps:
Method A – Using the the IIS Management UI:
- Open Internet Information Services (IIS) Manager.
- Select the server node in the left-hand pane.
- In the center pane, double-click on “Modules” under the “IIS” section.
- In the right pane, select “Configure Native Modules…”
- Select ” SPRequestFilterModule” and click “Remove” button.
- Confirm the removal of the module by clicking “Yes” in the pop-up window.
- Restart IIS to apply the changes.
Method B – By editing the applicationHost.config file:
- Open the applicationhost.config file located in the %windir%\system32\inetsrv\config directory.
- Locate the section of the file.
- Find the following entry in the section and remove that entry:
<add name="SPRequestFilterModule" image="C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\isapi\sprequestfilteringmodule.dll" />
- Save the changes to the applicationhost.config file
- Restart IIS to apply the changes.
Important: Windows Server 2012 R2 will only be supported till October 10th, 2023 – so rougly 6 months from now. Even if SharePoint Server 2016 is supported till July 14th, 2026 this support requires that SharePoint is installed on a supported Operating System. If your SharePoint Server 2016 farm is currentl installed on top of Windows Server 2012 R2, please plan to migrate your SharePoint farm to a newer Operating System – or even better upgrade SharePoint to a newer version – before October 10th, 2023.
Update April 18th, 2023: An official KB article for the issue has been made available this morning:
KB5026765 – HTTP Error 503 after installing April 2023 CU for SP2016 on Windows Server 2012 R2
Permalink
Will any of the two above mentioned fixes prevent successful CU patches going forward on Server 2012 R2?
Permalink
Hi Ismar, no – but it might be that the mitigation would have to be applied again with the next CU.
Permalink
Perfect, thanks. We chose to comment out that line instead of removing it, and it worked for us.
Permalink
I believe there is some key information missing from Method B.
Permalink
Fixed. I forgot to encode the Xml content inside the html – which made it invisible in the published blog post.
Permalink
Hi, I know that SharePoint 2013 just got out of support but, this feature also affects this version? Does the workaround works for SharePoint 2013 + Windows 2012 R2? Does it affect Windows 2012 too?
Thanks!
Permalink
No. AMSI support is not included in SP2013 April CU.
Permalink
Thank you! Hace a nice day.
Permalink
Thank you publishing this Stefan, this would mean we cannot achieve zero downtime patching for SP2016 with this CU?
Permalink
Hi Kavita,
you should be able to achieve this. When running PSConfig on a machine the machine needs to be removed from loadbalancing. After finishing this step you need to remove the additional line from the applicationHost.config before adding the machine back into the loadbalancing.
Cheers,
Stefan
Permalink
An official KB article for the issue has been made available this morning:
KB5026765 – HTTP Error 503 after installing April 2023 CU for SP2016 on Windows Server 2012 R2
https://support.microsoft.com/en-us/topic/http-error-503-after-installing-april-11-2023-updates-for-sharepoint-server-2016-on-windows-server-2012-r2-kb5026765-b6b98571-a5ac-4aac-829f-a0756794d7b8
Permalink
Thank you!
Permalink
All the apppools in the IIS have stopped and unable to start it after installing the April cu on sp2016 farm ..does this also related to this issue?
Permalink
Yes – this is this issue if the Operating System is Windows Server 2012 R2.
Permalink
Hi Stefan,
We have installed SharePoint 2016 on Windows Server 2016 Datacenter edition.
Do we have this 503 issue on this windows version as well since we are planning to install May 2023 CU on our SharePoint Servers.
Permalink
Hi Subhash, the issue only affects Windows Server 2012 R2.
Permalink
We used the steps under Method A in our Sharepoint 2016 environment running on Windows 2012 R2. I am now able to launch the Central Administration console. Thanks for the article!
Permalink
Hi Stefan, I am experiencing this same issue but on a Windows Server 2019 box running SharePoint 2019 after installing the May 2023 CU. Fortunately this box is just for developers to work in so no user impact. I patched the test environment earlier today without any issues (also Windows Server 2019 and SharePoint 2019). We are planning on patching production next week, but now I am concerned since this issue is only supposed to be affecting Windows Server 2012 R2.
I removed the line from the applicationhost.config file, did an iisreset, and the problem was resolved. I then added the line back in, did an iisreset, and the problem presented again. So this isn’t just a Windows Server 2012 R2 issue…
Feel free to contact me if you’d like me to gather more info.
Permalink
Hi Derek,
please open a ticket for this as this needs to have a different root cause.
Cheers,
Stefan
Permalink
We encountered the error „Module „SPRequestFilterModule“ could not be found“ upon installing SharePoint 2019 on a new Server and after activating the „SharePoint Server Antimalware Scanning“ feature.
The line „“ was completely missing in the applicationhost.config file in our newly installed servers.
What we did:
1. Installed SharePoint 2019 on a fresh new Windows Server 2022.
2. Patched with March 2023 CU.
3. Joined an existing SharePoint Farm
After manually inserting the line mentioned above in the %windir%\system32\inetsrv\config\applicationhost.config file all worked as expected.
Permalink
This seems to still be an issue on SP2016 Sept 2023 CU.
Permalink
Hi Robert,
in September 2023 CU is slightly different issue:
https://blog.stefan-gossner.com/2023/10/17/trending-issue-module-sprequestfiltermodule-could-not-be-found-after-september-october-2023-cu/
Cheers,
Stefan