March 2025 CU for SharePoint Server Subscription Edition is available for download

- - 43 Comments

The product group released the March 2025 Cumulative Update for SharePoint Server Subscription Edition.

Monthly SharePoint Server Subscription edition updates are released as a single unified “uber” package containing both the language independent and language dependent fixes. Language independent and language dependent fixes will no longer be released separately. This is similar to the full server packages released for SharePoint 2013.

The KB article for March 2025 CU will be available at the following location in a couple of hours:

  • KB 5002698 – March 2025 Update for SharePoint Server Subscription Edition

The download for March 2025 CU is available through the following link:

It is irrelevant which language you pick on the drop down in download center. It will always download the same package.

After installing the fix you need to run the SharePoint Products Configuration Wizard on each machine in the farm. If you prefer to run the command line version psconfig.exe ensure to have a look here for the correct options.

Please ensure to have a look at the SharePoint Patching Best Practices before applying new fixes.
 
SharePoint Server Subscription Edition March 2025 CU Build Number: 16.0.18526.20080
 
Important: To minimize the installation time for SharePoint Server Subscription Edition Fixes, please follow the guidance in the following article: Solving the extended install time for SPSE CUs

 
Related Links:

43 Comments


  1. Hi

    In improvements and fixes, we see below fix as fixed. is this issue is reported on applying any SE patch? which fixed in this March 2025 patch?

    Fixes an issue in which a SharePoint 2013 workflow cannot be run successfully.

    Thanks
    Praveen

    Reply

    1. Hi Praveen,
      this is not related to a regression introduced with an earlier fix if this is what you are looking for.
      Cheers,
      Stefan

      Reply

      1. Thanks Stefan. But how can we know what it fixed in that ?

        Reply

        1. Hi Praveen,
          if you do not have problems when running the SP2013 workflows you will not benefit from this fix.
          Cheers,
          Stefan

          Reply

  2. After installation of binary, the PSConfig fails with error:

    Failed to detect if this server is joined to a server farm, Possible reasons for the failure could be that you no longer have the appropriate permissions to the server farm, the database server hosting the server farm is unresponsive, the configuration database is inaccessable or the server has been removed from the server farm. Following error was found in he PSCDiagnostics log:

    An exception of type Microsoft.Data.SqlClient.SqlException was thrown. Additional exception information: A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 – The target principal name is incorrect.) Microsoft.Data.SqlClient.SqlException (0x80131904): A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 – The target principal name is incorrect.) —> System.ComponentModel.Win32Exception (0x80004005): The target principal name is incorrect at Microsoft.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, UInt32 waitForMultipleObjectsTimeout, Boolean allowCreate, Boolean onlyOneCheckConnection, DbConnectionOptions userOptions, DbConnectionInternal& connection) at Microsoft.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection owningObject, TaskCompletionSource1 retry, DbConnectionOptions userOptions, DbConnectionInternal& connection)
    at Microsoft.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource    1 retry, DbConnectionOptions userOptions, DbConnectionInternal oldConnection, DbConnectionInternal& connection) at Microsoft.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource1 retry, DbConnectionOptions userOptions)
    at Microsoft.Data.SqlClient.SqlConnection.TryOpenInner(TaskCompletionSource    1 retry)
    at Microsoft.Data.SqlClient.SqlConnection.TryOpen(TaskCompletionSource1 retry, SqlConnectionOverrides overrides)
    at Microsoft.Data.SqlClient.SqlConnection.Open(SqlConnectionOverrides overrides)
    at Microsoft.SharePoint.Utilities.SqlSession.OpenConnection()
    at Microsoft.SharePoint.Utilities.SqlSession.ExecuteReader(SqlCommand command, CommandBehavior behavior, SqlQueryData monitoringData, Boolean retryForDeadLock)
    at Microsoft.SharePoint.Utilities.SqlSession.ExecuteReader(SqlCommand command, Boolean retryForDeadLock)
    at Microsoft.SharePoint.Utilities.SqlSession.ExecuteReader(SqlCommand command)
    at Microsoft.SharePoint.Upgrade.SPDatabaseSequence.GetVersion(SPDatabase database, Guid id, Version defaultVersion, SqlSession session, SPDatabaseSequence sequence)
    at Microsoft.SharePoint.Administration.SPDatabase.get_BuildVersion()
    at Microsoft.SharePoint.Administration.SPConfigurationDatabase.get_StoredProceduresSchemaVersion()
    at Microsoft.SharePoint.Administration.SPConfigurationDatabase.get_SupportsConfigCollectionCache()
    at Microsoft.SharePoint.Administration.SPConfigurationDatabase.FetchNewObjectsFromDatabase(Int64 lastRefreshed, RefreshCacheFlags refreshCacheFlags, SqlParameter& returnValue)
    at Microsoft.SharePoint.Administration.SPConfigurationDatabase.RefreshCache(Int64 currentVersionOverride, RefreshCacheFlags refreshCacheFlags, List    1& newObjects, List`1& deletedObjects, Int64& newestObjectVersion)
    at Microsoft.SharePoint.Administration.SPConfigurationDatabase.RefreshCache()
    at Microsoft.SharePoint.Upgrade.SPManager.UpgradeDatabaseObject()
    at Microsoft.SharePoint.PostSetupConfiguration.Farm.TryIsJoinedToFarm(TaskBase task, Boolean& isJoined, Boolean& tryIsJoinedSucceeded, Boolean reload)
    ClientConnectionId:2e84eee2-b1b6-4072-a9b2-4a3a1ecc0df5
    Error Number:-2146893022,State:0,Class:20

    Reply

  3. Hi Stefan,

    We have hybrid search service between SharePoint Online & Onprem (SPSE) environment. I can see the (Download the Onboard-CloudHybridSearch-SPOONS.ps1 script) powershell script uploaded and available to download at below microsoft page.

    https://support.microsoft.com/en-us/topic/march-11-2025-update-for-sharepoint-server-subscription-edition-kb5002698-d2f72cdc-deae-4cd1-b5ef-a0381c1c4342

    Question : Do we need to run this script in onprem environment post installing March 2025 update for sharepoint server subscription server?

    Cheers,
    Ganesh P.

    Reply

  4. Hi Stefan,

    After installing March 2025 update for sharepoint server subscription server, SQL instance got disconnected.
    We have AG setup. Unable to run the configuration wizard. Could you please let us know why? Is there any bug, issue in KB?

    Regards,
    Ganesh P.

    Reply

    1. Hi Ganesh,
      Keep in mind that March 2025 CU adds a default requirement for “mandatory” encryption when connecting to SQL. you can change this setting but it is recommended to configure your SQL Server with server authentication certificate for better security

      https://learn.microsoft.com/en-us/sharepoint/what-s-new/new-and-improved-features-in-sharepoint-server-subscription-edition-25h1-release#new-database-connectivity-layer-with-tds-80-and-tls-13-support

      Reply

  5. Hi all,

    I had the same issue (SQL) after installing 2025 March CU.

    I’ve set Force encryption to No and SharePoint is working again.

    Best Regards,

    Zoltán Németh

    Reply

    1. Hi Zoltán,

      Where did you set “Force encryption to No”. I am running into the same issue with “Failed to detect if this server is joined to a farm”.

      Dominique

      Reply

    2. Nevermind! Found it. Found it in the SQL Configuration Manager. Set the Force Encryption to No for the instance.

      Thank you Zoltan!

      Reply

  6. Hi Stefan,
    After installing the March 2025 update for SharePoint Server Subscription Edition, the following timer jobs fail on the application server and the search server in both test and production environments.

    Could you please let us know why? Is there any bug or issue in the KB?

    Timer jobs
    Query Logging
    User Profile Service Application – User Profile Language Synchronization Job

    Following error was found in the PSCDiagnostics log/Event log:

    Query Logging (Search server)
    The Execute method of job definition Microsoft.Office.Server.Search.Administration.QueryLogJobDefinition (ID xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx) threw an exception. More information is included below. The method ‘EndExecuteNonQuery’ cannot be called more than once for the same execution.. (Correlation=fb518ba1-2aaa-20e1-bb8a-18793c4eaa1a)

    User Profile Service Application – User Profile Language Synchronization Job (Application server)
    The Execute method of job definition Microsoft.Office.Server.Administration.UserProfileApplication+LanguageSynchronizationJob (ID xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx) threw an exception. More information is included below. Profile database does not contain partition [Id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx].. (Correlation=8d508ba1-daa2-20e1-c856-b9490682285e)

    Best Regards,
    Jey P.

    Reply

    1. Hi Jey,
      I’ve seen similar issue at another customer.
      I would suggest you open a support ticket with Microsoft support for this.

      Reply

      1. Thanks Guy. I’ve already opened a support ticket with Microsoft.

        Reply

        1. Hi, I was just wondering if you got any update from Microsoft as I am also getting the same issue.

          Reply

        2. Hi, my Sharepoint-test-environment was on Feb 2025 CU and I installed Apr 2025 and the same error messages appeared.
          I there any solution for this behavior.
          Thank you.

          Reply

  7. Hi Stefan,

    after installing the CU March 2025, we receive the following error message when we click on the Search Schema link in the Search Service Application to display the Managed Properties.

    “Sorry, something went wrong
    An error occurred during the processing of /_admin/search/listmanagedproperties.aspx. The server tag is not well formed.”

    Do you also get this error?

    Reply

    1. The HTML tags in the following application pages looks very strange.

      /_admin/search/category.aspx
      /_admin/search/crawledproperty.aspx
      /_admin/search/listcategories.apsx
      /_admin/search/managedproperty.aspx
      /_admin/search/listcrawledproperties.aspx
      /_admin/search/listmanagedproperties.aspx

      The tags look like (additional spaces in the tags):
      <asp : label
      <wssawc : SPGridView

      Reply

    2. Hi Christian,
      yes i also get this error on the following pages

      listcategories.aspx
      managedproperty.aspx
      listcrawledproperties.aspx

      Had a version of the file, from before updating and that works fine…. i’ll test the other 3 pages as well but i am sure i’ll get the same error on those…

      is there any fix for this??

      All the best
      //Carsten

      Reply

    3. Hi Christian,
      a fix for this issue is currently in development.
      Cheers,
      Stefan

      Reply

      1. Hi Stefan
        Do you know if this comes as a separate install/update or will the corrections come in the april update

        //Carsten

        Reply

        1. Hi Carsten, the fix is currently planned to be included in May CU.
          Cheers,
          Stefan

          Reply

          1. Hi Stefan

            Thx for the feedback.

            Best regards
            Christian


  8. Hello,

    Backup-SPSite with the -UseSqlSnapshot parameter no longer works after applying the March 2025 CU for SPSSE.

    Throws an error:
    Backup-SPSite : A connection was successfully established with the server, but then an error occurred during the loginprocess. (provider: SSL Provider, error: 0 – The certificate chain was issued by an authority that is not trusted.)

    Current workaround is to use the command without the -UseSqlSnapshot, or to use the -NoSiteLock.

    A new feature included with the March 2025 CU: “New database connectivity layer with TDS 8.0 and TLS 1.3 support” and wondering if that could be a part of the problem and the problem that others posted here are experiencing?

    Are there any configs needed to compensate for the said new feature?
    Backup-SPSite with the -UseSqlSnapshot parameter no longer works after applying the March 2025 CU for SPSSE.

    Throws an error:
    Backup-SPSite : A connection was successfully established with the server, but then an error occurred during the login
    process. (provider: SSL Provider, error: 0 – The certificate chain was issued by an authority that is not trusted.)

    Current workaround is to use the command without the -UseSqlSnapshot, or to use the -NoSiteLock.

    A new feature included with the March 2025 CU: “New database connectivity layer with TDS 8.0 and TLS 1.3 support” and wondering if that could be a part of the problem and the problem that others posted here are experiencing?

    Are there any configs needed to compensate for the said new feature?

    Reply

    1. Hi Peter,
      from what I see this issue has not yet been reported to us.
      I would suggest to open a support case with Microsoft to get this issue analyzed.
      Cheers,
      Stefan

      Reply

  9. There seems to be a bug in this patch with Communication sites. In a newly created vanilla Communication site, if you click any of the “Documents”, “Pages” or “Site contents” links in the site navigation, the search box moves up to the left corner instead of right next to the New-button. Tried this in two different farms now and saw the same symptoms.

    Anybody else?

    Reply

    1. We have the same problem, as you descriped it.

      Reply

    3. Has anyone opened a ticket for this yet?

      Reply

      1. I have not opened a case, but only because our network is restricted so I can’t give MS support access to our environment. It makes it challenging to work support cases. Hoping someone else can open one!

        Reply

    4. Hi all,
      this issue is currently being investigated.
      Cheers,
      Stefan

      Reply

    5. Support mentioned fix coming out in June

      Reply

  10. Did anyone find a solution?
    All the web-applications in UAT environment are down after we applied this March Patch. Force Encryption is “No” at SQL instance level. Working with Microsoft since morning but we still cannot figure out anything yet.
    When we do IIS-recycle or IIS-reset, sites stay up for couple of minutes and again go down.
    Any help would be much appreciated.

    Reply

  11. Stefan,

    As a couple other people have mentioned, after installing March 2025 CU and reboot, we got an error when running the Config Wizard. “Failed to detect if this server is joined to a server farm.” and the event log was filled with Event ID 5586 “A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 – the target principle name is incorrect.)”

    In above reply, Zoltán Németh stated that setting the SQL “Force encryption” to No made it work. So we tried that and it did work. However, we are required to have our ForceEncryption set to Yes per DISA STIG V-213966. So we read up on this article: https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/special-cases-for-encrypting-connections-sql-server?view=sql-server-ver16
    We added the DoD issued certificate from our SQL server and imported it to the SharePoint server under Trusted Root Certificate Authority. This did not have any effect.

    Do you have any recommendations? What in the March CU would cause the ForceEncryption to stop working for us?

    Reply

    1. Hi Dominique,
      you need to add the root certificate of the certificate chain of the certitificate to the trusted root certificate authority – not the certificate itself.
      Cheers,
      Stefan

      Reply

      1. Ah, thank you! We had the root in there already but it must have been corrupt or something. We uploaded a new copy as well as the intermediate and it’s working now! We are able to use the ForceEncryption with no problem.

        Reply

    2. Getting this error for External Lists :

      Cannot connect to the LobSystem (External System). Reason: ‘A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 – The certificate chain was issued by an authority that is not trusted.)’
      Force Encryption is set to “No”.

      Please advise.

      Reply

      1. Hi Amey,
        sounds as if the root certificate of the SSL cert for the SQL server is not trusted by the SharePoint server.
        Cheers,
        Stefan

        Reply

        1. Thank you Stefan for the response but can you advise what certificate do I export from SQL & import it where on SharePoint.

          Reply

          1. You should probably configure a certificate from a trusted Root CA for your SQL server (if you not already done so) or configure your farm to connect to SQL without encryption (optional) as some mentioned here (not recommended).

            https://learn.microsoft.com/en-us/sharepoint/security-for-sharepoint-server/tls-support-1.3

            https://learn.microsoft.com/en-us/sharepoint/what-s-new/new-and-improved-features-in-sharepoint-server-subscription-edition-25h1-release#new-database-connectivity-layer-with-tds-80-and-tls-13-support


  12. Dear Amir,
    The SQL encryption is already set to “No” as already mentioned by me.

    Reply

  13. Hi Stefan,

    I’ve created a new test farm and set the hostname certificate to SQL cert and leave encryption on Mandatory and SQL side Force Encryption Yes.

    SharePoint writes the hostname certificate to web.config (at session state connection string), which cause IIS 500 error on new webapplication.

    Event viewer error:

    at System.Web.SessionState.SqlSessionStateStore.CreatePartitionInfo(String sqlConnectionString)
    at System.Web.SessionState.SqlSessionStateStore.OneTimeInit()
    at System.Web.SessionState.SqlSessionStateStore.Initialize(String name, NameValueCollection config)
    at System.Web.SessionState.SessionStateModule.InitModuleFromConfig(HttpApplication app, SessionStateSection config)
    at System.Web.SessionState.SessionStateModule.Init(HttpApplication app)
    at System.Web.HttpApplication.RegisterEventSubscriptionsWithIIS(IntPtr appContext, HttpContext context, MethodInfo[] handlers)
    at System.Web.HttpApplication.InitSpecial(HttpApplicationState state, MethodInfo[] handlers, IntPtr appContext, HttpContext context)
    at System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr appContext, HttpContext context)
    at System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr appContext)

    Keyword not supported: ‚host name in certificate‘.
    at System.Data.Common.DbConnectionOptions.ParseInternal(Hashtable parsetable, String connectionString, Boolean buildChain, Hashtable synonyms, Boolean firstKey)
    at System.Data.Common.DbConnectionOptions..ctor(String connectionString, Hashtable synonyms, Boolean useOdbcRules)
    at System.Data.SqlClient.SqlConnectionString..ctor(String connectionString)
    at System.Data.SqlClient.SqlConnectionFactory.CreateConnectionOptions(String connectionString, DbConnectionOptions previous)
    at System.Data.ProviderBase.DbConnectionFactory.GetConnectionPoolGroup(DbConnectionPoolKey key, DbConnectionPoolGroupOptions poolOptions, DbConnectionOptions& userConnectionOptions)
    at System.Data.SqlClient.SqlConnection.ConnectionString_Set(DbConnectionPoolKey key)
    at System.Data.SqlClient.SqlConnection.set_ConnectionString(String value)
    at System.Data.SqlClient.SqlConnection..ctor(String connectionString, SqlCredential credential)
    at System.Web.SessionState.SqlSessionStateStore.CreatePartitionInfo(String sqlConnectionString)

    When the Host Name In Certificate=hubud****.example.net; removed from connection string, webapp starts to work properly.

    I think it’s clearly a bug in CU March 2025

    Best Regards,

    Zoltán Németh

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.