The 25H1 feature update for SharePoint Server Subscription Edition has been released today and is included in the March 2025 CU for SharePoint Server Subscription Edition.
Releasing new features for a product which is used by a large number of users creates challenges for IT departments, e.g.
- users have to be trained to use the new functionality correctly
- a change in behavior can lead to an increased number of internal support calls
- new features need to be tested against custom solutions installed on the SharePoint farm
- …
With the feature updates for SharePoint Server Subscription Edition organizations are given the ability to manage the introduction of new features introduced in a feature update by grouping them into feature release rings: the Early release ring and the Standard release ring. This gives organizations time to train their users and support staff on any new functionality, perform compatibility testing of those new feature experiences with existing customer scenarios, and develop new business processes to take full advantage of the new feature experiences.
See here for more details on the feature release rings.
Below is a list of all new feature released in the 25H1 feature updates and the release ring the feature is included:
| New Features released with 25H1 | Release rings |
|---|---|
| Support for RSA public key in OIDC authentication configuration | Standard release (*) |
| Support for automatic machine key rotation | Early release |
| Dynamic customer survey by One Customer Voice | Early release |
| Create new Office files in client apps | Early release |
| Support for request body scan in AMSI | Early release |
| Cloud Hybrid Search upgrade | Early release |
| New database connectivity layer with TDS 8.0 and TLS 1.3 support | Standard release |
Standard release (*) in the list above means that this feature was available since Feature Update 24H2 in Early release and got promoted to Standard Release with the 25H1 feature update.
More details:
Permalink
Hi,
Do you know why the 2019 patch is not released?
Permalink
Hi Dilan,
SP2016 and SP2019 are in extended support. This means only security related fixes will be created.
We did not release any security fixes in March so there is no fix for SP2016 and SP2019 this month.
Cheers,
Stefan
Permalink
Well then, that opens up my weekend! 🙂
Thanks Stefan.
Permalink
Thank you for quick response Stefan! 🙂
Permalink
There seems to be a bug in this patch with Communication sites. In a newly created vanilla Communication site, if you click any of the “Documents”, “Pages” or “Site contents” links in the site navigation, the search box moves up to the left corner instead of right next to the New-button. Tried this in two different farms now and saw the same symptoms.
Anybody else?
Permalink
This changed already in a Patch many month ago
Permalink
February 2025 works fine though
Permalink
any update on this Johan ?
Permalink
I posted the same question over at the March CU blog post and the same behaviour was confirmed by several others as well:
https://blog.stefan-gossner.com/2025/03/11/march-2025-cu-for-sharepoint-server-subscription-edition-is-available-for-download
We ended up switching to regular modern team-sites for the solution i was working on as it didn’t have the same issues.
The April patch is out, but i haven’t tried it yet. The related KB doesn’t mention the problem, so i don’t know what the status is on that or if they are aware.
Permalink
Hi all,
this issue is currently being investigated.
Cheers,
Stefan
Permalink
Backup-SPSite used with the -UseSqlSnapshot option no longer appears to work after installing the March 25 CU for SPSSE.
Throws an error:
“Backup-SPSite : A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 – The certificate chain was issued by an authority that is not trusted.)”
All certs on the servers are valid, none are even close to expiration, and nothing has changed on the servers except the installation for the March CU. Occurs in multiple SPSSE environments.
Wondering if this has to do with the new feature “New database connectivity layer with TDS 8.0 and TLS 1.3 support” in the CU? Does anything needed to be configured/changed/altered to compensate for the new feature? Has anyone else experienced this issue with Backup-SPSite on SPSSE?
Permalink
With 23H1 feature update, a new feature TLS 1.3 support add new SQL Connection feature. You can see at https://learn.microsoft.com/en-us/sharepoint/security-for-sharepoint-server/tls-support-1.3 There are now two new options. Database Connection Encryption and Database Server Certificate Host Name. It updates the connection string. With these options you can select Optional. But if you try to create the new farm with the New-SPConfigurationDatabase method without -DatabaseConnectionEncryption parameter it gives “The certificate chain was issued by an authority that is not trusted” error. This main cause of the this error, SP try to connect SQL Server with Mandatory option. Perhaps it’s about ODBC driver or SQL Server Native Client driver. If you try New-SPConfigurationDatabase method with PowerShell SharePoint Snapin, the -DatabaseConnectionEncryption parameter show the necessary values “Mandatory | Optional | Strict”. But if I choose Optional then it gives “The given key was not present in the dictionary” error. It’s better to wait for the Master Stefan’s solutions or workarounds.
Permalink
Root cause: The client requests data encryption, which triggers the validation of the server certificate. However, the server responds by sending a self-signed certificate (SSL_Self_Signed_Fallback), which causes the validation to fail. You can see SSL_Self_Signed_Fallback SSL error on the SharePoint Server’s CAPI2 logs. https://learn.microsoft.com/en-us/troubleshoot/sql/database-engine/connect/certificate-validation-failure
Permalink
Thank you for the information Hasan. I will investigate further with the details you have provided and will post my findings.
Permalink
Hi Peter,
Yesterday I tried the install fresh SharePoint SE environment with March CU installed. I always use New-SPConfigurationDatabase cmdlet to create farm. This time I added DatabaseConnectionEncryption parameter with “Optional” value and everything gone perfect. The certificate that you mentioned in your post is about your server’s certificates that are in the server’s certificate store (certlm.msc) . But the error that you get is about SQL Server’s data encryption certificate. If you configured your server to use data encryption between SP and SQL server, you will get this error. As you can see the information in this link https://learn.microsoft.com/en-us/sharepoint/security-for-sharepoint-server/tls-support-1.3#behaviors-when-upgrading-a-farm-with-existing-databases , If you install this update to a existing farm, It will configured to use Optional encryption by default.
Permalink
Hi Peter, you can follow the step that explained on this article. https://joshroark.com/sharepoint-server-march-2025-update-problem-bdc-fails-with-error-the-certificate-chain-was-issued-by-an-authority-that-is-not-trusted/
Permalink
Hello Hasan, thank you for the info. I will give it a try and post the results.
As an aside, one of my test environments has SPSSE and SQL installed on the same VM. So the system’s SSL cert would be common to both, but yet that environment exhibits the reported issue. I’ll go through the SQL configs again. More to come…
Permalink
Hi,
I have a similar issue when i run the Get-SPContentDatabase | Upgrade-SPContentDatabase –Confirm:$False during the SharePoint farm upgrade:
The error i receive is as below, can you please help ?
An exception of type Microsoft.SharePoint.PostSetupConfiguration.PostSetupConfigurationTaskException was thrown. Additional exception information:
CanUpgrade [StateDatabase Name=SPSE_StateService] failed. (EventID:an58c)
Inner Exception: The Target principal name is incorrect (EventID:an58c)
Exception: A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 – The target principal name is incorrect.) (EventID:an58c)
Cannot upgrade [StateDatabase Name=SPSE_StateService]. (EventID:an59g)
Permalink
Hi Simeon,
Your problem is not relevant with this update. You have to check that if your database access account (sp_farm account) has db_owner role on that database (SPSE_StateService) . If not, you have to grant that role to farm account on that database. Probably you can also see that same error on the Health and Analyzer’s “Review Problems and Solutions” page. After db_owner role granted you can run your cmdlet without any problem.
Permalink
HI,
I installed the update on one of our development servers (Role: Single Server) to check for the patch and noticed that after installation, some .aspx files (/_admin/search) contain incorrect syntax, making it impossible to access the corresponding Central Administration page.
An error occurred during the processing of /_admin/search/listmanagedproperties.aspx. The server tag is not well formed.
The controls cannot be resolved due to a syntax error involving whitespace.
</ asp : Content>
Other pages with errors
/_admin/search/ListCrawledProperties.aspx
/_admin/search/ListCategories.aspx
/_admin/search/crawledproperty.aspx
/_admin/search/listcategories.aspx
As a result, some search management features are unusable.
Is there any information about which features are affected by this update?
Permalink
Hi Teresa,
this is a known issue which is planned to be fixed in May 2025 CU.
The following files are affected:
Cheers,
Stefan
Permalink
Thank you for quick response Stefan!
Teresa
Permalink
May 2025 CU didn’t fix this issue for our farm. Do you have any updates?
Permalink
Hi Jonas,
please have a look at the dedicated post I created for this topic which highlights that the fix has been delayed and is now scheduled for June CU:
https://blog.stefan-gossner.com/2025/04/02/trending-issue-spse-the-server-tag-is-not-well-formed-on-certain-search-administration-pages-after-march-2025-cu/
Cheers,
Stefan
Permalink
Hi Stefan and thanx for reply.
If you don’t have access to feb CU, are really desperate and also bold enough,
– take a backup of the aspx-file that isn’t working. (i.e “c:\Program Files\Common Files\microsoft shared\Web Server Extensions\16\TEMPLATE\ADMIN\Search\listmanagedproperties.aspx”
– replace ” : ” (space-colon-space) with only “:”
– replace “</ ” (left-angle-bracket-slash-space) with only “</”
– replace “< ” (left-angle-bracket-slash) with “<”
– search for the tag “ItemStyle Width” and if found and if the the closing “>” on the line below has a percentage before it (i.e “%>”), than remove %. (not all mallfunctioning file has this entry but listmanagedproperties.aspx do)
– save and pray
Permalink
Stefan,
thanks for your efforts on this blog – this is much appreciated.
A question about a behaviour regarding a pagination error in list views that I have recently noted:
Since I am not sure if this was introduced with a recent CU or if this is a known issue that is being worked on, whre should I send a description of this behaviour so that it can be investigated?
Thank you & best regards
Johannes
Permalink
Hi Johannes,
please open a ticket with Microsoft support to ensure that it can be investigated.
Cheers,
Stefan